DPDK patches and discussions
 help / color / Atom feed
From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, bernard.iremonger@intel.com,
	akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation
Date: Thu, 17 Oct 2019 16:47:59 +0100
Message-ID: <d016ecf54c8b744493985c34a60d43fc405abb06.1571322983.git.vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <cover.1570725871.git.vladimir.medvedkin@intel.com>

Replace rte_ipsec_sad_create(), rte_ipsec_sad_destroy() and
rte_ipsec_sad_find_existing() API stubs with actual
implementation.

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ipsec/Makefile    |   2 +-
 lib/librte_ipsec/ipsec_sad.c | 225 +++++++++++++++++++++++++++++++++++++++++--
 lib/librte_ipsec/meson.build |   2 +-
 3 files changed, 220 insertions(+), 9 deletions(-)

diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
index 5aaab72..81fb999 100644
--- a/lib/librte_ipsec/Makefile
+++ b/lib/librte_ipsec/Makefile
@@ -10,7 +10,7 @@ CFLAGS += -O3
 CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
 CFLAGS += -DALLOW_EXPERIMENTAL_API
 LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
-LDLIBS += -lrte_cryptodev -lrte_security
+LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash
 
 EXPORT_MAP := rte_ipsec_version.map
 
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 703be65..e16c7d9 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -2,10 +2,53 @@
  * Copyright(c) 2019 Intel Corporation
  */
 
+#include <rte_eal_memconfig.h>
 #include <rte_errno.h>
+#include <rte_hash.h>
+#include <rte_jhash.h>
+#include <rte_malloc.h>
+#include <rte_random.h>
+#include <rte_rwlock.h>
+#include <rte_tailq.h>
 
 #include "rte_ipsec_sad.h"
 
+/*
+ * Rules are stored in three hash tables depending on key_type.
+ * Each rule will also be stored in SPI_ONLY table.
+ * for each data entry within this table last two bits are reserved to
+ * indicate presence of entries with the same SPI in DIP and DIP+SIP tables.
+ */
+
+#define IPSEC_SAD_NAMESIZE	64
+#define SAD_PREFIX		"SAD_"
+/* "SAD_<name>" */
+#define SAD_FORMAT		SAD_PREFIX "%s"
+
+#define DEFAULT_HASH_FUNC	rte_jhash
+#define MIN_HASH_ENTRIES	8U /* From rte_cuckoo_hash.h */
+
+struct hash_cnt {
+	uint32_t cnt_dip;
+	uint32_t cnt_dip_sip;
+};
+
+struct rte_ipsec_sad {
+	char name[IPSEC_SAD_NAMESIZE];
+	struct rte_hash	*hash[RTE_IPSEC_SAD_KEY_TYPE_MASK];
+	/* Array to track number of more specific rules
+	 * (spi_dip or spi_dip_sip). Used only in add/delete
+	 * as a helper struct.
+	 */
+	__extension__ struct hash_cnt cnt_arr[];
+};
+
+TAILQ_HEAD(rte_ipsec_sad_list, rte_tailq_entry);
+static struct rte_tailq_elem rte_ipsec_sad_tailq = {
+	.name = "RTE_IPSEC_SAD",
+};
+EAL_REGISTER_TAILQ(rte_ipsec_sad_tailq)
+
 int
 rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,
 		__rte_unused const union rte_ipsec_sad_key *key,
@@ -23,22 +66,190 @@ rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,
 }
 
