1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2010-2016 Intel Corporation
3 * Copyright (C) 2020 Marvell International Ltd.
6 #include <rte_event_eth_tx_adapter.h>
10 #include "event_helper.h"
12 #include "ipsec-secgw.h"
13 #include "ipsec_worker.h"
15 struct port_drv_mode_data {
16 struct rte_security_session *sess;
17 struct rte_security_ctx *ctx;
20 static inline enum pkt_type
21 process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp)
23 struct rte_ether_hdr *eth;
24 uint32_t ptype = pkt->packet_type;
26 eth = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
29 if (RTE_ETH_IS_IPV4_HDR(ptype)) {
30 *nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
31 offsetof(struct ip, ip_p));
32 if ((ptype & RTE_PTYPE_TUNNEL_MASK) == RTE_PTYPE_TUNNEL_ESP)
33 return PKT_TYPE_IPSEC_IPV4;
35 return PKT_TYPE_PLAIN_IPV4;
36 } else if (RTE_ETH_IS_IPV6_HDR(ptype)) {
37 *nlp = RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
38 offsetof(struct ip6_hdr, ip6_nxt));
39 if ((ptype & RTE_PTYPE_TUNNEL_MASK) == RTE_PTYPE_TUNNEL_ESP)
40 return PKT_TYPE_IPSEC_IPV6;
42 return PKT_TYPE_PLAIN_IPV6;
45 /* Unknown/Unsupported type */
46 return PKT_TYPE_INVALID;
50 update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid)
52 struct rte_ether_hdr *ethhdr;
54 ethhdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
55 memcpy(ðhdr->src_addr, ðaddr_tbl[portid].src, RTE_ETHER_ADDR_LEN);
56 memcpy(ðhdr->dst_addr, ðaddr_tbl[portid].dst, RTE_ETHER_ADDR_LEN);
60 ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id)
62 /* Save the destination port in the mbuf */
65 /* Save eth queue for Tx */
66 rte_event_eth_tx_adapter_txq_set(m, 0);
70 ev_vector_attr_init(struct rte_event_vector *vec)
78 ev_vector_attr_update(struct rte_event_vector *vec, struct rte_mbuf *pkt)
80 if (vec->port == 0xFFFF) {
81 vec->port = pkt->port;
84 if (vec->attr_valid && (vec->port != pkt->port))
89 prepare_out_sessions_tbl(struct sa_ctx *sa_out,
90 struct port_drv_mode_data *data,
93 struct rte_ipsec_session *pri_sess;
100 for (i = 0; i < sa_out->nb_sa; i++) {
106 pri_sess = ipsec_get_primary_session(sa);
110 if (pri_sess->type !=
111 RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
113 RTE_LOG(ERR, IPSEC, "Invalid session type %d\n",
118 if (sa->portid >= size) {
120 "Port id >= than table size %d, %d\n",
125 /* Use only first inline session found for a given port */
126 if (data[sa->portid].sess)
128 data[sa->portid].sess = pri_sess->security.ses;
129 data[sa->portid].ctx = pri_sess->security.ctx;
134 check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx)
138 if (unlikely(sp == NULL))
141 rte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1,
142 DEFAULT_MAX_CATEGORIES);
144 if (unlikely(res == DISCARD))
146 else if (res == BYPASS) {
156 check_sp_bulk(struct sp_ctx *sp, struct traffic_type *ip,
157 struct traffic_type *ipsec)
162 if (unlikely(sp == NULL || ip->num == 0))
165 rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res, ip->num,
166 DEFAULT_MAX_CATEGORIES);
169 for (i = 0; i < ip->num; i++) {
172 if (unlikely(res == DISCARD))
174 else if (res == BYPASS)
177 ipsec->res[ipsec->num] = res - 1;
178 ipsec->pkts[ipsec->num++] = m;
185 check_sp_sa_bulk(struct sp_ctx *sp, struct sa_ctx *sa_ctx,
186 struct traffic_type *ip)
192 if (unlikely(sp == NULL || ip->num == 0))
195 rte_acl_classify((struct rte_acl_ctx *)sp, ip->data, ip->res, ip->num,
196 DEFAULT_MAX_CATEGORIES);
199 for (i = 0; i < ip->num; i++) {
202 if (unlikely(res == DISCARD))
204 else if (res == BYPASS)
207 sa = *(struct ipsec_sa **)rte_security_dynfield(m);
211 /* SPI on the packet should match with the one in SA */
212 if (unlikely(sa->spi != sa_ctx->sa[res - 1].spi))
221 static inline uint16_t
222 route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)
229 offset = RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst);
