From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id AACCDA0524; Mon, 24 Feb 2020 15:13:06 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AFCBB1BE85; Mon, 24 Feb 2020 15:13:05 +0100 (CET) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140041.outbound.protection.outlook.com [40.107.14.41]) by dpdk.org (Postfix) with ESMTP id 30BCC2C39 for ; Mon, 24 Feb 2020 15:13:04 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I1n+I2jcbWYAmKH7za6MC+r3YR2eFKQ07M+Uqk7d5AR5GNqaqnqGBg+t4U5HAaBCedzSlXtpbX2wrNk0scHB2UXDDM+RmcBr7JNARL3mnuEYOu8WIkXZWmb5IAsRc3psE9CotBw2AuMbvCpRc/wRxbkbqyN8V1xcMpZOkWJufxX5YN3/fDaj5TBndW3fcbfyWbPtkM0nd41MZGlu+qltkrj+jix1anclmZwxmaf7fMxBhsUOb87yF1au3XysXriLvndhaqD7SLoIgcIvMj+7Q/Cs8slvSrFYQGW2BkQQW5MNbfh0Y4AX+/m425bV4Vs0wVaSQiFM1cHIz7Pm7uDnuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qVwmEUPZ6Kmu9cWr3TWyHWUjqpgI5X93PLx/ebTcQUM=; b=H3NAfQYIaiFbwGbjHS986NLH18tZK11UfYmAbeecgmhWVLzBPl/tLG/FtDWCK5VL4VbSuvb+CmKsXBKv/jSxwo+BTYs8p0r1ah+v67gycD9QXAorA0x2GA2yF3wdAYmR298yA0Zs9jyvkOWpJfiZUrvyhVyb6xOrLgE6cNtZSLQOPRMsNhepMmvrl+LoPe2Epmmc4T02cNIC8yCHA956lhrEC9gxRymH0eeQZ+RGdxW6mLWHePITHKYNIRkL1Nev2tlclGJ6xcYhPnYh8hWTu3LGOyL8jZ0dqsc6MvR3nFX6M6gzcKNaBLWJvThGZQbOzZ9PTrVqL1OZS1KVe93cBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qVwmEUPZ6Kmu9cWr3TWyHWUjqpgI5X93PLx/ebTcQUM=; b=cIdjQg9Ohwh/YkuQAWvraBgvjXEsmtxXJFwn0yAdNEDYeaC1Z3A3CqZ8pO/NBbIhXvD2gXde6pNtXfjZZiYfx98nlV1faxinTjoHB1zYuKAHeOSlkShHlbtbBjkbhIK5e3zfpmmA3KrZXQ1Utzs1JY1Yj0pvKRlIYqh+0iOo2p4= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6750.eurprd04.prod.outlook.com (20.179.234.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.22; Mon, 24 Feb 2020 14:13:03 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1%7]) with mapi id 15.20.2750.021; Mon, 24 Feb 2020 14:13:03 +0000 From: Akhil Goyal To: Lukasz Bartosik , Anoob Joseph CC: Jerin Jacob , Narayana Prasad , Ankur Dwivedi , Archana Muniganti , Tejasree Kondoj , Vamsi Attunuru , Konstantin Ananyev , "dev@dpdk.org" , Thomas Monjalon , Radu Nicolau Thread-Topic: [PATCH v4 12/15] examples/ipsec-secgw: add app mode worker Thread-Index: AQHV58QqKv2GvNxm0k2lwun2ZPSSW6gqYQpw Date: Mon, 24 Feb 2020 14:13:03 +0000 Message-ID: References: <1580824721-21527-1-git-send-email-lbartosik@marvell.com> <1582185727-6749-1-git-send-email-lbartosik@marvell.com> <1582185727-6749-13-git-send-email-lbartosik@marvell.com> In-Reply-To: <1582185727-6749-13-git-send-email-lbartosik@marvell.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.69] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: fadaaec1-591d-494d-3c37-08d7b933a957 x-ms-traffictypediagnostic: VE1PR04MB6750: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-forefront-prvs: 032334F434 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(136003)(346002)(39860400002)(396003)(199004)(189003)(478600001)(71200400001)(33656002)(30864003)(7696005)(6506007)(7416002)(86362001)(44832011)(186003)(64756008)(110136005)(5660300002)(2906002)(316002)(26005)(55016002)(9686003)(81166006)(8936002)(66946007)(66446008)(66556008)(66476007)(52536014)(54906003)(4326008)(81156014)(8676002)(76116006); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6750; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GSQCe1yQmySdsxtPicn2TL1B6LgvK/1dh9IwY+hTMI2f9e7sP5eN5tgmAeU3F1f7IVxvcrSBKnMF/yQdeCZVH6cxlCWJwlTkI2hUU0M8gLny65smGyA0Tgob8iW3Wyg8Z6wep5jI44hefA9SJUQmnVovy2IfVnK4NBKCvFbKpYHw7lgAthVV5tKjPZ/4xoLoLu2/TJFPksOPqZdSI3drVtjTtLX8QrBtckEKUdYyAT5mhj1C7HpqMnV5MybidYbDN0Nh2x7MS9JmERGa5R+Xm1yBoYk5j4p0pbq3fDPfURWQMkrclRYqL5YhOpeyLUgML3kF1/1F7/jlZPINZpk+5UBTbTWIQ6nvf7qSB2AWpsS3MWHtJEvNFKhv11s/yoNyi+i48iYDwiA7Q2EdZX6z/wtLyBWIovas2eouUiGm1QakqezrFdu5IK0XfiZYrLaQ x-ms-exchange-antispam-messagedata: K7T+NtIl0O6SZaQiAvZBcMt6HXR2XwuQTyXxnP/0pIdGwopQvUgbwH0t7WNPKnjcDtjJFeNbCNjJtlSEnKwyEUClf2KJZL7jWUhpxI5U1hJaWzLnwOJ2n+UCxnkA0AtR9GImvDodp+30611nq2LLuQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: fadaaec1-591d-494d-3c37-08d7b933a957 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Feb 2020 14:13:03.0712 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: P1Q5QYssjrLnkgPYpwLrKfrCkwK2WrwHkFxZJOOK+oWLOKXYqSAXLuF/xKwqA0ubqdBYuAYSYJITsyyShJHctw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6750 Subject: Re: [dpdk-dev] [PATCH v4 12/15] examples/ipsec-secgw: add app mode worker X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Lukasz/Anoob, >=20 > Add application inbound/outbound worker thread and > IPsec application processing code for event mode. >=20 > Example ipsec-secgw command in app mode: > ipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=3D128 > -w 0002:03:00.0,ipsec_in_max_spi=3D128 -w 0002:0e:00.0 -w 0002:10:00.1 > --log-level=3D8 -c 0x1 -- -P -p 0x3 -u 0x1 --config "(1,0,0),(0,0,0)" > -f aes-gcm.cfg --transfer-mode event --event-schedule-type parallel >=20 > Signed-off-by: Anoob Joseph > Signed-off-by: Ankur Dwivedi > Signed-off-by: Lukasz Bartosik > --- ... > +static inline enum pkt_type > +process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp) > +{ > + struct rte_ether_hdr *eth; > + > + eth =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); > + if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) { > + *nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN + > + offsetof(struct ip, ip_p)); > + if (**nlp =3D=3D IPPROTO_ESP) > + return PKT_TYPE_IPSEC_IPV4; > + else > + return PKT_TYPE_PLAIN_IPV4; > + } else if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)= ) > { > + *nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN + > + offsetof(struct ip6_hdr, ip6_nxt)); > + if (**nlp =3D=3D IPPROTO_ESP) > + return PKT_TYPE_IPSEC_IPV6; > + else > + return PKT_TYPE_PLAIN_IPV6; > + } > + > + /* Unknown/Unsupported type */ > + return PKT_TYPE_INVALID; > +} > + > +static inline void > +update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid) > +{ > + struct rte_ether_hdr *ethhdr; > + > + ethhdr =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *); > + memcpy(ðhdr->s_addr, ðaddr_tbl[portid].src, > RTE_ETHER_ADDR_LEN); > + memcpy(ðhdr->d_addr, ðaddr_tbl[portid].dst, > RTE_ETHER_ADDR_LEN); > +} >=20 > static inline void > ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id) > @@ -61,6 +101,290 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out, > } > } >=20 > +static inline int > +check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx) > +{ > + uint32_t res; > + > + if (unlikely(sp =3D=3D NULL)) > + return 0; > + > + rte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1, > + DEFAULT_MAX_CATEGORIES); > + > + if (unlikely(res =3D=3D 0)) { > + /* No match */ > + return 0; > + } > + > + if (res =3D=3D DISCARD) > + return 0; > + else if (res =3D=3D BYPASS) { > + *sa_idx =3D -1; > + return 1; > + } > + > + *sa_idx =3D res - 1; > + return 1; > +} > + > +static inline uint16_t > +route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) > +{ > + uint32_t dst_ip; > + uint16_t offset; > + uint32_t hop; > + int ret; > + > + offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst); > + dst_ip =3D *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset); > + dst_ip =3D rte_be_to_cpu_32(dst_ip); > + > + ret =3D rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip, &hop); > + > + if (ret =3D=3D 0) { > + /* We have a hit */ > + return hop; > + } > + > + /* else */ > + return RTE_MAX_ETHPORTS; > +} > + > +/* TODO: To be tested */ > +static inline uint16_t > +route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx) > +{ > + uint8_t dst_ip[16]; > + uint8_t *ip6_dst; > + uint16_t offset; > + uint32_t hop; > + int ret; > + > + offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr, ip6_dst); > + ip6_dst =3D rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset); > + memcpy(&dst_ip[0], ip6_dst, 16); > + > + ret =3D rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip, &hop); > + > + if (ret =3D=3D 0) { > + /* We have a hit */ > + return hop; > + } > + > + /* else */ > + return RTE_MAX_ETHPORTS; > +} > + > +static inline uint16_t > +get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type ty= pe) > +{ > + if (type =3D=3D PKT_TYPE_PLAIN_IPV4 || type =3D=3D PKT_TYPE_IPSEC_IPV4) > + return route4_pkt(pkt, rt->rt4_ctx); > + else if (type =3D=3D PKT_TYPE_PLAIN_IPV6 || type =3D=3D PKT_TYPE_IPSEC_= IPV6) > + return route6_pkt(pkt, rt->rt6_ctx); > + > + return RTE_MAX_ETHPORTS; > +} Is it not possible to use the existing functions for finding routes, checki= ng packet types and checking security policies. It will be very difficult to manage two separate functions for same work. I= can see that the pkt->data_offs=20 Are not required to be updated in the inline case, but can we split the exi= sting functions in two so that they can be=20 Called in the appropriate cases. As you have said in the cover note as well to add lookaside protocol suppor= t. I also tried adding it, and it will get very Difficult to manage separate functions for separate code paths. > + > +static inline int > +process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt, > + struct rte_event *ev) > +{ > + struct ipsec_sa *sa =3D NULL; > + struct rte_mbuf *pkt; > + uint16_t port_id =3D 0; > + enum pkt_type type; > + uint32_t sa_idx; > + uint8_t *nlp; > + > + /* Get pkt from event */ > + pkt =3D ev->mbuf; > + > + /* Check the packet type */ > + type =3D process_ipsec_get_pkt_type(pkt, &nlp); > + > + switch (type) { > + case PKT_TYPE_PLAIN_IPV4: > + if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) { > + if (unlikely(pkt->ol_flags & > + PKT_RX_SEC_OFFLOAD_FAILED)) { > + RTE_LOG(ERR, IPSEC, > + "Inbound security offload failed\n"); > + goto drop_pkt_and_exit; > + } > + sa =3D pkt->userdata; > + } > + > + /* Check if we have a match */ > + if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + > + case PKT_TYPE_PLAIN_IPV6: > + if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) { > + if (unlikely(pkt->ol_flags & > + PKT_RX_SEC_OFFLOAD_FAILED)) { > + RTE_LOG(ERR, IPSEC, > + "Inbound security offload failed\n"); > + goto drop_pkt_and_exit; > + } > + sa =3D pkt->userdata; > + } > + > + /* Check if we have a match */ > + if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + > + default: > + RTE_LOG(ERR, IPSEC, "Unsupported packet type =3D %d\n", type); > + goto drop_pkt_and_exit; > + } > + > + /* Check if the packet has to be bypassed */ > + if (sa_idx =3D=3D BYPASS) > + goto route_and_send_pkt; > + > + /* Validate sa_idx */ > + if (sa_idx >=3D ctx->sa_ctx->nb_sa) > + goto drop_pkt_and_exit; > + > + /* Else the packet has to be protected with SA */ > + > + /* If the packet was IPsec processed, then SA pointer should be set */ > + if (sa =3D=3D NULL) > + goto drop_pkt_and_exit; > + > + /* SPI on the packet should match with the one in SA */ > + if (unlikely(sa->spi !=3D ctx->sa_ctx->sa[sa_idx].spi)) > + goto drop_pkt_and_exit; > + > +route_and_send_pkt: > + port_id =3D get_route(pkt, rt, type); > + if (unlikely(port_id =3D=3D RTE_MAX_ETHPORTS)) { > + /* no match */ > + goto drop_pkt_and_exit; > + } > + /* else, we have a matching route */ > + > + /* Update mac addresses */ > + update_mac_addrs(pkt, port_id); > + > + /* Update the event with the dest port */ > + ipsec_event_pre_forward(pkt, port_id); > + return 1; > + > +drop_pkt_and_exit: > + RTE_LOG(ERR, IPSEC, "Inbound packet dropped\n"); > + rte_pktmbuf_free(pkt); > + ev->mbuf =3D NULL; > + return 0; > +} > + > +static inline int > +process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt, > + struct rte_event *ev) > +{ > + struct rte_ipsec_session *sess; > + struct sa_ctx *sa_ctx; > + struct rte_mbuf *pkt; > + uint16_t port_id =3D 0; > + struct ipsec_sa *sa; > + enum pkt_type type; > + uint32_t sa_idx; > + uint8_t *nlp; > + > + /* Get pkt from event */ > + pkt =3D ev->mbuf; > + > + /* Check the packet type */ > + type =3D process_ipsec_get_pkt_type(pkt, &nlp); > + > + switch (type) { > + case PKT_TYPE_PLAIN_IPV4: > + /* Check if we have a match */ > + if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + case PKT_TYPE_PLAIN_IPV6: > + /* Check if we have a match */ > + if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) =3D=3D 0) { > + /* No valid match */ > + goto drop_pkt_and_exit; > + } > + break; > + default: > + /* > + * Only plain IPv4 & IPv6 packets are allowed > + * on protected port. Drop the rest. > + */ > + RTE_LOG(ERR, IPSEC, "Unsupported packet type =3D %d\n", type); > + goto drop_pkt_and_exit; > + } > + > + /* Check if the packet has to be bypassed */ > + if (sa_idx =3D=3D BYPASS) { > + port_id =3D get_route(pkt, rt, type); > + if (unlikely(port_id =3D=3D RTE_MAX_ETHPORTS)) { > + /* no match */ > + goto drop_pkt_and_exit; > + } > + /* else, we have a matching route */ > + goto send_pkt; > + } > + > + /* Validate sa_idx */ > + if (sa_idx >=3D ctx->sa_ctx->nb_sa) > + goto drop_pkt_and_exit; > + > + /* Else the packet has to be protected */ > + > + /* Get SA ctx*/ > + sa_ctx =3D ctx->sa_ctx; > + > + /* Get SA */ > + sa =3D &(sa_ctx->sa[sa_idx]); > + > + /* Get IPsec session */ > + sess =3D ipsec_get_primary_session(sa); > + > + /* Allow only inline protocol for now */ > + if (sess->type !