 struct rte_ipsec_sad *
-rte_ipsec_sad_create(__rte_unused const char *name,
-		__rte_unused const struct rte_ipsec_sad_conf *conf)
+rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf)
 {
-	return NULL;
+	char hash_name[RTE_HASH_NAMESIZE];
+	char sad_name[IPSEC_SAD_NAMESIZE];
+	struct rte_tailq_entry *te;
+	struct rte_ipsec_sad_list *sad_list;
+	struct rte_ipsec_sad *sad, *tmp_sad = NULL;
+	struct rte_hash_parameters hash_params = {0};
+	int ret;
+	uint32_t sa_sum;
+
+	RTE_BUILD_BUG_ON(RTE_IPSEC_SAD_KEY_TYPE_MASK != 3);
+
+	if ((name == NULL) || (conf == NULL) ||
+			((conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY] == 0) &&
+			(conf->max_sa[RTE_IPSEC_SAD_SPI_DIP] == 0) &&
+			(conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] == 0))) {
+		rte_errno = EINVAL;
+		return NULL;
+	}
+
+	ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
+	if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
+		rte_errno = ENAMETOOLONG;
+		return NULL;
+	}
+
+	/** Init SAD*/
+	sa_sum = RTE_MAX(MIN_HASH_ENTRIES,
+		conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY]) +
+		RTE_MAX(MIN_HASH_ENTRIES,
+		conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]) +
+		RTE_MAX(MIN_HASH_ENTRIES,
+		conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+	sad = rte_zmalloc_socket(NULL, sizeof(*sad) +
+		(sizeof(struct hash_cnt) * sa_sum),
+		RTE_CACHE_LINE_SIZE, conf->socket_id);
+	if (sad == NULL) {
+		rte_errno = ENOMEM;
+		return NULL;
+	}
+	memcpy(sad->name, sad_name, sizeof(sad_name));
+
+	hash_params.hash_func = DEFAULT_HASH_FUNC;
+	hash_params.hash_func_init_val = rte_rand();
+	hash_params.socket_id = conf->socket_id;
+	hash_params.name = hash_name;
+	if (conf->flags & RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY)
+		hash_params.extra_flag = RTE_HASH_EXTRA_FLAGS_RW_CONCURRENCY;
+
+	/** Init hash[RTE_IPSEC_SAD_SPI_ONLY] for SPI only */
+	snprintf(hash_name, sizeof(hash_name), "sad_1_%p", sad);
+	hash_params.key_len = sizeof(((struct rte_ipsec_sadv4_key *)0)->spi);
+	hash_params.entries = sa_sum;
+	sad->hash[RTE_IPSEC_SAD_SPI_ONLY] = rte_hash_create(&hash_params);
+	if (sad->hash[RTE_IPSEC_SAD_SPI_ONLY] == NULL) {
+		rte_ipsec_sad_destroy(sad);
+		return NULL;
+	}
+
+	/** Init hash[RTE_IPSEC_SAD_SPI_DIP] for SPI + DIP */
+	snprintf(hash_name, sizeof(hash_name), "sad_2_%p", sad);
+	if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
+		hash_params.key_len +=
+			sizeof(((struct rte_ipsec_sadv6_key *)0)->dip);
+	else
+		hash_params.key_len +=
+			sizeof(((struct rte_ipsec_sadv4_key *)0)->dip);
+	hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
+			conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]);
+	sad->hash[RTE_IPSEC_SAD_SPI_DIP] = rte_hash_create(&hash_params);
+	if (sad->hash[RTE_IPSEC_SAD_SPI_DIP] == NULL) {
+		rte_ipsec_sad_destroy(sad);
+		return NULL;
+	}
+
+	/** Init hash[[RTE_IPSEC_SAD_SPI_DIP_SIP] for SPI + DIP + SIP */
+	snprintf(hash_name, sizeof(hash_name), "sad_3_%p", sad);
+	if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
+		hash_params.key_len +=
+			sizeof(((struct rte_ipsec_sadv6_key *)0)->sip);
+	else
+		hash_params.key_len +=
+			sizeof(((struct rte_ipsec_sadv4_key *)0)->sip);
+	hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
+			conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+	sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] = rte_hash_create(&hash_params);
+	if (sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] == NULL) {
+		rte_ipsec_sad_destroy(sad);
+		return NULL;
+	}
+
+	sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+			rte_ipsec_sad_list);
+	rte_mcfg_tailq_write_lock();
+	/* guarantee there's no existing */
+	TAILQ_FOREACH(te, sad_list, next) {
+		tmp_sad = (struct rte_ipsec_sad *)te->data;
+		if (strncmp(sad_name, tmp_sad->name, IPSEC_SAD_NAMESIZE) == 0)
+			break;
+	}
+	if (te != NULL) {
+		rte_mcfg_tailq_write_unlock();
+		rte_errno = EEXIST;
+		rte_ipsec_sad_destroy(sad);
+		return NULL;
+	}
+
+	/* allocate tailq entry */
+	te = rte_zmalloc("IPSEC_SAD_TAILQ_ENTRY", sizeof(*te), 0);
+	if (te == NULL) {
+		rte_mcfg_tailq_write_unlock();
+		rte_errno = ENOMEM;
+		rte_ipsec_sad_destroy(sad);
+		return NULL;
+	}
+
+	te->data = (void *)sad;
+	TAILQ_INSERT_TAIL(sad_list, te, next);
+	rte_mcfg_tailq_write_unlock();
+	return sad;
 }
 
