examples/ipsec-secgw: rework processing loop

Rework implementation moving from function pointers approach, where each
function implements very specific functionality, to a generic function
approach.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index 7dce78c..2ca97ad 100644 (file)
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -67,9 +67,8 @@ random_iv_u64(uint64_t *buf, uint16_t n)
                *((uint32_t *)&buf[i]) = (uint32_t)lrand48();
 }
 
-/* IPv4 Tunnel */
 int
-esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop)
 {
        int32_t payload_len;
@@ -117,7 +116,7 @@ esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
 }
 
 int
-esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop)
 {
        uint8_t *nexthdr, *pad_len;
@@ -155,7 +154,7 @@ esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
 }
 
 int
-esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop)
 {
        uint16_t pad_payload_len, pad_len;
@@ -234,7 +233,7 @@ esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
 }
 
 int
-esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m __rte_unused,
+esp_outbound_post(struct rte_mbuf *m __rte_unused,
                struct ipsec_sa *sa __rte_unused,
                struct rte_crypto_op *cop)
 {

diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h
index 3101882..fa5cc8a 100644 (file)
--- a/examples/ipsec-secgw/esp.h
+++ b/examples/ipsec-secgw/esp.h
@@ -46,21 +46,20 @@ struct esp_hdr {
        /* Integrity Check Value - ICV */
 };
 
-/* IPv4 Tunnel */
 int
-esp4_tunnel_inbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop);
 
 int
-esp4_tunnel_inbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_inbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop);
 
 int
-esp4_tunnel_outbound_pre_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop);
 
 int
-esp4_tunnel_outbound_post_crypto(struct rte_mbuf *m, struct ipsec_sa *sa,
+esp_outbound_post(struct rte_mbuf *m, struct ipsec_sa *sa,
                struct rte_crypto_op *cop);
 
 #endif /* __RTE_IPSEC_XFORM_ESP_H__ */

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 3ffa77a..90a9a86 100644 (file)
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -42,6 +42,7 @@
 #include <rte_hash.h>
 
 #include "ipsec.h"
+#include "esp.h"
 
 static inline int
 create_session(struct ipsec_ctx *ipsec_ctx __rte_unused, struct ipsec_sa *sa)
@@ -99,15 +100,14 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop)
        }
 }
 
-static inline uint16_t
-ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
-               struct ipsec_sa *sas[], uint16_t nb_pkts, uint16_t max_pkts)
+static inline void
+ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
+               struct rte_mbuf *pkts[], struct ipsec_sa *sas[],
+               uint16_t nb_pkts)
 {
-       int ret = 0, i, j, nb_cops;
+       int ret = 0, i;
        struct ipsec_mbuf_metadata *priv;
-       struct rte_crypto_op *cops[max_pkts];
        struct ipsec_sa *sa;
-       struct rte_mbuf *pkt;
 
        for (i = 0; i < nb_pkts; i++) {
                rte_prefetch0(sas[i]);
@@ -133,7 +133,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
                rte_crypto_op_attach_sym_session(&priv->cop,
                                sa->crypto_session);
 
-               ret = sa->pre_crypto(pkts[i], sa, &priv->cop);
+               ret = xform_func(pkts[i], sa, &priv->cop);
                if (unlikely(ret)) {
                        rte_pktmbuf_free(pkts[i]);
                        continue;
@@ -142,8 +142,18 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
                RTE_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps);
                enqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop);
        }
+}
+
+static inline int
+ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
+               struct rte_mbuf *pkts[], uint16_t max_pkts)
+{
+       int nb_pkts = 0, ret = 0, i, j, nb_cops;
+       struct ipsec_mbuf_metadata *priv;
+       struct rte_crypto_op *cops[max_pkts];
+       struct ipsec_sa *sa;
+       struct rte_mbuf *pkt;
 
-       nb_pkts = 0;
        for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
                struct cdev_qp *cqp;
 
@@ -168,7 +178,7 @@ ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[],
 
                        RTE_ASSERT(sa != NULL);
 
-                       ret = sa->post_crypto(pkt, sa, cops[j]);
+                       ret = xform_func(pkt, sa, cops[j]);
                        if (unlikely(ret))
                                rte_pktmbuf_free(pkt);
                        else
@@ -188,7 +198,9 @@ ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 
        inbound_sa_lookup(ctx->sa_ctx, pkts, sas, nb_pkts);
 
-       return ipsec_processing(ctx, pkts, sas, nb_pkts, len);
+       ipsec_enqueue(esp_inbound, ctx, pkts, sas, nb_pkts);
+
+       return ipsec_dequeue(esp_inbound_post, ctx, pkts, len);
 }
 
 uint16_t
@@ -199,5 +211,7 @@ ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 
        outbound_sa_lookup(ctx->sa_ctx, sa_idx, sas, nb_pkts);
 
-       return ipsec_processing(ctx, pkts, sas, nb_pkts, len);
+       ipsec_enqueue(esp_outbound, ctx, pkts, sas, nb_pkts);
+
+       return ipsec_dequeue(esp_outbound_post, ctx, pkts, len);
 }

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index e60fae6..74ef6fc 100644 (file)
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -86,8 +86,6 @@ struct ipsec_sa {
        uint32_t dst;
        struct rte_cryptodev_sym_session *crypto_session;
        struct rte_crypto_sym_xform *xforms;
-       ipsec_xform_fn pre_crypto;
-       ipsec_xform_fn post_crypto;
        enum rte_crypto_cipher_algorithm cipher_algo;
        enum rte_crypto_auth_algorithm auth_algo;
        uint16_t digest_len;