=3D RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { > + RTE_LOG(ERR, IPSEC, "SA type not supported\n"); > + goto drop_pkt_and_exit; > + } > + > + if (sess->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) > + pkt->userdata =3D sess->security.ses; > + > + /* Mark the packet for Tx security offload */ > + pkt->ol_flags |=3D PKT_TX_SEC_OFFLOAD; > + > + /* Get the port to which this pkt need to be submitted */ > + port_id =3D sa->portid; > + > +send_pkt: > + /* Update mac addresses */ > + update_mac_addrs(pkt, port_id); > + > + /* Update the event with the dest port */ > + ipsec_event_pre_forward(pkt, port_id); How is IP checksum getting updated for the processed packet. If the hardware is not updating it, should we add a fallback mechanism for = SW based Checksum update. > + return 1; It will be better to use some MACROS while returning Like #define PKT_FORWARD 1 #define PKT_DROPPED 0 #define PKT_POSTED 2 /*may be for lookaside cases */ > + > +drop_pkt_and_exit: > + RTE_LOG(ERR, IPSEC, "Outbound packet dropped\n"); > + rte_pktmbuf_free(pkt); > + ev->mbuf =3D NULL; > + return 0; > +} > + > /* > * Event mode exposes various operating modes depending on the > * capabilities of the event device and the operating mode > @@ -68,7 +392,7 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out, > */ >=20 > /* Workers registered */ > -#define IPSEC_EVENTMODE_WORKERS 1 > +#define IPSEC_EVENTMODE_WORKERS 2 >=20 > /* > * Event mode worker > @@ -146,7 +470,7 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct > eh_event_link_info *links, > } >=20 > /* Save security session */ > - pkt->udata64 =3D (uint64_t) sess_tbl[port_id]; > + pkt->userdata =3D sess_tbl[port_id]; >=20 > /* Mark the packet for Tx security offload */ > pkt->ol_flags |=3D PKT_TX_SEC_OFFLOAD; > @@ -165,6 +489,94 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct > eh_event_link_info *links, > } > } >=20 > +/* > + * Event mode worker > + * Operating parameters : non-burst - Tx internal port - app mode > + */ > +static void > +ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links, > + uint8_t nb_links) > +{ > + struct lcore_conf_ev_tx_int_port_wrkr lconf; > + unsigned int nb_rx =3D 0; > + struct rte_event ev; > + uint32_t lcore_id; > + int32_t socket_id; > + int ret; > + > + /* Check if we have links registered for this lcore */ > + if (nb_links =3D=3D 0) { > + /* No links registered - exit */ > + return; > + } > + > + /* We have valid links */ > + > + /* Get core ID */ > + lcore_id =3D rte_lcore_id(); > + > + /* Get socket ID */ > + socket_id =3D rte_lcore_to_socket_id(lcore_id); > + > + /* Save routing table */ > + lconf.rt.rt4_ctx =3D socket_ctx[socket_id].rt_ip4; > + lconf.rt.rt6_ctx =3D socket_ctx[socket_id].rt_ip6; > + lconf.inbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_in; > + lconf.inbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_in; > + lconf.inbound.sa_ctx =3D socket_ctx[socket_id].sa_in; > + lconf.inbound.session_pool =3D socket_ctx[socket_id].session_pool; Session_priv_pool should also be added for both inbound and outbound > + lconf.outbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_out; > + lconf.outbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_out; > + lconf.outbound.sa_ctx =3D socket_ctx[socket_id].sa_out; > + lconf.outbound.session_pool =3D socket_ctx[socket_id].session_pool; > + > + RTE_LOG(INFO, IPSEC, > + "Launching event mode worker (non-burst - Tx internal port - " > + "app mode) on lcore %d\n", lcore_id); > + > + /* Check if it's single link */ > + if (nb_links !