#include <rte_cryptodev.h>
#include "ipsec.h"
+#include "parser.h"
#define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1
#define NB_MBUF (32000)
+#define CDEV_QUEUE_DESC 2048
#define CDEV_MAP_ENTRIES 1024
#define CDEV_MP_NB_OBJS 2048
#define CDEV_MP_CACHE_SZ 64
#define OPTION_CONFIG "config"
#define OPTION_SINGLE_SA "single-sa"
-#define OPTION_EP0 "ep0"
-#define OPTION_EP1 "ep1"
#define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
static uint32_t unprotected_port_mask;
static int32_t promiscuous_on = 1;
static int32_t numa_on = 1; /**< NUMA is enabled by default. */
-static int32_t ep = -1; /**< Endpoint configuration (0 or 1) */
static uint32_t nb_lcores;
static uint32_t single_sa;
static uint32_t single_sa_idx;
.hw_ip_checksum = 1, /**< IP checksum offload enabled */
.hw_vlan_filter = 0, /**< VLAN filtering disabled */
.jumbo_frame = 0, /**< Jumbo Frame Support disabled */
- .hw_strip_crc = 0, /**< CRC stripped by hardware */
+ .hw_strip_crc = 1, /**< CRC stripped by hardware */
},
.rx_adv_conf = {
.rss_conf = {
pkt->l3_len = sizeof(struct ip);
pkt->l2_len = ETHER_HDR_LEN;
+ ip->ip_sum = 0;
ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv4);
} else {
pkt->ol_flags |= PKT_TX_IPV6;
struct rte_mbuf *m;
uint32_t i, j, res, sa_idx;
- if (ip->num == 0)
+ if (ip->num == 0 || sp == NULL)
return;
rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
}
/* Only check SPI match for processed IPSec packets */
sa_idx = ip->res[i] & PROTECT_MASK;
- if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) {
+ if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
+ !inbound_sa_check(sa, m, sa_idx)) {
rte_pktmbuf_free(m);
continue;
}
struct rte_mbuf *m;
uint32_t i, j, sa_idx;
- if (ip->num == 0)
+ if (ip->num == 0 || sp == NULL)
return;
rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
sa_idx = ip->res[i] & PROTECT_MASK;
- if ((ip->res[i] == 0) || (ip->res[i] & DISCARD))
+ if (ip->res[i] & DISCARD)
rte_pktmbuf_free(m);
- else if (sa_idx != 0) {
+ else if (ip->res[i] & BYPASS)
+ ip->pkts[j++] = m;
+ else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* BYPASS */
- ip->pkts[j++] = m;
+ } else /* invalid SA idx */
+ rte_pktmbuf_free(m);
}
ip->num = j;
}
{
printf("%s [EAL options] -- -p PORTMASK -P -u PORTMASK"
" --"OPTION_CONFIG" (port,queue,lcore)[,(port,queue,lcore]"
- " --single-sa SAIDX --ep0|--ep1\n"
+ " --single-sa SAIDX -f CONFIG_FILE\n"
" -p PORTMASK: hexadecimal bitmask of ports to configure\n"
" -P : enable promiscuous mode\n"
" -u PORTMASK: hexadecimal bitmask of unprotected ports\n"
"rx queues configuration\n"
" --single-sa SAIDX: use single SA index for outbound, "
"bypassing the SP\n"
- " --ep0: Configure as Endpoint 0\n"
- " --ep1: Configure as Endpoint 1\n", prgname);
+ " -f CONFIG_FILE: Configuration file path\n",
+ prgname);
}
static int32_t
}
}
- if (__STRNCMP(optname, OPTION_EP0)) {
- printf("endpoint 0\n");
- ep = 0;
- ret = 0;
- }
-
- if (__STRNCMP(optname, OPTION_EP1)) {
- printf("endpoint 1\n");
- ep = 1;
- ret = 0;
- }
-
return ret;
}
#undef __STRNCMP
static struct option lgopts[] = {
{OPTION_CONFIG, 1, 0, 0},
{OPTION_SINGLE_SA, 1, 0, 0},
- {OPTION_EP0, 0, 0, 0},
- {OPTION_EP1, 0, 0, 0},
{NULL, 0, 0, 0}
};
+ int32_t f_present = 0;
argvopt = argv;
- while ((opt = getopt_long(argc, argvopt, "p:Pu:",
+ while ((opt = getopt_long(argc, argvopt, "p:Pu:f:",
lgopts, &option_index)) != EOF) {
switch (opt) {
return -1;
}
break;
+ case 'f':
+ if (f_present == 1) {
+ printf("\"-f\" option present more than "
+ "once!\n");
+ print_usage(prgname);
+ return -1;
+ }
+ if (parse_cfg_file(optarg) < 0) {
+ printf("parsing file \"%s\" failed\n",
+ optarg);
+ print_usage(prgname);
+ return -1;
+ }
+ f_present = 1;
+ break;
case 0:
if (parse_args_long_options(lgopts, option_index)) {
print_usage(prgname);
}
}
+ if (f_present == 0) {
+ printf("Mandatory option \"-f\" not present\n");
+ return -1;
+ }
+
if (optind >= 0)
argv[optind-1] = prgname;
rte_panic("Failed to initialize crypodev %u\n",
cdev_id);
- qp_conf.nb_descriptors = CDEV_MP_NB_OBJS;
+ qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
&qp_conf, dev_conf.socket_id))
if (ret < 0)
rte_exit(EXIT_FAILURE, "Invalid parameters\n");
- if (ep < 0)
- rte_exit(EXIT_FAILURE, "need to choose either EP0 or EP1\n");
-
if ((unprotected_port_mask & enabled_port_mask) !=
unprotected_port_mask)
rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
if (socket_ctx[socket_id].mbuf_pool)
continue;
- sa_init(&socket_ctx[socket_id], socket_id, ep);
+ sa_init(&socket_ctx[socket_id], socket_id);
- sp4_init(&socket_ctx[socket_id], socket_id, ep);
+ sp4_init(&socket_ctx[socket_id], socket_id);
- sp6_init(&socket_ctx[socket_id], socket_id, ep);
+ sp6_init(&socket_ctx[socket_id], socket_id);
- rt_init(&socket_ctx[socket_id], socket_id, ep);
+ rt_init(&socket_ctx[socket_id], socket_id);
pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
}
Code Review / deb_dpdk.git / blobdiff