X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec.h;h=e9272d74bce0f19f99a67836a952c6b26cc511c0;hb=6d13ea8e8e49ab957deae2bba5ecf4a4bfe747d1;hp=6059f6ccec6c9e91fe5ca2ce130b567d7573d207;hpb=3da37f68217336bed3e232c2486af06a687993fc;p=dpdk.git diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 6059f6ccec..e9272d74bc 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -11,16 +11,20 @@ #include #include #include +#include #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1 #define RTE_LOGTYPE_IPSEC_ESP RTE_LOGTYPE_USER2 #define RTE_LOGTYPE_IPSEC_IPIP RTE_LOGTYPE_USER3 #define MAX_PKT_BURST 32 +#define MAX_INFLIGHT 128 #define MAX_QP_PER_LCORE 256 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 + #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ sizeof(struct rte_crypto_sym_op)) @@ -37,10 +41,8 @@ #define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1)) #define INVALID_SPI (0) -#define DISCARD (0x80000000) -#define BYPASS (0x40000000) -#define PROTECT_MASK (0x3fffffff) -#define PROTECT(sa_idx) (SPI2IDX(sa_idx) & PROTECT_MASK) /* SA idx 30 bits */ +#define DISCARD INVALID_SPI +#define BYPASS UINT32_MAX #define IPSEC_XFORM_MAX 2 @@ -67,7 +69,20 @@ struct ip_addr { #define MAX_KEY_SIZE 32 +/* + * application wide SA parameters + */ +struct app_sa_prm { + uint32_t enable; /* use librte_ipsec API for ipsec pkt processing */ + uint32_t window_size; /* replay window size */ + uint32_t enable_esn; /* enable/disable ESN support */ + uint64_t flags; /* rte_ipsec_sa_prm.flags */ +}; + +extern struct app_sa_prm app_sa_prm; + struct ipsec_sa { + struct rte_ipsec_session ips; /* one session per sa for now */ uint32_t spi; uint32_t cdev_id_qp; uint64_t seq; @@ -141,8 +156,11 @@ struct ipsec_ctx { uint16_t last_qp; struct cdev_qp tbl[MAX_QP_PER_LCORE]; struct rte_mempool *session_pool; + struct rte_mempool *session_priv_pool; struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *)); uint16_t ol_pkts_cnt; + uint64_t ipv4_offloads; + uint64_t ipv6_offloads; }; struct cdev_key { @@ -163,6 +181,7 @@ struct socket_ctx { struct rt_ctx *rt_ip6; struct rte_mempool *mbuf_pool; struct rte_mempool *session_pool; + struct rte_mempool *session_priv_pool; }; struct cnt_blk { @@ -171,6 +190,20 @@ struct cnt_blk { uint32_t cnt; } __attribute__((packed)); +struct traffic_type { + const uint8_t *data[MAX_PKT_BURST * 2]; + struct rte_mbuf *pkts[MAX_PKT_BURST * 2]; + struct ipsec_sa *saptr[MAX_PKT_BURST * 2]; + uint32_t res[MAX_PKT_BURST * 2]; + uint32_t num; +}; + +struct ipsec_traffic { + struct traffic_type ipsec; + struct traffic_type ip4; + struct traffic_type ip6; +}; + uint16_t ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], uint16_t nb_pkts, uint16_t len); @@ -179,6 +212,20 @@ uint16_t ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], uint32_t sa_idx[], uint16_t nb_pkts, uint16_t len); +uint16_t +ipsec_inbound_cqp_dequeue(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], + uint16_t len); + +uint16_t +ipsec_outbound_cqp_dequeue(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], + uint16_t len); + +void +ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf); + +void +ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf); + static inline uint16_t ipsec_metadata_size(void) { @@ -188,7 +235,7 @@ ipsec_metadata_size(void) static inline struct ipsec_mbuf_metadata * get_priv(struct rte_mbuf *m) { - return RTE_PTR_ADD(m, sizeof(struct rte_mbuf)); + return rte_mbuf_to_priv(m); } static inline void * @@ -230,10 +277,41 @@ sp4_init(struct socket_ctx *ctx, int32_t socket_id); void sp6_init(struct socket_ctx *ctx, int32_t socket_id); +/* + * Search through SP rules for given SPI. + * Returns first rule index if found(greater or equal then zero), + * or -ENOENT otherwise. + */ +int +sp4_spi_present(uint32_t spi, int inbound); +int +sp6_spi_present(uint32_t spi, int inbound); + +/* + * Search through SA entries for given SPI. + * Returns first entry index if found(greater or equal then zero), + * or -ENOENT otherwise. + */ +int +sa_spi_present(uint32_t spi, int inbound); + void sa_init(struct socket_ctx *ctx, int32_t socket_id); void rt_init(struct socket_ctx *ctx, int32_t socket_id); +int +sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads, + uint64_t *tx_offloads); + +int +add_dst_ethaddr(uint16_t port, const struct rte_ether_addr *addr); + +void +enqueue_cop_burst(struct cdev_qp *cqp); + +int +create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa); + #endif /* __IPSEC_H__ */