1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2016 Intel Corporation
10 #include <netinet/in.h>
11 #include <netinet/ip.h>
12 #include <netinet/ip6.h>
14 #include <sys/queue.h>
19 #include <rte_common.h>
20 #include <rte_byteorder.h>
23 #include <rte_launch.h>
24 #include <rte_atomic.h>
25 #include <rte_cycles.h>
26 #include <rte_prefetch.h>
27 #include <rte_lcore.h>
28 #include <rte_per_lcore.h>
29 #include <rte_branch_prediction.h>
30 #include <rte_interrupts.h>
31 #include <rte_random.h>
32 #include <rte_debug.h>
33 #include <rte_ether.h>
34 #include <rte_ethdev.h>
35 #include <rte_mempool.h>
41 #include <rte_jhash.h>
42 #include <rte_cryptodev.h>
43 #include <rte_security.h>
48 #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1
50 #define MAX_JUMBO_PKT_LEN 9600
52 #define MEMPOOL_CACHE_SIZE 256
54 #define NB_MBUF (32000)
56 #define CDEV_QUEUE_DESC 2048
57 #define CDEV_MAP_ENTRIES 16384
58 #define CDEV_MP_NB_OBJS 1024
59 #define CDEV_MP_CACHE_SZ 64
60 #define MAX_QUEUE_PAIRS 1
62 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
66 /* Configure how many packets ahead to prefetch, when reading packets */
67 #define PREFETCH_OFFSET 3
69 #define MAX_RX_QUEUE_PER_LCORE 16
71 #define MAX_LCORE_PARAMS 1024
73 #define UNPROTECTED_PORT(port) (unprotected_port_mask & (1 << portid))
76 * Configurable number of RX/TX ring descriptors
78 #define IPSEC_SECGW_RX_DESC_DEFAULT 1024
79 #define IPSEC_SECGW_TX_DESC_DEFAULT 1024
80 static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;
81 static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;
83 #if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN
84 #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
85 (((uint64_t)((a) & 0xff) << 56) | \
86 ((uint64_t)((b) & 0xff) << 48) | \
87 ((uint64_t)((c) & 0xff) << 40) | \
88 ((uint64_t)((d) & 0xff) << 32) | \
89 ((uint64_t)((e) & 0xff) << 24) | \
90 ((uint64_t)((f) & 0xff) << 16) | \
91 ((uint64_t)((g) & 0xff) << 8) | \
92 ((uint64_t)(h) & 0xff))
94 #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \
95 (((uint64_t)((h) & 0xff) << 56) | \
96 ((uint64_t)((g) & 0xff) << 48) | \
97 ((uint64_t)((f) & 0xff) << 40) | \
98 ((uint64_t)((e) & 0xff) << 32) | \
99 ((uint64_t)((d) & 0xff) << 24) | \
100 ((uint64_t)((c) & 0xff) << 16) | \
101 ((uint64_t)((b) & 0xff) << 8) | \
102 ((uint64_t)(a) & 0xff))
104 #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0))
106 #define ETHADDR_TO_UINT64(addr) __BYTES_TO_UINT64( \
107 addr.addr_bytes[0], addr.addr_bytes[1], \
108 addr.addr_bytes[2], addr.addr_bytes[3], \
109 addr.addr_bytes[4], addr.addr_bytes[5], \
112 /* port/source ethernet addr and destination ethernet addr */
113 struct ethaddr_info {
117 struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
118 { 0, ETHADDR(0x00, 0x16, 0x3e, 0x7e, 0x94, 0x9a) },
119 { 0, ETHADDR(0x00, 0x16, 0x3e, 0x22, 0xa1, 0xd9) },
120 { 0, ETHADDR(0x00, 0x16, 0x3e, 0x08, 0x69, 0x26) },
121 { 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
124 #define CMD_LINE_OPT_CONFIG "config"
125 #define CMD_LINE_OPT_SINGLE_SA "single-sa"
126 #define CMD_LINE_OPT_CRYPTODEV_MASK "cryptodev_mask"
127 #define CMD_LINE_OPT_RX_OFFLOAD "rxoffload"
128 #define CMD_LINE_OPT_TX_OFFLOAD "txoffload"
131 /* long options mapped to a short option */
133 /* first long only option value must be >= 256, so that we won't
134 * conflict with short options
136 CMD_LINE_OPT_MIN_NUM = 256,
137 CMD_LINE_OPT_CONFIG_NUM,
138 CMD_LINE_OPT_SINGLE_SA_NUM,
139 CMD_LINE_OPT_CRYPTODEV_MASK_NUM,
140 CMD_LINE_OPT_RX_OFFLOAD_NUM,
141 CMD_LINE_OPT_TX_OFFLOAD_NUM,
144 static const struct option lgopts[] = {
145 {CMD_LINE_OPT_CONFIG, 1, 0, CMD_LINE_OPT_CONFIG_NUM},
146 {CMD_LINE_OPT_SINGLE_SA, 1, 0, CMD_LINE_OPT_SINGLE_SA_NUM},
147 {CMD_LINE_OPT_CRYPTODEV_MASK, 1, 0, CMD_LINE_OPT_CRYPTODEV_MASK_NUM},
148 {CMD_LINE_OPT_RX_OFFLOAD, 1, 0, CMD_LINE_OPT_RX_OFFLOAD_NUM},
149 {CMD_LINE_OPT_TX_OFFLOAD, 1, 0, CMD_LINE_OPT_TX_OFFLOAD_NUM},
153 /* mask of enabled ports */
154 static uint32_t enabled_port_mask;
155 static uint64_t enabled_cryptodev_mask = UINT64_MAX;
156 static uint32_t unprotected_port_mask;
157 static int32_t promiscuous_on = 1;
158 static int32_t numa_on = 1; /**< NUMA is enabled by default. */
159 static uint32_t nb_lcores;
160 static uint32_t single_sa;
161 static uint32_t single_sa_idx;
162 static uint32_t frame_size;
165 * RX/TX HW offload capabilities to enable/use on ethernet ports.
166 * By default all capabilities are enabled.
