From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4788745FE4; Mon, 6 Jan 2025 17:46:08 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 412A240A72; Mon, 6 Jan 2025 17:45:59 +0100 (CET) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mails.dpdk.org (Postfix) with ESMTP id 23699406FF for ; Mon, 6 Jan 2025 17:45:55 +0100 (CET) Received: by linux.microsoft.com (Postfix, from userid 1213) id 33007206AB91; Mon, 6 Jan 2025 08:45:54 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 33007206AB91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1736181954; bh=UpqeNNUWmhon9jj0GkmC3qEvUGZNa0FnqsklT2u4NmA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YL+leLzRsAlryBdJMNegI3naY75irII3x0ViAzPRGUoavjds2TrJ8Qs5AeG6C6vjR 95eZA0499P4KmZb5oacoZ4pmvEiswxSJd1LjR+9MyGzTjPO4vcb4qZ7mdoDr2FpgN2 eNuf7BekBhta2V4mexv5mEVmq95oFMuTBaPUiWTY= From: Andre Muezerie To: Konstantin Ananyev , Vladimir Medvedkin Cc: dev@dpdk.org, Andre Muezerie Subject: [PATCH 1/2] lib/ipsec: compile ipsec on Windows Date: Mon, 6 Jan 2025 08:45:47 -0800 Message-Id: <1736181948-8907-2-git-send-email-andremue@linux.microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1736181948-8907-1-git-send-email-andremue@linux.microsoft.com> References: <1736181948-8907-1-git-send-email-andremue@linux.microsoft.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Removed VLA for compatibility with MSVC (which does not support VLAs). Used alloca when a constant fixed length that can be used instead is not known. Implementation for rte_ipsec_pkt_crypto_group and rte_ipsec_ses_from_crypto was moved to new file lib\ipsec\ipsec_group.c because these functions get exported in a shared library (lib\ipsec\version.map). Implementation for rte_ipsec_pkt_crypto_prepare and rte_ipsec_pkt_process was moved to new file lib\ipsec\ipsec.c because these functions get exported in a shared library (lib\ipsec\version.map). Removed code in meson.build which was skipping ipsec on Windows. Signed-off-by: Andre Muezerie --- lib/ipsec/esp_inb.c | 57 ++++++++++++++++------- lib/ipsec/esp_outb.c | 48 +++++++++++++------ lib/ipsec/ipsec.c | 19 ++++++++ lib/ipsec/ipsec_group.c | 93 +++++++++++++++++++++++++++++++++++++ lib/ipsec/ipsec_sad.c | 1 + lib/ipsec/ipsec_telemetry.c | 1 + lib/ipsec/meson.build | 10 +--- lib/ipsec/misc.h | 10 ++-- lib/ipsec/rte_ipsec.h | 15 ++---- lib/ipsec/rte_ipsec_group.h | 84 ++------------------------------- lib/ipsec/sa.c | 4 +- 11 files changed, 208 insertions(+), 134 deletions(-) create mode 100644 lib/ipsec/ipsec.c create mode 100644 lib/ipsec/ipsec_group.c diff --git a/lib/ipsec/esp_inb.c b/lib/ipsec/esp_inb.c index f159bf7460..305ac48dc5 100644 --- a/lib/ipsec/esp_inb.c +++ b/lib/ipsec/esp_inb.c @@ -370,8 +370,9 @@ esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_cryptodev_sym_session *cs; struct replay_sqn *rsn; union sym_op_data icv; - uint32_t dr[num]; + uint32_t *dr; + dr = alloca(sizeof(uint32_t) * num); sa = ss->sa; cs = ss->crypto.ses; rsn = rsn_acquire(sa); @@ -576,12 +577,16 @@ tun_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t sqh_len) { uint32_t adj, i, k, tl, bytes; - uint32_t hl[num], to[num]; - struct rte_esp_tail espt[num]; - struct rte_mbuf *ml[num]; + uint32_t *hl, *to; + struct rte_esp_tail *espt; + struct rte_mbuf **ml; const void *outh; void *inh; + hl = alloca(sizeof(uint32_t) * num); + to = alloca(sizeof(uint32_t) * num); + espt = alloca(sizeof(struct rte_esp_tail) * num); + ml = alloca(sizeof(struct rte_mbuf *) * num); /* * remove icv, esp trailer and high-order * 32 bits of esn from packet length @@ -640,10 +645,14 @@ trs_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[], { char *np; uint32_t i, k, l2, tl, bytes; - uint32_t hl[num], to[num]; - struct rte_esp_tail espt[num]; - struct rte_mbuf *ml[num]; - + uint32_t *hl, *to; + struct rte_esp_tail *espt; + struct rte_mbuf **ml; + + hl = alloca(sizeof(uint32_t) * num); + to = alloca(sizeof(uint32_t) * num); + espt = alloca(sizeof(struct rte_esp_tail) * num); + ml = alloca(sizeof(struct rte_mbuf *) * num); /* * remove icv, esp trailer and high-order * 32 bits of esn from packet length @@ -724,8 +733,11 @@ esp_inb_pkt_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[], uint16_t num, uint8_t sqh_len, esp_inb_process_t process) { uint32_t k, n; - uint32_t sqn[num]; - uint32_t dr[num]; + uint32_t *sqn; + uint32_t *dr; + + sqn = alloca(sizeof(uint32_t) * num); + dr = alloca(sizeof(uint32_t) * num); /* process packets, extract seq numbers */ k = process(sa, mb, sqn, dr, num, sqh_len); @@ -760,13 +772,24 @@ cpu_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa; struct replay_sqn *rsn; union sym_op_data icv; - struct rte_crypto_va_iova_ptr iv[num]; - struct rte_crypto_va_iova_ptr aad[num]; - struct rte_crypto_va_iova_ptr dgst[num]; - uint32_t dr[num]; - uint32_t l4ofs[num]; - uint32_t clen[num]; - uint64_t ivbuf[num][IPSEC_MAX_IV_QWORD]; + struct rte_crypto_va_iova_ptr *iv; + struct rte_crypto_va_iova_ptr *aad; + struct rte_crypto_va_iova_ptr *dgst; + uint32_t *dr; + uint32_t *l4ofs; + uint32_t *clen; + uint64_t **ivbuf; + + iv = alloca(sizeof(struct rte_crypto_va_iova_ptr) * num); + aad = alloca(sizeof(struct rte_crypto_va_iova_ptr) * num); + dgst = alloca(sizeof(struct rte_crypto_va_iova_ptr) * num); + dr = alloca(sizeof(uint32_t) * num); + l4ofs = alloca(sizeof(uint32_t) * num); + clen = alloca(sizeof(uint32_t) * num); + + ivbuf = alloca(sizeof(uint64_t *) * num); + for (i = 0; i < num; i++) + ivbuf[i] = alloca(sizeof(uint64_t) * IPSEC_MAX_IV_QWORD); sa = ss->sa; diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c index 617fc52b21..838321b3b2 100644 --- a/lib/ipsec/esp_outb.c +++ b/lib/ipsec/esp_outb.c @@ -299,10 +299,11 @@ esp_outb_tun_prepare_helper(const struct rte_ipsec_session *ss, struct rte_mbuf struct rte_cryptodev_sym_session *cs; union sym_op_data icv; uint64_t iv[IPSEC_MAX_IV_QWORD]; - uint32_t dr[n]; + uint32_t *dr; sa = ss->sa; cs = ss->crypto.ses; + dr = alloca(sizeof(uint32_t) * n); k = 0; for (i = 0; i != n; i++) { @@ -468,10 +469,11 @@ esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], struct rte_cryptodev_sym_session *cs; union sym_op_data icv; uint64_t iv[IPSEC_MAX_IV_QWORD]; - uint32_t dr[num]; + uint32_t *dr; sa = ss->sa; cs = ss->crypto.ses; + dr = alloca(sizeof(uint32_t) * num); n = num; sqn = esn_outb_update_sqn(sa, &n); @@ -558,15 +560,26 @@ cpu_outb_pkt_prepare_helper(const struct rte_ipsec_session *ss, uint32_t i, k; uint32_t l2, l3; union sym_op_data icv; - struct rte_crypto_va_iova_ptr iv[n]; - struct rte_crypto_va_iova_ptr aad[n]; - struct rte_crypto_va_iova_ptr dgst[n]; - uint32_t dr[n]; - uint32_t l4ofs[n]; - uint32_t clen[n]; - uint64_t ivbuf[n][IPSEC_MAX_IV_QWORD]; + struct rte_crypto_va_iova_ptr *iv; + struct rte_crypto_va_iova_ptr *aad; + struct rte_crypto_va_iova_ptr *dgst; + uint32_t *dr; + uint32_t *l4ofs; + uint32_t *clen; + uint64_t **ivbuf; sa = ss->sa; + iv = alloca(sizeof(struct rte_crypto_va_iova_ptr) * n); + aad = alloca(sizeof(struct rte_crypto_va_iova_ptr) * n); + dgst = alloca(sizeof(struct rte_crypto_va_iova_ptr) * n); + dr = alloca(sizeof(uint32_t) * n); + l4ofs = alloca(sizeof(uint32_t) * n); + clen = alloca(sizeof(uint32_t) * n); + + ivbuf = alloca(sizeof(uint64_t *) * n); + for (i = 0; i < n; i++) + ivbuf[i] = alloca(sizeof(uint64_t) * IPSEC_MAX_IV_QWORD); + for (i = 0, k = 0; i != n; i++) { @@ -665,13 +678,14 @@ esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint32_t i, k, icv_len, *icv, bytes; struct rte_mbuf *ml; struct rte_ipsec_sa *sa; - uint32_t dr[num]; + uint32_t *dr; sa = ss->sa; k = 0; icv_len = sa->icv_len; bytes = 0; + dr = alloca(sizeof(uint32_t) * num); for (i = 0; i != num; i++) { if ((mb[i]->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED) == 0) { @@ -764,8 +778,11 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa; union sym_op_data icv; uint64_t iv[IPSEC_MAX_IV_QWORD]; - uint32_t dr[num]; - uint16_t nb_segs[num]; + uint32_t *dr; + uint16_t *nb_segs; + + dr = alloca(sizeof(uint32_t) * num); + nb_segs = alloca(sizeof(uint16_t) * num); sa = ss->sa; nb_segs_total = 0; @@ -832,8 +849,11 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa; union sym_op_data icv; uint64_t iv[IPSEC_MAX_IV_QWORD]; - uint32_t dr[num]; - uint16_t nb_segs[num]; + uint32_t *dr; + uint16_t *nb_segs; + + dr = alloca(sizeof(uint32_t) * num); + nb_segs = alloca(sizeof(uint16_t) * num); sa = ss->sa; nb_segs_total = 0; diff --git a/lib/ipsec/ipsec.c b/lib/ipsec/ipsec.c new file mode 100644 index 0000000000..77a6b6f024 --- /dev/null +++ b/lib/ipsec/ipsec.c @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018-2020 Intel Corporation + */ + +#include "rte_ipsec.h" + +uint16_t +rte_ipsec_pkt_crypto_prepare(const struct rte_ipsec_session *ss, + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num) +{ + return ss->pkt_func.prepare.async(ss, mb, cop, num); +} + +uint16_t +rte_ipsec_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], + uint16_t num) +{ + return ss->pkt_func.process(ss, mb, num); +} diff --git a/lib/ipsec/ipsec_group.c b/lib/ipsec/ipsec_group.c new file mode 100644 index 0000000000..c8373627af --- /dev/null +++ b/lib/ipsec/ipsec_group.c @@ -0,0 +1,93 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Intel Corporation + */ + +#include +#include +#include + +#include "rte_ipsec_group.h" + +uint16_t +rte_ipsec_pkt_crypto_group(const struct rte_crypto_op *cop[], + struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num) +{ + uint32_t i, j, k, n; + void *ns, *ps; + struct rte_mbuf *m, **dr; + + j = 0; + k = 0; + n = 0; + ps = NULL; + dr = alloca(sizeof(struct rte_mbuf *) * num); + + for (i = 0; i != num; i++) { + + m = cop[i]->sym[0].m_src; + ns = cop[i]->sym[0].session; + + m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD; + if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED; + + /* no valid session found */ + if (ns == NULL) { + dr[k++] = m; + continue; + } + + /* different SA */ + if (ps != ns) { + + /* + * we already have an open group - finalize it, + * then open a new one. + */ + if (ps != NULL) { + grp[n].id.ptr = + rte_ipsec_ses_from_crypto(cop[i - 1]); + grp[n].cnt = mb + j - grp[n].m; + n++; + } + + /* start new group */ + grp[n].m = mb + j; + ps = ns; + } + + mb[j++] = m; + } + + /* finalise last group */ + if (ps != NULL) { + grp[n].id.ptr = rte_ipsec_ses_from_crypto(cop[i - 1]); + grp[n].cnt = mb + j - grp[n].m; + n++; + } + + /* copy mbufs with unknown session beyond recognised ones */ + if (k != 0 && k != num) { + for (i = 0; i != k; i++) + mb[j + i] = dr[i]; + } + + return n; +} + +struct rte_ipsec_session * +rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) +{ + void *ses; + + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + ses = cop->sym[0].session; + return (struct rte_ipsec_session *)(uintptr_t) + rte_security_session_opaque_data_get(ses); + } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + ses = cop->sym[0].session; + return (struct rte_ipsec_session *)(uintptr_t) + rte_cryptodev_sym_session_opaque_data_get(ses); + } + return NULL; +} diff --git a/lib/ipsec/ipsec_sad.c b/lib/ipsec/ipsec_sad.c index 7e147e729c..151d160758 100644 --- a/lib/ipsec/ipsec_sad.c +++ b/lib/ipsec/ipsec_sad.c @@ -3,6 +3,7 @@ */ #include +#include #include #include diff --git a/lib/ipsec/ipsec_telemetry.c b/lib/ipsec/ipsec_telemetry.c index 68a91108dd..76095a89ce 100644 --- a/lib/ipsec/ipsec_telemetry.c +++ b/lib/ipsec/ipsec_telemetry.c @@ -3,6 +3,7 @@ */ #include +#include #include #include #include diff --git a/lib/ipsec/meson.build b/lib/ipsec/meson.build index 5c5a4aae78..c90197f595 100644 --- a/lib/ipsec/meson.build +++ b/lib/ipsec/meson.build @@ -1,15 +1,9 @@ # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2018 Intel Corporation -if is_windows - build = false - reason = 'not supported on Windows' - subdir_done() -endif - sources = files('esp_inb.c', 'esp_outb.c', - 'sa.c', 'ses.c', 'ipsec_sad.c', - 'ipsec_telemetry.c') + 'ipsec.c', 'ipsec_group.c', 'ipsec_sad.c', + 'ipsec_telemetry.c', 'sa.c', 'ses.c') headers = files('rte_ipsec.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h') indirect_headers += files('rte_ipsec_group.h') diff --git a/lib/ipsec/misc.h b/lib/ipsec/misc.h index fd4d3f5256..dcc514b94b 100644 --- a/lib/ipsec/misc.h +++ b/lib/ipsec/misc.h @@ -20,10 +20,11 @@ move_bad_mbufs(struct rte_mbuf *mb[], const uint32_t bad_idx[], uint32_t nb_mb, uint32_t nb_bad) { uint32_t i, j, k; - struct rte_mbuf *drb[nb_bad]; + struct rte_mbuf **drb; j = 0; k = 0; + drb = alloca(sizeof(struct rte_mbuf *) * nb_bad); /* copy bad ones into a temp place */ for (i = 0; i != nb_mb; i++) { @@ -119,8 +120,8 @@ cpu_crypto_bulk(const struct rte_ipsec_session *ss, { uint32_t i, j, n; int32_t vcnt, vofs; - int32_t st[num]; - struct rte_crypto_sgl vecpkt[num]; + int32_t *st; + struct rte_crypto_sgl *vecpkt; struct rte_crypto_vec vec[UINT8_MAX]; struct rte_crypto_sym_vec symvec; @@ -128,6 +129,9 @@ cpu_crypto_bulk(const struct rte_ipsec_session *ss, j = 0, n = 0; vofs = 0; + st = alloca(sizeof(int32_t) * num); + vecpkt = alloca(sizeof(struct rte_crypto_sgl) * num); + for (i = 0; i != num; i++) { vcnt = rte_crypto_mbuf_to_vec(mb[i], l4ofs[i], clen[i], diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h index e682d13315..ea3581b589 100644 --- a/lib/ipsec/rte_ipsec.h +++ b/lib/ipsec/rte_ipsec.h @@ -134,12 +134,9 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss); * @return * Number of successfully processed packets, with error code set in rte_errno. */ -static inline uint16_t +uint16_t rte_ipsec_pkt_crypto_prepare(const struct rte_ipsec_session *ss, - struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num) -{ - return ss->pkt_func.prepare.async(ss, mb, cop, num); -} + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], uint16_t