230 dst_ip = *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset);
231 dst_ip = rte_be_to_cpu_32(dst_ip);
233 ret = rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip, &hop);
241 return RTE_MAX_ETHPORTS;
244 /* TODO: To be tested */
245 static inline uint16_t
246 route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)
254 offset = RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr, ip6_dst);
255 ip6_dst = rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset);
256 memcpy(&dst_ip[0], ip6_dst, 16);
258 ret = rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip, &hop);
266 return RTE_MAX_ETHPORTS;
269 static inline uint16_t
270 get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type type)
272 if (type == PKT_TYPE_PLAIN_IPV4 || type == PKT_TYPE_IPSEC_IPV4)
273 return route4_pkt(pkt, rt->rt4_ctx);
274 else if (type == PKT_TYPE_PLAIN_IPV6 || type == PKT_TYPE_IPSEC_IPV6)
275 return route6_pkt(pkt, rt->rt6_ctx);
277 return RTE_MAX_ETHPORTS;
281 process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt,
282 struct rte_event *ev)
284 struct ipsec_sa *sa = NULL;
285 struct rte_mbuf *pkt;
286 uint16_t port_id = 0;
291 /* Get pkt from event */
294 /* Check the packet type */
295 type = process_ipsec_get_pkt_type(pkt, &nlp);
298 case PKT_TYPE_PLAIN_IPV4:
299 if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) {
300 if (unlikely(pkt->ol_flags &
301 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
303 "Inbound security offload failed\n");
304 goto drop_pkt_and_exit;
306 sa = *(struct ipsec_sa **)rte_security_dynfield(pkt);
309 /* Check if we have a match */
310 if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {
312 goto drop_pkt_and_exit;
316 case PKT_TYPE_PLAIN_IPV6:
317 if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) {
318 if (unlikely(pkt->ol_flags &
319 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
321 "Inbound security offload failed\n");
322 goto drop_pkt_and_exit;
324 sa = *(struct ipsec_sa **)rte_security_dynfield(pkt);
327 /* Check if we have a match */
328 if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {
330 goto drop_pkt_and_exit;
335 RTE_LOG_DP(DEBUG, IPSEC_ESP, "Unsupported packet type = %d\n",
337 goto drop_pkt_and_exit;
340 /* Check if the packet has to be bypassed */
341 if (sa_idx == BYPASS)
342 goto route_and_send_pkt;
344 /* Validate sa_idx */
345 if (sa_idx >= ctx->sa_ctx->nb_sa)
346 goto drop_pkt_and_exit;
348 /* Else the packet has to be protected with SA */
350 /* If the packet was IPsec processed, then SA pointer should be set */
352 goto drop_pkt_and_exit;
354 /* SPI on the packet should match with the one in SA */
355 if (unlikely(sa->spi != ctx->sa_ctx->sa[sa_idx].spi))
356 goto drop_pkt_and_exit;
359 port_id = get_route(pkt, rt, type);
360 if (unlikely(port_id == RTE_MAX_ETHPORTS)) {
362 goto drop_pkt_and_exit;
364 /* else, we have a matching route */
366 /* Update mac addresses */
367 update_mac_addrs(pkt, port_id);
369 /* Update the event with the dest port */
370 ipsec_event_pre_forward(pkt, port_id);
371 return PKT_FORWARDED;
374 RTE_LOG(ERR, IPSEC, "Inbound packet dropped\n");
375 rte_pktmbuf_free(pkt);
381 process_ipsec_ev_outbound(struct ipsec_ctx *ctx, struct route_table *rt,
382 struct rte_event *ev)
384 struct rte_ipsec_session *sess;
385 struct sa_ctx *sa_ctx;
386 struct rte_mbuf *pkt;
387 uint16_t port_id = 0;
393 /* Get pkt from event */
396 /* Check the packet type */
397 type = process_ipsec_get_pkt_type(pkt, &nlp);
400 case PKT_TYPE_PLAIN_IPV4:
401 /* Check if we have a match */
402 if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) == 0) {
404 goto drop_pkt_and_exit;
407 case PKT_TYPE_PLAIN_IPV6:
408 /* Check if we have a match */
409 if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) == 0) {
411 goto drop_pkt_and_exit;
416 * Only plain IPv4 & IPv6 packets are allowed
417 * on protected port. Drop the rest.