 struct rte_ipsec_sad *
-rte_ipsec_sad_find_existing(__rte_unused const char *name)
+rte_ipsec_sad_find_existing(const char *name)
 {
-	return NULL;
+	char sad_name[IPSEC_SAD_NAMESIZE];
+	struct rte_ipsec_sad *sad = NULL;
+	struct rte_tailq_entry *te;
+	struct rte_ipsec_sad_list *sad_list;
+	int ret;
+
+	ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
+	if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
+		rte_errno = ENAMETOOLONG;
+		return NULL;
+	}
+
+	sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+		rte_ipsec_sad_list);
+
+	rte_mcfg_tailq_read_lock();
+	TAILQ_FOREACH(te, sad_list, next) {
+		sad = (struct rte_ipsec_sad *) te->data;
+		if (strncmp(sad_name, sad->name, IPSEC_SAD_NAMESIZE) == 0)
+			break;
+	}
+	rte_mcfg_tailq_read_unlock();
+
+	if (te == NULL) {
+		rte_errno = ENOENT;
+		return NULL;
+	}
+
+	return sad;
 }
 
 void
-rte_ipsec_sad_destroy(__rte_unused struct rte_ipsec_sad *sad)
+rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad)
 {
-	return;
+	struct rte_tailq_entry *te;
+	struct rte_ipsec_sad_list *sad_list;
+
+	if (sad == NULL)
+		return;
+
+	sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+			rte_ipsec_sad_list);
+	rte_mcfg_tailq_write_lock();
+	TAILQ_FOREACH(te, sad_list, next) {
+		if (te->data == (void *)sad)
+			break;
+	}
+	if (te != NULL)
+		TAILQ_REMOVE(sad_list, te, next);
+
+	rte_mcfg_tailq_write_unlock();
+
+	rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_ONLY]);
+	rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP]);
+	rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+	rte_free(sad);
+	if (te != NULL)
+		rte_free(te);
 }
 
 int
diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
index 91b9867..7035852 100644
--- a/lib/librte_ipsec/meson.build
+++ b/lib/librte_ipsec/meson.build
@@ -7,4 +7,4 @@ sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')
 
 headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')
 
-deps += ['mbuf', 'net', 'cryptodev', 'security']
+deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash']
-- 
2.7.4


  parent reply index

Thread overview: 69+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-13 15:13 [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34           ` Akhil Goyal
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22  7:53               ` Akhil Goyal
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47           ` Vladimir Medvedkin [this message]
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21  9:57             ` Akhil Goyal
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09             ` Ananyev, Konstantin
2019-10-21  8:19             ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42           ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27     ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58   ` Ananyev, Konstantin
2019-10-01 17:24     ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30   ` Ananyev, Konstantin
2019-09-12 18:33     ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d016ecf54c8b744493985c34a60d43fc405abb06.1571322983.git.vladimir.medvedkin@intel.com \
    --to=vladimir.medvedkin@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=bernard.iremonger@intel.com \
    --cc=dev@dpdk.org \
    --cc=konstantin.ananyev@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox