X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec-secgw.c;h=3b5aaf68322cf4ca2657738ac749fc1528eb8af8;hb=202890c9d49919f392b01277091d78820b2bf245;hp=b1ecbb975d272a0d0ff45ba62629f1bd781348eb;hpb=b01d1cd213d26c42082632e61145e541f8002b15;p=dpdk.git diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index b1ecbb975d..3b5aaf6832 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -112,7 +112,7 @@ static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT; 0, 0) #define FRAG_TBL_BUCKET_ENTRIES 4 -#define FRAG_TTL_MS (10 * MS_PER_S) +#define MAX_FRAG_TTL_NS (10LL * NS_PER_S) #define MTU_TO_FRAMELEN(x) ((x) + RTE_ETHER_HDR_LEN + RTE_ETHER_CRC_LEN) @@ -135,6 +135,7 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = { #define CMD_LINE_OPT_TX_OFFLOAD "txoffload" #define CMD_LINE_OPT_REASSEMBLE "reassemble" #define CMD_LINE_OPT_MTU "mtu" +#define CMD_LINE_OPT_FRAG_TTL "frag-ttl" enum { /* long options mapped to a short option */ @@ -150,6 +151,7 @@ enum { CMD_LINE_OPT_TX_OFFLOAD_NUM, CMD_LINE_OPT_REASSEMBLE_NUM, CMD_LINE_OPT_MTU_NUM, + CMD_LINE_OPT_FRAG_TTL_NUM, }; static const struct option lgopts[] = { @@ -159,6 +161,8 @@ static const struct option lgopts[] = { {CMD_LINE_OPT_RX_OFFLOAD, 1, 0, CMD_LINE_OPT_RX_OFFLOAD_NUM}, {CMD_LINE_OPT_TX_OFFLOAD, 1, 0, CMD_LINE_OPT_TX_OFFLOAD_NUM}, {CMD_LINE_OPT_REASSEMBLE, 1, 0, CMD_LINE_OPT_REASSEMBLE_NUM}, + {CMD_LINE_OPT_MTU, 1, 0, CMD_LINE_OPT_MTU_NUM}, + {CMD_LINE_OPT_FRAG_TTL, 1, 0, CMD_LINE_OPT_FRAG_TTL_NUM}, {NULL, 0, 0, 0} }; @@ -185,9 +189,11 @@ static uint64_t dev_tx_offload = UINT64_MAX; static uint32_t frag_tbl_sz; static uint32_t frame_buf_size = RTE_MBUF_DEFAULT_BUF_SIZE; static uint32_t mtu_size = RTE_ETHER_MTU; +static uint64_t frag_ttl_ns = MAX_FRAG_TTL_NS; /* application wide librte_ipsec/SA parameters */ struct app_sa_prm app_sa_prm = {.enable = 0}; +static const char *cfgfile; struct lcore_rx_queue { uint16_t port_id; @@ -352,6 +358,7 @@ prepare_one_packet(struct rte_mbuf *pkt, struct ipsec_traffic *t) RTE_LOG(ERR, IPSEC, "Unsupported packet type 0x%x\n", rte_be_to_cpu_16(eth->ether_type)); rte_pktmbuf_free(pkt); + return; } /* Check if the packet has been processed inline. For inline protocol @@ -547,8 +554,10 @@ send_single_packet(struct rte_mbuf *m, uint16_t port, uint8_t proto) len++; /* need to fragment the packet */ - } else + } else if (frag_tbl_sz > 0) len = send_fragment_packet(qconf, m, port, proto); + else + rte_pktmbuf_free(m); /* enough pkts to be sent */ if (unlikely(len == MAX_PKT_BURST)) { @@ -1300,6 +1309,9 @@ print_usage(const char *prgname) ": MTU value on all ports (default value: 1500)\n" " outgoing packets with bigger size will be fragmented\n" " incoming packets with bigger size will be discarded\n" + " --" CMD_LINE_OPT_FRAG_TTL " FRAG_TTL_NS" + ": fragments lifetime in nanoseconds, default\n" + " and maximum value is 10.000.000.000 ns (10 s)\n" "\n", prgname); } @@ -1336,14 +1348,15 @@ parse_portmask(const char *portmask) return pm; } -static int32_t +static int64_t parse_decimal(const char *str) { char *end = NULL; - unsigned long num; + uint64_t num; - num = strtoul(str, &end, 10); - if ((str[0] == '\0') || (end == NULL) || (*end != '\0')) + num = strtoull(str, &end, 10); + if ((str[0] == '\0') || (end == NULL) || (*end != '\0') + || num > INT64_MAX) return -1; return num; @@ -1411,18 +1424,17 @@ print_app_sa_prm(const struct app_sa_prm *prm) printf("librte_ipsec usage: %s\n", (prm->enable == 0) ? "disabled" : "enabled"); - if (prm->enable == 0) - return; - printf("replay window size: %u\n", prm->window_size); printf("ESN: %s\n", (prm->enable_esn == 0) ? "disabled" : "enabled"); printf("SA flags: %#" PRIx64 "\n", prm->flags); + printf("Frag TTL: %" PRIu64 " ns\n", frag_ttl_ns); } static int32_t parse_args(int32_t argc, char **argv) { - int32_t opt, ret; + int opt; + int64_t ret; char **argvopt; int32_t option_index; char *prgname = argv[0]; @@ -1461,12 +1473,7 @@ parse_args(int32_t argc, char **argv) print_usage(prgname); return -1; } - if (parse_cfg_file(optarg) < 0) { - printf("parsing file \"%s\" failed\n", - optarg); - print_usage(prgname); - return -1; - } + cfgfile = optarg; f_present = 1; break; case 'j': @@ -1485,11 +1492,9 @@ parse_args(int32_t argc, char **argv) app_sa_prm.enable = 1; break; case 'w': - app_sa_prm.enable = 1; app_sa_prm.window_size = parse_decimal(optarg); break; case 'e': - app_sa_prm.enable = 1; app_sa_prm.enable_esn = 1; break; case 'a': @@ -1506,7 +1511,7 @@ parse_args(int32_t argc, char **argv) break; case CMD_LINE_OPT_SINGLE_SA_NUM: ret = parse_decimal(optarg); - if (ret == -1) { + if (ret == -1 || ret > UINT32_MAX) { printf("Invalid argument[sa_idx]\n"); print_usage(prgname); return -1; @@ -1549,7 +1554,7 @@ parse_args(int32_t argc, char **argv) break; case CMD_LINE_OPT_REASSEMBLE_NUM: ret = parse_decimal(optarg); - if (ret < 0) { + if (ret < 0 || ret > UINT32_MAX) { printf("Invalid argument for \'%s\': %s\n", CMD_LINE_OPT_REASSEMBLE, optarg); print_usage(prgname); @@ -1567,6 +1572,16 @@ parse_args(int32_t argc, char **argv) } mtu_size = ret; break; + case CMD_LINE_OPT_FRAG_TTL_NUM: + ret = parse_decimal(optarg); + if (ret < 0 || ret > MAX_FRAG_TTL_NS) { + printf("Invalid argument for \'%s\': %s\n", + CMD_LINE_OPT_MTU, optarg); + print_usage(prgname); + return -1; + } + frag_ttl_ns = ret; + break; default: print_usage(prgname); return -1; @@ -1628,6 +1643,7 @@ check_all_ports_link_status(uint32_t port_mask) uint16_t portid; uint8_t count, all_ports_up, print_flag = 0; struct rte_eth_link link; + int ret; printf("\nChecking link status"); fflush(stdout); @@ -1637,7 +1653,14 @@ check_all_ports_link_status(uint32_t port_mask) if ((port_mask & (1 << portid)) == 0) continue; memset(&link, 0, sizeof(link)); - rte_eth_link_get_nowait(portid, &link); + ret = rte_eth_link_get_nowait(portid, &link); + if (ret < 0) { + all_ports_up = 0; + if (print_flag == 1) + printf("Port %u link get failed: %s\n", + portid, rte_strerror(-ret)); + continue; + } /* print link status if flag set */ if (print_flag == 1) { if (link.link_status) @@ -1802,7 +1825,7 @@ cryptodevs_init(void) struct rte_cryptodev_config dev_conf; struct rte_cryptodev_qp_conf qp_conf; uint16_t idx, max_nb_qps, qp, i; - int16_t cdev_id, port_id; + int16_t cdev_id; struct rte_hash_parameters params = { 0 }; const uint64_t mseg_flag = multi_seg_required() ? @@ -1828,45 +1851,6 @@ cryptodevs_init(void) printf("lcore/cryptodev/qp mappings:\n"); - uint32_t max_sess_sz = 0, sess_sz; - for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) { - void *sec_ctx; - - /* Get crypto priv session size */ - sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id); - if (sess_sz > max_sess_sz) - max_sess_sz = sess_sz; - - /* - * If crypto device is security capable, need to check the - * size of security session as well. - */ - - /* Get security context of the crypto device */ - sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id); - if (sec_ctx == NULL) - continue; - - /* Get size of security session */ - sess_sz = rte_security_session_get_size(sec_ctx); - if (sess_sz > max_sess_sz) - max_sess_sz = sess_sz; - } - RTE_ETH_FOREACH_DEV(port_id) { - void *sec_ctx; - - if ((enabled_port_mask & (1 << port_id)) == 0) - continue; - - sec_ctx = rte_eth_dev_get_sec_ctx(port_id); - if (sec_ctx == NULL) - continue; - - sess_sz = rte_security_session_get_size(sec_ctx); - if (sess_sz > max_sess_sz) - max_sess_sz = sess_sz; - } - idx = 0; for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) { struct rte_cryptodev_info cdev_info; @@ -1911,45 +1895,6 @@ cryptodevs_init(void) "Device does not support at least %u " "sessions", CDEV_MP_NB_OBJS); - if (!socket_ctx[dev_conf.socket_id].session_pool) { - char mp_name[RTE_MEMPOOL_NAMESIZE]; - struct rte_mempool *sess_mp; - - snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, - "sess_mp_%u", dev_conf.socket_id); - sess_mp = rte_cryptodev_sym_session_pool_create( - mp_name, CDEV_MP_NB_OBJS, - 0, CDEV_MP_CACHE_SZ, 0, - dev_conf.socket_id); - socket_ctx[dev_conf.socket_id].session_pool = sess_mp; - } - - if (!socket_ctx[dev_conf.socket_id].session_priv_pool) { - char mp_name[RTE_MEMPOOL_NAMESIZE]; - struct rte_mempool *sess_mp; - - snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, - "sess_mp_priv_%u", dev_conf.socket_id); - sess_mp = rte_mempool_create(mp_name, - CDEV_MP_NB_OBJS, - max_sess_sz, - CDEV_MP_CACHE_SZ, - 0, NULL, NULL, NULL, - NULL, dev_conf.socket_id, - 0); - socket_ctx[dev_conf.socket_id].session_priv_pool = - sess_mp; - } - - if (!socket_ctx[dev_conf.socket_id].session_priv_pool || - !socket_ctx[dev_conf.socket_id].session_pool) - rte_exit(EXIT_FAILURE, - "Cannot create session pool on socket %d\n", - dev_conf.socket_id); - else - printf("Allocated session pool on socket %d\n", - dev_conf.socket_id); - if (rte_cryptodev_configure(cdev_id, &dev_conf)) rte_panic("Failed to initialize cryptodev %u\n", cdev_id); @@ -1970,39 +1915,6 @@ cryptodevs_init(void) cdev_id); } - /* create session pools for eth devices that implement security */ - RTE_ETH_FOREACH_DEV(port_id) { - if ((enabled_port_mask & (1 << port_id)) && - rte_eth_dev_get_sec_ctx(port_id)) { - int socket_id = rte_eth_dev_socket_id(port_id); - - if (!socket_ctx[socket_id].session_priv_pool) { - char mp_name[RTE_MEMPOOL_NAMESIZE]; - struct rte_mempool *sess_mp; - - snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, - "sess_mp_%u", socket_id); - sess_mp = rte_mempool_create(mp_name, - (CDEV_MP_NB_OBJS * 2), - max_sess_sz, - CDEV_MP_CACHE_SZ, - 0, NULL, NULL, NULL, - NULL, socket_id, - 0); - if (sess_mp == NULL) - rte_exit(EXIT_FAILURE, - "Cannot create session pool " - "on socket %d\n", socket_id); - else - printf("Allocated session pool " - "on socket %d\n", socket_id); - socket_ctx[socket_id].session_priv_pool = - sess_mp; - } - } - } - - printf("\n"); return 0; @@ -2021,7 +1933,11 @@ port_init(uint16_t portid, uint64_t req_rx_offloads, uint64_t req_tx_offloads) struct rte_ether_addr ethaddr; struct rte_eth_conf