static struct socket_ctx socket_ctx[NB_SOCKETS];
-struct traffic_type {
- const uint8_t *data[MAX_PKT_BURST * 2];
- struct rte_mbuf *pkts[MAX_PKT_BURST * 2];
- uint32_t res[MAX_PKT_BURST * 2];
- uint32_t num;
-};
-
-struct ipsec_traffic {
- struct traffic_type ipsec;
- struct traffic_type ip4;
- struct traffic_type ip6;
-};
-
static inline void
prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t)
{
uint8_t *nlp;
- struct ether_hdr *eth;
+ struct rte_ether_hdr *eth;
- eth = rte_pktmbuf_mtod(pkt, struct ether_hdr *);
+ eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv4)) {
nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN);
nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p));
t->ip4.data[t->ip4.num] = nlp;
t->ip4.pkts[(t->ip4.num)++] = pkt;
}
+ pkt->l2_len = 0;
+ pkt->l3_len = sizeof(struct ip);
} else if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv6)) {
nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN);
nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt));
t->ip6.data[t->ip6.num] = nlp;
t->ip6.pkts[(t->ip6.num)++] = pkt;
}
+ pkt->l2_len = 0;
+ pkt->l3_len = sizeof(struct ip6_hdr);
} else {
/* Unknown/Unsupported type, drop the packet */
- RTE_LOG(ERR, IPSEC, "Unsupported packet type\n");
+ RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n",
+ rte_be_to_cpu_16(eth->ether_type));
rte_pktmbuf_free(pkt);
}
const struct lcore_conf *qconf)
{
struct ip *ip;
- struct ether_hdr *ethhdr;
+ struct rte_ether_hdr *ethhdr;
ip = rte_pktmbuf_mtod(pkt, struct ip *);
- ethhdr = (struct ether_hdr *)rte_pktmbuf_prepend(pkt, ETHER_HDR_LEN);
+ ethhdr = (struct rte_ether_hdr *)
+ rte_pktmbuf_prepend(pkt, ETHER_HDR_LEN);
if (ip->ip_v == IPVERSION) {
pkt->ol_flags |= qconf->outbound.ipv4_offloads;
}
memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
- sizeof(struct ether_addr));
+ sizeof(struct rte_ether_addr));
memcpy(ðhdr->d_addr, ðaddr_tbl[port].dst,
- sizeof(struct ether_addr));
+ sizeof(struct rte_ether_addr));
}
static inline void
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
res = ip->res[i];
- if (res & BYPASS) {
+ if (res == BYPASS) {
ip->pkts[j++] = m;
continue;
}
- if (res & DISCARD) {
+ if (res == DISCARD) {
rte_pktmbuf_free(m);
continue;
}
continue;
}
- sa_idx = ip->res[i] & PROTECT_MASK;
- if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
- !inbound_sa_check(sa, m, sa_idx)) {
+ sa_idx = SPI2IDX(res);
+ if (!inbound_sa_check(sa, m, sa_idx)) {
rte_pktmbuf_free(m);
continue;
}
n_ip4 = traffic->ip4.num;
n_ip6 = traffic->ip6.num;
- nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
- traffic->ipsec.num, MAX_PKT_BURST);
-
- split46_traffic(traffic, traffic->ipsec.pkts, nb_pkts_in);
+ if (app_sa_prm.enable == 0) {
+ nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.num, MAX_PKT_BURST);
+ split46_traffic(traffic, traffic->ipsec.pkts, nb_pkts_in);
+ } else {
+ inbound_sa_lookup(ipsec_ctx->sa_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.saptr, traffic->ipsec.num);
+ ipsec_process(ipsec_ctx, traffic);
+ }
inbound_sp_sa(ipsec_ctx->sp4_ctx, ipsec_ctx->sa_ctx, &traffic->ip4,
n_ip4);
j = 0;
for (i = 0; i < ip->num; i++) {
m = ip->pkts[i];
- sa_idx = ip->res[i] & PROTECT_MASK;
- if (ip->res[i] & DISCARD)
+ sa_idx = SPI2IDX(ip->res[i]);
+ if (ip->res[i] == DISCARD)
rte_pktmbuf_free(m);
- else if (ip->res[i] & BYPASS)
+ else if (ip->res[i] == BYPASS)
ip->pkts[j++] = m;
- else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
+ else {
ipsec->res[ipsec->num] = sa_idx;
ipsec->pkts[ipsec->num++] = m;
