I want to enable NIC TSO feature in dpdk21.11, But I didn't find a single example in the dpdk code. Please provide me with one.
Please refer to DPDK example testpmd tso on which makes use of TSO feature and can be tested. Also, refer to
StackOverflow previous question
vhost tso offload
Related
I have DPDK-20.11.3 installed.
Given that a Dpdk application is a process from the Linux point of view, I would assume that there should be ways (possibly with constraints) of communication between the Dpdk application and Linux native application (capable of using Linux sockets interface).
What are the possible options, that I could explore? Pipes, shared memory? I don't have any tcp/ip stack ported on dpdk, so I likely can't use sockets at all?
I'd appreciate links and documents that could shed some light on this. Thanks!
You can use KNI interface. Here is the Sample app for the same.
https://doc.dpdk.org/guides-20.11/sample_app_ug/kernel_nic_interface.html
As clarified over comments the real intention is to send and receive full or partial packets into the Kernel network subsystem. The easiest way is to make use of DPDK PCAP PMD or TAP PMD.
How to use:
Tap:
ensure the DPDK application is running in a Linux environment.
making use of DPDK testpmd, l2fwd or skeleton update DPDK EAL by --vdev=net_tap0.
Starting DPDK application will result in tap interface dtap0
bring the interface up by sudo ip link set dtap0 up
One can assign an IP address or use a raw promiscuous device.
pinging both kernel thread and DPDK TAP PMD thread, up to 4Gbps of packet throughput can be achieved for small packets.
PCAP:
Create veth interface pair in Linux using ip link add dev v1 type veth peer name v2
use v1 in linux network subsystem
use v2 in dpdk application by --vdev=net_pcap0,iface=v2
Note:
my recommendation is to use the TAP interface since it is a dedicated PMD handling probe and removed with the DPDK application. Assigning IP address from Linux also allows it to be part of a local termination, firewall and netfilter processing. All kernel network knobs for ipv4formward, TCP, udp and sctp can be exercised too.
I do not recommend the use of KNI PMD, since it is deprecated and will be removed, additional thread in the kernel to handle the buffer management and Netlink, external dependency to be built (not done for most distros package distribution).
environment
I want to implement LACP/LAG in my OVS-DPDK and offload it to hardware (hardware lag). But I don't find any related patches for the same, can you suggest me anything with which I can proceed with ?
Details:
1). OVS version: 2.13.0
2). DPDK version 19.11.0
3). OS "CentOS Linux 7"
4). Using virtual DPDK NIC
5). Trying to implement using lag PMD (new to this area and don't have much in-depth knowledge about these so searching for patches if any).
6). Running Lag on a switch which is created using OVS
[Edit-2] based on the update from comment "X722" but in dpdk I am using the ifc modules
The PCIe NIC card in use Intel FPGA 100G VF, which is used virtio vDPA acceleration by DMA copy to virtio VF ports by skipping the need for a virtual switch like OVS-DPDK.
The short answer there is no ready-made support for Hardware Lag orRTE_FLOW through IFC PMD
the detailed answer is you can if you accomplish the following
The RTE_FLOW with match action can be offloaded to NIC via enabling dpdk ovs build in compilation and run with other_config:hw-offload=true (as suggested by #stackinside). But this is not for LAG it is for exact match table offload to FPGA
For Hardware LAG enablement, you will need to work with FPGA engineer to create HW LAG FPGA binary by programming LUT. Then expose this feature to OVS either by custom IOCTL call (via admin queue) to PF.
Once step is done, then you can expose to DPDK via modifying IFCVF driver to support Hardware LAG.
Note: this will break the actual HW function for DMA virtio RX-TX to something different. There is no patch in ovs-dpdk that can create a binary image for FPGA.
Hence answer to your queries is
[Question-1] I want to implement LACP/LAG in my OVS-DPDK and offload it to hardware (hardware lag) (described in the description)
[Answer] there are 3 modes of LAG/LACP that can be done over OVS-DPDK
via OVS-DPDK (software) logic
via DPDK library (software)
via OVS-DPDK Hardware offload (OVS-DPDK agnostic and OVS-DPDk aware)
For OVS-DPDK Software logic I request you to check red hat ovs-dpdk configuration and verifying with show lacp 1 for lag-1 details.
For DPDK library Lag (Software), please add DPDK-LAG interface with option --vdev 'net_bonding0,bond_opt0=..,bond opt1=..' as mentioned dpdk test lag url
For HW offload LAG from
Intel side the ASIC like FM10K, FM12K and Snow Ridge SoC has LAG, but has to be configured via SDK using IES API.
Mellanox the embedded switch can create and maintain HW LAG, please refer to ovs and not DPDK-OVS LAG over BRIDGE-PHYSICAL
similar is the case for Broadcom, Marvell and netrnome.