local_port_conf = port_conf; - rte_eth_dev_info_get(portid, &dev_info); + ret = rte_eth_dev_info_get(portid, &dev_info); + if (ret != 0) + rte_exit(EXIT_FAILURE, + "Error during getting device (port %u) info: %s\n", + portid, strerror(-ret)); /* limit allowed HW offloafs, as user requested */ dev_info.rx_offload_capa &= dev_rx_offload; @@ -2029,7 +1945,12 @@ port_init(uint16_t portid, uint64_t req_rx_offloads, uint64_t req_tx_offloads) printf("Configuring device port %u:\n", portid); - rte_eth_macaddr_get(portid, ðaddr); + ret = rte_eth_macaddr_get(portid, ðaddr); + if (ret != 0) + rte_exit(EXIT_FAILURE, + "Error getting MAC address (port %u): %s\n", + portid, rte_strerror(-ret)); + ethaddr_tbl[portid].src = ETHADDR_TO_UINT64(ðaddr); print_ethaddr("Address: ", ðaddr); printf("\n"); @@ -2174,6 +2095,99 @@ port_init(uint16_t portid, uint64_t req_rx_offloads, uint64_t req_tx_offloads) printf("\n"); } +static size_t +max_session_size(void) +{ + size_t max_sz, sz; + void *sec_ctx; + int16_t cdev_id, port_id, n; + + max_sz = 0; + n = rte_cryptodev_count(); + for (cdev_id = 0; cdev_id != n; cdev_id++) { + sz = rte_cryptodev_sym_get_private_session_size(cdev_id); + if (sz > max_sz) + max_sz = sz; + /* + * If crypto device is security capable, need to check the + * size of security session as well. + */ + + /* Get security context of the crypto device */ + sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id); + if (sec_ctx == NULL) + continue; + + /* Get size of security session */ + sz = rte_security_session_get_size(sec_ctx); + if (sz > max_sz) + max_sz = sz; + } + + RTE_ETH_FOREACH_DEV(port_id) { + if ((enabled_port_mask & (1 << port_id)) == 0) + continue; + + sec_ctx = rte_eth_dev_get_sec_ctx(port_id); + if (sec_ctx == NULL) + continue; + + sz = rte_security_session_get_size(sec_ctx); + if (sz > max_sz) + max_sz = sz; + } + + return max_sz; +} + +static void +session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz) +{ + char mp_name[RTE_MEMPOOL_NAMESIZE]; + struct rte_mempool *sess_mp; + + snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, + "sess_mp_%u", socket_id); + sess_mp = rte_cryptodev_sym_session_pool_create( + mp_name, CDEV_MP_NB_OBJS, + sess_sz, CDEV_MP_CACHE_SZ, 0, + socket_id); + ctx->session_pool = sess_mp; + + if (ctx->session_pool == NULL) + rte_exit(EXIT_FAILURE, + "Cannot init session pool on socket %d\n", socket_id); + else + printf("Allocated session pool on socket %d\n", socket_id); +} + +static void +session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id, + size_t sess_sz) +{ + char mp_name[RTE_MEMPOOL_NAMESIZE]; + struct rte_mempool *sess_mp; + + snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, + "sess_mp_priv_%u", socket_id); + sess_mp = rte_mempool_create(mp_name, + CDEV_MP_NB_OBJS, + sess_sz, + CDEV_MP_CACHE_SZ, + 0, NULL, NULL, NULL, + NULL, socket_id, + 0); + ctx->session_priv_pool = sess_mp; + + if (ctx->session_priv_pool == NULL) + rte_exit(EXIT_FAILURE, + "Cannot init session priv pool on socket %d\n", + socket_id); + else + printf("Allocated session priv pool on socket %d\n", + socket_id); +} + static void pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf) { @@ -2345,8 +2359,8 @@ reassemble_lcore_init(struct lcore_conf *lc, uint32_t cid) /* create fragment table */ sid = rte_lcore_to_socket_id(cid); - frag_cycles = (rte_get_tsc_hz() + MS_PER_S - 1) / - MS_PER_S * FRAG_TTL_MS; + frag_cycles = (rte_get_tsc_hz() + NS_PER_S - 1) / + NS_PER_S * frag_ttl_ns; lc->frag.tbl = rte_ip_frag_table_create(frag_tbl_sz, FRAG_TBL_BUCKET_ENTRIES, frag_tbl_sz, frag_cycles, sid); @@ -2397,9 +2411,11 @@ main(int32_t argc, char **argv) { int32_t ret; uint32_t lcore_id; + uint32_t i; uint8_t socket_id; uint16_t portid; uint64_t req_rx_offloads, req_tx_offloads; + size_t sess_sz; /* init EAL */ ret = rte_eal_init(argc, argv); @@ -2413,6 +2429,14 @@ main(int32_t argc, char **argv) if (ret < 0) rte_exit(EXIT_FAILURE, "Invalid parameters\n"); + /* parse configuration file */ + if (parse_cfg_file(cfgfile) < 0) { + printf("parsing file \"%s\" failed\n", + optarg); + print_usage(argv[0]); + return -1; + } + if ((unprotected_port_mask & enabled_port_mask) != unprotected_port_mask) rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n", @@ -2427,7 +2451,8 @@ main(int32_t argc, char **argv) nb_lcores = rte_lcore_count(); - /* Replicate each context per socket */ + sess_sz = max_session_size(); + for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { if (rte_lcore_is_enabled(lcore_id) == 0) continue; @@ -2437,20 +2462,14 @@ main(int32_t argc, char **argv) else socket_id = 0; + /* mbuf_pool is initialised by the pool_init() function*/ if (socket_ctx[socket_id].mbuf_pool) continue; - /* initilaze SPD */ - sp4_init(&socket_ctx[socket_id], socket_id); - - sp6_init(&socket_ctx[socket_id], socket_id); - - /* initilaze SAD */ - sa_init(&socket_ctx[socket_id], socket_id); - - rt_init(&socket_ctx[socket_id], socket_id); - pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF); + session_pool_init(&socket_ctx[socket_id], socket_id, sess_sz); + session_priv_pool_init(&socket_ctx[socket_id], socket_id, + sess_sz); } RTE_ETH_FOREACH_DEV(portid) { @@ -2468,7 +2487,11 @@ main(int32_t argc, char **argv) if ((enabled_port_mask & (1 << portid)) == 0) continue; - /* Start device */ + /* + * Start device + * note: device must be started before a flow rule + * can be installed. + */ ret = rte_eth_dev_start(portid); if (ret < 0) rte_exit(EXIT_FAILURE, "rte_eth_dev_start: " @@ -2479,8 +2502,13 @@ main(int32_t argc, char **argv) * to itself through 2 cross-connected ports of the * target machine. */ - if (promiscuous_on) - rte_eth_promiscuous_enable(portid); + if (promiscuous_on) { + ret = rte_eth_promiscuous_enable(portid); + if (ret != 0) + rte_exit(EXIT_FAILURE, + "rte_eth_promiscuous_enable: err=%s, port=%d\n", + rte_strerror(-ret), portid); + } rte_eth_dev_callback_register(portid, RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL); @@ -2493,6 +2521,19 @@ main(int32_t argc, char **argv) rte_exit(EXIT_FAILURE, "failed at reassemble init"); } + /* Replicate each context per socket */ + for (i = 0; i < NB_SOCKETS && i < rte_socket_count(); i++) { + socket_id = rte_socket_id_by_idx(i); + if ((socket_ctx[socket_id].mbuf_pool != NULL) && + (socket_ctx[socket_id].sa_in == NULL) && + (socket_ctx[socket_id].sa_out == NULL)) { + sa_init(&socket_ctx[socket_id], socket_id); + sp4_init(&socket_ctx[socket_id], socket_id); + sp6_init(&socket_ctx[socket_id], socket_id); + rt_init(&socket_ctx[socket_id], socket_id); + } + } + check_all_ports_link_status(enabled_port_mask); /* launch per-lcore init on every lcore */