- } else /* invalid SA idx */
- rte_pktmbuf_free(m);
+ }
}
ip->num = j;
}
outbound_sp(ipsec_ctx->sp6_ctx, &traffic->ip6, &traffic->ipsec);
- nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
- traffic->ipsec.res, traffic->ipsec.num,
- MAX_PKT_BURST);
-
- for (i = 0; i < nb_pkts_out; i++) {
- m = traffic->ipsec.pkts[i];
- struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
- if (ip->ip_v == IPVERSION) {
- idx = traffic->ip4.num++;
- traffic->ip4.pkts[idx] = m;
- } else {
- idx = traffic->ip6.num++;
- traffic->ip6.pkts[idx] = m;
+ if (app_sa_prm.enable == 0) {
+
+ nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.res, traffic->ipsec.num,
+ MAX_PKT_BURST);
+
+ for (i = 0; i < nb_pkts_out; i++) {
+ m = traffic->ipsec.pkts[i];
+ struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
+ if (ip->ip_v == IPVERSION) {
+ idx = traffic->ip4.num++;
+ traffic->ip4.pkts[idx] = m;
+ } else {
+ idx = traffic->ip6.num++;
+ traffic->ip6.pkts[idx] = m;
+ }
}
+ } else {
+ outbound_sa_lookup(ipsec_ctx->sa_ctx, traffic->ipsec.res,
+ traffic->ipsec.saptr, traffic->ipsec.num);
+ ipsec_process(ipsec_ctx, traffic);
}
}
traffic->ip6.num = 0;
- nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
- traffic->ipsec.num, MAX_PKT_BURST);
+ if (app_sa_prm.enable == 0) {
- for (i = 0; i < nb_pkts_in; i++) {
- m = traffic->ipsec.pkts[i];
- struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
- if (ip->ip_v == IPVERSION) {
- idx = traffic->ip4.num++;
- traffic->ip4.pkts[idx] = m;
- } else {
- idx = traffic->ip6.num++;
- traffic->ip6.pkts[idx] = m;
+ nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.num, MAX_PKT_BURST);
+
+ for (i = 0; i < nb_pkts_in; i++) {
+ m = traffic->ipsec.pkts[i];
+ struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
+ if (ip->ip_v == IPVERSION) {
+ idx = traffic->ip4.num++;
+ traffic->ip4.pkts[idx] = m;
+ } else {
+ idx = traffic->ip6.num++;
+ traffic->ip6.pkts[idx] = m;
+ }
}
+ } else {
+ inbound_sa_lookup(ipsec_ctx->sa_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.saptr, traffic->ipsec.num);
+ ipsec_process(ipsec_ctx, traffic);
}
}
traffic->ip6.num = 0;
traffic->ipsec.num = n;
- nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
- traffic->ipsec.res, traffic->ipsec.num,
- MAX_PKT_BURST);
+ if (app_sa_prm.enable == 0) {
- /* They all sue the same SA (ip4 or ip6 tunnel) */
- m = traffic->ipsec.pkts[i];
- ip = rte_pktmbuf_mtod(m, struct ip *);
- if (ip->ip_v == IPVERSION) {
- traffic->ip4.num = nb_pkts_out;
- for (i = 0; i < nb_pkts_out; i++)
- traffic->ip4.pkts[i] = traffic->ipsec.pkts[i];
+ nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
+ traffic->ipsec.res, traffic->ipsec.num,
+ MAX_PKT_BURST);
+
+ /* They all sue the same SA (ip4 or ip6 tunnel) */
+ m = traffic->ipsec.pkts[0];
+ ip = rte_pktmbuf_mtod(m, struct ip *);
+ if (ip->ip_v == IPVERSION) {
+ traffic->ip4.num = nb_pkts_out;
+ for (i = 0; i < nb_pkts_out; i++)
+ traffic->ip4.pkts[i] = traffic->ipsec.pkts[i];
+ } else {
+ traffic->ip6.num = nb_pkts_out;
+ for (i = 0; i < nb_pkts_out; i++)
+ traffic->ip6.pkts[i] = traffic->ipsec.pkts[i];
+ }
} else {
- traffic->ip6.num = nb_pkts_out;
- for (i = 0; i < nb_pkts_out; i++)
- traffic->ip6.pkts[i] = traffic->ipsec.pkts[i];
+ outbound_sa_lookup(ipsec_ctx->sa_ctx, traffic->ipsec.res,
+ traffic->ipsec.saptr, traffic->ipsec.num);
+ ipsec_process(ipsec_ctx, traffic);
}
}
uint32_t n;
struct ipsec_traffic trf;
- /* dequeue packets from crypto-queue */
- n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