419 RTE_LOG(ERR, IPSEC, "Unsupported packet type = %d\n", type);
420 goto drop_pkt_and_exit;
423 /* Check if the packet has to be bypassed */
424 if (sa_idx == BYPASS) {
425 port_id = get_route(pkt, rt, type);
426 if (unlikely(port_id == RTE_MAX_ETHPORTS)) {
428 goto drop_pkt_and_exit;
430 /* else, we have a matching route */
434 /* Validate sa_idx */
435 if (unlikely(sa_idx >= ctx->sa_ctx->nb_sa))
436 goto drop_pkt_and_exit;
438 /* Else the packet has to be protected */
441 sa_ctx = ctx->sa_ctx;
444 sa = &(sa_ctx->sa[sa_idx]);
446 /* Get IPsec session */
447 sess = ipsec_get_primary_session(sa);
449 /* Allow only inline protocol for now */
450 if (unlikely(sess->type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)) {
451 RTE_LOG(ERR, IPSEC, "SA type not supported\n");
452 goto drop_pkt_and_exit;
455 rte_security_set_pkt_metadata(sess->security.ctx,
456 sess->security.ses, pkt, NULL);
458 /* Mark the packet for Tx security offload */
459 pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
461 /* Get the port to which this pkt need to be submitted */
462 port_id = sa->portid;
465 /* Provide L2 len for Outbound processing */
466 pkt->l2_len = RTE_ETHER_HDR_LEN;
468 /* Update mac addresses */
469 update_mac_addrs(pkt, port_id);
471 /* Update the event with the dest port */
472 ipsec_event_pre_forward(pkt, port_id);
473 return PKT_FORWARDED;
476 RTE_LOG(ERR, IPSEC, "Outbound packet dropped\n");
477 rte_pktmbuf_free(pkt);
483 ipsec_ev_route_pkts(struct rte_event_vector *vec, struct route_table *rt,
484 struct ipsec_traffic *t, struct sa_ctx *sa_ctx)
486 struct rte_ipsec_session *sess;
487 uint32_t sa_idx, i, j = 0;
488 uint16_t port_id = 0;
489 struct rte_mbuf *pkt;
492 /* Route IPv4 packets */
493 for (i = 0; i < t->ip4.num; i++) {
494 pkt = t->ip4.pkts[i];
495 port_id = route4_pkt(pkt, rt->rt4_ctx);
496 if (port_id != RTE_MAX_ETHPORTS) {
497 /* Update mac addresses */
498 update_mac_addrs(pkt, port_id);
499 /* Update the event with the dest port */
500 ipsec_event_pre_forward(pkt, port_id);
501 ev_vector_attr_update(vec, pkt);
502 vec->mbufs[j++] = pkt;
507 /* Route IPv6 packets */
508 for (i = 0; i < t->ip6.num; i++) {
509 pkt = t->ip6.pkts[i];
510 port_id = route6_pkt(pkt, rt->rt6_ctx);
511 if (port_id != RTE_MAX_ETHPORTS) {
512 /* Update mac addresses */
513 update_mac_addrs(pkt, port_id);
514 /* Update the event with the dest port */
515 ipsec_event_pre_forward(pkt, port_id);
516 ev_vector_attr_update(vec, pkt);
517 vec->mbufs[j++] = pkt;
522 /* Route ESP packets */
523 for (i = 0; i < t->ipsec.num; i++) {
524 /* Validate sa_idx */
525 sa_idx = t->ipsec.res[i];
526 pkt = t->ipsec.pkts[i];
527 if (unlikely(sa_idx >= sa_ctx->nb_sa))
530 /* Else the packet has to be protected */
531 sa = &(sa_ctx->sa[sa_idx]);
532 /* Get IPsec session */
533 sess = ipsec_get_primary_session(sa);
534 /* Allow only inline protocol for now */
535 if (unlikely(sess->type !=
