From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 900CF423AF; Wed, 11 Jan 2023 21:57:02 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 460FF42D58; Wed, 11 Jan 2023 21:56:22 +0100 (CET) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id A476142D43 for ; Wed, 11 Jan 2023 21:56:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673470578; x=1705006578; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=m8kqkXJ9ngkUmnF2mgSDGB4G10UZU0EJJwwCWsomtk0=; b=HcVV+z7xt2jhClUmKTaEzQxRBOTd5TSnar1h7Jg8ZnX630UQd7uBZW1t y8Rd8OrSbxM/cLYHhmP7Xfvk06rARbAw//MLhAwp1SUPEDJLfRuIteCUR eOrU6ibIM8OjtwZ3wz6qE9mTesbqNkpoa6In9tVlNHdLgeUnqUOp/0A5S 8FCNEBC9/KjfP8rCyYE/GxJMLZDbfROO4QozBCNWT6t+xwsBbvQccO/w+ lXe4kOrse86rhSGDG4WTDob43PQaHDnkvyFZVx9KspmElI8h8A+QUKjmq M/nB+xKQFATY5ctZFKdVOocJp7d2gzSjgo6CXlwTpRyKx/oaiQmG4QQk/ A==; X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="303229788" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="303229788" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2023 12:56:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="607518881" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="607518881" Received: from silpixa00400573.ir.intel.com (HELO silpixa00400573.ger.corp.intel.com) ([10.237.222.53]) by orsmga003.jf.intel.com with ESMTP; 11 Jan 2023 12:56:17 -0800 From: Cristian Dumitrescu To: dev@dpdk.org Cc: Kamalakannan R Subject: [PATCH 07/11] examples/pipeline: add IPsec CLI commands Date: Wed, 11 Jan 2023 20:56:04 +0000 Message-Id: <20230111205608.87953-8-cristian.dumitrescu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230111205608.87953-1-cristian.dumitrescu@intel.com> References: <20230111205608.87953-1-cristian.dumitrescu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add CLI commands for IPsec block configuration. Signed-off-by: Cristian Dumitrescu Signed-off-by: Kamalakannan R --- examples/pipeline/cli.c | 298 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 298 insertions(+) diff --git a/examples/pipeline/cli.c b/examples/pipeline/cli.c index 47c1adf772..efe2ff61db 100644 --- a/examples/pipeline/cli.c +++ b/examples/pipeline/cli.c @@ -18,6 +18,7 @@ #include #include #include +#include #include "cli.h" @@ -2909,6 +2910,263 @@ cmd_pipeline_mirror_session(char **tokens, } } +static const char cmd_ipsec_create_help[] = +"ipsec create " +"in out " +"cryptodev cryptoq " +"bsz " +"samax " +"numa \n"; + +static void +cmd_ipsec_create(char **tokens, + uint32_t n_tokens, + char *out, + size_t out_size, + void *obj __rte_unused) +{ + struct rte_swx_ipsec_params p; + struct rte_swx_ipsec *ipsec; + char *ipsec_instance_name; + uint32_t numa_node; + int status; + + if (n_tokens != 20) { + snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); + return; + } + + ipsec_instance_name = tokens[1]; + + if (strcmp(tokens[2], "create")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "create"); + return; + } + + if (strcmp(tokens[3], "in")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "in"); + return; + } + + p.ring_in_name = tokens[4]; + + if (strcmp(tokens[5], "out")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "out"); + return; + } + + p.ring_out_name = tokens[6]; + + if (strcmp(tokens[7], "cryptodev")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "cryptodev"); + return; + } + + p.crypto_dev_name = tokens[8]; + + if (strcmp(tokens[9], "cryptoq")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "cryptoq"); + return; + } + + if (parser_read_uint32(&p.crypto_dev_queue_pair_id, tokens[10])) { + snprintf(out, out_size, MSG_ARG_INVALID, "crypto_dev_queue_pair_id"); + return; + } + + if (strcmp(tokens[11], "bsz")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "bsz"); + return; + } + + if (parser_read_uint32(&p.bsz.ring_rd, tokens[12])) { + snprintf(out, out_size, MSG_ARG_INVALID, "ring_rd_bsz"); + return; + } + + if (parser_read_uint32(&p.bsz.ring_wr, tokens[13])) { + snprintf(out, out_size, MSG_ARG_INVALID, "ring_wr_bsz"); + return; + } + + if (parser_read_uint32(&p.bsz.crypto_wr, tokens[14])) { + snprintf(out, out_size, MSG_ARG_INVALID, "crypto_wr_bsz"); + return; + } + + if (parser_read_uint32(&p.bsz.crypto_rd, tokens[15])) { + snprintf(out, out_size, MSG_ARG_INVALID, "crypto_rd_bsz"); + return; + } + + if (strcmp(tokens[16], "samax")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "samax"); + return; + } + + if (parser_read_uint32(&p.n_sa_max, tokens[17])) { + snprintf(out, out_size, MSG_ARG_INVALID, "n_sa_max"); + return; + } + + if (strcmp(tokens[18], "numa")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "numa"); + return; + } + + if (parser_read_uint32(&numa_node, tokens[19])) { + snprintf(out, out_size, MSG_ARG_INVALID, "numa_node"); + return; + } + + status = rte_swx_ipsec_create(&ipsec, + ipsec_instance_name, + &p, + (int)numa_node); + if (status) + snprintf(out, out_size, "IPsec instance creation failed (%d).