But the HW LAG is not part of DPDK port or DPDK port representation. Hence the HW vendor or ASIC vendor will have custom calls via SDK.
note: list IP FPGA firmware offered by Intel
[Question-2] is to create bonds using OVS and integrate it with dpdk for lag implementation. (from comments)
[Answer] I believe there are vendor-specific patches for OVS (and not ovs-dpdk) for Broadcom, Marvell, Mellanox and netrnome. In these model, there is a specific name for bridge that points to ASIC or embedded switch br-phy. You will get in touch with vendor or check vendor github pages to get access to patches for OVS. Hence steps will be
Identify the ASIC in use
find the patch for OVS from vendor or vendor github
apply the patches and rebuild the for OVS-DPDK
based on the patch use the right bridge to setup lag example br-phy that is bridge physcial
Note: requested information for ASIC and vendor, since it is not shared it is difficult to lookup in Github.
[EDIT-1] OVS-DPDK generally relies on RTE_FLOW for any hardware-based offload. The vendor or ASIC specific offload/patches are available for OVS/OVS-DPDK from the vendor by integrating ASIC SDK.
#DeepakSahoo in comments I have shared the link DPDK NIC (also in the comments). Please try to identify the ASIC and use lshw -c net -businfo. If it is generic access either via RTE_FLOW or NIC specific DPDK API we can offload LAG to HW embedded switch. But if it is not present, you need access to SDK and Libraries for configuring the HW ASIC or embedded switch, then invoke those calls from OVS-DPDK code base. I have shared in the above comment how it is done by mellanox for OVS today. Hence there is no vendor or ASIC specific HW offload patches
I have setup a DPDK 17 version testpmd setup. I have two high end servers which have two NIC mapped using a physical direct connection. The issue is that when i try and send traffic from one server to another using testpmd, it either does not send traffic or sends very small number of packets. I have checked multiple documentations and nothing seems to work. My configuration also seems correct.
What am i doing wrong? Please help.
For anyone who faces similar issues, it is important that both servers have testpmd running and correct NICs bound to DPDK.
I'm working on a C++ project that deals with data transmission. My system is composed of two different devices, that have to exchange sensitive data in a trusted mode. To do this I downloaded and set up the last bluez library (v5.50) on my Raspberry Pi.
Is there any possibility to enable data encryption using the bluez API?
Googling around the possibility to use the BLE encryption mechanism I found discordant opinions. Someone suggests using it while others one discourage it in favor of application-level encryption exploiting, for instance, the Cripto++ library.
Which is the best solution?
Thanks
My recommendation is to always have the connection encrypted. Please see this answer which explains the benefits and importance of encrypted connections vs open connections.
In regards to encrypted connections, you can easily do this by pairing with a device. In BLE, pairing allows connection packets to be encrypted. Using BlueZ, you can easily do this from the command line using the bluetoothctl command as follows:-
bluetoothctl
[bluetoothctl] connect 00:11:22:33:44:55
[bluetoothctl] pair 00:11:22:33:44:55
Beforehand, please ensure that your BlueZ device can perform/accept connections and pairing as follows:-
btmgmt connectable on
btmgmt bondable on
btmgmt io-cap
btmgmt 3
The last command sets your IO capability to NoInputNoOutput, but you can change this to one of the following values:-
0 DisplayOnly
1 DisplayYesNo
2 KeyboardOnly
3 NoInputNoOutput
4 KeyboardDisplay
However, if you do that, you will need to pass the equivalent command line option when launching bluetoothctl as follows:-
bluetoothctl --agent KeyboardOnly
bluetoothctl --agent KeyboardDisplay
bluetoothctl --agent NoInputNoOutput
bluetoothctl --agent DisplayOnly
If you want to view the underlying API for this, please have a look at the BlueZ source code, and you can start with client/main.c for the connection and pairing commands.
Finally, as Solomon Slow indicated, if you are promising the protection of sensitive data then you should definitely go for multi-level encryption. In other words, the link should be encrypted, as well as the data before being sent in the software, and if your device supports hardware-level encryption, then do that as well.
For further reading on BLE Encryption, please visit the Bluetooth Specification Version 5.0, Vol 2, Part H, Section 1: Security Overview.
I hope this helps.
I am developing protocol fuzzing software in C/C++. I need a way to monitor the status of the fuzzing target (like ports, services). Is Nmap a good choice? If yes, then how to invoke Nmap in C/C++, is there an API? Thx.
I don't know what you really need, you did not provide any additional information in your question. In my opinion you can follow two different ways:
use nmap outside your program, as an external tool
use libpcap inside your software to analyze network traffic and obtain the information you need