[v3,01/13] examples/ipsec-secgw: add default rte flow for inline Rx
diff mbox series

Message ID 1580824721-21527-2-git-send-email-lbartosik@marvell.com
State Superseded
Delegated to: akhil goyal
Headers show
Series
  • add eventmode to ipsec-secgw
Related show

Checks

Context Check Description
ci/Intel-compilation fail apply issues
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing success Testing PASS
ci/iol-nxp-Performance success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Lukas Bartosik Feb. 4, 2020, 1:58 p.m. UTC
From: Ankur Dwivedi <adwivedi@marvell.com>

The default flow created would enable security processing on all ESP
packets. If the default flow is created, SA based rte_flow creation
would be skipped.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 61 +++++++++++++++++++++++++++++++++-----
 examples/ipsec-secgw/ipsec.c       |  7 +++++
 examples/ipsec-secgw/ipsec.h       |  6 ++++
 3 files changed, 66 insertions(+), 8 deletions(-)

Patch
diff mbox series

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 3b5aaf6..d5e8fe5 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -128,6 +128,8 @@  struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
 	{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
 };
 
+struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
+
 #define CMD_LINE_OPT_CONFIG		"config"
 #define CMD_LINE_OPT_SINGLE_SA		"single-sa"
 #define CMD_LINE_OPT_CRYPTODEV_MASK	"cryptodev_mask"
@@ -2406,6 +2408,48 @@  reassemble_init(void)
 	return rc;
 }
 
+static void
+create_default_ipsec_flow(uint16_t port_id, uint64_t rx_offloads)
+{
+	struct rte_flow_action action[2];
+	struct rte_flow_item pattern[2];
+	struct rte_flow_attr attr = {0};
+	struct rte_flow_error err;
+	struct rte_flow *flow;
+	int ret;
+
+	if (!(rx_offloads & DEV_RX_OFFLOAD_SECURITY))
+		return;
+
+	/* Add the default rte_flow to enable SECURITY for all ESP packets */
+
+	pattern[0].type = RTE_FLOW_ITEM_TYPE_ESP;
+	pattern[0].spec = NULL;
+	pattern[0].mask = NULL;
+	pattern[0].last = NULL;
+	pattern[1].type = RTE_FLOW_ITEM_TYPE_END;
+
+	action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY;
+	action[0].conf = NULL;
+	action[1].type = RTE_FLOW_ACTION_TYPE_END;
+	action[1].conf = NULL;
+
+	attr.ingress = 1;
+
+	ret = rte_flow_validate(port_id, &attr, pattern, action, &err);
+	if (ret)
+		return;
+
+	flow = rte_flow_create(port_id, &attr, pattern, action, &err);
+	if (flow == NULL)
+		return;
+
+	flow_info_tbl[port_id].rx_def_flow = flow;
+	RTE_LOG(INFO, IPSEC,
+		"Created default flow enabling SECURITY for all ESP traffic on port %d\n",
+		port_id);
+}
+
 int32_t
 main(int32_t argc, char **argv)
 {
@@ -2414,7 +2458,8 @@  main(int32_t argc, char **argv)
 	uint32_t i;
 	uint8_t socket_id;
 	uint16_t portid;
-	uint64_t req_rx_offloads, req_tx_offloads;
+	uint64_t req_rx_offloads[RTE_MAX_ETHPORTS];
+	uint64_t req_tx_offloads[RTE_MAX_ETHPORTS];
 	size_t sess_sz;
 
 	/* init EAL */
@@ -2476,8 +2521,10 @@  main(int32_t argc, char **argv)
 		if ((enabled_port_mask & (1 << portid)) == 0)
 			continue;
 
-		sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads);
-		port_init(portid, req_rx_offloads, req_tx_offloads);
+		sa_check_offloads(portid, &req_rx_offloads[portid],
+				&req_tx_offloads[portid]);
+		port_init(portid, req_rx_offloads[portid],
+				req_tx_offloads[portid]);
 	}
 
 	cryptodevs_init();
@@ -2487,11 +2534,9 @@  main(int32_t argc, char **argv)
 		if ((enabled_port_mask & (1 << portid)) == 0)
 			continue;
 
-		/*
-		 * Start device
-		 * note: device must be started before a flow rule
-		 * can be installed.
-		 */
+		/* Create flow before starting the device */
+		create_default_ipsec_flow(portid, req_rx_offloads[portid]);
+
 		ret = rte_eth_dev_start(portid);
 		if (ret < 0)
 			rte_exit(EXIT_FAILURE, "rte_eth_dev_start: "
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index d4b5712..58f6e8c 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -261,6 +261,12 @@  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 			unsigned int i;
 			unsigned int j;
 
+			/* Don't create flow if default flow is created */
+			if (flow_info_tbl[sa->portid].rx_def_flow) {
+				sa->cdev_id_qp = 0;
+				return 0;
+			}
+
 			ret = rte_eth_dev_info_get(sa->portid, &dev_info);
 			if (ret != 0) {
 				RTE_LOG(ERR, IPSEC,
@@ -396,6 +402,7 @@  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		ips->security.ol_flags = sec_cap->ol_flags;
 		ips->security.ctx = sec_ctx;
 	}
+
 	sa->cdev_id_qp = 0;
 
 	return 0;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8e07521..28ff07d 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -81,6 +81,12 @@  struct app_sa_prm {
 
 extern struct app_sa_prm app_sa_prm;
 
+struct flow_info {
+	struct rte_flow *rx_def_flow;
+};
+
+extern struct flow_info flow_info_tbl[RTE_MAX_ETHPORTS];
+
 enum {
 	IPSEC_SESSION_PRIMARY = 0,
 	IPSEC_SESSION_FALLBACK = 1,