168 static uint64_t dev_rx_offload = UINT64_MAX;
169 static uint64_t dev_tx_offload = UINT64_MAX;
171 struct lcore_rx_queue {
174 } __rte_cache_aligned;
176 struct lcore_params {
180 } __rte_cache_aligned;
182 static struct lcore_params lcore_params_array[MAX_LCORE_PARAMS];
184 static struct lcore_params *lcore_params;
185 static uint16_t nb_lcore_params;
187 static struct rte_hash *cdev_map_in;
188 static struct rte_hash *cdev_map_out;
192 struct rte_mbuf *m_table[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
196 uint16_t nb_rx_queue;
197 struct lcore_rx_queue rx_queue_list[MAX_RX_QUEUE_PER_LCORE];
198 uint16_t tx_queue_id[RTE_MAX_ETHPORTS];
199 struct buffer tx_mbufs[RTE_MAX_ETHPORTS];
200 struct ipsec_ctx inbound;
201 struct ipsec_ctx outbound;
202 struct rt_ctx *rt4_ctx;
203 struct rt_ctx *rt6_ctx;
204 } __rte_cache_aligned;
206 static struct lcore_conf lcore_conf[RTE_MAX_LCORE];
208 static struct rte_eth_conf port_conf = {
210 .mq_mode = ETH_MQ_RX_RSS,
211 .max_rx_pkt_len = ETHER_MAX_LEN,
213 .offloads = DEV_RX_OFFLOAD_CHECKSUM,
218 .rss_hf = ETH_RSS_IP | ETH_RSS_UDP |
219 ETH_RSS_TCP | ETH_RSS_SCTP,
223 .mq_mode = ETH_MQ_TX_NONE,
227 static struct socket_ctx socket_ctx[NB_SOCKETS];
229 struct traffic_type {
230 const uint8_t *data[MAX_PKT_BURST * 2];
231 struct rte_mbuf *pkts[MAX_PKT_BURST * 2];
232 uint32_t res[MAX_PKT_BURST * 2];
236 struct ipsec_traffic {
237 struct traffic_type ipsec;
238 struct traffic_type ip4;
239 struct traffic_type ip6;
243 prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t)
246 struct ether_hdr *eth;
248 eth = rte_pktmbuf_mtod(pkt, struct ether_hdr *);
249 if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv4)) {
250 nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN);
251 nlp = RTE_PTR_ADD(nlp, offsetof(struct ip, ip_p));
252 if (*nlp == IPPROTO_ESP)
253 t->ipsec.pkts[(t->ipsec.num)++] = pkt;
255 t->ip4.data[t->ip4.num] = nlp;
256 t->ip4.pkts[(t->ip4.num)++] = pkt;
258 } else if (eth->ether_type == rte_cpu_to_be_16(ETHER_TYPE_IPv6)) {
259 nlp = (uint8_t *)rte_pktmbuf_adj(pkt, ETHER_HDR_LEN);
260 nlp = RTE_PTR_ADD(nlp, offsetof(struct ip6_hdr, ip6_nxt));
261 if (*nlp == IPPROTO_ESP)
262 t->ipsec.pkts[(t->ipsec.num)++] = pkt;
264 t->ip6.data[t->ip6.num] = nlp;
265 t->ip6.pkts[(t->ip6.num)++] = pkt;
268 /* Unknown/Unsupported type, drop the packet */
269 RTE_LOG(ERR, IPSEC, "Unsupported packet type\n");
270 rte_pktmbuf_free(pkt);
273 /* Check if the packet has been processed inline. For inline protocol
274 * processed packets, the metadata in the mbuf can be used to identify
275 * the security processing done on the packet. The metadata will be
276 * used to retrieve the application registered userdata associated
277 * with the security session.
280 if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD) {
282 struct ipsec_mbuf_metadata *priv;
283 struct rte_security_ctx *ctx = (struct rte_security_ctx *)
284 rte_eth_dev_get_sec_ctx(
287 /* Retrieve the userdata registered. Here, the userdata
288 * registered is the SA pointer.
291 sa = (struct ipsec_sa *)
292 rte_security_get_userdata(ctx, pkt->udata64);
295 /* userdata could not be retrieved */
299 /* Save SA as priv member in mbuf. This will be used in the
300 * IPsec selector(SP-SA) check.
303 priv = get_priv(pkt);
309 prepare_traffic(struct rte_mbuf **pkts, struct ipsec_traffic *t,
318 for (i = 0; i < (nb_pkts - PREFETCH_OFFSET); i++) {
319 rte_prefetch0(rte_pktmbuf_mtod(pkts[i + PREFETCH_OFFSET],
321 prepare_one_packet(pkts[i], t);
323 /* Process left packets */
324 for (; i < nb_pkts; i++)
325 prepare_one_packet(pkts[i], t);
329 prepare_tx_pkt(struct rte_mbuf *pkt, uint16_t port,
330 const struct lcore_conf *qconf)
333 struct ether_hdr *ethhdr;
335 ip = rte_pktmbuf_mtod(pkt, struct ip *);
337 ethhdr = (struct ether_hdr *)rte_pktmbuf_prepend(pkt, ETHER_HDR_LEN);
339 if (ip->ip_v == IPVERSION) {
340 pkt->ol_flags |= qconf->outbound.ipv4_offloads;
341 pkt->l3_len = sizeof(struct ip);
342 pkt->l2_len = ETHER_HDR_LEN;
346 /* calculate IPv4 cksum in SW */
347 if ((pkt->ol_flags & PKT_TX_IP_CKSUM) == 0)
348 ip->ip_sum = rte_ipv4_cksum((struct ipv4_hdr *)ip);
350 ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv4);
352 pkt->ol_flags |= qconf->outbound.ipv6_offloads;
353 pkt->l3_len = sizeof(struct ip6_hdr);
354 pkt->l2_len = ETHER_HDR_LEN;
356 ethhdr->ether_type = rte_cpu_to_be_16(ETHER_TYPE_IPv6);
359 memcpy(ðhdr->s_addr, ðaddr_tbl[port].src,
360 sizeof(struct ether_addr));
361 memcpy(ðhdr->d_addr, ðaddr_tbl[port].dst,
362 sizeof(struct ether_addr));
366 prepare_tx_burst(struct rte_mbuf *pkts[], uint16_t nb_pkts, uint16_t port,
367 const struct lcore_conf *qconf)
370 const int32_t prefetch_offset = 2;
372 for (i = 0; i < (nb_pkts - prefetch_offset); i++) {
373 rte_mbuf_prefetch_part2(pkts[i + prefetch_offset]);
374 prepare_tx_pkt(pkts[i], port, qconf);
376 /* Process left packets */
377 for (; i < nb_pkts; i++)
378 prepare_tx_pkt(pkts[i], port, qconf);
381 /* Send burst of packets on an output interface */
382 static inline int32_t
383 send_burst(struct lcore_conf *qconf, uint16_t n, uint16_t port)
385 struct rte_mbuf **m_table;
389 queueid = qconf->tx_queue_id[port];
390 m_table = (struct rte_mbuf **)qconf->tx_mbufs[port].m_table;
392 prepare_tx_burst(m_table, n, port, qconf);
394 ret = rte_eth_tx_burst(port, queueid, m_table, n);
395 if (unlikely(ret < n)) {
397 rte_pktmbuf_free(m_table[ret]);
404 /* Enqueue a single packet, and send burst if queue is filled */
