examples/ipsec-secgw: support security offload

[dpdk.git] / examples / ipsec-secgw / ipsec-secgw.c

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 37274e8..6201d85 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -161,6 +161,7 @@ static int32_t numa_on = 1; /**< NUMA is enabled by default. */
 static uint32_t nb_lcores;
 static uint32_t single_sa;
 static uint32_t single_sa_idx;
+static uint32_t frame_size;
 
 struct lcore_rx_queue {
        uint16_t port_id;
@@ -843,6 +844,7 @@ print_usage(const char *prgname)
                "  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
                "  -P : enable promiscuous mode\n"
                "  -u PORTMASK: hexadecimal bitmask of unprotected ports\n"
+               "  -j FRAMESIZE: jumbo frame maximum size\n"
                "  --"OPTION_CONFIG": (port,queue,lcore): "
                "rx queues configuration\n"
                "  --single-sa SAIDX: use single SA index for outbound, "
@@ -981,7 +983,7 @@ parse_args(int32_t argc, char **argv)
 
        argvopt = argv;
 
-       while ((opt = getopt_long(argc, argvopt, "p:Pu:f:",
+       while ((opt = getopt_long(argc, argvopt, "p:Pu:f:j:",
                                lgopts, &option_index)) != EOF) {
 
                switch (opt) {
@@ -1020,6 +1022,23 @@ parse_args(int32_t argc, char **argv)
                        }
                        f_present = 1;
                        break;
+               case 'j':
+                       {
+                               int32_t size = parse_decimal(optarg);
+                               if (size <= 1518) {
+                                       printf("Invalid jumbo frame size\n");
+                                       if (size < 0) {
+                                               print_usage(prgname);
+                                               return -1;
+                                       }
+                                       printf("Using default value 9000\n");
+                                       frame_size = 9000;
+                               } else {
+                                       frame_size = size;
+                               }
+                       }
+                       printf("Enabled jumbo frames size %u\n", frame_size);
+                       break;
                case 0:
                        if (parse_args_long_options(lgopts, option_index)) {
                                print_usage(prgname);
@@ -1113,7 +1132,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
                uint16_t qp, struct lcore_params *params,
                struct ipsec_ctx *ipsec_ctx,
                const struct rte_cryptodev_capabilities *cipher,
-               const struct rte_cryptodev_capabilities *auth)
+               const struct rte_cryptodev_capabilities *auth,
+               const struct rte_cryptodev_capabilities *aead)
 {
        int32_t ret = 0;
        unsigned long i;
@@ -1124,6 +1144,8 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
                key.cipher_algo = cipher->sym.cipher.algo;
        if (auth)
                key.auth_algo = auth->sym.auth.algo;
+       if (aead)
+               key.aead_algo = aead->sym.aead.algo;
 
        ret = rte_hash_lookup(map, &key);
        if (ret != -ENOENT)
@@ -1192,6 +1214,12 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
                if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
                        continue;
 
+               if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+                       ret |= add_mapping(map, str, cdev_id, qp, params,
+                                       ipsec_ctx, NULL, NULL, i);
+                       continue;
+               }
+
                if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
                        continue;
 
@@ -1204,7 +1232,7 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
                                continue;
 
                        ret |= add_mapping(map, str, cdev_id, qp, params,
-                                       ipsec_ctx, i, j);
+                                               ipsec_ctx, i, j, NULL);
                }
        }
 
@@ -1357,6 +1385,16 @@ port_init(uint16_t portid)
        printf("Creating queues: nb_rx_queue=%d nb_tx_queue=%u...\n",
                        nb_rx_queue, nb_tx_queue);
 
+       if (frame_size) {
+               port_conf.rxmode.max_rx_pkt_len = frame_size;
+               port_conf.rxmode.offloads |= DEV_RX_OFFLOAD_JUMBO_FRAME;
+       }
+
+       if (dev_info.rx_offload_capa & DEV_RX_OFFLOAD_SECURITY)
+               port_conf.rxmode.offloads |= DEV_RX_OFFLOAD_SECURITY;
+       if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_SECURITY)
+               port_conf.txmode.offloads |= DEV_TX_OFFLOAD_SECURITY;
+
        ret = rte_eth_dev_configure(portid, nb_rx_queue, nb_tx_queue,
                        &port_conf);
        if (ret < 0)
@@ -1421,11 +1459,14 @@ static void
 pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
 {
        char s[64];
+       uint32_t buff_size = frame_size ? (frame_size + RTE_PKTMBUF_HEADROOM) :
+                       RTE_MBUF_DEFAULT_BUF_SIZE;
+
 
        snprintf(s, sizeof(s), "mbuf_pool_%d", socket_id);
        ctx->mbuf_pool = rte_pktmbuf_pool_create(s, nb_mbuf,
                        MEMPOOL_CACHE_SIZE, ipsec_metadata_size(),
-                       RTE_MBUF_DEFAULT_BUF_SIZE,
+                       buff_size,
                        socket_id);
        if (ctx->mbuf_pool == NULL)
                rte_exit(EXIT_FAILURE, "Cannot init mbuf pool on socket %d\n",