X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fplugins%2Fdpdk%2Fipsec%2Fipsec.c;h=5d9e10b3aa532f2bea37144f628e7fa6711fcf40;hp=698f3b51637268d2426165188c8c2b9034416f61;hb=4a58e49cf;hpb=1a6ece34358a34367ff1807ac3a9a97b8a120b77 diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c index 698f3b51637..5d9e10b3aa5 100644 --- a/src/plugins/dpdk/ipsec/ipsec.c +++ b/src/plugins/dpdk/ipsec/ipsec.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -252,13 +253,13 @@ crypto_set_aead_xform (struct rte_crypto_sym_xform *xform, xform->type = RTE_CRYPTO_SYM_XFORM_AEAD; xform->aead.algo = c->alg; - xform->aead.key.data = sa->crypto_key; + xform->aead.key.data = sa->crypto_key.data; xform->aead.key.length = c->key_len; xform->aead.iv.offset = crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb); xform->aead.iv.length = 12; xform->aead.digest_length = c->trunc_size; - xform->aead.aad_length = sa->use_esn ? 12 : 8; + xform->aead.aad_length = ipsec_sa_is_set_USE_ESN (sa) ? 12 : 8; xform->next = NULL; if (is_outbound) @@ -280,7 +281,7 @@ crypto_set_cipher_xform (struct rte_crypto_sym_xform *xform, xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; xform->cipher.algo = c->alg; - xform->cipher.key.data = sa->crypto_key; + xform->cipher.key.data = sa->crypto_key.data; xform->cipher.key.length = c->key_len; xform->cipher.iv.offset = crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb); @@ -306,7 +307,7 @@ crypto_set_auth_xform (struct rte_crypto_sym_xform *xform, xform->type = RTE_CRYPTO_SYM_XFORM_AUTH; xform->auth.algo = a->alg; - xform->auth.key.data = sa->integ_key; + xform->auth.key.data = sa->integ_key.data; xform->auth.key.length = a->key_len; xform->auth.digest_length = a->trunc_size; xform->next = NULL; @@ -331,7 +332,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session, struct rte_crypto_sym_xform auth_xform = { 0 }; struct rte_crypto_sym_xform *xfs; struct rte_cryptodev_sym_session **s; - clib_error_t *erorr = 0; + clib_error_t *error = 0; sa = pool_elt_at_index (im->sad, sa_idx); @@ -376,7 +377,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session, if (!session[0]) { data->session_h_failed += 1; - erorr = clib_error_return (0, "failed to create session header"); + error = clib_error_return (0, "failed to create session header"); goto done; } hash_set (data->session_by_sa_index, sa_idx, session[0]); @@ -393,7 +394,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session, if (ret) { data->session_drv_failed[res->drv_id] += 1; - erorr = clib_error_return (0, "failed to init session for drv %u", + error = clib_error_return (0, "failed to init session for drv %u", res->drv_id); goto done; } @@ -402,7 +403,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session, done: clib_spinlock_unlock_if_init (&data->lockp); - return erorr; + return error; } static void __attribute__ ((unused)) clear_and_free_obj (void *obj) @@ -494,7 +495,6 @@ dpdk_crypto_session_disposal (crypto_session_disposal_t * v, u64 ts) static clib_error_t * add_del_sa_session (u32 sa_index, u8 is_add) { - ipsec_main_t *im = &ipsec_main; dpdk_crypto_main_t *dcm = &dpdk_crypto_main; crypto_data_t *data; struct rte_cryptodev_sym_session *s; @@ -502,24 +502,7 @@ add_del_sa_session (u32 sa_index, u8 is_add) u32 drv_id; if (is_add) - { -#if 1 - ipsec_sa_t *sa = pool_elt_at_index (im->sad, sa_index); - u32 seed; - switch (sa->crypto_alg) - { - case IPSEC_CRYPTO_ALG_AES_GCM_128: - case IPSEC_CRYPTO_ALG_AES_GCM_192: - case IPSEC_CRYPTO_ALG_AES_GCM_256: - clib_memcpy (&sa->salt, &sa->crypto_key[sa->crypto_key_len - 4], 4); - break; - default: - seed = (u32) clib_cpu_time_now (); - sa->salt = random_u32 (&seed); - } -#endif - return 0; - } + return 0; /* *INDENT-OFF* */ vec_foreach (data, dcm->data) @@ -638,14 +621,11 @@ crypto_parse_capabilities (crypto_dev_t * dev, } } -#define DPDK_CRYPTO_N_QUEUE_DESC 2048 -#define DPDK_CRYPTO_NB_SESS_OBJS 20000 - static clib_error_t * crypto_dev_conf (u8 dev, u16 n_qp, u8 numa) { - struct rte_cryptodev_config dev_conf; - struct rte_cryptodev_qp_conf qp_conf; + struct rte_cryptodev_config dev_conf = { 0 }; + struct rte_cryptodev_qp_conf qp_conf = { 0 }; i32 ret; u16 qp; char *error_str; @@ -683,7 +663,7 @@ crypto_scan_devs (u32 n_mains) { dpdk_crypto_main_t *dcm = &dpdk_crypto_main; struct rte_cryptodev *cryptodev; - struct rte_cryptodev_info info; + struct rte_cryptodev_info info = { 0 }; crypto_dev_t *dev; crypto_resource_t *res; clib_error_t *error; @@ -895,10 +875,15 @@ crypto_create_session_h_pool (vlib_main_t * vm, u8 numa) elt_size = rte_cryptodev_sym_get_header_session_size (); - mp = - rte_mempool_create ((char *) pool_name, DPDK_CRYPTO_NB_SESS_OBJS, - elt_size, 512, 0, NULL, NULL, NULL, NULL, numa, 0); - +#if RTE_VERSION < RTE_VERSION_NUM(19, 2, 0, 0) + mp = rte_mempool_create ((char *) pool_name, DPDK_CRYPTO_NB_SESS_OBJS, + elt_size, 512, 0, NULL, NULL, NULL, NULL, numa, 0); +#else + /* XXX Experimental tag in DPDK 19.02 */ + mp = rte_cryptodev_sym_session_pool_create ((char *) pool_name, + DPDK_CRYPTO_NB_SESS_OBJS, + elt_size, 512, 0, numa); +#endif vec_free (pool_name); if (!mp) @@ -1007,16 +992,33 @@ crypto_disable (void) vec_free (dcm->auth_algs); } -static uword -dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt, - vlib_frame_t * f) +static clib_error_t * +dpdk_ipsec_enable_disable (int is_enable) +{ + vlib_main_t *vm = vlib_get_main (); + vlib_thread_main_t *tm = vlib_get_thread_main (); + vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "dpdk-crypto-input"); + u32 skip_master = vlib_num_workers () > 0; + u32 n_mains = tm->n_vlib_mains; + u32 i; + + ASSERT (node); + for (i = skip_master; i < n_mains; i++) + vlib_node_set_state (vlib_mains[i], node->index, is_enable != 0 ? + VLIB_NODE_STATE_POLLING : VLIB_NODE_STATE_DISABLED); + + return 0; +} + +static clib_error_t * +dpdk_ipsec_main_init (vlib_main_t * vm) { ipsec_main_t *im = &ipsec_main; dpdk_crypto_main_t *dcm = &dpdk_crypto_main; vlib_thread_main_t *tm = vlib_get_thread_main (); crypto_worker_main_t *cwm; clib_error_t *error = NULL; - u32 i, skip_master, n_mains; + u32 skip_master, n_mains; n_mains = tm->n_vlib_mains; skip_master = vlib_num_workers () > 0; @@ -1027,7 +1029,8 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt, if (!(dcm->enabled)) { - clib_warning ("not enough DPDK crypto resources, default to OpenSSL"); + vlib_log_warn (dpdk_main.log_default, + "not enough DPDK crypto resources"); crypto_disable (); return 0; } @@ -1060,32 +1063,22 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt, return 0; } - - u32 idx = ipsec_register_esp_backend (vm, im, "dpdk backend", - "dpdk-esp4-encrypt", - "dpdk-esp4-decrypt", - "dpdk-esp6-encrypt", - "dpdk-esp6-decrypt", - dpdk_ipsec_check_support, - add_del_sa_session); - int rv = ipsec_select_esp_backend (im, idx); - ASSERT (rv == 0); - - vlib_node_t *node = vlib_get_node_by_name (vm, (u8 *) "dpdk-crypto-input"); - ASSERT (node); - for (i = skip_master; i < n_mains; i++) - vlib_node_set_state (vlib_mains[i], node->index, VLIB_NODE_STATE_POLLING); + u32 idx = ipsec_register_esp_backend ( + vm, im, "dpdk backend", "dpdk-esp4-encrypt", "dpdk-esp4-encrypt-tun", + "dpdk-esp4-decrypt", "dpdk-esp4-decrypt", "dpdk-esp6-encrypt", + "dpdk-esp6-encrypt-tun", "dpdk-esp6-decrypt", "dpdk-esp6-decrypt", + "error-drop", dpdk_ipsec_check_support, add_del_sa_session, + dpdk_ipsec_enable_disable); + int rv; + if (im->esp_current_backend == ~0) + { + rv = ipsec_select_esp_backend (im, idx); + ASSERT (rv == 0); + } return 0; } -/* *INDENT-OFF* */ -VLIB_REGISTER_NODE (dpdk_ipsec_process_node,static) = { - .function = dpdk_ipsec_process, - .type = VLIB_NODE_TYPE_PROCESS, - .name = "dpdk-ipsec-process", - .process_log2_n_stack_bytes = 17, -}; -/* *INDENT-ON* */ +VLIB_MAIN_LOOP_ENTER_FUNCTION (dpdk_ipsec_main_init); /* * fd.io coding-style-patch-verification: ON