=3D 1) { > + RTE_LOG(INFO, IPSEC, > + "Multiple links not supported. Using first link\n"); > + } > + > + RTE_LOG(INFO, IPSEC, " -- lcoreid=3D%u event_port_id=3D%u\n", lcore_id, > + links[0].event_port_id); > + > + while (!force_quit) { > + /* Read packet from event queues */ > + nb_rx =3D rte_event_dequeue_burst(links[0].eventdev_id, > + links[0].event_port_id, > + &ev, /* events */ > + 1, /* nb_events */ > + 0 /* timeout_ticks */); > + > + if (nb_rx =3D=3D 0) > + continue; > + Event type should be checked here before dereferencing it. > + if (is_unprotected_port(ev.mbuf->port)) > + ret =3D process_ipsec_ev_inbound(&lconf.inbound, > + &lconf.rt, &ev); > + else > + ret =3D process_ipsec_ev_outbound(&lconf.outbound, > + &lconf.rt, &ev); > + if (ret !=3D 1) > + /* The pkt has been dropped */ > + continue; > + > + /* > + * Since tx internal port is available, events can be > + * directly enqueued to the adapter and it would be > + * internally submitted to the eth device. > + */ > + rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id, > + links[0].event_port_id, > + &ev, /* events */ > + 1, /* nb_events */ > + 0 /* flags */); > + } > +} > + > static uint8_t > ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params > *wrkrs) > { > @@ -180,6 +592,14 @@ ipsec_eventmode_populate_wrkr_params(struct > eh_app_worker_params *wrkrs) > wrkr->cap.ipsec_mode =3D EH_IPSEC_MODE_TYPE_DRIVER; > wrkr->worker_thread =3D ipsec_wrkr_non_burst_int_port_drv_mode; > wrkr++; > + nb_wrkr_param++; > + > + /* Non-burst - Tx internal port - app mode */ > + wrkr->cap.burst =3D EH_RX_TYPE_NON_BURST; > + wrkr->cap.tx_internal_port =3D EH_TX_TYPE_INTERNAL_PORT; > + wrkr->cap.ipsec_mode =3D EH_IPSEC_MODE_TYPE_APP; > + wrkr->worker_thread =3D ipsec_wrkr_non_burst_int_port_app_mode; > + nb_wrkr_param++; >=20 > return nb_wrkr_param; > } > diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec- > secgw/ipsec_worker.h > new file mode 100644 > index 0000000..87b4f22 > --- /dev/null > +++ b/examples/ipsec-secgw/ipsec_worker.h > @@ -0,0 +1,35 @@ > +/* SPDX-License-Identifier: BSD-3-Clause > + * Copyright (C) 2020 Marvell International Ltd. > + */ > +#ifndef _IPSEC_WORKER_H_ > +#define _IPSEC_WORKER_H_ > + > +#include "ipsec.h" > + > +enum pkt_type { > + PKT_TYPE_PLAIN_IPV4 =3D 1, > + PKT_TYPE_IPSEC_IPV4, > + PKT_TYPE_PLAIN_IPV6, > + PKT_TYPE_IPSEC_IPV6, > + PKT_TYPE_INVALID > +}; > + > +struct route_table { > + struct rt_ctx *rt4_ctx; > + struct rt_ctx *rt6_ctx; > +}; > + > +/* > + * Conf required by event mode worker with tx internal port > + */ > +struct lcore_conf_ev_tx_int_port_wrkr { > + struct ipsec_ctx inbound; > + struct ipsec_ctx outbound; > + struct route_table rt; > +} __rte_cache_aligned; > + > +void ipsec_poll_mode_worker(void); > + > +int ipsec_launch_one_lcore(void *args); > + > +#endif /* _IPSEC_WORKER_H_ */ > -- > 2.7.4