405 static inline int32_t
406 send_single_packet(struct rte_mbuf *m, uint16_t port)
410 struct lcore_conf *qconf;
412 lcore_id = rte_lcore_id();
414 qconf = &lcore_conf[lcore_id];
415 len = qconf->tx_mbufs[port].len;
416 qconf->tx_mbufs[port].m_table[len] = m;
419 /* enough pkts to be sent */
420 if (unlikely(len == MAX_PKT_BURST)) {
421 send_burst(qconf, MAX_PKT_BURST, port);
425 qconf->tx_mbufs[port].len = len;
430 inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
434 uint32_t i, j, res, sa_idx;
436 if (ip->num == 0 || sp == NULL)
439 rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
440 ip->num, DEFAULT_MAX_CATEGORIES);
443 for (i = 0; i < ip->num; i++) {
455 /* Only check SPI match for processed IPSec packets */
456 if (i < lim && ((m->ol_flags & PKT_RX_SEC_OFFLOAD) == 0)) {
461 sa_idx = ip->res[i] & PROTECT_MASK;
462 if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
463 !inbound_sa_check(sa, m, sa_idx)) {
473 process_pkts_inbound(struct ipsec_ctx *ipsec_ctx,
474 struct ipsec_traffic *traffic)
477 uint16_t idx, nb_pkts_in, i, n_ip4, n_ip6;
479 nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
480 traffic->ipsec.num, MAX_PKT_BURST);
482 n_ip4 = traffic->ip4.num;
483 n_ip6 = traffic->ip6.num;
485 /* SP/ACL Inbound check ipsec and ip4 */
486 for (i = 0; i < nb_pkts_in; i++) {
487 m = traffic->ipsec.pkts[i];
488 struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
489 if (ip->ip_v == IPVERSION) {
490 idx = traffic->ip4.num++;
491 traffic->ip4.pkts[idx] = m;
492 traffic->ip4.data[idx] = rte_pktmbuf_mtod_offset(m,
493 uint8_t *, offsetof(struct ip, ip_p));
494 } else if (ip->ip_v == IP6_VERSION) {
495 idx = traffic->ip6.num++;
496 traffic->ip6.pkts[idx] = m;
497 traffic->ip6.data[idx] = rte_pktmbuf_mtod_offset(m,
499 offsetof(struct ip6_hdr, ip6_nxt));
504 inbound_sp_sa(ipsec_ctx->sp4_ctx, ipsec_ctx->sa_ctx, &traffic->ip4,
507 inbound_sp_sa(ipsec_ctx->sp6_ctx, ipsec_ctx->sa_ctx, &traffic->ip6,
512 outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
513 struct traffic_type *ipsec)
516 uint32_t i, j, sa_idx;
518 if (ip->num == 0 || sp == NULL)
521 rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res,
522 ip->num, DEFAULT_MAX_CATEGORIES);
525 for (i = 0; i < ip->num; i++) {
527 sa_idx = ip->res[i] & PROTECT_MASK;
528 if (ip->res[i] & DISCARD)
530 else if (ip->res[i] & BYPASS)
532 else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
533 ipsec->res[ipsec->num] = sa_idx;
534 ipsec->pkts[ipsec->num++] = m;
535 } else /* invalid SA idx */
542 process_pkts_outbound(struct ipsec_ctx *ipsec_ctx,
543 struct ipsec_traffic *traffic)
546 uint16_t idx, nb_pkts_out, i;
548 /* Drop any IPsec traffic from protected ports */
549 for (i = 0; i < traffic->ipsec.num; i++)
550 rte_pktmbuf_free(traffic->ipsec.pkts[i]);
552 traffic->ipsec.num = 0;
554 outbound_sp(ipsec_ctx->sp4_ctx, &traffic->ip4, &traffic->ipsec);
556 outbound_sp(ipsec_ctx->sp6_ctx, &traffic->ip6, &traffic->ipsec);
558 nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ipsec.pkts,
559 traffic->ipsec.res, traffic->ipsec.num,
562 for (i = 0; i < nb_pkts_out; i++) {
563 m = traffic->ipsec.pkts[i];
564 struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
565 if (ip->ip_v == IPVERSION) {
566 idx = traffic->ip4.num++;
567 traffic->ip4.pkts[idx] = m;
569 idx = traffic->ip6.num++;
570 traffic->ip6.pkts[idx] = m;
576 process_pkts_inbound_nosp(struct ipsec_ctx *ipsec_ctx,
577 struct ipsec_traffic *traffic)
580 uint32_t nb_pkts_in, i, idx;
582 /* Drop any IPv4 traffic from unprotected ports */
583 for (i = 0; i < traffic->ip4.num; i++)
584 rte_pktmbuf_free(traffic->ip4.pkts[i]);
586 traffic->ip4.num = 0;
588 /* Drop any IPv6 traffic from unprotected ports */
589 for (i = 0; i < traffic->ip6.num; i++)
590 rte_pktmbuf_free(traffic->ip6.pkts[i]);
592 traffic->ip6.num = 0;
594 nb_pkts_in = ipsec_inbound(ipsec_ctx, traffic->ipsec.pkts,
595 traffic->ipsec.num, MAX_PKT_BURST);
597 for (i = 0; i < nb_pkts_in; i++) {
598 m = traffic->ipsec.pkts[i];
599 struct ip *ip = rte_pktmbuf_mtod(m, struct ip *);
600 if (ip->ip_v == IPVERSION) {
601 idx = traffic->ip4.num++;
602 traffic->ip4.pkts[idx] = m;
604 idx = traffic->ip6.num++;
605 traffic->ip6.pkts[idx] = m;
611 process_pkts_outbound_nosp(struct ipsec_ctx *ipsec_ctx,
612 struct ipsec_traffic *traffic)
615 uint32_t nb_pkts_out, i;
618 /* Drop any IPsec traffic from protected ports */
619 for (i = 0; i < traffic->ipsec.num; i++)
620 rte_pktmbuf_free(traffic->ipsec.pkts[i]);
622 traffic->ipsec.num = 0;
624 for (i = 0; i < traffic->ip4.num; i++)
625 traffic->ip4.res[i] = single_sa_idx;
627 for (i = 0; i < traffic->ip6.num; i++)
628 traffic->ip6.res[i] = single_sa_idx;
630 nb_pkts_out = ipsec_outbound(ipsec_ctx, traffic->ip4.pkts,
631 traffic->ip4.res, traffic->ip4.num,
634 /* They all sue the same SA (ip4 or ip6 tunnel) */
635 m = traffic->ipsec.pkts[i];
636 ip = rte_pktmbuf_mtod(m, struct ip *);
637 if (ip->ip_v == IPVERSION)
638 traffic->ip4.num = nb_pkts_out;
640 traffic->ip6.num = nb_pkts_out;
643 static inline int32_t
644 get_hop_for_offload_pkt(struct rte_mbuf *pkt, int is_ipv6)
646 struct ipsec_mbuf_metadata *priv;
649 priv = get_priv(pkt);
652 if (unlikely(sa == NULL)) {
653 RTE_LOG(ERR, IPSEC, "SA not saved in private data\n");
661 return (sa->portid | RTE_LPM_LOOKUP_SUCCESS);
672 route4_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts)
674 uint32_t hop[MAX_PKT_BURST * 2];
675 uint32_t dst_ip[MAX_PKT_BURST * 2];