536 RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)) {
537 RTE_LOG(ERR, IPSEC, "SA type not supported\n");
540 rte_security_set_pkt_metadata(sess->security.ctx,
541 sess->security.ses, pkt, NULL);
543 pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
544 port_id = sa->portid;
545 update_mac_addrs(pkt, port_id);
546 ipsec_event_pre_forward(pkt, port_id);
547 ev_vector_attr_update(vec, pkt);
548 vec->mbufs[j++] = pkt;
556 classify_pkt(struct rte_mbuf *pkt, struct ipsec_traffic *t)
561 /* Check the packet type */
562 type = process_ipsec_get_pkt_type(pkt, &nlp);
565 case PKT_TYPE_PLAIN_IPV4:
566 t->ip4.data[t->ip4.num] = nlp;
567 t->ip4.pkts[(t->ip4.num)++] = pkt;
569 case PKT_TYPE_PLAIN_IPV6:
570 t->ip6.data[t->ip6.num] = nlp;
571 t->ip6.pkts[(t->ip6.num)++] = pkt;
574 RTE_LOG_DP(DEBUG, IPSEC_ESP, "Unsupported packet type = %d\n",
582 process_ipsec_ev_inbound_vector(struct ipsec_ctx *ctx, struct route_table *rt,
583 struct rte_event_vector *vec)
585 struct ipsec_traffic t;
586 struct rte_mbuf *pkt;
593 for (i = 0; i < vec->nb_elem; i++) {
594 /* Get pkt from event */
597 if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) {
598 if (unlikely(pkt->ol_flags &
599 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
601 "Inbound security offload failed\n");
607 classify_pkt(pkt, &t);
610 check_sp_sa_bulk(ctx->sp4_ctx, ctx->sa_ctx, &t.ip4);
611 check_sp_sa_bulk(ctx->sp6_ctx, ctx->sa_ctx, &t.ip6);
613 return ipsec_ev_route_pkts(vec, rt, &t, ctx->sa_ctx);
617 process_ipsec_ev_outbound_vector(struct ipsec_ctx *ctx, struct route_table *rt,
618 struct rte_event_vector *vec)
620 struct ipsec_traffic t;
621 struct rte_mbuf *pkt;
628 for (i = 0; i < vec->nb_elem; i++) {
629 /* Get pkt from event */
632 classify_pkt(pkt, &t);
634 /* Provide L2 len for Outbound processing */
635 pkt->l2_len = RTE_ETHER_HDR_LEN;
638 check_sp_bulk(ctx->sp4_ctx, &t.ip4, &t.ipsec);
639 check_sp_bulk(ctx->sp6_ctx, &t.ip6, &t.ipsec);
641 return ipsec_ev_route_pkts(vec, rt, &t, ctx->sa_ctx);
645 process_ipsec_ev_drv_mode_outbound_vector(struct rte_event_vector *vec,
646 struct port_drv_mode_data *data)
648 struct rte_mbuf *pkt;
653 for (i = 0; i < vec->nb_elem; i++) {
657 if (unlikely(!data[port_id].sess)) {
661 ipsec_event_pre_forward(pkt, port_id);
662 /* Save security session */
663 rte_security_set_pkt_metadata(data[port_id].ctx,
664 data[port_id].sess, pkt,
667 /* Mark the packet for Tx security offload */
668 pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
670 /* Provide L2 len for Outbound processing */
671 pkt->l2_len = RTE_ETHER_HDR_LEN;
673 vec->mbufs[j++] = pkt;
680 ipsec_ev_vector_process(struct lcore_conf_ev_tx_int_port_wrkr *lconf,
681 struct eh_event_link_info *links,
682 struct rte_event *ev)
684 struct rte_event_vector *vec = ev->vec;
685 struct rte_mbuf *pkt;
690 ev_vector_attr_init(vec);
691 if (is_unprotected_port(pkt->port))
