From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 48AD1ADE3 for ; Wed, 18 May 2016 14:42:17 +0200 (CEST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP; 18 May 2016 05:42:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,329,1459839600"; d="scan'208";a="983675750" Received: from sie-lab-212-209.ir.intel.com (HELO silpixa00377983.ir.intel.com) ([10.237.212.209]) by fmsmga002.fm.intel.com with ESMTP; 18 May 2016 05:42:15 -0700 From: Sergio Gonzalez Monroy To: dev@dpdk.org Cc: john.mcnamara@intel.com Date: Wed, 18 May 2016 13:42:05 +0100 Message-Id: <1463575330-8467-5-git-send-email-sergio.gonzalez.monroy@intel.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1463575330-8467-1-git-send-email-sergio.gonzalez.monroy@intel.com> References: <1462552302-5852-1-git-send-email-sergio.gonzalez.monroy@intel.com> <1463575330-8467-1-git-send-email-sergio.gonzalez.monroy@intel.com> Subject: [dpdk-dev] [PATCH v2 4/9] examples/ipsec-secgw: rework ipsec execution loop X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2016 12:42:18 -0000 Rework implementation moving from function pointers approach, where each function implements very specific functionality, to a generic function approach. Signed-off-by: Sergio Gonzalez Monroy --- examples/ipsec-secgw/esp.c | 8 +- examples/ipsec-secgw/esp.h | 9 +- examples/ipsec-secgw/ipsec.c | 36 ++++-- examples/ipsec-secgw/ipsec.h | 2 - examples/ipsec-secgw/sa.c | 272 ++++++++++++++++++------------------------- 5 files changed, 145 insertions(+), 182 deletions(-) diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c index 7dce78c..b423080 100644 --- a/examples/ipsec-secgw/esp.c +++ b/examples/ipsec-secgw/esp.c @@ -69,7 +69,7 @@ random_iv_u64(uint64_t *buf, uint16_t n) /* IPv4 Tunnel */ int -esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop) { int32_t payload_len; @@ -117,7 +117,7 @@ esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, } int -esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop) { uint8_t *nexthdr, *pad_len; @@ -155,7 +155,7 @@ esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, } int -esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop) { uint16_t pad_payload_len, pad_len; @@ -234,7 +234,7 @@ esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, } int -esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m __rte_unused, +esp_outbound_post(struct rte_mbuf *m __rte_unused, struct ipsec_sa *sa __rte_unused, struct rte_crypto_op *cop) { diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h index 3101882..fa5cc8a 100644 --- a/examples/ipsec-secgw/esp.h +++ b/examples/ipsec-secgw/esp.h @@ -46,21 +46,20 @@ struct esp_hdr { /* Integrity Check Value - ICV */ }; -/* IPv4 Tunnel */ int -esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop); int -esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop); int -esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop); int -esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa, +esp_outbound_post(struct rte_mbuf *m, struct ipsec_sa *sa, struct rte_crypto_op *cop); #endif /* __RTE_IPSEC_XFORM_ESP_H__ */ diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 3ffa77a..90a9a86 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -42,6 +42,7 @@ #include #include "ipsec.h" +#include "esp.h" static inline int create_session(struct ipsec_ctx *ipsec_ctx __rte_unused, struct ipsec_sa *sa) @@ -99,15 +100,14 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop) } } -static inline uint16_t -ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[], - struct ipsec_sa *sas[], uint16_t nb_pkts, uint16_t max_pkts) +static inline void +ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, + struct rte_mbuf *pkts[], struct ipsec_sa *sas[], + uint16_t nb_pkts) { - int ret = 0, i, j, nb_cops; + int ret = 0, i; struct ipsec_mbuf_metadata *priv; - struct rte_crypto_op *cops[max_pkts]; struct ipsec_sa *sa; - struct rte_mbuf *pkt; for (i = 0; i < nb_pkts; i++) { rte_prefetch0(sas[i]); @@ -133,7 +133,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[], rte_crypto_op_attach_sym_session(&priv->cop, sa->crypto_session); - ret = sa->pre_crypto(pkts[i], sa, &priv->cop); + ret = xform_func(pkts[i], sa, &priv->cop); if (unlikely(ret)) { rte_pktmbuf_free(pkts[i]); continue; @@ -142,8 +142,18 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[], RTE_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps); enqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop); } +} + +static inline int +ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, + struct rte_mbuf *pkts[], uint16_t max_pkts) +{ + int nb_pkts = 0, ret = 0, i, j, nb_cops; + struct ipsec_mbuf_metadata *priv; + struct rte_crypto_op *cops[max_pkts]; + struct ipsec_sa *sa; + struct rte_mbuf *pkt; - nb_pkts = 0; for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) { struct