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index b6260ed..a193bdf 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -47,160 +47,112 @@
 #include "ipsec.h"
 #include "esp.h"
 
-/* SAs EP0 Outbound */
-const struct ipsec_sa sa_ep0_out[] = {
-       { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
-               0, 0, 4,
-               0, 0 },
-};
-
-/* SAs EP0 Inbound */
-const struct ipsec_sa sa_ep0_in[] = {
-       { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
-               0, 0, 4,
-               0, 0 },
-};
-
-/* SAs EP1 Outbound */
-const struct ipsec_sa sa_ep1_out[] = {
-       { 5, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 6, 0, IPv4(172, 16, 2, 6), IPv4(172, 16, 1, 6),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 7, 0, IPv4(172, 16, 2, 7), IPv4(172, 16, 1, 7),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 8, 0, IPv4(172, 16, 2, 8), IPv4(172, 16, 1, 8),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 9, 0, IPv4(172, 16, 2, 5), IPv4(172, 16, 1, 5),
-               NULL, NULL,
-               esp4_tunnel_outbound_pre_crypto,
-               esp4_tunnel_outbound_post_crypto,
-               RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
-               0, 0, 4,
-               0, 0 },
+/* SAs Outbound */
+const struct ipsec_sa sa_out[] = {
+       {
+       .spi = 5,
+       .src = IPv4(172, 16, 1, 5),
+       .dst = IPv4(172, 16, 2, 5),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 6,
+       .src = IPv4(172, 16, 1, 6),
+       .dst = IPv4(172, 16, 2, 6),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 7,
+       .src = IPv4(172, 16, 1, 7),
+       .dst = IPv4(172, 16, 2, 7),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 8,
+       .src = IPv4(172, 16, 1, 8),
+       .dst = IPv4(172, 16, 2, 8),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 9,
+       .src = IPv4(172, 16, 1, 9),
+       .dst = IPv4(172, 16, 2, 9),
+       .cipher_algo = RTE_CRYPTO_CIPHER_NULL,
+       .auth_algo = RTE_CRYPTO_AUTH_NULL,
+       .digest_len = 0,
+       .iv_len = 0,
+       .block_size = 4,
+       }
 };
 
-/* SAs EP1 Inbound */
-const struct ipsec_sa sa_ep1_in[] = {
-       { 5, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 6, 0, IPv4(172, 16, 1, 6), IPv4(172, 16, 2, 6),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 7, 0, IPv4(172, 16, 1, 7), IPv4(172, 16, 2, 7),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 8, 0, IPv4(172, 16, 1, 8), IPv4(172, 16, 2, 8),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_AES_CBC, RTE_CRYPTO_AUTH_SHA1_HMAC,
-               12, 16, 16,
-               0, 0 },
-       { 9, 0, IPv4(172, 16, 1, 5), IPv4(172, 16, 2, 5),
-               NULL, NULL,
-               esp4_tunnel_inbound_pre_crypto,
-               esp4_tunnel_inbound_post_crypto,
-               RTE_CRYPTO_CIPHER_NULL, RTE_CRYPTO_AUTH_NULL,
-               0, 0, 4,
-               0, 0 },
+/* SAs Inbound */
+const struct ipsec_sa sa_in[] = {
+       {
+       .spi = 55,
+       .src = IPv4(172, 16, 2, 5),
+       .dst = IPv4(172, 16, 1, 5),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 56,
+       .src = IPv4(172, 16, 2, 6),
+       .dst = IPv4(172, 16, 1, 6),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 57,
+       .src = IPv4(172, 16, 2, 7),
+       .dst = IPv4(172, 16, 1, 7),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 58,
+       .src = IPv4(172, 16, 2, 8),
+       .dst = IPv4(172, 16, 1, 8),
+       .cipher_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+       .auth_algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+       .digest_len = 12,
+       .iv_len = 16,
+       .block_size = 16,
+       },
+       {
+       .spi = 59,
+       .src = IPv4(172, 16, 2, 9),
+       .dst = IPv4(172, 16, 1, 9),
+       .cipher_algo = RTE_CRYPTO_CIPHER_NULL,
+       .auth_algo = RTE_CRYPTO_AUTH_NULL,
+       .digest_len = 0,
+       .iv_len = 0,
+       .block_size = 4,
+       }
 };
 
 static uint8_t cipher_key[256] = "sixteenbytes key";
@@ -368,15 +320,15 @@ sa_init(struct socket_ctx *ctx, int socket_id, unsigned ep)
                                "initialized\n", socket_id);
 
        if (ep == 0) {
-               sa_out_entries = sa_ep0_out;
-               nb_out_entries = RTE_DIM(sa_ep0_out);
-               sa_in_entries = sa_ep0_in;
-               nb_in_entries = RTE_DIM(sa_ep0_in);
+               sa_out_entries = sa_out;
+               nb_out_entries = RTE_DIM(sa_out);
+               sa_in_entries = sa_in;
+               nb_in_entries = RTE_DIM(sa_in);
        } else if (ep == 1) {
-               sa_out_entries = sa_ep1_out;
-               nb_out_entries = RTE_DIM(sa_ep1_out);
-               sa_in_entries = sa_ep1_in;
-               nb_in_entries = RTE_DIM(sa_ep1_in);
+               sa_out_entries = sa_in;
+               nb_out_entries = RTE_DIM(sa_in);
+               sa_in_entries = sa_out;
+               nb_in_entries = RTE_DIM(sa_out);
        } else
                rte_exit(EXIT_FAILURE, "Invalid EP value %u. "
                                "Only 0 or 1 supported.\n", ep);