678 uint16_t lpm_pkts = 0;
683 /* Need to do an LPM lookup for non-inline packets. Inline packets will
684 * have port ID in the SA
687 for (i = 0; i < nb_pkts; i++) {
688 if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) {
689 /* Security offload not enabled. So an LPM lookup is
690 * required to get the hop
692 offset = offsetof(struct ip, ip_dst);
693 dst_ip[lpm_pkts] = *rte_pktmbuf_mtod_offset(pkts[i],
695 dst_ip[lpm_pkts] = rte_be_to_cpu_32(dst_ip[lpm_pkts]);
700 rte_lpm_lookup_bulk((struct rte_lpm *)rt_ctx, dst_ip, hop, lpm_pkts);
704 for (i = 0; i < nb_pkts; i++) {
705 if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) {
706 /* Read hop from the SA */
707 pkt_hop = get_hop_for_offload_pkt(pkts[i], 0);
709 /* Need to use hop returned by lookup */
710 pkt_hop = hop[lpm_pkts++];
713 if ((pkt_hop & RTE_LPM_LOOKUP_SUCCESS) == 0) {
714 rte_pktmbuf_free(pkts[i]);
717 send_single_packet(pkts[i], pkt_hop & 0xff);
722 route6_pkts(struct rt_ctx *rt_ctx, struct rte_mbuf *pkts[], uint8_t nb_pkts)
724 int32_t hop[MAX_PKT_BURST * 2];
725 uint8_t dst_ip[MAX_PKT_BURST * 2][16];
729 uint16_t lpm_pkts = 0;
734 /* Need to do an LPM lookup for non-inline packets. Inline packets will
735 * have port ID in the SA
738 for (i = 0; i < nb_pkts; i++) {
739 if (!(pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD)) {
740 /* Security offload not enabled. So an LPM lookup is
741 * required to get the hop
743 offset = offsetof(struct ip6_hdr, ip6_dst);
744 ip6_dst = rte_pktmbuf_mtod_offset(pkts[i], uint8_t *,
746 memcpy(&dst_ip[lpm_pkts][0], ip6_dst, 16);
751 rte_lpm6_lookup_bulk_func((struct rte_lpm6 *)rt_ctx, dst_ip, hop,
756 for (i = 0; i < nb_pkts; i++) {
757 if (pkts[i]->ol_flags & PKT_TX_SEC_OFFLOAD) {
758 /* Read hop from the SA */
759 pkt_hop = get_hop_for_offload_pkt(pkts[i], 1);
761 /* Need to use hop returned by lookup */
762 pkt_hop = hop[lpm_pkts++];
766 rte_pktmbuf_free(pkts[i]);
769 send_single_packet(pkts[i], pkt_hop & 0xff);
774 process_pkts(struct lcore_conf *qconf, struct rte_mbuf **pkts,
775 uint8_t nb_pkts, uint16_t portid)
777 struct ipsec_traffic traffic;
779 prepare_traffic(pkts, &traffic, nb_pkts);
781 if (unlikely(single_sa)) {
782 if (UNPROTECTED_PORT(portid))
783 process_pkts_inbound_nosp(&qconf->inbound, &traffic);
785 process_pkts_outbound_nosp(&qconf->outbound, &traffic);
787 if (UNPROTECTED_PORT(portid))
788 process_pkts_inbound(&qconf->inbound, &traffic);
790 process_pkts_outbound(&qconf->outbound, &traffic);
793 route4_pkts(qconf->rt4_ctx, traffic.ip4.pkts, traffic.ip4.num);
794 route6_pkts(qconf->rt6_ctx, traffic.ip6.pkts, traffic.ip6.num);
798 drain_buffers(struct lcore_conf *qconf)
803 for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
804 buf = &qconf->tx_mbufs[portid];
807 send_burst(qconf, buf->len, portid);
812 /* main processing loop */
814 main_loop(__attribute__((unused)) void *dummy)
816 struct rte_mbuf *pkts[MAX_PKT_BURST];
818 uint64_t prev_tsc, diff_tsc, cur_tsc;
822 struct lcore_conf *qconf;
824 const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1)
825 / US_PER_S * BURST_TX_DRAIN_US;
826 struct lcore_rx_queue *rxql;
829 lcore_id = rte_lcore_id();
830 qconf = &lcore_conf[lcore_id];
831 rxql = qconf->rx_queue_list;
832 socket_id = rte_lcore_to_socket_id(lcore_id);
834 qconf->rt4_ctx = socket_ctx[socket_id].rt_ip4;
835 qconf->rt6_ctx = socket_ctx[socket_id].rt_ip6;
836 qconf->inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
837 qconf->inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
838 qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
839 qconf->inbound.cdev_map = cdev_map_in;
840 qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
841 qconf->inbound.session_priv_pool =
842 socket_ctx[socket_id].session_priv_pool;
843 qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
844 qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
845 qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
846 qconf->outbound.cdev_map = cdev_map_out;
847 qconf->outbound.session_pool = socket_ctx[socket_id].session_pool;
848 qconf->outbound.session_priv_pool =
849 socket_ctx[socket_id].session_priv_pool;
851 if (qconf->nb_rx_queue == 0) {
852 RTE_LOG(INFO, IPSEC, "lcore %u has nothing to do\n", lcore_id);
856 RTE_LOG(INFO, IPSEC, "entering main loop on lcore %u\n", lcore_id);
858 for (i = 0; i < qconf->nb_rx_queue; i++) {
859 portid = rxql[i].port_id;
860 queueid = rxql[i].queue_id;
862 " -- lcoreid=%u portid=%u rxqueueid=%hhu\n",
863 lcore_id, portid, queueid);
867 cur_tsc = rte_rdtsc();
869 /* TX queue buffer drain */
870 diff_tsc = cur_tsc - prev_tsc;
872 if (unlikely(diff_tsc > drain_tsc)) {
873 drain_buffers(qconf);
877 /* Read packet from RX queues */
878 for (i = 0; i < qconf->nb_rx_queue; ++i) {
879 portid = rxql[i].port_id;
880 queueid = rxql[i].queue_id;
881 nb_rx = rte_eth_rx_burst(portid, queueid,
882 pkts, MAX_PKT_BURST);
885 process_pkts(qconf, pkts, nb_rx, portid);
898 if (lcore_params == NULL) {
899 printf("Error: No port/queue/core mappings\n");
903 for (i = 0; i < nb_lcore_params; ++i) {
904 lcore = lcore_params[i].lcore_id;
905 if (!rte_lcore_is_enabled(lcore)) {
906 printf("error: lcore %hhu is not enabled in "
907 "lcore mask\n", lcore);
910 socket_id = rte_lcore_to_socket_id(lcore);
911 if (socket_id != 0 && numa_on == 0) {
912 printf("warning: lcore %hhu is on socket %d "
916 portid = lcore_params[i].port_id;
917 if ((enabled_port_mask & (1 << portid)) == 0) {
