/*-
* BSD LICENSE
*
- * Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
+ * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define MAX_STR_LEN 32
#define MAX_KEY_SIZE 128
+#define MAX_IV_SIZE 16
+#define MAX_AAD_SIZE 65535
#define MAX_PKT_BURST 32
#define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
+#define MAX_SESSIONS 32
+#define SESSION_POOL_CACHE_SIZE 0
#define MAXIMUM_IV_LENGTH 16
#define IV_OFFSET (sizeof(struct rte_crypto_op) + \
static uint64_t l2fwd_enabled_crypto_mask;
/* list of enabled ports */
-static uint32_t l2fwd_dst_ports[RTE_MAX_ETHPORTS];
+static uint16_t l2fwd_dst_ports[RTE_MAX_ETHPORTS];
struct pkt_buffer {
char string_type[MAX_STR_LEN];
uint64_t cryptodev_mask;
+
+ unsigned int mac_updating;
};
/** l2fwd crypto lcore params */
/** lcore configuration */
struct lcore_queue_conf {
unsigned nb_rx_ports;
- unsigned rx_port_list[MAX_RX_QUEUE_PER_LCORE];
+ uint16_t rx_port_list[MAX_RX_QUEUE_PER_LCORE];
unsigned nb_crypto_devs;
unsigned cryptodev_list[MAX_RX_QUEUE_PER_LCORE];
struct rte_mempool *l2fwd_pktmbuf_pool;
struct rte_mempool *l2fwd_crypto_op_pool;
+struct rte_mempool *session_pool_socket[RTE_MAX_NUMA_NODES] = { 0 };
/* Per-port statistics struct */
struct l2fwd_port_statistics {
uint64_t total_packets_dropped, total_packets_tx, total_packets_rx;
uint64_t total_packets_enqueued, total_packets_dequeued,
total_packets_errors;
- unsigned portid;
+ uint16_t portid;
uint64_t cdevid;
total_packets_dropped = 0;
uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
IV_OFFSET);
/* Copy IV at the end of the crypto operation */
- rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+ /*
+ * If doing AES-CCM, nonce is copied one byte
+ * after the start of IV field
+ */
+ if (cparams->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ rte_memcpy(iv_ptr + 1, cparams->aead_iv.data,
+ cparams->aead_iv.length);
+ else
+ rte_memcpy(iv_ptr, cparams->aead_iv.data,
+ cparams->aead_iv.length);
op->sym->aead.data.offset = ipdata_offset;
op->sym->aead.data.length = data_len;
uint8_t *) + ipdata_offset + data_len;
}
- op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+ op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
rte_pktmbuf_pkt_len(m) - cparams->digest_length);
if (cparams->aad.length) {
/* Send the burst of packets on an output interface */
static int
l2fwd_send_burst(struct lcore_queue_conf *qconf, unsigned n,
- uint8_t port)
+ uint16_t port)
{
struct rte_mbuf **pkt_buffer;
unsigned ret;
/* Enqueue packets for TX and prepare them to be sent */
static int
-l2fwd_send_packet(struct rte_mbuf *m, uint8_t port)
+l2fwd_send_packet(struct rte_mbuf *m, uint16_t port)
{
unsigned lcore_id, len;
struct lcore_queue_conf *qconf;
}
static void
-l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
+l2fwd_mac_updating(struct rte_mbuf *m, uint16_t dest_portid)
{
struct ether_hdr *eth;
void *tmp;
- unsigned dst_port;
- dst_port = l2fwd_dst_ports[portid];
eth = rte_pktmbuf_mtod(m, struct ether_hdr *);
/* 02:00:00:00:00:xx */
tmp = ð->d_addr.addr_bytes[0];
- *((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dst_port << 40);
+ *((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dest_portid << 40);
/* src addr */
- ether_addr_copy(&l2fwd_ports_eth_addr[dst_port], ð->s_addr);
+ ether_addr_copy(&l2fwd_ports_eth_addr[dest_portid], ð->s_addr);
+}
- l2fwd_send_packet(m, (uint8_t) dst_port);
+static void
+l2fwd_simple_forward(struct rte_mbuf *m, uint16_t portid,