num); static inline uint16_t rte_ipsec_pkt_cpu_prepare(const struct rte_ipsec_session *ss, @@ -231,13 +228,9 @@ rte_ipsec_pkt_cpu_prepare_stateless(const struct rte_ipsec_session *ss, * @return * Number of successfully processed packets, with error code set in rte_errno. */ -static inline uint16_t +uint16_t rte_ipsec_pkt_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], - uint16_t num) -{ - return ss->pkt_func.process(ss, mb, num); -} - + uint16_t num); /** * Enable per SA telemetry for a specific SA. diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h index c6458ef81e..b395d6bbac 100644 --- a/lib/ipsec/rte_ipsec_group.h +++ b/lib/ipsec/rte_ipsec_group.h @@ -41,22 +41,8 @@ struct rte_ipsec_group { * @return * The pointer to the related *rte_ipsec_session* structure. */ -static inline struct rte_ipsec_session * -rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) -{ - void *ses; - - if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ses = cop->sym[0].session; - return (struct rte_ipsec_session *)(uintptr_t) - rte_security_session_opaque_data_get(ses); - } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - ses = cop->sym[0].session; - return (struct rte_ipsec_session *)(uintptr_t) - rte_cryptodev_sym_session_opaque_data_get(ses); - } - return NULL; -} +struct rte_ipsec_session * +rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop); /** * Take as input completed crypto ops, extract related mbufs @@ -78,71 +64,9 @@ rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) * @return * Number of filled elements in *grp* array. */ -static inline uint16_t +uint16_t rte_ipsec_pkt_crypto_group(const struct rte_crypto_op *cop[], - struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num) -{ - uint32_t i, j, k, n; - void *ns, *ps; - struct rte_mbuf *m, *dr[num]; - - j = 0; - k = 0; - n = 0; - ps = NULL; - - for (i = 0; i != num; i++) { - - m = cop[i]->sym[0].m_src; - ns = cop[i]->sym[0].session; - - m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD; - if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) - m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED; - - /* no valid session found */ - if (ns == NULL) { - dr[k++] = m; - continue; - } - - /* different SA */ - if (ps != ns) { - - /* - * we already have an open group - finalize it, - * then open a new one. - */ - if (ps != NULL) { - grp[n].id.ptr = - rte_ipsec_ses_from_crypto(cop[i - 1]); - grp[n].cnt = mb + j - grp[n].m; - n++; - } - - /* start new group */ - grp[n].m = mb + j; - ps = ns; - } - - mb[j++] = m; - } - - /* finalise last group */ - if (ps != NULL) { - grp[n].id.ptr = rte_ipsec_ses_from_crypto(cop[i - 1]); - grp[n].cnt = mb + j - grp[n].m; - n++; - } - - /* copy mbufs with unknown session beyond recognised ones */ - if (k != 0 && k != num) { - for (i = 0; i != k; i++) - mb[j + i] = dr[i]; - } - - return n; -} + struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num); #ifdef __cplusplus } diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c index 741e079831..efa1319fc2 100644 --- a/lib/ipsec/sa.c +++ b/lib/ipsec/sa.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "sa.h" #include "ipsec_sqn.h" @@ -655,8 +656,9 @@ pkt_flag_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], uint16_t num) { uint32_t i, k, bytes; - uint32_t dr[num]; + uint32_t *dr; + dr = alloca(sizeof(uint32_t) * num); RTE_SET_USED(ss); k = 0; -- 2.47.0.vfs.0.3