918 printf("port %u is not enabled in port mask\n", portid);
921 if (!rte_eth_dev_is_valid_port(portid)) {
922 printf("port %u is not present on the board\n", portid);
930 get_port_nb_rx_queues(const uint16_t port)
935 for (i = 0; i < nb_lcore_params; ++i) {
936 if (lcore_params[i].port_id == port &&
937 lcore_params[i].queue_id > queue)
938 queue = lcore_params[i].queue_id;
940 return (uint8_t)(++queue);
944 init_lcore_rx_queues(void)
946 uint16_t i, nb_rx_queue;
949 for (i = 0; i < nb_lcore_params; ++i) {
950 lcore = lcore_params[i].lcore_id;
951 nb_rx_queue = lcore_conf[lcore].nb_rx_queue;
952 if (nb_rx_queue >= MAX_RX_QUEUE_PER_LCORE) {
953 printf("error: too many queues (%u) for lcore: %u\n",
954 nb_rx_queue + 1, lcore);
957 lcore_conf[lcore].rx_queue_list[nb_rx_queue].port_id =
958 lcore_params[i].port_id;
959 lcore_conf[lcore].rx_queue_list[nb_rx_queue].queue_id =
960 lcore_params[i].queue_id;
961 lcore_conf[lcore].nb_rx_queue++;
968 print_usage(const char *prgname)
970 fprintf(stderr, "%s [EAL options] --"
976 " --config (port,queue,lcore)[,(port,queue,lcore)]"
977 " [--single-sa SAIDX]"
978 " [--cryptodev_mask MASK]"
979 " [--" CMD_LINE_OPT_RX_OFFLOAD " RX_OFFLOAD_MASK]"
980 " [--" CMD_LINE_OPT_TX_OFFLOAD " TX_OFFLOAD_MASK]"
982 " -p PORTMASK: Hexadecimal bitmask of ports to configure\n"
983 " -P : Enable promiscuous mode\n"
984 " -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
985 " -j FRAMESIZE: Enable jumbo frame with 'FRAMESIZE' as maximum\n"
987 " -f CONFIG_FILE: Configuration file\n"
988 " --config (port,queue,lcore): Rx queue configuration\n"
989 " --single-sa SAIDX: Use single SA index for outbound traffic,\n"
990 " bypassing the SP\n"
991 " --cryptodev_mask MASK: Hexadecimal bitmask of the crypto\n"
992 " devices to configure\n"
993 " --" CMD_LINE_OPT_RX_OFFLOAD
994 ": bitmask of the RX HW offload capabilities to enable/use\n"
995 " (DEV_RX_OFFLOAD_*)\n"
996 " --" CMD_LINE_OPT_TX_OFFLOAD
997 ": bitmask of the TX HW offload capabilities to enable/use\n"
998 " (DEV_TX_OFFLOAD_*)\n"
1004 parse_mask(const char *str, uint64_t *val)
1010 t = strtoul(str, &end, 0);
1011 if (errno != 0 || end[0] != 0)
1019 parse_portmask(const char *portmask)
1024 /* parse hexadecimal string */
1025 pm = strtoul(portmask, &end, 16);
1026 if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
1029 if ((pm == 0) && errno)
1036 parse_decimal(const char *str)
1041 num = strtoul(str, &end, 10);
1042 if ((str[0] == '\0') || (end == NULL) || (*end != '\0'))
1049 parse_config(const char *q_arg)
1052 const char *p, *p0 = q_arg;
1060 unsigned long int_fld[_NUM_FLD];
1061 char *str_fld[_NUM_FLD];
1065 nb_lcore_params = 0;
1067 while ((p = strchr(p0, '(')) != NULL) {
1069 p0 = strchr(p, ')');
1074 if (size >= sizeof(s))
1077 snprintf(s, sizeof(s), "%.*s", size, p);
1078 if (rte_strsplit(s, sizeof(s), str_fld, _NUM_FLD, ',') !=
1081 for (i = 0; i < _NUM_FLD; i++) {
1083 int_fld[i] = strtoul(str_fld[i], &end, 0);
1084 if (errno != 0 || end == str_fld[i] || int_fld[i] > 255)
1087 if (nb_lcore_params >= MAX_LCORE_PARAMS) {
1088 printf("exceeded max number of lcore params: %hu\n",
1092 lcore_params_array[nb_lcore_params].port_id =
1093 (uint8_t)int_fld[FLD_PORT];
1094 lcore_params_array[nb_lcore_params].queue_id =
1095 (uint8_t)int_fld[FLD_QUEUE];
1096 lcore_params_array[nb_lcore_params].lcore_id =
1097 (uint8_t)int_fld[FLD_LCORE];
1100 lcore_params = lcore_params_array;
1105 parse_args(int32_t argc, char **argv)
1109 int32_t option_index;
1110 char *prgname = argv[0];
1111 int32_t f_present = 0;
1115 while ((opt = getopt_long(argc, argvopt, "p:Pu:f:j:",
1116 lgopts, &option_index)) != EOF) {
1120 enabled_port_mask = parse_portmask(optarg);
1121 if (enabled_port_mask == 0) {
1122 printf("invalid portmask\n");
1123 print_usage(prgname);
1128 printf("Promiscuous mode selected\n");
1132 unprotected_port_mask = parse_portmask(optarg);
1133 if (unprotected_port_mask == 0) {
1134 printf("invalid unprotected portmask\n");
1135 print_usage(prgname);
1140 if (f_present == 1) {
1141 printf("\"-f\" option present more than "
1143 print_usage(prgname);
1146 if (parse_cfg_file(optarg) < 0) {
1147 printf("parsing file \"%s\" failed\n",
1149 print_usage(prgname);
1156 int32_t size = parse_decimal(optarg);
1158 printf("Invalid jumbo frame size\n");
1160 print_usage(prgname);
1163 printf("Using default value 9000\n");
1169 printf("Enabled jumbo frames size %u\n", frame_size);
1171 case CMD_LINE_OPT_CONFIG_NUM:
1172 ret = parse_config(optarg);
1174 printf("Invalid config\n");
1175 print_usage(prgname);
1179 case CMD_LINE_OPT_SINGLE_SA_NUM:
1180 ret = parse_decimal(optarg);
1182 printf("Invalid argument[sa_idx]\n");
1183 print_usage(prgname);
1189 single_sa_idx = ret;
1190 printf("Configured with single SA index %u\n",
1193 case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
1194 ret = parse_portmask(optarg);
1196 printf("Invalid argument[portmask]\n");
1197 print_usage(prgname);
1202 enabled_cryptodev_mask = ret;
1204 case CMD_LINE_OPT_RX_OFFLOAD_NUM:
1205 ret = parse_mask(optarg, &dev_rx_offload);
1207 printf("Invalid argument for \'%s\': %s\n",
1208 CMD_LINE_OPT_RX_OFFLOAD, optarg);
1209 print_usage(prgname);
1213 case CMD_LINE_OPT_TX_OFFLOAD_NUM:
1214 ret = parse_mask(optarg, &dev_tx_offload);
1216 printf("Invalid argument for \'%s\': %s\n",
1217 CMD_LINE_OPT_TX_OFFLOAD, optarg);
1218 print_usage(prgname);
1223 print_usage(prgname);
1228 if (f_present == 0) {