+ struct l2fwd_crypto_options *options)
+{
+ uint16_t dst_port;
+
+ dst_port = l2fwd_dst_ports[portid];
+
+ if (options->mac_updating)
+ l2fwd_mac_updating(m, dst_port);
+
+ l2fwd_send_packet(m, dst_port);
}
/** Generate random key */
}
static struct rte_cryptodev_sym_session *
-initialize_crypto_session(struct l2fwd_crypto_options *options,
- uint8_t cdev_id)
+initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
{
struct rte_crypto_sym_xform *first_xform;
+ struct rte_cryptodev_sym_session *session;
+ int retval = rte_cryptodev_socket_id(cdev_id);
+
+ if (retval < 0)
+ return NULL;
+
+ uint8_t socket_id = (uint8_t) retval;
+ struct rte_mempool *sess_mp = session_pool_socket[socket_id];
if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
first_xform = &options->aead_xform;
first_xform = &options->auth_xform;
}
- /* Setup Cipher Parameters */
- return rte_cryptodev_sym_session_create(cdev_id, first_xform);
+ session = rte_cryptodev_sym_session_create(sess_mp);
+
+ if (session == NULL)
+ return NULL;
+
+ if (rte_cryptodev_sym_session_init(cdev_id, session,
+ first_xform, sess_mp) < 0)
+ return NULL;
+
+ return session;
}
static void
unsigned lcore_id = rte_lcore_id();
uint64_t prev_tsc = 0, diff_tsc, cur_tsc, timer_tsc = 0;
- unsigned i, j, portid, nb_rx, len;
+ unsigned int i, j, nb_rx, len;
+ uint16_t portid;
struct lcore_queue_conf *qconf = &lcore_queue_conf[lcore_id];
const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1) /
US_PER_S * BURST_TX_DRAIN_US;
struct l2fwd_crypto_params *cparams;
struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
+ struct rte_cryptodev_sym_session *session;
if (qconf->nb_rx_ports == 0) {
RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
port_cparams[i].hash_verify = 0;
port_cparams[i].auth_algo = options->auth_xform.auth.algo;
+ port_cparams[i].digest_length =
+ options->auth_xform.auth.digest_length;
/* Set IV parameters */
if (options->auth_iv.length) {
options->auth_xform.auth.iv.offset =
}
if (port_cparams[i].do_aead) {
+ port_cparams[i].aead_iv.data = options->aead_iv.data;
+ port_cparams[i].aead_iv.length = options->aead_iv.length;
+ if (!options->aead_iv_param)
+ generate_random_key(port_cparams[i].aead_iv.data,
+ port_cparams[i].aead_iv.length);
port_cparams[i].aead_algo = options->aead_xform.aead.algo;
port_cparams[i].digest_length =
options->aead_xform.aead.digest_length;
- if (options->aead_xform.aead.add_auth_data_length) {
+ if (options->aead_xform.aead.aad_length) {
port_cparams[i].aad.data = options->aad.data;
port_cparams[i].aad.phys_addr = options->aad.phys_addr;
port_cparams[i].aad.length = options->aad.length;
if (!options->aad_param)
generate_random_key(port_cparams[i].aad.data,
port_cparams[i].aad.length);
+ /*
+ * If doing AES-CCM, first 18 bytes has to be reserved,
+ * and actual AAD should start from byte 18
+ */
+ if (port_cparams[i].aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ memmove(port_cparams[i].aad.data + 18,
+ port_cparams[i].aad.data,
+ port_cparams[i].aad.length);
} else
port_cparams[i].aad.length = 0;
options->cipher_iv.length;
}
- port_cparams[i].session = initialize_crypto_session(options,
+ session = initialize_crypto_session(options,
port_cparams[i].dev_id);
+ if (session == NULL)
+ rte_exit(EXIT_FAILURE, "Failed to initialize crypto session\n");
+
+ port_cparams[i].session = session;
- if (port_cparams[i].session == NULL)
- return;
RTE_LOG(INFO, L2FWD, " -- lcoreid=%u cryptoid=%u\n", lcore_id,
