Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/66109/?format=api
{ "id": 66109, "url": "http://patches.dpdk.org/api/patches/66109/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1582820317-7333-13-git-send-email-lbartosik@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1582820317-7333-13-git-send-email-lbartosik@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1582820317-7333-13-git-send-email-lbartosik@marvell.com", "date": "2020-02-27T16:18:34", "name": "[v5,12/15] examples/ipsec-secgw: add app mode worker", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "e0570efb3f3a4626037ea2256962da0f31744b13", "submitter": { "id": 1305, "url": "http://patches.dpdk.org/api/people/1305/?format=api", "name": "Lukas Bartosik [C]", "email": "lbartosik@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1582820317-7333-13-git-send-email-lbartosik@marvell.com/mbox/", "series": [ { "id": 8713, "url": "http://patches.dpdk.org/api/series/8713/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8713", "date": "2020-02-27T16:18:22", "name": "add eventmode to ipsec-secgw", "version": 5, "mbox": "http://patches.dpdk.org/series/8713/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/66109/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/66109/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 61A00A055F;\n\tThu, 27 Feb 2020 17:21:20 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id AA2631C067;\n\tThu, 27 Feb 2020 17:19:30 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 204C01C02A\n for <dev@dpdk.org>; Thu, 27 Feb 2020 17:19:21 +0100 (CET)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 01RFtsrU011302; Thu, 27 Feb 2020 08:19:21 -0800", "from sc-exch04.marvell.com ([199.233.58.184])\n by mx0a-0016f401.pphosted.com with ESMTP id 2ydcm19hbm-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 27 Feb 2020 08:19:21 -0800", "from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH04.marvell.com\n (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Thu, 27 Feb 2020 08:19:19 -0800", "from SC-EXCH01.marvell.com (10.93.176.81) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Thu, 27 Feb 2020 08:19:19 -0800", "from maili.marvell.com (10.93.176.43) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Thu, 27 Feb 2020 08:19:18 -0800", "from luke.marvell.com (unknown [10.95.130.81])\n by maili.marvell.com (Postfix) with ESMTP id 0A0403F7043;\n Thu, 27 Feb 2020 08:19:15 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-type; s=pfpt0818; bh=KvYWiX28s9l3eR85i7h7h5fbw6obvImjHZ7+XvodG/c=;\n b=NNuKEez9avfzdstSf/yvzqzx+uVit0y/lEwq2Ej6hAn5ULJvjxmg7IGhkqiwEBLiLQYz\n LFhZm8NOkXq1Ighro1Wv7A5Bt/C2ymzy0h0uReXo6TEpCmBCLWMA00pX+yLr+6ZZxI6Q\n NWos/4syzrbbh4IbK38fGn6W9pDQRN96CzMayaGFrPxXSOUwIJDCASTFHJ+yQHrVjTGp\n Wm6227j7pA+blmPOmKEL4NVdAhjN3+rmHaUfKZiJLw7zDuf+7Tb85nO2i135evITCwAe\n BJs8sJVHs8trFKv1iXdh9sl1fGoy6BFOyGqVz39i/zBl8Zipb5QaUn2J7GjdsXBrkUU/ Hw==", "From": "Lukasz Bartosik <lbartosik@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>,\n Thomas Monjalon <thomas@monjalon.net>", "CC": "Jerin Jacob <jerinj@marvell.com>, Narayana Prasad <pathreya@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, Anoob Joseph <anoobj@marvell.com>,\n Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, Vamsi Attunuru <vattunuru@marvell.com>,\n \"Konstantin Ananyev\" <konstantin.ananyev@intel.com>, <dev@dpdk.org>", "Date": "Thu, 27 Feb 2020 17:18:34 +0100", "Message-ID": "<1582820317-7333-13-git-send-email-lbartosik@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1582820317-7333-1-git-send-email-lbartosik@marvell.com>", "References": "<1582185727-6749-1-git-send-email-lbartosik@marvell.com>\n <1582820317-7333-1-git-send-email-lbartosik@marvell.com>", "MIME-Version": "1.0", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572\n definitions=2020-02-27_05:2020-02-26,\n 2020-02-27 signatures=0", "Subject": "[dpdk-dev] [PATCH v5 12/15] examples/ipsec-secgw: add app mode\n\tworker", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add application inbound/outbound worker thread and\nIPsec application processing code for event mode.\n\nExample ipsec-secgw command in app mode:\nipsec-secgw -w 0002:02:00.0,ipsec_in_max_spi=128\n-w 0002:03:00.0,ipsec_in_max_spi=128 -w 0002:0e:00.0 -w 0002:10:00.1\n--log-level=8 -c 0x1 -- -P -p 0x3 -u 0x1 -f aes-gcm.cfg\n--transfer-mode event --event-schedule-type parallel\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\nSigned-off-by: Lukasz Bartosik <lbartosik@marvell.com>\n---\n examples/ipsec-secgw/ipsec-secgw.c | 31 +--\n examples/ipsec-secgw/ipsec-secgw.h | 63 ++++++\n examples/ipsec-secgw/ipsec.h | 16 --\n examples/ipsec-secgw/ipsec_worker.c | 435 +++++++++++++++++++++++++++++++++++-\n examples/ipsec-secgw/ipsec_worker.h | 41 ++++\n 5 files changed, 538 insertions(+), 48 deletions(-)\n create mode 100644 examples/ipsec-secgw/ipsec_worker.h", "diff": "diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c\nindex 9ad4be5..a03958d 100644\n--- a/examples/ipsec-secgw/ipsec-secgw.c\n+++ b/examples/ipsec-secgw/ipsec-secgw.c\n@@ -50,13 +50,12 @@\n \n #include \"event_helper.h\"\n #include \"ipsec.h\"\n+#include \"ipsec_worker.h\"\n #include \"parser.h\"\n #include \"sad.h\"\n \n volatile bool force_quit;\n \n-#define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1\n-\n #define MAX_JUMBO_PKT_LEN 9600\n \n #define MEMPOOL_CACHE_SIZE 256\n@@ -86,29 +85,6 @@ volatile bool force_quit;\n static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;\n static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;\n \n-#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN\n-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \\\n-\t(((uint64_t)((a) & 0xff) << 56) | \\\n-\t((uint64_t)((b) & 0xff) << 48) | \\\n-\t((uint64_t)((c) & 0xff) << 40) | \\\n-\t((uint64_t)((d) & 0xff) << 32) | \\\n-\t((uint64_t)((e) & 0xff) << 24) | \\\n-\t((uint64_t)((f) & 0xff) << 16) | \\\n-\t((uint64_t)((g) & 0xff) << 8) | \\\n-\t((uint64_t)(h) & 0xff))\n-#else\n-#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \\\n-\t(((uint64_t)((h) & 0xff) << 56) | \\\n-\t((uint64_t)((g) & 0xff) << 48) | \\\n-\t((uint64_t)((f) & 0xff) << 40) | \\\n-\t((uint64_t)((e) & 0xff) << 32) | \\\n-\t((uint64_t)((d) & 0xff) << 24) | \\\n-\t((uint64_t)((c) & 0xff) << 