1229 printf("Mandatory option \"-f\" not present\n");
1234 argv[optind-1] = prgname;
1237 optind = 1; /* reset getopt lib */
1242 print_ethaddr(const char *name, const struct ether_addr *eth_addr)
1244 char buf[ETHER_ADDR_FMT_SIZE];
1245 ether_format_addr(buf, ETHER_ADDR_FMT_SIZE, eth_addr);
1246 printf("%s%s", name, buf);
1249 /* Check the link status of all ports in up to 9s, and print them finally */
1251 check_all_ports_link_status(uint32_t port_mask)
1253 #define CHECK_INTERVAL 100 /* 100ms */
1254 #define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
1256 uint8_t count, all_ports_up, print_flag = 0;
1257 struct rte_eth_link link;
1259 printf("\nChecking link status");
1261 for (count = 0; count <= MAX_CHECK_TIME; count++) {
1263 RTE_ETH_FOREACH_DEV(portid) {
1264 if ((port_mask & (1 << portid)) == 0)
1266 memset(&link, 0, sizeof(link));
1267 rte_eth_link_get_nowait(portid, &link);
1268 /* print link status if flag set */
1269 if (print_flag == 1) {
1270 if (link.link_status)
1272 "Port%d Link Up - speed %u Mbps -%s\n",
1273 portid, link.link_speed,
1274 (link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
1275 ("full-duplex") : ("half-duplex\n"));
1277 printf("Port %d Link Down\n", portid);
1280 /* clear all_ports_up flag if any link down */
1281 if (link.link_status == ETH_LINK_DOWN) {
1286 /* after finally printing all link status, get out */
1287 if (print_flag == 1)
1290 if (all_ports_up == 0) {
1293 rte_delay_ms(CHECK_INTERVAL);
1296 /* set the print_flag if all ports up or timeout */
1297 if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
1305 add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,
1306 uint16_t qp, struct lcore_params *params,
1307 struct ipsec_ctx *ipsec_ctx,
1308 const struct rte_cryptodev_capabilities *cipher,
1309 const struct rte_cryptodev_capabilities *auth,
1310 const struct rte_cryptodev_capabilities *aead)
1314 struct cdev_key key = { 0 };
1316 key.lcore_id = params->lcore_id;
1318 key.cipher_algo = cipher->sym.cipher.algo;
1320 key.auth_algo = auth->sym.auth.algo;
1322 key.aead_algo = aead->sym.aead.algo;
1324 ret = rte_hash_lookup(map, &key);
1328 for (i = 0; i < ipsec_ctx->nb_qps; i++)
1329 if (ipsec_ctx->tbl[i].id == cdev_id)
1332 if (i == ipsec_ctx->nb_qps) {
1333 if (ipsec_ctx->nb_qps == MAX_QP_PER_LCORE) {
1334 printf("Maximum number of crypto devices assigned to "
1335 "a core, increase MAX_QP_PER_LCORE value\n");
1338 ipsec_ctx->tbl[i].id = cdev_id;
1339 ipsec_ctx->tbl[i].qp = qp;
1340 ipsec_ctx->nb_qps++;
1341 printf("%s cdev mapping: lcore %u using cdev %u qp %u "
1342 "(cdev_id_qp %lu)\n", str, key.lcore_id,
1346 ret = rte_hash_add_key_data(map, &key, (void *)i);
1348 printf("Faled to insert cdev mapping for (lcore %u, "
1349 "cdev %u, qp %u), errno %d\n",
1350 key.lcore_id, ipsec_ctx->tbl[i].id,
1351 ipsec_ctx->tbl[i].qp, ret);
1359 add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,
1360 uint16_t qp, struct lcore_params *params)
1363 const struct rte_cryptodev_capabilities *i, *j;
1364 struct rte_hash *map;
1365 struct lcore_conf *qconf;
1366 struct ipsec_ctx *ipsec_ctx;
1369 qconf = &lcore_conf[params->lcore_id];
1371 if ((unprotected_port_mask & (1 << params->port_id)) == 0) {
1373 ipsec_ctx = &qconf->outbound;
1377 ipsec_ctx = &qconf->inbound;
1381 /* Required cryptodevs with operation chainning */
1382 if (!(dev_info->feature_flags &
1383 RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
1386 for (i = dev_info->capabilities;
1387 i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++) {
1388 if (i->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
1391 if (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
1392 ret |= add_mapping(map, str, cdev_id, qp, params,
1393 ipsec_ctx, NULL, NULL, i);
1397 if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
1400 for (j = dev_info->capabilities;
1401 j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; j++) {
1402 if (j->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
1405 if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
1408 ret |= add_mapping(map, str, cdev_id, qp, params,
1409 ipsec_ctx, i, j, NULL);
1416 /* Check if the device is enabled by cryptodev_mask */
1418 check_cryptodev_mask(uint8_t cdev_id)
1420 if (enabled_cryptodev_mask & (1 << cdev_id))
1427 cryptodevs_init(void)
1429 struct rte_cryptodev_config dev_conf;
1430 struct rte_cryptodev_qp_conf qp_conf;
1431 uint16_t idx, max_nb_qps, qp, i;
1432 int16_t cdev_id, port_id;
1433 struct rte_hash_parameters params = { 0 };
1435 params.entries = CDEV_MAP_ENTRIES;
1436 params.key_len = sizeof(struct cdev_key);
1437 params.hash_func = rte_jhash;
1438 params.hash_func_init_val = 0;
1439 params.socket_id = rte_socket_id();
1441 params.name = "cdev_map_in";
1442 cdev_map_in = rte_hash_create(¶ms);
1443 if (cdev_map_in == NULL)
1444 rte_panic("Failed to create cdev_map hash table, errno = %d\n",
1447 params.name = "cdev_map_out";
1448 cdev_map_out = rte_hash_create(¶ms);
1449 if (cdev_map_out == NULL)
1450 rte_panic("Failed to create cdev_map hash table, errno = %d\n",
1453 printf("lcore/cryptodev/qp mappings:\n");
1455 uint32_t max_sess_sz = 0, sess_sz;
1456 for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
1459 /* Get crypto priv session size */
1460 sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
1461 if (sess_sz > max_sess_sz)
1462 max_sess_sz = sess_sz;
1465 * If crypto device is security capable, need to check the
1466 * size of security session as well.