port_cparams[i].dev_id);
}
continue;
l2fwd_send_burst(&lcore_queue_conf[lcore_id],
qconf->pkt_buf[portid].len,
- (uint8_t) portid);
+ portid);
qconf->pkt_buf[portid].len = 0;
}
cparams = &port_cparams[i];
- nb_rx = rte_eth_rx_burst((uint8_t) portid, 0,
+ nb_rx = rte_eth_rx_burst(portid, 0,
pkts_burst, MAX_PKT_BURST);
port_statistics[portid].rx += nb_rx;
m = ops_burst[j]->sym->m_src;
rte_crypto_op_free(ops_burst[j]);
- l2fwd_simple_forward(m, portid);
+ l2fwd_simple_forward(m, portid,
+ options);
}
} while (nb_rx == MAX_PKT_BURST);
}
" --digest_size SIZE: size of digest to be generated/verified\n"
" --sessionless\n"
- " --cryptodev_mask MASK: hexadecimal bitmask of crypto devices to configure\n",
+ " --cryptodev_mask MASK: hexadecimal bitmask of crypto devices to configure\n"
+
+ " --[no-]mac-updating: Enable or disable MAC addresses updating (enabled by default)\n"
+ " When enabled:\n"
+ " - The source MAC address is replaced by the TX port MAC address\n"
+ " - The destination MAC address is replaced by 02:00:00:00:00:TX_PORT_ID\n",
prgname);
}
return -1;
}
-/** Parse crypto key command line argument */
+/** Parse bytes from command line argument */
static int
-parse_key(uint8_t *data, char *input_arg)
+parse_bytes(uint8_t *data, char *input_arg, uint16_t max_size)
{
unsigned byte_count;
char *token;
+ errno = 0;
for (byte_count = 0, token = strtok(input_arg, ":");
- (byte_count < MAX_KEY_SIZE) && (token != NULL);
+ (byte_count < max_size) && (token != NULL);
token = strtok(NULL, ":")) {
int number = (int)strtol(token, NULL, 16);
else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
options->ckey_param = 1;
options->cipher_xform.cipher.key.length =
- parse_key(options->cipher_xform.cipher.key.data, optarg);
+ parse_bytes(options->cipher_xform.cipher.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->cipher_xform.cipher.key.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
options->cipher_iv_param = 1;
options->cipher_iv.length =
- parse_key(options->cipher_iv.data, optarg);
+ parse_bytes(options->cipher_iv.data, optarg, MAX_IV_SIZE);
if (options->cipher_iv.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
options->akey_param = 1;
options->auth_xform.auth.key.length =
- parse_key(options->auth_xform.auth.key.data, optarg);
+ parse_bytes(options->auth_xform.auth.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->auth_xform.auth.key.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
options->auth_iv_param = 1;
options->auth_iv.length =
- parse_key(options->auth_iv.data, optarg);
+ parse_bytes(options->auth_iv.data, optarg, MAX_IV_SIZE);
if (options->auth_iv.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
options->aead_key_param = 1;
options->aead_xform.aead.key.length =
- parse_key(options->aead_xform.aead.key.data, optarg);
+ parse_bytes(options->aead_xform.aead.key.data, optarg,
+ MAX_KEY_SIZE);
if (options->aead_xform.aead.key.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
options->aead_iv_param = 1;
options->aead_iv.length =
- parse_key(options->aead_iv.data, optarg);
+ parse_bytes(options->aead_iv.data, optarg, MAX_IV_SIZE);
if (options->aead_iv.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "aad") == 0) {
options->aad_param = 1;
options->aad.length =
- parse_key(options->aad.data, optarg);
+ parse_bytes(options->aad.data, optarg, MAX_AAD_SIZE);
if (options->aad.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "cryptodev_mask") == 0)
