plugins: odp: Cosmetic changes in the IPsec implementation

1) renamed ipsec_api to enable_odp_ipsec, for consistency
2) added crude ASSERTs to make sure the configuration is sane
3) removed passing ipsec_api as argument, as this is a global flag now
4) reorder code - put ipsec initialization before putting
   workers in polling mode
5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c
6) change clib_error_return to clib_error in ipsec.c, as
   clib_error_return silently passes when 0 is the first argument

Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10
Signed-off-by: Szymon Sliwa <[email protected]>

diff --git a/src/plugins/odp/ipsec/crypto_input.c b/src/plugins/odp/ipsec/crypto_input.c
index 4e91822..4e580c7 100644 (file)
--- a/src/plugins/odp/ipsec/crypto_input.c
+++ b/src/plugins/odp/ipsec/crypto_input.c
@@ -211,7 +211,7 @@ odp_crypto_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
   odp_crypto_worker_main_t *cwm =
     vec_elt_at_index (ocm->workers, thread_index);
   u32 n_cops_dequeued = 0;
-  if (!ipsec_api) {
+  if (!enable_odp_ipsec) {
          n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_encrypt, ODP_CRYPTO_INPUT_NEXT_ENCRYPT_POST);
          n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_decrypt, ODP_CRYPTO_INPUT_NEXT_DECRYPT_POST);
   } else {

diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c
index 06707e3..442776a 100644 (file)
--- a/src/plugins/odp/ipsec/esp_decrypt.c
+++ b/src/plugins/odp/ipsec/esp_decrypt.c
@@ -104,7 +104,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm,
   u32 n_left_from, *from, next_index, *to_next;
   ipsec_main_t *im = &ipsec_main;
   esp_main_t *em = &odp_esp_main;
-  u32 *recycle = 0;
   from = vlib_frame_vector_args (from_frame);
   n_left_from = from_frame->n_vectors;
   odp_crypto_main_t *ocm = &odp_crypto_main;
@@ -415,9 +414,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm,
                               from_frame->n_vectors);
 
 free_buffers_and_exit:
-  if (recycle)
-    vlib_buffer_free (vm, recycle, vec_len (recycle));
-  vec_free (recycle);
   return from_frame->n_vectors;
 }
 

diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c
index a9caba6..1b42eff 100644 (file)
--- a/src/plugins/odp/ipsec/esp_encrypt.c
+++ b/src/plugins/odp/ipsec/esp_encrypt.c
@@ -107,7 +107,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm,
   from = vlib_frame_vector_args (from_frame);
   n_left_from = from_frame->n_vectors;
   ipsec_main_t *im = &ipsec_main;
-  u32 *recycle = 0;
   odp_crypto_main_t *ocm = &odp_crypto_main;
   u32 thread_index = vlib_get_thread_index ();
   esp_main_t *em = &odp_esp_main;
@@ -445,9 +444,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm,
                               from_frame->n_vectors);
 
 free_buffers_and_exit:
-  if (recycle)
-    vlib_buffer_free (vm, recycle, vec_len (recycle));
-  vec_free (recycle);
   return from_frame->n_vectors;
 }
 

diff --git a/src/plugins/odp/ipsec/ipsec.c b/src/plugins/odp/ipsec/ipsec.c
index f21f3fe..a26dc35 100644 (file)
--- a/src/plugins/odp/ipsec/ipsec.c
+++ b/src/plugins/odp/ipsec/ipsec.c
@@ -24,6 +24,9 @@
 #include <odp/ipsec/ipsec.h>
 #include <odp/ipsec/esp.h>
 
+#define CAPA_NOT_SUPP "mode is set in config while capabilities indicate it is not supported"
+
+
 static int
 add_del_sa_sess (u32 sa_index, u8 is_add)
 {
@@ -260,7 +263,7 @@ create_sess (ipsec_sa_t * sa, sa_data_t * sa_sess_data, int is_outbound)
 
     if (ret != size)
       {
-       clib_error_return (0, "failed to get random from ODP");
+       clib_error ("failed to get random from ODP");
        return -1;
       }
   }
@@ -299,10 +302,13 @@ odp_ipsec_check_support (ipsec_sa_t * sa)
 }
 
 clib_error_t *
-ipsec_init (vlib_main_t * vm, u8 ipsec_api)
+ipsec_init (vlib_main_t * vm)
 {
-  if (!enable_odp_crypto && !ipsec_api)
+  if (!enable_odp_crypto && !enable_odp_ipsec)
     return 0;
+  if (enable_odp_crypto && enable_odp_ipsec)
+    clib_error
+      ("enable-odp-crypto and enable-odp-ipsec should not be used together");
   ipsec_main_t *im = &ipsec_main;
   odp_crypto_main_t *ocm = &odp_crypto_main;
   vlib_thread_main_t *tm = vlib_get_thread_main ();
@@ -328,12 +334,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
 
   ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-output-ip4");
   ASSERT (ipsec_node);
-  if (ipsec_api)
-      crypto_node =
-       vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt");
+  if (enable_odp_ipsec)
+    crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt");
   else
-      crypto_node =
-       vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt");
+    crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt");
   ASSERT (crypto_node);
   im->esp_encrypt_node_index = crypto_node->index;
   im->esp_encrypt_next_index =
@@ -341,11 +345,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
 
   ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-input-ip4");
   ASSERT (ipsec_node);
-  if (ipsec_api)
+  if (enable_odp_ipsec)
     crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-decrypt");
   else
-      crypto_node =
-       vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt");
+    crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt");
   ASSERT (crypto_node);
   im->esp_decrypt_node_index = crypto_node->index;
   im->esp_decrypt_next_index =
@@ -365,51 +368,63 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
 
   esp_init ();
 
-  int i;
-  for (i = 1; i < tm->n_vlib_mains; i++)
-    vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index,
-                        VLIB_NODE_STATE_POLLING);
-
-  /* If there are no worker threads, enable polling
-     crypto devices on the main thread, else
-     assign the post crypt queues of the second
-     thread to the main thread crypto sessions */
-  if (tm->n_vlib_mains == 1)
-    {
-      ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL);
-      ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL);
-      vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index,
-                          VLIB_NODE_STATE_POLLING);
-    }
-  else
-    {
-      ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt;
-      ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt;
-    }
-
-  if (ipsec_api)
+  if (enable_odp_ipsec)
     {
       odp_ipsec_config_t ipsec_config;
+      odp_ipsec_capability_t ipsec_capa;
+
+      odp_ipsec_capability (&ipsec_capa);
+
       odp_ipsec_config_init (&ipsec_config);
 
       if (is_inline)
        {
+         if (ipsec_capa.op_mode_inline_in == ODP_SUPPORT_NO
+             || ipsec_capa.op_mode_inline_out == ODP_SUPPORT_NO)
+           clib_error ("Inline " CAPA_NOT_SUPP
+                       " (need it at both TX and RX)");
          ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_INLINE;
          ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_INLINE;
        }
       else if (is_async)
        {
+         if (ipsec_capa.op_mode_async == ODP_SUPPORT_NO)
+           clib_error ("Async " CAPA_NOT_SUPP);
          ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_ASYNC;
          ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_ASYNC;
        }
       else
        {
+         if (ipsec_capa.op_mode_sync == ODP_SUPPORT_NO)
+           clib_error ("Sync " CAPA_NOT_SUPP);
          ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_SYNC;
          ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_SYNC;
        }
       odp_ipsec_config (&ipsec_config);
     }
 
+  int i;
+  for (i = 1; i < tm->n_vlib_mains; i++)
+    vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index,
+                        VLIB_NODE_STATE_POLLING);
+
+  /* If there are no worker threads, enable polling
+     crypto devices on the main thread, else
+     assign the post crypt queues of the second
+     thread to the main thread crypto sessions */
+  if (tm->n_vlib_mains == 1)
+    {
+      ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL);
+      ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL);
+      vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index,
+                          VLIB_NODE_STATE_POLLING);
+    }
+  else
+    {
+      ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt;
+      ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt;
+    }
+
   return 0;
 }
 

diff --git a/src/plugins/odp/ipsec/ipsec.h b/src/plugins/odp/ipsec/ipsec.h
index c947d7c..06fdfed 100644 (file)
--- a/src/plugins/odp/ipsec/ipsec.h
+++ b/src/plugins/odp/ipsec/ipsec.h
@@ -49,7 +49,7 @@ int create_sess (ipsec_sa_t * sa, sa_data_t * sess, int is_outbound);
 int create_odp_sa (ipsec_sa_t * sa, sa_data_t * sess, int flow_label,
                   int is_outbound);
 
-clib_error_t *ipsec_init (vlib_main_t * vm, u8 ipsec_api);
+clib_error_t *ipsec_init (vlib_main_t * vm);
 
 #endif /* __IPSEC_H__ */
 

diff --git a/src/plugins/odp/odp_packet.c b/src/plugins/odp/odp_packet.c
index 29b2ef0..45f2f27 100755 (executable)
--- a/src/plugins/odp/odp_packet.c
+++ b/src/plugins/odp/odp_packet.c
@@ -24,7 +24,7 @@ odp_if_mode_t def_if_mode;
 odp_if_config_t *if_config;
 odp_crypto_main_t odp_crypto_main;
 u8 enable_odp_crypto;
-u8 ipsec_api;
+u8 enable_odp_ipsec;
 u8 is_async;
 u8 is_inline;
 
@@ -435,7 +435,7 @@ odp_config (vlib_main_t * vm, unformat_input_t * input)
        }
       else if (unformat (input, "enable-odp-ipsec"))
        {
-         ipsec_api = 1;
+         enable_odp_ipsec = 1;
        }
       else if (unformat (input, "async"))
        {
@@ -487,7 +487,7 @@ odp_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
   /* Initialization complete and worker threads can start */
   tm->worker_thread_release = 1;
 
-  ipsec_init (vlib_get_main (), ipsec_api);
+  ipsec_init (vlib_get_main ());
 
   return 0;
 }

diff --git a/src/plugins/odp/odp_packet.h b/src/plugins/odp/odp_packet.h
index ac98415..d835f84 100755 (executable)
--- a/src/plugins/odp/odp_packet.h
+++ b/src/plugins/odp/odp_packet.h
@@ -81,7 +81,7 @@ extern u32 tx_burst_size;
 extern u32 num_pkts_in_pool;
 extern odp_if_mode_t def_if_mode;
 extern u8 enable_odp_crypto;
-extern u8 ipsec_api;
+extern u8 enable_odp_ipsec;
 extern u8 is_async;
 extern u8 is_inline;