\n", status); +} + +static const char cmd_ipsec_sa_add_help[] = +"ipsec sa add \n"; + +static void +cmd_ipsec_sa_add(char **tokens, + uint32_t n_tokens, + char *out, + size_t out_size, + void *obj __rte_unused) +{ + struct rte_swx_ipsec *ipsec; + char *ipsec_instance_name, *file_name, *line = NULL; + FILE *file = NULL; + uint32_t line_id = 0; + + if (n_tokens != 5) { + snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); + return; + } + + ipsec_instance_name = tokens[1]; + ipsec = rte_swx_ipsec_find(ipsec_instance_name); + if (!ipsec) { + snprintf(out, out_size, MSG_ARG_INVALID, "ipsec_instance_name"); + goto free; + } + + if (strcmp(tokens[2], "sa")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "sa"); + goto free; + } + + if (strcmp(tokens[3], "add")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "add"); + goto free; + } + + file_name = tokens[4]; + file = fopen(file_name, "r"); + if (!file) { + snprintf(out, out_size, "Cannot open file %s.\n", file_name); + goto free; + } + + /* Buffer allocation. */ + line = malloc(MAX_LINE_SIZE); + if (!line) { + snprintf(out, out_size, MSG_OUT_OF_MEMORY); + goto free; + } + + /* File read. */ + for (line_id = 1; ; line_id++) { + struct rte_swx_ipsec_sa_params *sa; + const char *err_msg; + uint32_t sa_id = 0; + int is_blank_or_comment, status = 0; + + if (fgets(line, MAX_LINE_SIZE, file) == NULL) + break; + + /* Read SA from file. */ + sa = rte_swx_ipsec_sa_read(ipsec, line, &is_blank_or_comment, &err_msg); + if (!sa) { + if (is_blank_or_comment) + continue; + + snprintf(out, out_size, "Invalid SA in file \"%s\" at line %u: \"%s\"\n", + file_name, line_id, err_msg); + goto free; + } + + snprintf(out, out_size, "%s", line); + out_size -= strlen(out); + out += strlen(out); + + /* Add the SA to the IPsec instance. Free the SA. */ + status = rte_swx_ipsec_sa_add(ipsec, sa, &sa_id); + if (status) + snprintf(out, out_size, "\t: Error (%d)\n", status); + else + snprintf(out, out_size, "\t: OK (SA ID = %u)\n", sa_id); + out_size -= strlen(out); + out += strlen(out); + + free(sa); + if (status) + goto free; + } + +free: + if (file) + fclose(file); + free(line); +} + +static const char cmd_ipsec_sa_delete_help[] = +"ipsec sa delete \n"; + +static void +cmd_ipsec_sa_delete(char **tokens, + uint32_t n_tokens, + char *out, + size_t out_size, + void *obj __rte_unused) +{ + struct rte_swx_ipsec *ipsec; + char *ipsec_instance_name; + uint32_t sa_id; + + if (n_tokens != 5) { + snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); + return; + } + + ipsec_instance_name = tokens[1]; + ipsec = rte_swx_ipsec_find(ipsec_instance_name); + if (!ipsec) { + snprintf(out, out_size, MSG_ARG_INVALID, "ipsec_instance_name"); + return; + } + + if (strcmp(tokens[2], "sa")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "sa"); + return; + } + + if (strcmp(tokens[3], "delete")) { + snprintf(out, out_size, MSG_ARG_NOT_FOUND, "delete"); + return; + } + + if (parser_read_uint32(&sa_id, tokens[4])) { + snprintf(out, out_size, MSG_ARG_INVALID, "sa_id"); + return; + } + + rte_swx_ipsec_sa_delete(ipsec, sa_id); +} + static const char cmd_thread_pipeline_enable_help[] = "thread pipeline enable [ period ]\n"; @@ -3067,6 +3325,9 @@ cmd_help(char **tokens, "\tpipeline meter stats\n" "\tpipeline stats\n" "\tpipeline mirror session\n" + "\tipsec create\n" + "\tipsec sa add\n" + "\tipsec sa delete\n" "\tthread pipeline enable\n" "\tthread pipeline disable\n\n"); return; @@ -3291,6 +3552,26 @@ cmd_help(char **tokens, return; } + if (!strcmp(tokens[0], "ipsec") && + (n_tokens == 2) && !strcmp(tokens[1], "create")) { + snprintf(out, out_size, "\n%s\n", cmd_ipsec_create_help); + return; + } + + if (!strcmp(tokens[0], "ipsec") && + (n_tokens == 3) && !strcmp(tokens[1], "sa") + && !strcmp(tokens[2], "add")) { + snprintf(out, out_size, "\n%s\n", cmd_ipsec_sa_add_help); + return; + } + + if (!strcmp(tokens[0], "ipsec") && + (n_tokens == 3) && !strcmp(tokens[1], "sa") + && !strcmp(tokens[2], "delete")) { + snprintf(out, out_size, "\n%s\n", cmd_ipsec_sa_delete_help); + return; + } + if ((n_tokens == 3) && (strcmp(tokens[0], "thread") == 0) && (strcmp(tokens[1], "pipeline") == 0)) { @@ -3539,6 +3820,23 @@ cli_process(char *in, char *out, size_t out_size, void *obj) } } + if (!strcmp(tokens[0], "ipsec")) { + if (n_tokens >= 3 && !strcmp(tokens[2], "create")) { + cmd_ipsec_create(tokens, n_tokens, out, out_size, obj); + return; + } + + if (n_tokens >= 4 && !strcmp(tokens[2], "sa") && !strcmp(tokens[3], "add")) { + cmd_ipsec_sa_add(tokens, n_tokens, out, out_size, obj); + return; + } + + if (n_tokens >= 4 && !strcmp(tokens[2], "sa") && !strcmp(tokens[3], "delete")) { + cmd_ipsec_sa_delete(tokens, n_tokens, out, out_size, obj); + return; + } + } + if (strcmp(tokens[0], "thread") == 0) { if ((n_tokens >= 5) && (strcmp(tokens[4], "enable") == 0)) { -- 2.34.1