16) | \\\n-\t((uint64_t)((b) & 0xff) << 8) | \\\n-\t((uint64_t)(a) & 0xff))\n-#endif\n-#define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))\n-\n #define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \\\n \t\t(addr)->addr_bytes[0], (addr)->addr_bytes[1], \\\n \t\t(addr)->addr_bytes[2], (addr)->addr_bytes[3], \\\n@@ -120,11 +96,6 @@ static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;\n \n #define MTU_TO_FRAMELEN(x)\t((x) + RTE_ETHER_HDR_LEN + RTE_ETHER_CRC_LEN)\n \n-/* port/source ethernet addr and destination ethernet addr */\n-struct ethaddr_info {\n-\tuint64_t src, dst;\n-};\n-\n struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {\n \t{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x7e, 0x94, 0x9a) },\n \t{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x22, 0xa1, 0xd9) },\ndiff --git a/examples/ipsec-secgw/ipsec-secgw.h b/examples/ipsec-secgw/ipsec-secgw.h\nindex a07a920..4b53cb5 100644\n--- a/examples/ipsec-secgw/ipsec-secgw.h\n+++ b/examples/ipsec-secgw/ipsec-secgw.h\n@@ -8,6 +8,69 @@\n \n #define NB_SOCKETS 4\n \n+#define MAX_PKT_BURST 32\n+\n+#define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1\n+\n+#if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN\n+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \\\n+\t(((uint64_t)((a) & 0xff) << 56) | \\\n+\t((uint64_t)((b) & 0xff) << 48) | \\\n+\t((uint64_t)((c) & 0xff) << 40) | \\\n+\t((uint64_t)((d) & 0xff) << 32) | \\\n+\t((uint64_t)((e) & 0xff) << 24) | \\\n+\t((uint64_t)((f) & 0xff) << 16) | \\\n+\t((uint64_t)((g) & 0xff) << 8) | \\\n+\t((uint64_t)(h) & 0xff))\n+#else\n+#define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \\\n+\t(((uint64_t)((h) & 0xff) << 56) | \\\n+\t((uint64_t)((g) & 0xff) << 48) | \\\n+\t((uint64_t)((f) & 0xff) << 40) | \\\n+\t((uint64_t)((e) & 0xff) << 32) | \\\n+\t((uint64_t)((d) & 0xff) << 24) | \\\n+\t((uint64_t)((c) & 0xff) << 16) | \\\n+\t((uint64_t)((b) & 0xff) << 8) | \\\n+\t((uint64_t)(a) & 0xff))\n+#endif\n+\n+#define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))\n+\n+struct traffic_type {\n+\tconst uint8_t *data[MAX_PKT_BURST * 2];\n+\tstruct rte_mbuf *pkts[MAX_PKT_BURST * 2];\n+\tvoid *saptr[MAX_PKT_BURST * 2];\n+\tuint32_t res[MAX_PKT_BURST * 2];\n+\tuint32_t num;\n+};\n+\n+struct ipsec_traffic {\n+\tstruct traffic_type ipsec;\n+\tstruct traffic_type ip4;\n+\tstruct traffic_type ip6;\n+};\n+\n+/* Fields optimized for devices without burst */\n+struct traffic_type_nb {\n+\tconst uint8_t *data;\n+\tstruct rte_mbuf *pkt;\n+\tuint32_t res;\n+\tuint32_t num;\n+};\n+\n+struct ipsec_traffic_nb {\n+\tstruct traffic_type_nb ipsec;\n+\tstruct traffic_type_nb ip4;\n+\tstruct traffic_type_nb ip6;\n+};\n+\n+/* port/source ethernet addr and destination ethernet addr */\n+struct ethaddr_info {\n+\tuint64_t src, dst;\n+};\n+\n+extern struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS];\n+\n /* Port mask to identify the unprotected ports */\n extern uint32_t unprotected_port_mask;\n \ndiff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex ad913bf..f8f29f9 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -15,11 +15,9 @@\n \n #include \"ipsec-secgw.h\"\n \n-#define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1\n #define RTE_LOGTYPE_IPSEC_ESP RTE_LOGTYPE_USER2\n #define RTE_LOGTYPE_IPSEC_IPIP RTE_LOGTYPE_USER3\n \n-#define MAX_PKT_BURST 32\n #define MAX_INFLIGHT 128\n #define MAX_QP_PER_LCORE 256\n \n@@ -259,20 +257,6 @@ struct cnt_blk {\n \tuint32_t cnt;\n } __attribute__((packed));\n \n-struct traffic_type {\n-\tconst uint8_t *data[MAX_PKT_BURST * 2];\n-\tstruct rte_mbuf *pkts[MAX_PKT_BURST * 2];\n-\tvoid *saptr[MAX_PKT_BURST * 2];\n-\tuint32_t res[MAX_PKT_BURST * 2];\n-\tuint32_t num;\n-};\n-\n-struct ipsec_traffic {\n-\tstruct traffic_type ipsec;\n-\tstruct traffic_type ip4;\n-\tstruct traffic_type ip6;\n-};\n-\n /* Socket ctx */\n extern struct socket_ctx socket_ctx[NB_SOCKETS];\n \ndiff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c\nindex b7a1ef9..5fde667 100644\n--- a/examples/ipsec-secgw/ipsec_worker.c\n+++ b/examples/ipsec-secgw/ipsec_worker.c\n@@ -2,11 +2,51 @@\n * Copyright(c) 2010-2016 Intel Corporation\n * Copyright (C) 2020 Marvell International Ltd.\n */\n+#include <rte_acl.h>\n #include <rte_event_eth_tx_adapter.h>\n+#include <rte_lpm.h>\n+#include <rte_lpm6.h>\n \n #include \"event_helper.h\"\n #include \"ipsec.h\"\n #include \"ipsec-secgw.h\"\n+#include \"ipsec_worker.h\"\n+\n+static inline enum pkt_type\n+process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp)\n+{\n+\tstruct rte_ether_hdr *eth;\n+\n+\teth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);\n+\tif (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {\n+\t\t*nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +\n+\t\t\t\toffsetof(struct ip, ip_p));\n+\t\tif (**nlp == IPPROTO_ESP)\n+\t\t\treturn PKT_TYPE_IPSEC_IPV4;\n+\t\telse\n+\t\t\treturn PKT_TYPE_PLAIN_IPV4;\n+\t} else if (eth->ether_type == rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)) {\n+\t\t*nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +\n+\t\t\t\toffsetof(struct ip6_hdr, ip6_nxt));\n+\t\tif (**nlp == IPPROTO_ESP)\n+\t\t\treturn PKT_TYPE_IPSEC_IPV6;\n+\t\telse\n+\t\t\treturn PKT_TYPE_PLAIN_IPV6;\n+\t}\n+\n+\t/* Unknown/Unsupported type */\n+\treturn PKT_TYPE_INVALID;\n+}\n+\n+static inline void\n+update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid)\n+{\n+\tstruct rte_ether_hdr *ethhdr;\n+\n+\tethhdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);\n+\tmemcpy(ðhdr->s_addr, ðaddr_tbl[portid].src, RTE_ETHER_ADDR_LEN);\n+\tmemcpy(ðhdr->d_addr, ðaddr_tbl[portid].dst, RTE_ETHER_ADDR_LEN);\n+}\n \n static inline void\n ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id)\n@@ -61,6 +101,290 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out,\n \t}\n }\n \n+static inline int\n+check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx)\n+{\n+\tuint32_t res;\n+\n+\tif (unlikely(sp == NULL))\n+\t\treturn 0;\n+\n+\trte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1,\n+\t\t\tDEFAULT_MAX_CATEGORIES);\n+\n+\tif (unlikely(res == 0)) {\n+\t\t/* No match */\n+\t\treturn 0;\n+\t}\n+\n+\tif (res == DISCARD)\n+\t\treturn 0;\n+\telse if (res == BYPASS) {\n+\t\t*sa_idx = -1;\n+\t\treturn 1;\n+\t}\n+\n+\t*sa_idx = res - 1;\n+\treturn 1;\n+}\n+\n+static inline uint16_t\n+route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)\n+{\n+\tuint32_t dst_ip;\n+\tuint16_t offset;\n+\tuint32_t hop;\n+\tint ret;\n+\n+\toffset = RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst);\n+\tdst_ip = *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset);\n+\tdst_ip = rte_be_to_cpu_32(dst_ip);\n+\n+\tret = rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip, &hop);\n+\n+\tif (ret == 0) {\n+\t\t/* We have a hit */\n+\t\treturn hop;\n+\t}\n+\n+\t/* else */\n+\treturn RTE_MAX_ETHPORTS;\n+}\n+\n+/* TODO: To be tested */\n+static inline uint16_t\n+route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)\n+{\n+\tuint8_t dst_ip[16];\n+\tuint8_t *ip6_dst;\n+\tuint16_t offset;\n+\tuint32_t hop;\n+\tint ret;\n+\n+\toffset = RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr, ip6_dst);\n+\tip6_dst = rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset);\n+\tmemcpy(&dst_ip[0], ip6_dst, 16);\n+\n+\tret = rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip, &hop);\n+\n+\tif (ret == 0) {\n+\t\t/* We have a hit */\n+\t\treturn hop;\n+\t}\n+\n+\t/* else */\n+\treturn RTE_MAX_ETHPORTS;\n+}\n+\n+static inline uint16_t\n+get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type type)\n+{\n+\tif (type == PKT_TYPE_PLAIN_IPV4 || type == PKT_TYPE_IPSEC_IPV4)\n+\t\treturn route4_pkt(pkt, rt->rt4_ctx);\n+\telse if (type == PKT_TYPE_PLAIN_IPV6 || type == PKT_TYPE_IPSEC_IPV6)\n+\t\treturn route6_pkt(pkt, rt->rt6_ctx);\n+\n+\treturn RTE_MAX_ETHPORTS;\n+}\n+\n+static inline int\n+process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt,\n+\t\tstruct rte_event *ev)\n+{\n+\tstruct ipsec_sa *sa = NULL;\n+\tstruct rte_mbuf *pkt;\n+\tuint16_t port_id = 0;\n+\tenum pkt_type type;\n+\tuint32_t sa_idx;\n+\tuint8_t *nlp;\n+\n+\t/* Get pkt from event */\n+\tpkt = ev->mbuf;\n+\n+\t/* Check the packet type */\n+\ttype = process_ipsec_get_pkt_type(pkt, &nlp);\n+\n+\tswitch (type) {\n+\tcase PKT_TYPE_PLAIN_IPV4:\n+\t\tif (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {\n+\t\t\tif (unlikely(pkt->ol_flags &\n+\t\t\t\t PKT_RX_SEC_OFFLOAD_FAILED)) {\n+\t\t\t\tRTE_LOG(ERR, IPSEC,\n+\t\t\t\t\t\"Inbound security offload failed\\n\");\n+\t\t\t\tgoto drop_pkt_and_exit;\n+\t\t\t}\n+\t\t\tsa = pkt->userdata;\n+\t\t}\n+\n+\t\t/* Check if we have a match */\n+\t\tif (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {\n+\t\t\t/* No valid match */\n+\t\t\tgoto drop_pkt_and_exit;\n+\t\t}\n+\t\tbreak;\n+\n+\tcase PKT_TYPE_PLAIN_IPV6:\n+\t\tif (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {\n+\t\t\tif (unlikely(pkt->ol_flags &\n+\t\t\t\t PKT_RX_SEC_OFFLOAD_FAILED)) {\n+\t\t\t\tRTE_LOG(ERR, IPSEC,\n+\t\t\t\t\t\"Inbound security offload failed\\n\");\n+\t\t\t\tgoto drop_pkt_and_exit;\n+\t\t\t}\n+\t\t\tsa = pkt->userdata;\n+\t\t}\n+\n+\t\t/* Check if we have a match */\n+\t\tif (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {\n+\t\t\t/* No valid match */\n+\t\t\tgoto drop_pkt_and_exit;\n+\t\t}\n+\t\tbreak;\n+\n+\tdefault:\n+\t\tRTE_LOG(ERR, IPSEC, \"Unsupported packet type = %d\\n\", type);\n+\t\tgoto