From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EC883A0547; Thu, 24 Jun 2021 12:29:22 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2EF5240DDE; Thu, 24 Jun 2021 12:29:18 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 3144B410DD for ; Thu, 24 Jun 2021 12:29:17 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15OAAM6N011087; Thu, 24 Jun 2021 03:29:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=QlfrsWRStjqmRl+LbQjn9SPp9/z/xVQV4ThDDvZ13zU=; b=j46UFS8EA25RWXnfIiJ/TslUQHcwLu4zclUgVPqe3RX7xv9urvcS/dBRuK1R3rSIcMRQ A0mMggEAvEvqRbV0dqi6zd0JQHR+lTrWNU3qnsLzuwtCbrWqE/0KKQA7mwLu1rhkrlTu lWvEvK/UrC7ZVHoyTqZEhpGfrOV+jYhAMyyIZoybV344lAxdTTfg1wRR2f5m/TJQNKi5 9oUqnLRKxqGCcDp4BOnhWf3/lRBoqOmTnbHfD2+mpJH6nk7qNHq+g0O9t37+6jN8qmbK E1o73nbvSFsbWlM6FM+hj7D78m6R9kSgfDpb6NbvKZwLWhtQQwOKjLPWj8sDL8+W0/YN SA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 39cg2n9q2k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 24 Jun 2021 03:29:15 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 24 Jun 2021 03:29:13 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 24 Jun 2021 03:29:13 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id D475C5B6954; Thu, 24 Jun 2021 03:29:10 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , Nithin Dabilpuram , "Akhil Goyal" Date: Thu, 24 Jun 2021 15:58:48 +0530 Message-ID: <20210624102848.3878788-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210624102848.3878788-1-gakhil@marvell.com> References: <20210624102848.3878788-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: UKqUCewX1F_utkTAsVZoLD3stJ2r0CXu X-Proofpoint-GUID: UKqUCewX1F_utkTAsVZoLD3stJ2r0CXu X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-24_06:2021-06-24, 2021-06-24 signatures=0 Subject: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: modify event mode inline path X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Nithin Dabilpuram Align event mode path for Tx inline IPsec processing to adhere to security spec. Call rte_security_set_pkt_metadata() only with mbuf containing L3 header and above. Also update mbuf.l2_len with L2 header size. This patch also fixes a bug in arg parsing. Signed-off-by: Nithin Dabilpuram Reviewed-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 2 ++ examples/ipsec-secgw/ipsec_worker.c | 50 +++++++++++++++++++++-------- 2 files changed, 38 insertions(+), 14 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index f252d3498..7ad94cb82 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -1495,6 +1495,8 @@ parse_portmask(const char *portmask) char *end = NULL; unsigned long pm; + errno = 0; + /* parse hexadecimal string */ pm = strtoul(portmask, &end, 16); if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0')) diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 647e22df5..401fd6186 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -12,6 +12,11 @@ #include "ipsec-secgw.h" #include "ipsec_worker.h" +struct port_drv_mode_data { + struct rte_security_session *sess; + struct rte_security_ctx *ctx; +}; + static inline enum pkt_type process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp) { @@ -43,6 +48,8 @@ update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid) { struct rte_ether_hdr *ethhdr; + pkt->l2_len = RTE_ETHER_HDR_LEN; + ethhdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); memcpy(ðhdr->s_addr, ðaddr_tbl[portid].src, RTE_ETHER_ADDR_LEN); memcpy(ðhdr->d_addr, ðaddr_tbl[portid].dst, RTE_ETHER_ADDR_LEN); @@ -60,7 +67,8 @@ ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id) static inline void prepare_out_sessions_tbl(struct sa_ctx *sa_out, - struct rte_security_session **sess_tbl, uint16_t size) + struct port_drv_mode_data *data, + uint16_t size) { struct rte_ipsec_session *pri_sess; struct ipsec_sa *sa; @@ -95,9 +103,10 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out, } /* Use only first inline session found for a given port */ - if (sess_tbl[sa->portid]) + if (data[sa->portid].sess) continue; - sess_tbl[sa->portid] = pri_sess->security.ses; + data[sa->portid].sess = pri_sess->security.ses; + data[sa->portid].ctx = pri_sess->security.ctx; } } @@ -356,9 +365,11 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, goto drop_pkt_and_exit; } - if (sess->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) - *(struct rte_security_session **)rte_security_dynfield(pkt) = - sess->security.ses; + /* Remove L2 header before metadata set */ + rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); + + rte_security_set_pkt_metadata(sess->security.ctx, + sess->security.ses, pkt, NULL); /* Mark the packet for Tx security offload */ pkt->ol_flags |= PKT_TX_SEC_OFFLOAD; @@ -366,6 +377,9 @@ process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, /* Get the port to which this pkt need to be submitted */ port_id = sa->portid; + /* Add L2 header for processing */ + rte_pktmbuf_prepend(pkt, RTE_ETHER_HDR_LEN); + send_pkt: /* Update mac addresses */ update_mac_addrs(pkt, port_id); @@ -398,7 +412,7 @@ static void ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, uint8_t nb_links) { - struct rte_security_session *sess_tbl[RTE_MAX_ETHPORTS] = { NULL }; + struct port_drv_mode_data data[RTE_MAX_ETHPORTS]; unsigned int nb_rx = 0; struct rte_mbuf *pkt; struct rte_event ev; @@ -412,6 +426,8 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, return; } + memset(&data, 0, sizeof(struct port_drv_mode_data)); + /* Get core ID */ lcore_id = rte_lcore_id(); @@ -422,8 +438,8 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, * Prepare security sessions table. In outbound driver mode * we always use first session configured for a given port */ - prepare_out_sessions_tbl(socket_ctx[socket_id].sa_out, sess_tbl, - RTE_MAX_ETHPORTS); + prepare_out_sessions_tbl(socket_ctx[socket_id].sa_out, data, + RTE_MAX_ETHPORTS); RTE_LOG(INFO, IPSEC, "Launching event mode worker (non-burst - Tx internal port - " @@ -460,19 +476,25 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links, if (!is_unprotected_port(port_id)) { - if (unlikely(!sess_tbl[port_id])) { + if (unlikely(!data[port_id].sess)) { rte_pktmbuf_free(pkt); continue; } + /* Remove L2 header before metadata set */ + rte_pktmbuf_adj(pkt, RTE_ETHER_HDR_LEN); + /* Save security session */ - if (rte_security_dynfield_is_registered()) - *(struct rte_security_session **) - rte_security_dynfield(pkt) = - sess_tbl[port_id]; + rte_security_set_pkt_metadata(data[port_id].ctx, + data[port_id].sess, pkt, + NULL); /* Mark the packet for Tx security offload */ pkt->ol_flags |= PKT_TX_SEC_OFFLOAD; + + /* Add L2 header for processing */ + rte_pktmbuf_prepend(pkt, RTE_ETHER_HDR_LEN); + pkt->l2_len = RTE_ETHER_HDR_LEN; } /* -- 2.25.1