692 ret = process_ipsec_ev_inbound_vector(&lconf->inbound,
695 ret = process_ipsec_ev_outbound_vector(&lconf->outbound,
700 rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
701 links[0].event_port_id,
707 ipsec_ev_vector_drv_mode_process(struct eh_event_link_info *links,
708 struct rte_event *ev,
709 struct port_drv_mode_data *data)
711 struct rte_event_vector *vec = ev->vec;
712 struct rte_mbuf *pkt;
716 if (!is_unprotected_port(pkt->port))
717 vec->nb_elem = process_ipsec_ev_drv_mode_outbound_vector(vec,
719 if (vec->nb_elem > 0)
720 rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
721 links[0].event_port_id,
726 * Event mode exposes various operating modes depending on the
727 * capabilities of the event device and the operating mode
731 /* Workers registered */
732 #define IPSEC_EVENTMODE_WORKERS 2
736 * Operating parameters : non-burst - Tx internal port - driver mode
739 ipsec_wrkr_non_burst_int_port_drv_mode(struct eh_event_link_info *links,
742 struct port_drv_mode_data data[RTE_MAX_ETHPORTS];
743 unsigned int nb_rx = 0;
744 struct rte_mbuf *pkt;
750 /* Check if we have links registered for this lcore */
752 /* No links registered - exit */
756 memset(&data, 0, sizeof(struct port_drv_mode_data));
759 lcore_id = rte_lcore_id();
762 socket_id = rte_lcore_to_socket_id(lcore_id);
765 * Prepare security sessions table. In outbound driver mode
766 * we always use first session configured for a given port
768 prepare_out_sessions_tbl(socket_ctx[socket_id].sa_out, data,
772 "Launching event mode worker (non-burst - Tx internal port - "
773 "driver mode) on lcore %d\n", lcore_id);
775 /* We have valid links */
777 /* Check if it's single link */
780 "Multiple links not supported. Using first link\n");
783 RTE_LOG(INFO, IPSEC, " -- lcoreid=%u event_port_id=%u\n", lcore_id,
784 links[0].event_port_id);
785 while (!force_quit) {
786 /* Read packet from event queues */
787 nb_rx = rte_event_dequeue_burst(links[0].eventdev_id,
788 links[0].event_port_id,
791 0 /* timeout_ticks */);
796 switch (ev.event_type) {
797 case RTE_EVENT_TYPE_ETH_RX_ADAPTER_VECTOR:
798 case RTE_EVENT_TYPE_ETHDEV_VECTOR:
799 ipsec_ev_vector_drv_mode_process(links, &ev, data);
801 case RTE_EVENT_TYPE_ETHDEV:
804 RTE_LOG(ERR, IPSEC, "Invalid event type %u",
812 rte_prefetch0(rte_pktmbuf_mtod(pkt, void *));
815 ipsec_event_pre_forward(pkt, port_id);
817 if (!is_unprotected_port(port_id)) {
819 if (unlikely(!data[port_id].sess)) {
820 rte_pktmbuf_free(pkt);
824 /* Save security session */
825 rte_security_set_pkt_metadata(data[port_id].ctx,
826 data[port_id].sess, pkt,
829 /* Mark the packet for Tx security offload */
830 pkt->ol_flags |= RTE_MBUF_F_TX_SEC_OFFLOAD;
832 /* Provide L2 len for Outbound processing */
833 pkt->l2_len = RTE_ETHER_HDR_LEN;
837 * Since tx internal port is available, events can be
838 * directly enqueued to the adapter and it would be
839 * internally submitted to the eth device.