drop_pkt_and_exit;\n+\t}\n+\n+\t/* Check if the packet has to be bypassed */\n+\tif (sa_idx == BYPASS)\n+\t\tgoto route_and_send_pkt;\n+\n+\t/* Validate sa_idx */\n+\tif (sa_idx >= ctx->sa_ctx->nb_sa)\n+\t\tgoto drop_pkt_and_exit;\n+\n+\t/* Else the packet has to be protected with SA */\n+\n+\t/* If the packet was IPsec processed, then SA pointer should be set */\n+\tif (sa == NULL)\n+\t\tgoto drop_pkt_and_exit;\n+\n+\t/* SPI on the packet should match with the one in SA */\n+\tif (unlikely(sa->spi != ctx->sa_ctx->sa[sa_idx].spi))\n+\t\tgoto drop_pkt_and_exit;\n+\n+route_and_send_pkt:\n+\tport_id = get_route(pkt, rt, type);\n+\tif (unlikely(port_id == RTE_MAX_ETHPORTS)) {\n+\t\t/* no match */\n+\t\tgoto drop_pkt_and_exit;\n+\t}\n+\t/* else, we have a matching route */\n+\n+\t/* Update mac addresses */\n+\tupdate_mac_addrs(pkt, port_id);\n+\n+\t/* Update the event with the dest port */\n+\tipsec_event_pre_forward(pkt, port_id);\n+\treturn PKT_FORWARDED;\n+\n+drop_pkt_and_exit:\n+\tRTE_LOG(ERR, IPSEC, \"Inbound packet dropped\\n\");\n+\trte_pktmbuf_free(pkt);\n+\tev->mbuf = NULL;\n+\treturn PKT_DROPPED;\n+}\n+\n+static inline int\n+process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt,\n+\t\tstruct rte_event *ev)\n+{\n+\tstruct rte_ipsec_session *sess;\n+\tstruct sa_ctx *sa_ctx;\n+\tstruct rte_mbuf *pkt;\n+\tuint16_t port_id = 0;\n+\tstruct ipsec_sa *sa;\n+\tenum pkt_type type;\n+\tuint32_t sa_idx;\n+\tuint8_t *nlp;\n+\n+\t/* Get pkt from event */\n+\tpkt = ev->mbuf;\n+\n+\t/* Check the packet type */\n+\ttype = process_ipsec_get_pkt_type(pkt, &nlp);\n+\n+\tswitch (type) {\n+\tcase PKT_TYPE_PLAIN_IPV4:\n+\t\t/* Check if we have a match */\n+\t\tif (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {\n+\t\t\t/* No valid match */\n+\t\t\tgoto drop_pkt_and_exit;\n+\t\t}\n+\t\tbreak;\n+\tcase PKT_TYPE_PLAIN_IPV6:\n+\t\t/* Check if we have a match */\n+\t\tif (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {\n+\t\t\t/* No valid match */\n+\t\t\tgoto drop_pkt_and_exit;\n+\t\t}\n+\t\tbreak;\n+\tdefault:\n+\t\t/*\n+\t\t * Only plain IPv4 & IPv6 packets are allowed\n+\t\t * on protected port. Drop the rest.\n+\t\t */\n+\t\tRTE_LOG(ERR, IPSEC, \"Unsupported packet type = %d\\n\", type);\n+\t\tgoto drop_pkt_and_exit;\n+\t}\n+\n+\t/* Check if the packet has to be bypassed */\n+\tif (sa_idx == BYPASS) {\n+\t\tport_id = get_route(pkt, rt, type);\n+\t\tif (unlikely(port_id == RTE_MAX_ETHPORTS)) {\n+\t\t\t/* no match */\n+\t\t\tgoto drop_pkt_and_exit;\n+\t\t}\n+\t\t/* else, we have a matching route */\n+\t\tgoto send_pkt;\n+\t}\n+\n+\t/* Validate sa_idx */\n+\tif (sa_idx >= ctx->sa_ctx->nb_sa)\n+\t\tgoto drop_pkt_and_exit;\n+\n+\t/* Else the packet has to be protected */\n+\n+\t/* Get SA ctx*/\n+\tsa_ctx = ctx->sa_ctx;\n+\n+\t/* Get SA */\n+\tsa = &(sa_ctx->sa[sa_idx]);\n+\n+\t/* Get IPsec session */\n+\tsess = ipsec_get_primary_session(sa);\n+\n+\t/* Allow only inline protocol for now */\n+\tif (sess->type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {\n+\t\tRTE_LOG(ERR, IPSEC, \"SA type not supported\\n\");\n+\t\tgoto drop_pkt_and_exit;\n+\t}\n+\n+\tif (sess->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)\n+\t\tpkt->userdata = sess->security.ses;\n+\n+\t/* Mark the packet for Tx security offload */\n+\tpkt->ol_flags |= PKT_TX_SEC_OFFLOAD;\n+\n+\t/* Get the port to which this pkt need to be submitted */\n+\tport_id = sa->portid;\n+\n+send_pkt:\n+\t/* Update mac addresses */\n+\tupdate_mac_addrs(pkt, port_id);\n+\n+\t/* Update the event with the dest port */\n+\tipsec_event_pre_forward(pkt, port_id);\n+\treturn PKT_FORWARDED;\n+\n+drop_pkt_and_exit:\n+\tRTE_LOG(ERR, IPSEC, \"Outbound packet dropped\\n\");\n+\trte_pktmbuf_free(pkt);\n+\tev->mbuf = NULL;\n+\treturn PKT_DROPPED;\n+}\n+\n /*\n * Event mode exposes various operating modes depending on the\n * capabilities of the event device and the operating mode\n@@ -68,7 +392,7 @@ prepare_out_sessions_tbl(struct sa_ctx *sa_out,\n */\n \n /* Workers registered */\n-#define IPSEC_EVENTMODE_WORKERS\t\t1\n+#define IPSEC_EVENTMODE_WORKERS\t\t2\n \n /*\n * Event mode worker\n@@ -146,7 +470,7 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links,\n \t\t\t}\n \n \t\t\t/* Save security session */\n-\t\t\tpkt->udata64 = (uint64_t) sess_tbl[port_id];\n+\t\t\tpkt->userdata = sess_tbl[port_id];\n \n \t\t\t/* Mark the packet for Tx security offload */\n \t\t\tpkt->ol_flags |= PKT_TX_SEC_OFFLOAD;\n@@ -165,6 +489,105 @@ ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links,\n \t}\n }\n \n+/*\n+ * Event mode worker\n+ * Operating parameters : non-burst - Tx internal port - app mode\n+ */\n+static void\n+ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,\n+\t\tuint8_t nb_links)\n+{\n+\tstruct lcore_conf_ev_tx_int_port_wrkr lconf;\n+\tunsigned int nb_rx = 0;\n+\tstruct rte_event ev;\n+\tuint32_t lcore_id;\n+\tint32_t socket_id;\n+\tint ret;\n+\n+\t/* Check if we have links registered for this lcore */\n+\tif (nb_links == 0) {\n+\t\t/* No links registered - exit */\n+\t\treturn;\n+\t}\n+\n+\t/* We have valid links */\n+\n+\t/* Get core ID */\n+\tlcore_id = rte_lcore_id();\n+\n+\t/* Get socket ID */\n+\tsocket_id = rte_lcore_to_socket_id(lcore_id);\n+\n+\t/* Save routing table */\n+\tlconf.rt.rt4_ctx = socket_ctx[socket_id].rt_ip4;\n+\tlconf.rt.rt6_ctx = socket_ctx[socket_id].rt_ip6;\n+\tlconf.inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;\n+\tlconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;\n+\tlconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;\n+\tlconf.inbound.session_pool = socket_ctx[socket_id].session_pool;\n+\tlconf.inbound.session_priv_pool =\n+\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\tlconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;\n+\tlconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;\n+\tlconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;\n+\tlconf.outbound.session_pool = socket_ctx[socket_id].session_pool;\n+\tlconf.outbound.session_priv_pool =\n+\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\n+\tRTE_LOG(INFO, IPSEC,\n+\t\t\"Launching event mode worker (non-burst - Tx internal port - \"\n+\t\t\"app mode) on lcore %d\\n\", lcore_id);\n+\n+\t/* Check if it's single link */\n+\tif (nb_links != 