return parse_cryptodev_mask(options, optarg);
+ else if (strcmp(lgopts[option_index].name, "mac-updating") == 0) {
+ options->mac_updating = 1;
+ return 0;
+ }
+
+ else if (strcmp(lgopts[option_index].name, "no-mac-updating") == 0) {
+ options->mac_updating = 0;
+ return 0;
+ }
+
return -1;
}
options->type = CDEV_TYPE_ANY;
options->cryptodev_mask = UINT64_MAX;
+
+ options->mac_updating = 1;
}
static void
{ "sessionless", no_argument, 0, 0 },
{ "cryptodev_mask", required_argument, 0, 0},
+ { "mac-updating", no_argument, 0, 0},
+ { "no-mac-updating", no_argument, 0, 0},
+
{ NULL, 0, 0, 0 }
};
/* Check the link status of all ports in up to 9s, and print them finally */
static void
-check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
+check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
{
#define CHECK_INTERVAL 100 /* 100ms */
#define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
- uint8_t portid, count, all_ports_up, print_flag = 0;
+ uint16_t portid;
+ uint8_t count, all_ports_up, print_flag = 0;
struct rte_eth_link link;
printf("\nChecking link status");
/* print link status if flag set */
if (print_flag == 1) {
if (link.link_status)
- printf("Port %d Link Up - speed %u "
- "Mbps - %s\n", (uint8_t)portid,
- (unsigned)link.link_speed,
+ printf(
+ "Port%d Link Up. Speed %u Mbps - %s\n",
+ portid, link.link_speed,
(link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
("full-duplex") : ("half-duplex\n"));
else
- printf("Port %d Link Down\n",
- (uint8_t)portid);
+ printf("Port %d Link Down\n", portid);
continue;
}
/* clear all_ports_up flag if any link down */
{
unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
const struct rte_cryptodev_capabilities *cap;
+ unsigned int sess_sz, max_sess_sz = 0;
int retval;
cdev_count = rte_cryptodev_count();
return -1;
}
+ for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
+ sess_sz = rte_cryptodev_get_private_session_size(cdev_id);
+ if (sess_sz > max_sess_sz)
+ max_sess_sz = sess_sz;
+ }
+
for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
cdev_id++) {
struct rte_cryptodev_qp_conf qp_conf;
struct rte_cryptodev_info dev_info;
+ retval = rte_cryptodev_socket_id(cdev_id);
+
+ if (retval < 0) {
+ printf("Invalid crypto device id used\n");
+ return -1;
+ }
+
+ uint8_t socket_id = (uint8_t) retval;
struct rte_cryptodev_config conf = {
.nb_queue_pairs = 1,
- .socket_id = SOCKET_ID_ANY,
- .session_mp = {
- .nb_objs = 2048,
- .cache_size = 64
- }
+ .socket_id = socket_id,
};
if (check_cryptodev_mask(options, (uint8_t)cdev_id))
rte_cryptodev_info_get(cdev_id, &dev_info);
+ if (session_pool_socket[socket_id] == NULL) {
+ char mp_name[RTE_MEMPOOL_NAMESIZE];
+ struct rte_mempool *sess_mp;
+
+ snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+ "sess_mp_%u", socket_id);
+
+ /*
+ * Create enough objects for session headers and
+ * device private data
+ */
+ sess_mp = rte_mempool_create(mp_name,
+ MAX_SESSIONS * 2,
+ max_sess_sz,
+ SESSION_POOL_CACHE_SIZE,
+ 0, NULL, NULL, NULL,
+ NULL, socket_id,
+ 0);
+
+ if (sess_mp == NULL) {
+ printf("Cannot create session pool on socket %d\n",
+ socket_id);
+ return -ENOMEM;
+ }
+
+ printf("Allocated session pool on socket %d\n", socket_id);
+ session_pool_socket[socket_id] = sess_mp;
+ }
+
/* Set AEAD parameters */
if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
/* Check if device supports AEAD algo */
* is supported by the algorithm chosen.
