From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "Iremonger, Bernard" <bernard.iremonger@intel.com>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Subject: Re: [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation
Date: Wed, 9 Oct 2019 10:56:20 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB97725801919742F8@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <25a56d88da57c64c7ee3a3ca352efa0e332c4402.1570553345.git.vladimir.medvedkin@intel.com>
> Replace rte_ipsec_sad_create(), rte_ipsec_sad_destroy() and
> rte_ipsec_sad_find_existing() API stubs with actual
> implementation.
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
> lib/librte_ipsec/Makefile | 2 +-
> lib/librte_ipsec/ipsec_sad.c | 225 +++++++++++++++++++++++++++++++++++++++++--
> lib/librte_ipsec/meson.build | 2 +-
> 3 files changed, 220 insertions(+), 9 deletions(-)
>
> diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
> index 5aaab72..81fb999 100644
> --- a/lib/librte_ipsec/Makefile
> +++ b/lib/librte_ipsec/Makefile
> @@ -10,7 +10,7 @@ CFLAGS += -O3
> CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
> CFLAGS += -DALLOW_EXPERIMENTAL_API
> LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
> -LDLIBS += -lrte_cryptodev -lrte_security
> +LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash
>
> EXPORT_MAP := rte_ipsec_version.map
>
> diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
> index 703be65..1a26cff 100644
> --- a/lib/librte_ipsec/ipsec_sad.c
> +++ b/lib/librte_ipsec/ipsec_sad.c
> @@ -2,10 +2,53 @@
> * Copyright(c) 2019 Intel Corporation
> */
>
> +#include <rte_eal_memconfig.h>
> #include <rte_errno.h>
> +#include <rte_hash.h>
> +#include <rte_jhash.h>
> +#include <rte_malloc.h>
> +#include <rte_random.h>
> +#include <rte_rwlock.h>
> +#include <rte_tailq.h>
>
> #include "rte_ipsec_sad.h"
>
> +/*
> + * Rules are stored in three hash tables depending on key_type.
> + * Each rule will also be stored in SPI_ONLY table.
> + * for each data entry within this table last two bits are reserved to
> + * indicate presence of entries with the same SPI in DIP and DIP+SIP tables.
> + */
> +
> +#define IPSEC_SAD_NAMESIZE 64
> +#define SAD_PREFIX "SAD_"
> +/* "SAD_<name>" */
> +#define SAD_FORMAT SAD_PREFIX "%s"
> +
> +#define DEFAULT_HASH_FUNC rte_jhash
> +#define MIN_HASH_ENTRIES 8U /* From rte_cuckoo_hash.h */
> +
> +struct hash_cnt {
> + uint32_t cnt_dip;
> + uint32_t cnt_dip_sip;
> +};
> +
> +struct rte_ipsec_sad {
> + char name[IPSEC_SAD_NAMESIZE];
> + struct rte_hash *hash[RTE_IPSEC_SAD_KEY_TYPE_MASK];
> + /* Array to track number of more specific rules
> + * (spi_dip or spi_dip_sip). Used only in add/delete
> + * as a helper struct.