841 rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
842 links[0].event_port_id,
851 * Operating parameters : non-burst - Tx internal port - app mode
854 ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,
857 struct lcore_conf_ev_tx_int_port_wrkr lconf;
858 unsigned int nb_rx = 0;
864 /* Check if we have links registered for this lcore */
866 /* No links registered - exit */
870 /* We have valid links */
873 lcore_id = rte_lcore_id();
876 socket_id = rte_lcore_to_socket_id(lcore_id);
878 /* Save routing table */
879 lconf.rt.rt4_ctx = socket_ctx[socket_id].rt_ip4;
880 lconf.rt.rt6_ctx = socket_ctx[socket_id].rt_ip6;
881 lconf.inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;
882 lconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;
883 lconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;
884 lconf.inbound.session_pool = socket_ctx[socket_id].session_pool;
885 lconf.inbound.session_priv_pool =
886 socket_ctx[socket_id].session_priv_pool;
887 lconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
888 lconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
889 lconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;
890 lconf.outbound.session_pool = socket_ctx[socket_id].session_pool;
891 lconf.outbound.session_priv_pool =
892 socket_ctx[socket_id].session_priv_pool;
895 "Launching event mode worker (non-burst - Tx internal port - "
896 "app mode) on lcore %d\n", lcore_id);
898 /* Check if it's single link */
901 "Multiple links not supported. Using first link\n");
904 RTE_LOG(INFO, IPSEC, " -- lcoreid=%u event_port_id=%u\n", lcore_id,
905 links[0].event_port_id);
907 while (!force_quit) {
908 /* Read packet from event queues */
909 nb_rx = rte_event_dequeue_burst(links[0].eventdev_id,
910 links[0].event_port_id,
913 0 /* timeout_ticks */);
918 switch (ev.event_type) {
919 case RTE_EVENT_TYPE_ETH_RX_ADAPTER_VECTOR:
920 case RTE_EVENT_TYPE_ETHDEV_VECTOR:
921 ipsec_ev_vector_process(&lconf, links, &ev);
923 case RTE_EVENT_TYPE_ETHDEV:
926 RTE_LOG(ERR, IPSEC, "Invalid event type %u",
931 if (is_unprotected_port(ev.mbuf->port))
932 ret = process_ipsec_ev_inbound(&lconf.inbound,
935 ret = process_ipsec_ev_outbound(&lconf.outbound,
938 /* The pkt has been dropped */
942 * Since tx internal port is available, events can be
943 * directly enqueued to the adapter and it would be
944 * internally submitted to the eth device.
946 rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
947 links[0].event_port_id,
955 ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params *wrkrs)
957 struct eh_app_worker_params *wrkr;
958 uint8_t nb_wrkr_param = 0;
963 /* Non-burst - Tx internal port - driver mode */
964 wrkr->cap.burst = EH_RX_TYPE_NON_BURST;
965 wrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;
966 wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_DRIVER;
967 wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_drv_mode;
971 /* Non-burst - Tx internal port - app mode */
972 wrkr->cap.burst = EH_RX_TYPE_NON_BURST;
973 wrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;
974 wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_APP;
975 wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_app_mode;
978 return nb_wrkr_param;
982 ipsec_eventmode_worker(struct eh_conf *conf)
984 struct eh_app_worker_params ipsec_wrkr[IPSEC_EVENTMODE_WORKERS] = {
986 uint8_t nb_wrkr_param;
988 /* Populate l2fwd_wrkr params */
989 nb_wrkr_param = ipsec_eventmode_populate_wrkr_params(ipsec_wrkr);
992 * Launch correct worker after checking
993 * the event device's capabilities.
995 eh_launch_worker(conf, ipsec_wrkr, nb_wrkr_param);
998 int ipsec_launch_one_lcore(void *args)
1000 struct eh_conf *conf;
1002 conf = (struct eh_conf *)args;
1004 if (conf->mode == EH_PKT_TRANSFER_MODE_POLL) {
1005 /* Run in poll mode */
1006 ipsec_poll_mode_worker();
1007 } else if (conf->mode == EH_PKT_TRANSFER_MODE_EVENT) {
1008 /* Run in event mode */
1009 ipsec_eventmode_worker(conf);