cdev_qp *cqp; @@ -168,7 +178,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[], RTE_ASSERT(sa != NULL); - ret = sa->post_crypto(pkt, sa, cops[j]); + ret = xform_func(pkt, sa, cops[j]); if (unlikely(ret)) rte_pktmbuf_free(pkt); else @@ -188,7 +198,9 @@ ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], inbound_sa_lookup(ctx->sa_ctx, pkts, sas, nb_pkts); - return ipsec_processing(ctx, pkts, sas, nb_pkts, len); + ipsec_enqueue(esp_inbound, ctx, pkts, sas, nb_pkts); + + return ipsec_dequeue(esp_inbound_post, ctx, pkts, len); } uint16_t @@ -199,5 +211,7 @@ ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], outbound_sa_lookup(ctx->sa_ctx, sa_idx, sas, nb_pkts); - return ipsec_processing(ctx, pkts, sas, nb_pkts, len); + ipsec_enqueue(esp_outbound, ctx, pkts, sas, nb_pkts); + + return ipsec_dequeue(esp_outbound_post, ctx, pkts, len); } diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index e60fae6..74ef6fc 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -86,8 +86,6 @@ struct ipsec_sa { uint32_t dst; struct rte_cryptodev_sym_session *crypto_session; struct rte_crypto_sym_xform *xforms; - ipsec_xform_fn pre_crypto; - ipsec_xform_fn post_crypto; enum rte_crypto_cipher_algorithm cipher_algo; enum rte_crypto_auth_algorithm auth_algo; uint16_t digest_len; diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index b6260ed..a193bdf 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -47,160 +47,112 @@ #include "ipsec.h" #include "esp.h" -/* SAs EP0 Outbound */ -const struct ipsec_sa sa_ep0_out[] = { - { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL, - 0, 0, 4, - 0, 0 }, -}; - -/* SAs EP0 Inbound */ -const struct ipsec_sa sa_ep0_in[] = { - { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL, - 0, 0, 4, - 0, 0 }, -}; - -/* SAs EP1 Outbound */ -const struct ipsec_sa sa_ep1_out[] = { - { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5), - NULL, NULL, - esp4_tunnel_outbound_pre_crypto, - esp4_tunnel_outbound_post_crypto, - RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL, - 0, 0, 4, - 0, 0 }, +/* SAs Outbound */ +const struct ipsec_sa sa_out[] = { + { + .spi = 5, + .src = IPv4(172, 16, 1, 5), + .dst = IPv4(172, 16, 2, 5), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 6, + .src = IPv4(172, 16, 1, 6), + .dst = IPv4(172, 16, 2, 6), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 7, + .src = IPv4(172, 16, 1, 7), + .dst = IPv4(172, 16, 2, 7), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 8, + .src = IPv4(172, 16, 1, 8), + .dst = IPv4(172, 16, 2, 8), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 9, + .src = IPv4(172, 16, 1, 9), + .dst = IPv4(172, 16, 2, 9), + .cipher_algo = RTE_CRYPTO_CIPHER_NULL, + .auth_algo = RTE_CRYPTO_AUTH_NULL, + .digest_len = 0, + .iv_len = 0, + .block_size = 4, + } }; -/* SAs EP1 Inbound */ -const struct ipsec_sa sa_ep1_in[] = { - { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC, - 12, 16, 16, - 0, 0 }, - { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5), - NULL, NULL, - esp4_tunnel_inbound_pre_crypto, - esp4_tunnel_inbound_post_crypto, - RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL, - 0, 0, 4, - 0, 0 }, +/* SAs Inbound */ +const struct ipsec_sa sa_in[] = { + { + .spi = 55, + .src = IPv4(172, 16, 2, 5), + .dst = IPv4(172, 16, 1, 5), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 56, + .src = IPv4(172, 16, 2, 6), + .dst = IPv4(172, 16, 1, 6), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 57, + .src = IPv4(172, 16, 2, 7), + .dst = IPv4(172, 16, 1, 7), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 58, + .src = IPv4(172, 16, 2, 8), + .dst = IPv4(172, 16, 1, 8), + .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC, + .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .digest_len = 12, + .iv_len = 16, + .block_size = 16, + }, + { + .spi = 59, + .src = IPv4(172, 16, 2, 9), + .dst = IPv4(172, 16, 1, 9), + .cipher_algo = RTE_CRYPTO_CIPHER_NULL, + .auth_algo = RTE_CRYPTO_AUTH_NULL, + .digest_len = 0, + .iv_len = 0, + .block_size = 4, + } }; static uint8_t cipher_key[256] = "sixteenbytes key"; @@ -368,15 +320,15 @@ sa_init(struct socket_ctx *ctx, int socket_id, unsigned ep) "initialized\n", socket_id); if (ep == 0) { - sa_out_entries = sa_ep0_out; - nb_out_entries = RTE_DIM(sa_ep0_out); - sa_in_entries = sa_ep0_in; - nb_in_entries = RTE_DIM(sa_ep0_in); + sa_out_entries = sa_out; + nb_out_entries = RTE_DIM(sa_out); + sa_in_entries = sa_in; + nb_in_entries = RTE_DIM(sa_in); } else if (ep == 1) { - sa_out_entries = sa_ep1_out; - nb_out_entries = RTE_DIM(sa_ep1_out); - sa_in_entries = sa_ep1_in; - nb_in_entries = RTE_DIM(sa_ep1_in); + sa_out_entries = sa_in; + nb_out_entries = RTE_DIM(sa_in); + sa_in_entries = sa_out; + nb_in_entries = RTE_DIM(sa_out); } else rte_exit(EXIT_FAILURE, "Invalid EP value %u. " "Only 0 or 1 supported.\n", ep); -- 2.5.5