+ if (app_sa_prm.enable == 0) {
+
+ /* dequeue packets from crypto-queue */
+ n = ipsec_inbound_cqp_dequeue(ctx, trf.ipsec.pkts,
RTE_DIM(trf.ipsec.pkts));
- if (n == 0)
- return;
- trf.ip4.num = 0;
- trf.ip6.num = 0;
+ trf.ip4.num = 0;
+ trf.ip6.num = 0;
- /* split traffic by ipv4-ipv6 */
- split46_traffic(&trf, trf.ipsec.pkts, n);
+ /* split traffic by ipv4-ipv6 */
+ split46_traffic(&trf, trf.ipsec.pkts, n);
+ } else
+ ipsec_cqp_process(ctx, &trf);
/* process ipv4 packets */
- inbound_sp_sa(ctx->sp4_ctx, ctx->sa_ctx, &trf.ip4, 0);
- route4_pkts(qconf->rt4_ctx, trf.ip4.pkts, trf.ip4.num);
+ if (trf.ip4.num != 0) {
+ inbound_sp_sa(ctx->sp4_ctx, ctx->sa_ctx, &trf.ip4, 0);
+ route4_pkts(qconf->rt4_ctx, trf.ip4.pkts, trf.ip4.num);
+ }
/* process ipv6 packets */
- inbound_sp_sa(ctx->sp6_ctx, ctx->sa_ctx, &trf.ip6, 0);
- route6_pkts(qconf->rt6_ctx, trf.ip6.pkts, trf.ip6.num);
+ if (trf.ip6.num != 0) {
+ inbound_sp_sa(ctx->sp6_ctx, ctx->sa_ctx, &trf.ip6, 0);
+ route6_pkts(qconf->rt6_ctx, trf.ip6.pkts, trf.ip6.num);
+ }
}
static void
uint32_t n;
struct ipsec_traffic trf;
- /* dequeue packets from crypto-queue */
- n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
+ if (app_sa_prm.enable == 0) {
+
+ /* dequeue packets from crypto-queue */
+ n = ipsec_outbound_cqp_dequeue(ctx, trf.ipsec.pkts,
RTE_DIM(trf.ipsec.pkts));
- if (n == 0)
- return;
- trf.ip4.num = 0;
- trf.ip6.num = 0;
+ trf.ip4.num = 0;
+ trf.ip6.num = 0;
- /* split traffic by ipv4-ipv6 */
- split46_traffic(&trf, trf.ipsec.pkts, n);
+ /* split traffic by ipv4-ipv6 */
+ split46_traffic(&trf, trf.ipsec.pkts, n);
+ } else
+ ipsec_cqp_process(ctx, &trf);
/* process ipv4 packets */
- route4_pkts(qconf->rt4_ctx, trf.ip4.pkts, trf.ip4.num);
+ if (trf.ip4.num != 0)
+ route4_pkts(qconf->rt4_ctx, trf.ip4.pkts, trf.ip4.num);
/* process ipv6 packets */
- route6_pkts(qconf->rt6_ctx, trf.ip6.pkts, trf.ip6.num);
+ if (trf.ip6.num != 0)
+ route6_pkts(qconf->rt6_ctx, trf.ip6.pkts, trf.ip6.num);
}
/* main processing loop */
socket_ctx[socket_id].session_priv_pool;
if (qconf->nb_rx_queue == 0) {
- RTE_LOG(INFO, IPSEC, "lcore %u has nothing to do\n", lcore_id);
+ RTE_LOG(DEBUG, IPSEC, "lcore %u has nothing to do\n",
+ lcore_id);
return 0;
}
}
static void
-print_ethaddr(const char *name, const struct ether_addr *eth_addr)
+print_ethaddr(const char *name, const struct rte_ether_addr *eth_addr)
{
char buf[ETHER_ADDR_FMT_SIZE];
- ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
+ rte_ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
printf("%s%s", name, buf);
}
* Update destination ethaddr for the port.
*/
int
-add_dst_ethaddr(uint16_t port, const struct ether_addr *addr)
+add_dst_ethaddr(uint16_t port, const struct rte_ether_addr *addr)
{
- if (port > RTE_DIM(ethaddr_tbl))
+ if (port >= RTE_DIM(ethaddr_tbl))
return -EINVAL;
ethaddr_tbl[port].dst = ETHADDR_TO_UINT64(addr);
rte_eth_dev_get_sec_ctx(port_id)) {
int socket_id = rte_eth_dev_socket_id(port_id);
- if (!socket_ctx[socket_id].session_pool) {
+ if (!socket_ctx[socket_id].session_priv_pool) {
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
else
printf("Allocated session pool "
"on socket %d\n", socket_id);
- socket_ctx[socket_id].session_pool = sess_mp;
+ socket_ctx[socket_id].session_priv_pool =
+ sess_mp;
}
}
}
uint16_t tx_queueid, rx_queueid, queue, lcore_id;
int32_t ret, socket_id;
struct lcore_conf *qconf;
- struct ether_addr ethaddr;
+ struct rte_ether_addr ethaddr;
struct rte_eth_conf local_port_conf = port_conf;
rte_eth_dev_info_get(portid, &dev_info);