> + */
> + __extension__ struct hash_cnt cnt_arr[];
> +};
> +
> +TAILQ_HEAD(rte_ipsec_sad_list, rte_tailq_entry);
> +static struct rte_tailq_elem rte_ipsec_sad_tailq = {
> + .name = "RTE_IPSEC_SAD",
> +};
> +EAL_REGISTER_TAILQ(rte_ipsec_sad_tailq)
> +
> int
> rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,
> __rte_unused const union rte_ipsec_sad_key *key,
> @@ -23,22 +66,190 @@ rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,
> }
>
> struct rte_ipsec_sad *
> -rte_ipsec_sad_create(__rte_unused const char *name,
> - __rte_unused const struct rte_ipsec_sad_conf *conf)
> +rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf)
> {
> - return NULL;
> + char hash_name[RTE_HASH_NAMESIZE];
> + char sad_name[IPSEC_SAD_NAMESIZE];
> + struct rte_tailq_entry *te;
> + struct rte_ipsec_sad_list *sad_list;
> + struct rte_ipsec_sad *sad, *tmp_sad = NULL;
> + struct rte_hash_parameters hash_params = {0};
> + int ret;
> + uint32_t sa_sum;
> +
> + RTE_BUILD_BUG_ON(RTE_IPSEC_SAD_KEY_TYPE_MASK != 3);
> +
> + if ((name == NULL) || (conf == NULL) ||
> + ((conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY] == 0) &&
> + (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP] == 0) &&
> + (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] == 0))) {
> + rte_errno = EINVAL;
> + return NULL;
> + }
> +
> + ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
> + if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
> + rte_errno = ENAMETOOLONG;
> + return NULL;
> + }
> +
> + /** Init SAD*/
> + sa_sum = RTE_MAX(MIN_HASH_ENTRIES,
> + conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY]) +
> + RTE_MAX(MIN_HASH_ENTRIES,
> + conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]) +
> + RTE_MAX(MIN_HASH_ENTRIES,
> + conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
> + sad = rte_zmalloc_socket(NULL, sizeof(*sad) +
> + (sizeof(struct hash_cnt) * sa_sum),
> + RTE_CACHE_LINE_SIZE, conf->socket_id);
> + if (sad == NULL) {
> + rte_errno = ENOMEM;
> + return NULL;
> + }
> + memcpy(sad->name, sad_name, sizeof(sad_name));
> +
> + hash_params.hash_func = DEFAULT_HASH_FUNC;
> + hash_params.hash_func_init_val = rte_rand();
> + hash_params.socket_id = conf->socket_id;
> + hash_params.name = hash_name;
> + if (conf->flags & RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY)
> + hash_params.extra_flag = RTE_HASH_EXTRA_FLAGS_RW_CONCURRENCY;
> +
> + /** Init hash[RTE_IPSEC_SAD_SPI_ONLY] for SPI only */
> + snprintf(hash_name, sizeof(hash_name), "sad_1_%p", sad);
> + hash_params.key_len = sizeof(((struct rte_ipsec_sadv4_key *)0)->spi);
> + hash_params.entries = sa_sum;
> + sad->hash[RTE_IPSEC_SAD_SPI_ONLY] = rte_hash_create(&hash_params);
> + if (sad->hash[RTE_IPSEC_SAD_SPI_ONLY] == NULL) {
> + rte_ipsec_sad_destroy(sad);
> + return NULL;
> + }
> +
> + /** Init hash[RTE_IPSEC_SAD_SPI_DIP] for SPI + DIP */
> + snprintf(hash_name, sizeof(hash_name), "sad_2_%p", sad);
> + if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
> + hash_params.key_len +=
> + sizeof(((struct rte_ipsec_sadv6_key *)0)->dip);
> + else
> + hash_params.key_len +=
> + sizeof(((struct rte_ipsec_sadv4_key *)0)->dip);
> + hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
> + conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]);
> + sad->hash[RTE_IPSEC_SAD_SPI_DIP] = rte_hash_create(&hash_params);
> + if (sad->hash[RTE_IPSEC_SAD_SPI_DIP] == NULL) {
> + rte_ipsec_sad_destroy(sad);
> + return NULL;
> + }
> +
> + /** Init hash[[RTE_IPSEC_SAD_SPI_DIP_SIP] for SPI + DIP + SIP */
> + snprintf(hash_name, sizeof(hash_name), "sad_3_%p", name);
I think it should be:
snprintf(hash_name, sizeof(hash_name), "sad_3_%p", sad);
Apart from that:
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> + if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
> + hash_params.key_len +=
> + sizeof(((struct rte_ipsec_sadv6_key *)0)->sip);
> + else
> + hash_params.key_len +=
> + sizeof(((struct rte_ipsec_sadv4_key *)0)->sip);
> + hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
> + conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
> + sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] = rte_hash_create(&hash_params);
> + if (sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] == NULL) {
> + rte_ipsec_sad_destroy(sad);
> + return NULL;
> + }
> +
> + sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
> + rte_ipsec_sad_list);
> + rte_mcfg_tailq_write_lock();
> + /* guarantee there's no existing */
> + TAILQ_FOREACH(te, sad_list, next) {
> + tmp_sad = (struct rte_ipsec_sad *)te->data;
> + if (strncmp(sad_name, tmp_sad->name, IPSEC_SAD_NAMESIZE) == 0)
> + break;
> + }
> + if (te != NULL) {
> + rte_mcfg_tailq_write_unlock();
> + rte_errno = EEXIST;
> + rte_ipsec_sad_destroy(sad);
> + return NULL;
> + }
> +
> + /* allocate tailq entry */
> + te = rte_zmalloc("IPSEC_SAD_TAILQ_ENTRY", sizeof(*te), 0);
> + if (te == NULL) {
> + rte_mcfg_tailq_write_unlock();
> + rte_errno = ENOMEM;
> + rte_ipsec_sad_destroy(sad);
> + return NULL;
> + }
> +
> + te->data = (void *)sad;
> + TAILQ_INSERT_TAIL(sad_list, te, next);
> + rte_mcfg_tailq_write_unlock();
> + return sad;
> }
>
> struct rte_ipsec_sad *
> -rte_ipsec_sad_find_existing(__rte_unused const char *name)
> +rte_ipsec_sad_find_existing(const char *name)
> {
> - return NULL;
> + char sad_name[IPSEC_SAD_NAMESIZE];
> + struct rte_ipsec_sad *sad = NULL;
> + struct rte_tailq_entry *te;
> + struct rte_ipsec_sad_list *sad_list;
> + int ret;
> +
> + ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
> + if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
> + rte_errno = ENAMETOOLONG;
> + return NULL;
> + }
> +
> + sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
> + rte_ipsec_sad_list);
> +
> + rte_mcfg_tailq_read_lock();
> + TAILQ_FOREACH(te, sad_list, next) {
> + sad = (struct rte_ipsec_sad *) te->data;
> + if (strncmp(sad_name, sad->name, IPSEC_SAD_NAMESIZE) == 0)
> + break;
> + }
> + rte_mcfg_tailq_read_unlock();
> +
> + if (te == NULL) {
> + rte_errno = ENOENT;
> + return NULL;
> + }
> +
> + return sad;
> }
>
> void
> -rte_ipsec_sad_destroy(__rte_unused struct rte_ipsec_sad *sad)
> +rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad)
> {
> - return;
> + struct rte_tailq_entry *te;
> + struct rte_ipsec_sad_list *sad_list;
> +
> + if (sad == NULL)
> + return;
> +
> + sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
> + rte_ipsec_sad_list);
> + rte_mcfg_tailq_write_lock();
> + TAILQ_FOREACH(te, sad_list, next) {
> + if (te->data == (void *)sad)
> + break;
> + }
> + if (te != NULL)
> + TAILQ_REMOVE(sad_list, te, next);
> +
> + rte_mcfg_tailq_write_unlock();
> +
> + rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_ONLY]);
> + rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP]);
> + rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP]);
> + rte_free(sad);
> + if (te != NULL)
> + rte_free(te);
> }
>
> int
> diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
> index 91b9867..7035852 100644
> --- a/lib/librte_ipsec/meson.build
> +++ b/lib/librte_ipsec/meson.build
> @@ -7,4 +7,4 @@ sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')
>
> headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')
>
> -deps += ['mbuf', 'net', 'cryptodev', 'security']
> +deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash']
> --
> 2.7.4
next prev parent reply other threads:[~2019-10-09 10:56 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 15:13 [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34 ` Akhil Goyal
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22 7:53 ` Akhil Goyal
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21 9:57 ` Akhil Goyal
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09 ` Ananyev, Konstantin
2019-10-21 8:19 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56 ` Ananyev, Konstantin [this message]
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58 ` Ananyev, Konstantin
2019-10-01 17:24 ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30 ` Ananyev, Konstantin
2019-09-12 18:33 ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB97725801919742F8@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=vladimir.medvedkin@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).