[dpdk-dev] [PATCH v2 4/9] examples/ipsec-secgw: rework ipsec execution loop
Sergio Gonzalez Monroy
sergio.gonzalez.monroy at intel.com
Wed May 18 14:42:05 CEST 2016
Rework implementation moving from function pointers approach, where each
function implements very specific functionality, to a generic function
approach.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
---
examples/ipsec-secgw/esp.c | 8 +-
examples/ipsec-secgw/esp.h | 9 +-
examples/ipsec-secgw/ipsec.c | 36 ++++--
examples/ipsec-secgw/ipsec.h | 2 -
examples/ipsec-secgw/sa.c | 272 ++++++++++++++++++-------------------------
5 files changed, 145 insertions(+), 182 deletions(-)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 7dce78c..b423080 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -69,7 +69,7 @@ random_iv_u64(uint64_t *buf, uint16_t n)
/* IPv4 Tunnel */
int
-esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop)
{
int32_t payload_len;
@@ -117,7 +117,7 @@ esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
}
int
-esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop)
{
uint8_t *nexthdr, *pad_len;
@@ -155,7 +155,7 @@ esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
}
int
-esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop)
{
uint16_t pad_payload_len, pad_len;
@@ -234,7 +234,7 @@ esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
}
int
-esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m __rte_unused,
+esp_outbound_post(struct rte_mbuf *m __rte_unused,
struct ipsec_sa *sa __rte_unused,
struct rte_crypto_op *cop)
{
diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h
index 3101882..fa5cc8a 100644
--- a/examples/ipsec-secgw/esp.h
+++ b/examples/ipsec-secgw/esp.h
@@ -46,21 +46,20 @@ struct esp_hdr {
/* Integrity Check Value - ICV */
};
-/* IPv4 Tunnel */
int
-esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop);
int
-esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop);
int
-esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop);
int
-esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
struct rte_crypto_op *cop);
#endif /* __RTE_IPSEC_XFORM_ESP_H__ */
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 3ffa77a..90a9a86 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -42,6 +42,7 @@
#include <rte_hash.h>
#include "ipsec.h"
+#include "esp.h"
static inline int
create_session(struct ipsec_ctx *ipsec_ctx __rte_unused, struct ipsec_sa *sa)
@@ -99,15 +100,14 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop)
}
}
-static inline uint16_t
-ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
- struct ipsec_sa *sas[], uint16_t nb_pkts, uint16_t max_pkts)
+static inline void
+ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
+ struct rte_mbuf *pkts[], struct ipsec_sa *sas[],
+ uint16_t nb_pkts)
{
- int ret = 0, i, j, nb_cops;
+ int ret = 0, i;
struct ipsec_mbuf_metadata *priv;
- struct rte_crypto_op *cops[max_pkts];
struct ipsec_sa *sa;
- struct rte_mbuf *pkt;
for (i = 0; i < nb_pkts; i++) {
rte_prefetch0(sas[i]);
@@ -133,7 +133,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
rte_crypto_op_attach_sym_session(&priv->cop,
sa->crypto_session);
- ret = sa->pre_crypto(pkts[i], sa, &priv->cop);
+ ret = xform_func(pkts[i], sa, &priv->cop);
if (unlikely(ret)) {
rte_pktmbuf_free(pkts[i]);
continue;
@@ -142,8 +142,18 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
RTE_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps);
enqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop);
}
+}
+
+static inline int
+ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
+ struct rte_mbuf *pkts[], uint16_t max_pkts)
+{
+ int nb_pkts = 0, ret = 0, i, j, nb_cops;
+ struct ipsec_mbuf_metadata *priv;
+ struct rte_crypto_op *cops[max_pkts];
+ struct ipsec_sa *sa;
+ struct rte_mbuf *pkt;
- nb_pkts = 0;
for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
struct cdev_qp *cqp;
@@ -168,7 +178,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
RTE_ASSERT(sa != NULL);
- ret = sa->post_crypto(pkt, sa, cops[j]);
+ ret = xform_func(pkt, sa, cops[j]);
if (unlikely(ret))
rte_pktmbuf_free(pkt);
else
@@ -188,7 +198,9 @@ ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
inbound_sa_lookup(ctx->sa_ctx, pkts, sas, nb_pkts);
- return ipsec_processing(ctx, pkts, sas, nb_pkts, len);
+ ipsec_enqueue(esp_inbound, ctx, pkts, sas, nb_pkts);