*/
} else if (options->aead_key_random_size != -1) {
- if (check_supported_size(options->ckey_random_size,
+ if (check_supported_size(options->aead_key_random_size,
cap->sym.aead.key_size.min,
cap->sym.aead.key_size.max,
cap->sym.aead.key_size.increment)
return -1;
}
options->aead_xform.aead.key.length =
- options->ckey_random_size;
+ options->aead_key_random_size;
/* No size provided, use minimum size. */
} else
options->aead_xform.aead.key.length =
} else
options->aad.length = cap->sym.auth.aad_size.min;
- options->aead_xform.aead.add_auth_data_length =
+ options->aead_xform.aead.aad_length =
options->aad.length;
/* Check if digest size is supported by the algorithm. */
qp_conf.nb_descriptors = 2048;
retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
- SOCKET_ID_ANY);
+ socket_id, session_pool_socket[socket_id]);
if (retval < 0) {
printf("Failed to setup queue pair %u on cryptodev %u",
0, cdev_id);
static int
initialize_ports(struct l2fwd_crypto_options *options)
{
- uint8_t last_portid, portid;
+ uint16_t last_portid, portid;
unsigned enabled_portcount = 0;
unsigned nb_ports = rte_eth_dev_count();
continue;
/* init port */
- printf("Initializing port %u... ", (unsigned) portid);
+ printf("Initializing port %u... ", portid);
fflush(stdout);
retval = rte_eth_dev_configure(portid, 1, 1, &port_conf);
if (retval < 0) {
printf("Cannot configure device: err=%d, port=%u\n",
- retval, (unsigned) portid);
+ retval, portid);
+ return -1;
+ }
+
+ retval = rte_eth_dev_adjust_nb_rx_tx_desc(portid, &nb_rxd,
+ &nb_txd);
+ if (retval < 0) {
+ printf("Cannot adjust number of descriptors: err=%d, port=%u\n",
+ retval, portid);
return -1;
}
NULL, l2fwd_pktmbuf_pool);
if (retval < 0) {
printf("rte_eth_rx_queue_setup:err=%d, port=%u\n",
- retval, (unsigned) portid);
+ retval, portid);
return -1;
}
NULL);
if (retval < 0) {
printf("rte_eth_tx_queue_setup:err=%d, port=%u\n",
- retval, (unsigned) portid);
+ retval, portid);
return -1;
}
retval = rte_eth_dev_start(portid);
if (retval < 0) {
printf("rte_eth_dev_start:err=%d, port=%u\n",
- retval, (unsigned) portid);
+ retval, portid);
return -1;
}
rte_eth_macaddr_get(portid, &l2fwd_ports_eth_addr[portid]);
printf("Port %u, MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n\n",
- (unsigned) portid,
+ portid,
l2fwd_ports_eth_addr[portid].addr_bytes[0],
l2fwd_ports_eth_addr[portid].addr_bytes[1],
l2fwd_ports_eth_addr[portid].addr_bytes[2],
struct lcore_queue_conf *qconf;
struct l2fwd_crypto_options options;
- uint8_t nb_ports, nb_cryptodevs, portid, cdev_id;
+ uint8_t nb_cryptodevs, cdev_id;
+ uint16_t nb_ports, portid;
unsigned lcore_id, rx_lcore_id;
int ret, enabled_cdevcount, enabled_portcount;
uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
if (ret < 0)
rte_exit(EXIT_FAILURE, "Invalid L2FWD-CRYPTO arguments\n");
+ printf("MAC updating %s\n",
+ options.mac_updating ? "enabled" : "disabled");
+
/* create the mbuf pool */
l2fwd_pktmbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", NB_MBUF, 512,
sizeof(struct rte_crypto_op),
qconf->rx_port_list[qconf->nb_rx_ports] = portid;
qconf->nb_rx_ports++;
- printf("Lcore %u: RX port %u\n", rx_lcore_id, (unsigned)portid);
+ printf("Lcore %u: RX port %u\n", rx_lcore_id, portid);
}
/* Enable Crypto devices */
git.droids-corp.org / dpdk.git / blobdiff