1469 /* Get security context of the crypto device */
1470 sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
1471 if (sec_ctx == NULL)
1474 /* Get size of security session */
1475 sess_sz = rte_security_session_get_size(sec_ctx);
1476 if (sess_sz > max_sess_sz)
1477 max_sess_sz = sess_sz;
1479 RTE_ETH_FOREACH_DEV(port_id) {
1482 if ((enabled_port_mask & (1 << port_id)) == 0)
1485 sec_ctx = rte_eth_dev_get_sec_ctx(port_id);
1486 if (sec_ctx == NULL)
1489 sess_sz = rte_security_session_get_size(sec_ctx);
1490 if (sess_sz > max_sess_sz)
1491 max_sess_sz = sess_sz;
1495 for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
1496 struct rte_cryptodev_info cdev_info;
1498 if (check_cryptodev_mask((uint8_t)cdev_id))
1501 rte_cryptodev_info_get(cdev_id, &cdev_info);
1503 if (nb_lcore_params > cdev_info.max_nb_queue_pairs)
1504 max_nb_qps = cdev_info.max_nb_queue_pairs;
1506 max_nb_qps = nb_lcore_params;
1510 while (qp < max_nb_qps && i < nb_lcore_params) {
1511 if (add_cdev_mapping(&cdev_info, cdev_id, qp,
1512 &lcore_params[idx]))
1515 idx = idx % nb_lcore_params;
1522 dev_conf.socket_id = rte_cryptodev_socket_id(cdev_id);
1523 dev_conf.nb_queue_pairs = qp;
1525 uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
1526 if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
1527 rte_exit(EXIT_FAILURE,
1528 "Device does not support at least %u "
1529 "sessions", CDEV_MP_NB_OBJS);
1531 if (!socket_ctx[dev_conf.socket_id].session_pool) {
1532 char mp_name[RTE_MEMPOOL_NAMESIZE];
1533 struct rte_mempool *sess_mp;
1535 snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
1536 "sess_mp_%u", dev_conf.socket_id);
1537 sess_mp = rte_cryptodev_sym_session_pool_create(
1538 mp_name, CDEV_MP_NB_OBJS,
1539 0, CDEV_MP_CACHE_SZ, 0,
1540 dev_conf.socket_id);
1541 socket_ctx[dev_conf.socket_id].session_pool = sess_mp;
1544 if (!socket_ctx[dev_conf.socket_id].session_priv_pool) {
1545 char mp_name[RTE_MEMPOOL_NAMESIZE];
1546 struct rte_mempool *sess_mp;
1548 snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
1549 "sess_mp_priv_%u", dev_conf.socket_id);
1550 sess_mp = rte_mempool_create(mp_name,
1554 0, NULL, NULL, NULL,
1555 NULL, dev_conf.socket_id,
1557 socket_ctx[dev_conf.socket_id].session_priv_pool =
1561 if (!socket_ctx[dev_conf.socket_id].session_priv_pool ||
1562 !socket_ctx[dev_conf.socket_id].session_pool)
1563 rte_exit(EXIT_FAILURE,
1564 "Cannot create session pool on socket %d\n",
1565 dev_conf.socket_id);
1567 printf("Allocated session pool on socket %d\n",
1568 dev_conf.socket_id);
1570 if (rte_cryptodev_configure(cdev_id, &dev_conf))
1571 rte_panic("Failed to initialize cryptodev %u\n",
1574 qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
1575 qp_conf.mp_session =
1576 socket_ctx[dev_conf.socket_id].session_pool;
1577 qp_conf.mp_session_private =
1578 socket_ctx[dev_conf.socket_id].session_priv_pool;
1579 for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
1580 if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
1581 &qp_conf, dev_conf.socket_id))
1582 rte_panic("Failed to setup queue %u for "
1583 "cdev_id %u\n", 0, cdev_id);
1585 if (rte_cryptodev_start(cdev_id))
1586 rte_panic("Failed to start cryptodev %u\n",
1590 /* create session pools for eth devices that implement security */
1591 RTE_ETH_FOREACH_DEV(port_id) {
1592 if ((enabled_port_mask & (1 << port_id)) &&
1593 rte_eth_dev_get_sec_ctx(port_id)) {
1594 int socket_id = rte_eth_dev_socket_id(port_id);
1596 if (!socket_ctx[socket_id].session_pool) {
1597 char mp_name[RTE_MEMPOOL_NAMESIZE];
1598 struct rte_mempool *sess_mp;
1600 snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
1601 "sess_mp_%u", socket_id);
1602 sess_mp = rte_mempool_create(mp_name,
1603 (CDEV_MP_NB_OBJS * 2),
1606 0, NULL, NULL, NULL,
1609 if (sess_mp == NULL)
1610 rte_exit(EXIT_FAILURE,
1611 "Cannot create session pool "
1612 "on socket %d\n", socket_id);
1614 printf("Allocated session pool "
1615 "on socket %d\n", socket_id);
1616 socket_ctx[socket_id].session_pool = sess_mp;
1628 port_init(uint16_t portid, uint64_t req_rx_offloads, uint64_t req_tx_offloads)
1630 struct rte_eth_dev_info dev_info;
1631 struct rte_eth_txconf *txconf;
1632 uint16_t nb_tx_queue, nb_rx_queue;
1633 uint16_t tx_queueid, rx_queueid, queue, lcore_id;
1634 int32_t ret, socket_id;
1635 struct lcore_conf *qconf;
1636 struct ether_addr ethaddr;
1637 struct rte_eth_conf local_port_conf = port_conf;
1639 rte_eth_dev_info_get(portid, &dev_info);
1641 /* limit allowed HW offloafs, as user requested */
1642 dev_info.rx_offload_capa &= dev_rx_offload;
1643 dev_info.tx_offload_capa &= dev_tx_offload;
1645 printf("Configuring device port %u:\n", portid);
1647 rte_eth_macaddr_get(portid, ðaddr);
1648 ethaddr_tbl[portid].src = ETHADDR_TO_UINT64(ethaddr);
1649 print_ethaddr("Address: ", ðaddr);
1652 nb_rx_queue = get_port_nb_rx_queues(portid);
1653 nb_tx_queue = nb_lcores;
1655 if (nb_rx_queue > dev_info.max_rx_queues)
1656 rte_exit(EXIT_FAILURE, "Error: queue %u not available "
1657 "(max rx queue is %u)\n",
1658 nb_rx_queue, dev_info.max_rx_queues);
1660 if (nb_tx_queue > dev_info.max_tx_queues)
1661 rte_exit(EXIT_FAILURE, "Error: queue %u not available "
1662 "(max tx queue is %u)\n",
1663 nb_tx_queue, dev_info.max_tx_queues);
1665 printf("Creating queues: nb_rx_queue=%d nb_tx_queue=%u...\n",
1666 nb_rx_queue, nb_tx_queue);
1669 local_port_conf.rxmode.max_rx_pkt_len = frame_size;
1670 local_port_conf.rxmode.offloads |= DEV_RX_OFFLOAD_JUMBO_FRAME;
1673 local_port_conf.rxmode.offloads |= req_rx_offloads;
1674 local_port_conf.txmode.offloads |= req_tx_offloads;
1676 /* Check that all required capabilities are supported */
1677 if ((local_port_conf.rxmode.offloads & dev_info.rx_offload_capa) !=
1678 local_port_conf.rxmode.offloads)
1679 rte_exit(EXIT_FAILURE,
1680 "Error: port %u required RX offloads: 0x%" PRIx64
1681 ", avaialbe RX offloads: 0x%" PRIx64 "\n",
1682 portid, local_port_conf.rxmode.offloads,
1683 dev_info.rx_offload_capa);
1685 if ((local_port_conf.txmode.offloads & dev_info.tx_offload_capa) !=
1686 local_port_conf.txmode.offloads)
1687 rte_exit(EXIT_FAILURE,
1688 "Error: port %u required TX offloads: 0x%" PRIx64
1689 ", avaialbe TX offloads: 0x%" PRIx64 "\n",
1690 portid, local_port_conf.txmode.offloads,
1691 dev_info.tx_offload_capa);
1693 if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MBUF_FAST_FREE)
1694 local_port_conf.txmode.offloads |=
1695 DEV_TX_OFFLOAD_MBUF_FAST_FREE;
1697 if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_IPV4_CKSUM)