+
+ return ipsec_dequeue(esp_inbound_post, ctx, pkts, len);
}
uint16_t
@@ -199,5 +211,7 @@ ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
outbound_sa_lookup(ctx->sa_ctx, sa_idx, sas, nb_pkts);
- return ipsec_processing(ctx, pkts, sas, nb_pkts, len);
+ ipsec_enqueue(esp_outbound, ctx, pkts, sas, nb_pkts);
+
+ return ipsec_dequeue(esp_outbound_post, ctx, pkts, len);
}
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index e60fae6..74ef6fc 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -86,8 +86,6 @@ struct ipsec_sa {
uint32_t dst;
struct rte_cryptodev_sym_session *crypto_session;
struct rte_crypto_sym_xform *xforms;
- ipsec_xform_fn pre_crypto;
- ipsec_xform_fn post_crypto;
enum rte_crypto_cipher_algorithm cipher_algo;
enum rte_crypto_auth_algorithm auth_algo;
uint16_t digest_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index b6260ed..a193bdf 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -47,160 +47,112 @@
#include "ipsec.h"
#include "esp.h"
-/* SAs EP0 Outbound */
-const struct ipsec_sa sa_ep0_out[] = {
- { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
- 0, 0, 4,
- 0, 0 },
-};
-
-/* SAs EP0 Inbound */
-const struct ipsec_sa sa_ep0_in[] = {
- { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
- 0, 0, 4,
- 0, 0 },
-};
-
-/* SAs EP1 Outbound */
-const struct ipsec_sa sa_ep1_out[] = {
- { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
- NULL, NULL,
- esp4_tunnel_outbound_pre_crypto,
- esp4_tunnel_outbound_post_crypto,
- RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
- 0, 0, 4,
- 0, 0 },
+/* SAs Outbound */
+const struct ipsec_sa sa_out[] = {
+ {
+ .spi = 5,
+ .src = IPv4(172, 16, 1, 5),
+ .dst = IPv4(172, 16, 2, 5),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 6,
+ .src = IPv4(172, 16, 1, 6),
+ .dst = IPv4(172, 16, 2, 6),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 7,
+ .src = IPv4(172, 16, 1, 7),
+ .dst = IPv4(172, 16, 2, 7),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 8,
+ .src = IPv4(172, 16, 1, 8),
+ .dst = IPv4(172, 16, 2, 8),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 9,
+ .src = IPv4(172, 16, 1, 9),
+ .dst = IPv4(172, 16, 2, 9),
+ .cipher_algo = RTE_CRYPTO_CIPHER_NULL,
+ .auth_algo = RTE_CRYPTO_AUTH_NULL,
+ .digest_len = 0,
+ .iv_len = 0,
+ .block_size = 4,
+ }
};
-/* SAs EP1 Inbound */
-const struct ipsec_sa sa_ep1_in[] = {
- { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
- 12, 16, 16,
- 0, 0 },
- { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
- NULL, NULL,
- esp4_tunnel_inbound_pre_crypto,
- esp4_tunnel_inbound_post_crypto,
- RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
- 0, 0, 4,
- 0, 0 },
+/* SAs Inbound */
+const struct ipsec_sa sa_in[] = {
+ {
+ .spi = 55,
+ .src = IPv4(172, 16, 2, 5),
+ .dst = IPv4(172, 16, 1, 5),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 56,
+ .src = IPv4(172, 16, 2, 6),
+ .dst = IPv4(172, 16, 1, 6),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 57,
+ .src = IPv4(172, 16, 2, 7),
+ .dst = IPv4(172, 16, 1, 7),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 58,
+ .src = IPv4(172, 16, 2, 8),
+ .dst = IPv4(172, 16, 1, 8),
+ .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .digest_len = 12,
+ .iv_len = 16,
+ .block_size = 16,
+ },
+ {
+ .spi = 59,
+ .src = IPv4(172, 16, 2, 9),
+ .dst = IPv4(172, 16, 1, 9),
+ .cipher_algo = RTE_CRYPTO_CIPHER_NULL,
+ .auth_algo = RTE_CRYPTO_AUTH_NULL,
+ .digest_len = 0,
+ .iv_len = 0,
+ .block_size = 4,
+ }
};
static uint8_t cipher_key[256] = "sixteenbytes key";
@@ -368,15 +320,15 @@ sa_init(struct socket_ctx *ctx, int socket_id, unsigned ep)
"initialized\n", socket_id);
if (ep == 0) {
- sa_out_entries = sa_ep0_out;
- nb_out_entries = RTE_DIM(sa_ep0_out);
- sa_in_entries = sa_ep0_in;
- nb_in_entries = RTE_DIM(sa_ep0_in);
+ sa_out_entries = sa_out;
+ nb_out_entries = RTE_DIM(sa_out);
+ sa_in_entries = sa_in;
+ nb_in_entries = RTE_DIM(sa_in);
} else if (ep == 1) {
- sa_out_entries = sa_ep1_out;
- nb_out_entries = RTE_DIM(sa_ep1_out);
- sa_in_entries = sa_ep1_in;
- nb_in_entries = RTE_DIM(sa_ep1_in);
+ sa_out_entries = sa_in;
+ nb_out_entries = RTE_DIM(sa_in);
+ sa_in_entries = sa_out;
+ nb_in_entries = RTE_DIM(sa_out);
} else
rte_exit(EXIT_FAILURE, "Invalid EP value %u. "
"Only 0 or 1 supported.\n", ep);
--
2.5.5
More information about the dev
mailing list