1) {\n+\t\tRTE_LOG(INFO, IPSEC,\n+\t\t\t\"Multiple links not supported. Using first link\\n\");\n+\t}\n+\n+\tRTE_LOG(INFO, IPSEC, \" -- lcoreid=%u event_port_id=%u\\n\", lcore_id,\n+\t\tlinks[0].event_port_id);\n+\n+\twhile (!force_quit) {\n+\t\t/* Read packet from event queues */\n+\t\tnb_rx = rte_event_dequeue_burst(links[0].eventdev_id,\n+\t\t\t\tlinks[0].event_port_id,\n+\t\t\t\t&ev, /* events */\n+\t\t\t\t1, /* nb_events */\n+\t\t\t\t0 /* timeout_ticks */);\n+\n+\t\tif (nb_rx == 0)\n+\t\t\tcontinue;\n+\n+\t\tif (unlikely(ev.event_type != RTE_EVENT_TYPE_ETHDEV)) {\n+\t\t\tRTE_LOG(ERR, IPSEC, \"Invalid event type %u\",\n+\t\t\t\tev.event_type);\n+\n+\t\t\tcontinue;\n+\t\t}\n+\n+\t\tif (is_unprotected_port(ev.mbuf->port))\n+\t\t\tret = process_ipsec_ev_inbound(&lconf.inbound,\n+\t\t\t\t\t\t\t&lconf.rt, &ev);\n+\t\telse\n+\t\t\tret = process_ipsec_ev_outbound(&lconf.outbound,\n+\t\t\t\t\t\t\t&lconf.rt, &ev);\n+\t\tif (ret != 1)\n+\t\t\t/* The pkt has been dropped */\n+\t\t\tcontinue;\n+\n+\t\t/*\n+\t\t * Since tx internal port is available, events can be\n+\t\t * directly enqueued to the adapter and it would be\n+\t\t * internally submitted to the eth device.\n+\t\t */\n+\t\trte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,\n+\t\t\t\tlinks[0].event_port_id,\n+\t\t\t\t&ev,\t/* events */\n+\t\t\t\t1,\t/* nb_events */\n+\t\t\t\t0\t/* flags */);\n+\t}\n+}\n+\n static uint8_t\n ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params *wrkrs)\n {\n@@ -180,6 +603,14 @@ ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params *wrkrs)\n \twrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_DRIVER;\n \twrkr->worker_thread = ipsec_wrkr_non_burst_int_port_drv_mode;\n \twrkr++;\n+\tnb_wrkr_param++;\n+\n+\t/* Non-burst - Tx internal port - app mode */\n+\twrkr->cap.burst = EH_RX_TYPE_NON_BURST;\n+\twrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;\n+\twrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_APP;\n+\twrkr->worker_thread = ipsec_wrkr_non_burst_int_port_app_mode;\n+\tnb_wrkr_param++;\n \n \treturn nb_wrkr_param;\n }\ndiff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h\nnew file mode 100644\nindex 0000000..5d85cf1\n--- /dev/null\n+++ b/examples/ipsec-secgw/ipsec_worker.h\n@@ -0,0 +1,41 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright (C) 2020 Marvell International Ltd.\n+ */\n+#ifndef _IPSEC_WORKER_H_\n+#define _IPSEC_WORKER_H_\n+\n+#include \"ipsec.h\"\n+\n+enum pkt_type {\n+\tPKT_TYPE_PLAIN_IPV4 = 1,\n+\tPKT_TYPE_IPSEC_IPV4,\n+\tPKT_TYPE_PLAIN_IPV6,\n+\tPKT_TYPE_IPSEC_IPV6,\n+\tPKT_TYPE_INVALID\n+};\n+\n+enum {\n+\tPKT_DROPPED = 0,\n+\tPKT_FORWARDED,\n+\tPKT_POSTED\t/* for lookaside case */\n+};\n+\n+struct route_table {\n+\tstruct rt_ctx *rt4_ctx;\n+\tstruct rt_ctx *rt6_ctx;\n+};\n+\n+/*\n+ * Conf required by event mode worker with tx internal port\n+ */\n+struct lcore_conf_ev_tx_int_port_wrkr {\n+\tstruct ipsec_ctx inbound;\n+\tstruct ipsec_ctx outbound;\n+\tstruct route_table rt;\n+} __rte_cache_aligned;\n+\n+void ipsec_poll_mode_worker(void);\n+\n+int ipsec_launch_one_lcore(void *args);\n+\n+#endif /* _IPSEC_WORKER_H_ */\n", "prefixes": [ "v5", "12/15" ] }