1698 local_port_conf.txmode.offloads |= DEV_TX_OFFLOAD_IPV4_CKSUM;
1700 printf("port %u configurng rx_offloads=0x%" PRIx64
1701 ", tx_offloads=0x%" PRIx64 "\n",
1702 portid, local_port_conf.rxmode.offloads,
1703 local_port_conf.txmode.offloads);
1705 local_port_conf.rx_adv_conf.rss_conf.rss_hf &=
1706 dev_info.flow_type_rss_offloads;
1707 if (local_port_conf.rx_adv_conf.rss_conf.rss_hf !=
1708 port_conf.rx_adv_conf.rss_conf.rss_hf) {
1709 printf("Port %u modified RSS hash function based on hardware support,"
1710 "requested:%#"PRIx64" configured:%#"PRIx64"\n",
1712 port_conf.rx_adv_conf.rss_conf.rss_hf,
1713 local_port_conf.rx_adv_conf.rss_conf.rss_hf);
1716 ret = rte_eth_dev_configure(portid, nb_rx_queue, nb_tx_queue,
1719 rte_exit(EXIT_FAILURE, "Cannot configure device: "
1720 "err=%d, port=%d\n", ret, portid);
1722 ret = rte_eth_dev_adjust_nb_rx_tx_desc(portid, &nb_rxd, &nb_txd);
1724 rte_exit(EXIT_FAILURE, "Cannot adjust number of descriptors: "
1725 "err=%d, port=%d\n", ret, portid);
1727 /* init one TX queue per lcore */
1729 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1730 if (rte_lcore_is_enabled(lcore_id) == 0)
1734 socket_id = (uint8_t)rte_lcore_to_socket_id(lcore_id);
1739 printf("Setup txq=%u,%d,%d\n", lcore_id, tx_queueid, socket_id);
1741 txconf = &dev_info.default_txconf;
1742 txconf->offloads = local_port_conf.txmode.offloads;
1744 ret = rte_eth_tx_queue_setup(portid, tx_queueid, nb_txd,
1747 rte_exit(EXIT_FAILURE, "rte_eth_tx_queue_setup: "
1748 "err=%d, port=%d\n", ret, portid);
1750 qconf = &lcore_conf[lcore_id];
1751 qconf->tx_queue_id[portid] = tx_queueid;
1753 /* Pre-populate pkt offloads based on capabilities */
1754 qconf->outbound.ipv4_offloads = PKT_TX_IPV4;
1755 qconf->outbound.ipv6_offloads = PKT_TX_IPV6;
1756 if (local_port_conf.txmode.offloads & DEV_TX_OFFLOAD_IPV4_CKSUM)
1757 qconf->outbound.ipv4_offloads |= PKT_TX_IP_CKSUM;
1761 /* init RX queues */
1762 for (queue = 0; queue < qconf->nb_rx_queue; ++queue) {
1763 struct rte_eth_rxconf rxq_conf;
1765 if (portid != qconf->rx_queue_list[queue].port_id)
1768 rx_queueid = qconf->rx_queue_list[queue].queue_id;
1770 printf("Setup rxq=%d,%d,%d\n", portid, rx_queueid,
1773 rxq_conf = dev_info.default_rxconf;
1774 rxq_conf.offloads = local_port_conf.rxmode.offloads;
1775 ret = rte_eth_rx_queue_setup(portid, rx_queueid,
1776 nb_rxd, socket_id, &rxq_conf,
1777 socket_ctx[socket_id].mbuf_pool);
1779 rte_exit(EXIT_FAILURE,
1780 "rte_eth_rx_queue_setup: err=%d, "
1781 "port=%d\n", ret, portid);
1788 pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
1791 uint32_t buff_size = frame_size ? (frame_size + RTE_PKTMBUF_HEADROOM) :
1792 RTE_MBUF_DEFAULT_BUF_SIZE;
1795 snprintf(s, sizeof(s), "mbuf_pool_%d", socket_id);
1796 ctx->mbuf_pool = rte_pktmbuf_pool_create(s, nb_mbuf,
1797 MEMPOOL_CACHE_SIZE, ipsec_metadata_size(),
1800 if (ctx->mbuf_pool == NULL)
1801 rte_exit(EXIT_FAILURE, "Cannot init mbuf pool on socket %d\n",
1804 printf("Allocated mbuf pool on socket %d\n", socket_id);
1808 inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, uint64_t md)
1810 struct ipsec_sa *sa;
1812 /* For inline protocol processing, the metadata in the event will
1813 * uniquely identify the security session which raised the event.
1814 * Application would then need the userdata it had registered with the
1815 * security session to process the event.
1818 sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md);
1821 /* userdata could not be retrieved */
1825 /* Sequence number over flow. SA need to be re-established */
1831 inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
1832 void *param, void *ret_param)
1835 struct rte_eth_event_ipsec_desc *event_desc = NULL;
1836 struct rte_security_ctx *ctx = (struct rte_security_ctx *)
1837 rte_eth_dev_get_sec_ctx(port_id);
1839 RTE_SET_USED(param);
1841 if (type != RTE_ETH_EVENT_IPSEC)
1844 event_desc = ret_param;
1845 if (event_desc == NULL) {
1846 printf("Event descriptor not set\n");
1850 md = event_desc->metadata;
1852 if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW)
1853 return inline_ipsec_event_esn_overflow(ctx, md);
1854 else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) {
1855 printf("Invalid IPsec event reported\n");
1863 main(int32_t argc, char **argv)
1869 uint64_t req_rx_offloads, req_tx_offloads;
1872 ret = rte_eal_init(argc, argv);
1874 rte_exit(EXIT_FAILURE, "Invalid EAL parameters\n");
1878 /* parse application arguments (after the EAL ones) */
1879 ret = parse_args(argc, argv);
1881 rte_exit(EXIT_FAILURE, "Invalid parameters\n");
1883 if ((unprotected_port_mask & enabled_port_mask) !=
1884 unprotected_port_mask)
1885 rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
1886 unprotected_port_mask);
1888 if (check_params() < 0)
1889 rte_exit(EXIT_FAILURE, "check_params failed\n");
1891 ret = init_lcore_rx_queues();
1893 rte_exit(EXIT_FAILURE, "init_lcore_rx_queues failed\n");
1895 nb_lcores = rte_lcore_count();
1897 /* Replicate each context per socket */
1898 for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) {
1899 if (rte_lcore_is_enabled(lcore_id) == 0)
1903 socket_id = (uint8_t)rte_lcore_to_socket_id(lcore_id);
1907 if (socket_ctx[socket_id].mbuf_pool)
1910 sa_init(&socket_ctx[socket_id], socket_id);
1912 sp4_init(&socket_ctx[socket_id], socket_id);
1914 sp6_init(&socket_ctx[socket_id], socket_id);
1916 rt_init(&socket_ctx[socket_id], socket_id);
1918 pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
1921 RTE_ETH_FOREACH_DEV(portid) {
1922 if ((enabled_port_mask & (1 << portid)) == 0)
1925 sa_check_offloads(portid, &req_rx_offloads, &req_tx_offloads);
1926 port_init(portid, req_rx_offloads, req_tx_offloads);
1932 RTE_ETH_FOREACH_DEV(portid) {
1933 if ((enabled_port_mask & (1 << portid)) == 0)
1937 ret = rte_eth_dev_start(portid);
1939 rte_exit(EXIT_FAILURE, "rte_eth_dev_start: "
1940 "err=%d, port=%d\n", ret, portid);
1942 * If enabled, put device in promiscuous mode.
1943 * This allows IO forwarding mode to forward packets
1944 * to itself through 2 cross-connected ports of the
1948 rte_eth_promiscuous_enable(portid);
1950 rte_eth_dev_callback_register(portid,
1951 RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL);
1954 check_all_ports_link_status(enabled_port_mask);
1956 /* launch per-lcore init on every lcore */
1957 rte_eal_mp_remote_launch(main_loop, NULL, CALL_MASTER);
1958 RTE_LCORE_FOREACH_SLAVE(lcore_id) {
1959 if (rte_eal_wait_lcore(lcore_id) < 0)