2 * Copyright (c) 2016 Intel and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #ifndef __DPDK_IPSEC_H__
16 #define __DPDK_IPSEC_H__
18 #include <vnet/vnet.h>
21 #include <rte_config.h>
22 #include <rte_crypto.h>
23 #include <rte_cryptodev.h>
26 #define always_inline static inline
28 #define always_inline static inline __attribute__ ((__always_inline__))
32 #define MAX_QP_PER_LCORE 16
57 } crypto_worker_qp_key_t;
65 u32 bi[VLIB_FRAME_SIZE];
66 struct rte_crypto_op *cops[VLIB_FRAME_SIZE];
67 struct rte_crypto_op **free_cops;
74 } crypto_sa_session_t;
78 crypto_sa_session_t *sa_sess_d[2];
79 crypto_qp_data_t *qp_data;
81 } crypto_worker_main_t;
85 struct rte_mempool **sess_h_pools;
86 struct rte_mempool **sess_pools;
87 struct rte_mempool **cop_pools;
88 crypto_worker_main_t *workers_main;
92 dpdk_crypto_main_t dpdk_crypto_main;
94 extern vlib_node_registration_t dpdk_crypto_input_node;
96 #define CRYPTO_N_FREE_COPS (VLIB_FRAME_SIZE * 3)
98 static_always_inline void
101 dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
102 u32 thread_index = vlib_get_thread_index ();
103 crypto_worker_main_t *cwm = &dcm->workers_main[thread_index];
104 unsigned socket_id = rte_socket_id ();
105 crypto_qp_data_t *qpd;
108 vec_foreach (qpd, cwm->qp_data)
110 u32 l = vec_len (qpd->free_cops);
112 if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
116 if (PREDICT_FALSE (!qpd->free_cops))
117 vec_alloc (qpd->free_cops, CRYPTO_N_FREE_COPS);
119 n_alloc = rte_crypto_op_bulk_alloc (dcm->cop_pools[socket_id],
120 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
122 CRYPTO_N_FREE_COPS - l - 1);
124 _vec_len (qpd->free_cops) = l + n_alloc;
130 static_always_inline void
131 crypto_free_cop (crypto_qp_data_t * qpd, struct rte_crypto_op **cops, u32 n)
133 u32 l = vec_len (qpd->free_cops);
135 if (l + n >= CRYPTO_N_FREE_COPS)
137 l -= VLIB_FRAME_SIZE;
138 rte_mempool_put_bulk (cops[0]->mempool,
139 (void **) &qpd->free_cops[l], VLIB_FRAME_SIZE);
141 clib_memcpy (&qpd->free_cops[l], cops, sizeof (*cops) * n);
143 _vec_len (qpd->free_cops) = l + n;
146 static_always_inline int
147 check_algo_is_supported (const struct rte_cryptodev_capabilities *cap,
152 enum rte_crypto_sym_xform_type type;
155 enum rte_crypto_auth_algorithm auth;
156 enum rte_crypto_cipher_algorithm cipher;
158 enum rte_crypto_aead_algorithm aead;
165 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
166 RTE_CRYPTO_CIPHER_NULL,.name = "NULL"},
168 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
169 RTE_CRYPTO_CIPHER_AES_CBC,.name = "AES_CBC"},
172 .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
173 RTE_CRYPTO_CIPHER_AES_GCM,.name = "AES-GCM"},
176 .type = RTE_CRYPTO_SYM_XFORM_AEAD,.aead =
177 RTE_CRYPTO_AEAD_AES_GCM,.name = "AES-GCM"},
180 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
181 RTE_CRYPTO_AUTH_NULL,.name = "NULL"},
183 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
184 RTE_CRYPTO_AUTH_SHA1_HMAC,.name = "HMAC-SHA1"},
186 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
187 RTE_CRYPTO_AUTH_SHA256_HMAC,.name = "HMAC-SHA256"},
189 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
190 RTE_CRYPTO_AUTH_SHA384_HMAC,.name = "HMAC-SHA384"},
192 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
193 RTE_CRYPTO_AUTH_SHA512_HMAC,.name = "HMAC-SHA512"},
196 .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
197 RTE_CRYPTO_AUTH_AES_GCM,.name = "AES-GCM"},
201 .type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED}
206 if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
209 while (supported_algo[i].type != RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)
211 if (cap->sym.xform_type == supported_algo[i].type)
213 if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
214 cap->sym.cipher.algo == supported_algo[i].cipher) ||
216 (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD &&
217 cap->sym.aead.algo == supported_algo[i].aead) ||
219 (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
220 cap->sym.auth.algo == supported_algo[i].auth))
223 strcpy (name, supported_algo[i].name);
234 #endif /* __DPDK_IPSEC_H__ */
237 * fd.io coding-style-patch-verification: ON
240 * eval: (c-set-style "gnu")