X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec-secgw.c;h=c94118ef5b47dde9d75451e077b73cf5b8afd95c;hb=89200580ef0f89ef247ca32e9299c670beb95cc0;hp=6bbb920f97f03b8de44f3d04f80a7860c9b1bddc;hpb=a9dbe180222680edf8c49e86791f972549ce5be3;p=dpdk.git

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 6bbb920f97..c94118ef5b 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -40,6 +40,7 @@
 #include <rte_hash.h>
 #include <rte_jhash.h>
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
 #include "ipsec.h"
 #include "parser.h"
@@ -58,10 +59,6 @@
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
-#define OPTION_CONFIG		"config"
-#define OPTION_SINGLE_SA	"single-sa"
-#define OPTION_CRYPTODEV_MASK	"cryptodev_mask"
-
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 
 #define NB_SOCKETS 4
@@ -124,6 +121,29 @@ struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS] = {
 	{ 0, ETHADDR(0x00, 0x16, 0x3e, 0x49, 0x9e, 0xdd) }
 };
 
+#define CMD_LINE_OPT_CONFIG		"config"
+#define CMD_LINE_OPT_SINGLE_SA		"single-sa"
+#define CMD_LINE_OPT_CRYPTODEV_MASK	"cryptodev_mask"
+
+enum {
+	/* long options mapped to a short option */
+
+	/* first long only option value must be >= 256, so that we won't
+	 * conflict with short options
+	 */
+	CMD_LINE_OPT_MIN_NUM = 256,
+	CMD_LINE_OPT_CONFIG_NUM,
+	CMD_LINE_OPT_SINGLE_SA_NUM,
+	CMD_LINE_OPT_CRYPTODEV_MASK_NUM,
+};
+
+static const struct option lgopts[] = {
+	{CMD_LINE_OPT_CONFIG, 1, 0, CMD_LINE_OPT_CONFIG_NUM},
+	{CMD_LINE_OPT_SINGLE_SA, 1, 0, CMD_LINE_OPT_SINGLE_SA_NUM},
+	{CMD_LINE_OPT_CRYPTODEV_MASK, 1, 0, CMD_LINE_OPT_CRYPTODEV_MASK_NUM},
+	{NULL, 0, 0, 0}
+};
+
 /* mask of enabled ports */
 static uint32_t enabled_port_mask;
 static uint64_t enabled_cryptodev_mask = UINT64_MAX;
@@ -924,20 +944,28 @@ init_lcore_rx_queues(void)
 static void
 print_usage(const char *prgname)
 {
-	printf("%s [EAL options] -- -p PORTMASK -P -u PORTMASK"
-		"  --"OPTION_CONFIG" (port,queue,lcore)[,(port,queue,lcore]"
-		" --single-sa SAIDX -f CONFIG_FILE\n"
-		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
-		"  -P : enable promiscuous mode\n"
-		"  -u PORTMASK: hexadecimal bitmask of unprotected ports\n"
-		"  -j FRAMESIZE: jumbo frame maximum size\n"
-		"  --"OPTION_CONFIG": (port,queue,lcore): "
-		"rx queues configuration\n"
-		"  --single-sa SAIDX: use single SA index for outbound, "
-		"bypassing the SP\n"
-		"  --cryptodev_mask MASK: hexadecimal bitmask of the "
-		"crypto devices to configure\n"
-		"  -f CONFIG_FILE: Configuration file path\n",
+	fprintf(stderr, "%s [EAL options] --"
+		" -p PORTMASK"
+		" [-P]"
+		" [-u PORTMASK]"
+		" [-j FRAMESIZE]"
+		" -f CONFIG_FILE"
+		" --config (port,queue,lcore)[,(port,queue,lcore)]"
+		" [--single-sa SAIDX]"
+		" [--cryptodev_mask MASK]"
+		"\n\n"
+		"  -p PORTMASK: Hexadecimal bitmask of ports to configure\n"
+		"  -P : Enable promiscuous mode\n"
+		"  -u PORTMASK: Hexadecimal bitmask of unprotected ports\n"
+		"  -j FRAMESIZE: Enable jumbo frame with 'FRAMESIZE' as maximum\n"
+		"                packet size\n"
+		"  -f CONFIG_FILE: Configuration file\n"
+		"  --config (port,queue,lcore): Rx queue configuration\n"
+		"  --single-sa SAIDX: Use single SA index for outbound traffic,\n"
+		"                     bypassing the SP\n"
+		"  --cryptodev_mask MASK: Hexadecimal bitmask of the crypto\n"
+		"                         devices to configure\n"
+		"\n",
 		prgname);
 }
 
@@ -1027,42 +1055,6 @@ parse_config(const char *q_arg)
 	return 0;
 }
 
-#define __STRNCMP(name, opt) (!strncmp(name, opt, sizeof(opt)))
-static int32_t
-parse_args_long_options(struct option *lgopts, int32_t option_index)
-{
-	int32_t ret = -1;
-	const char *optname = lgopts[option_index].name;
-
-	if (__STRNCMP(optname, OPTION_CONFIG)) {
-		ret = parse_config(optarg);
-		if (ret)
-			printf("invalid config\n");
-	}
-
-	if (__STRNCMP(optname, OPTION_SINGLE_SA)) {
-		ret = parse_decimal(optarg);
-		if (ret != -1) {
-			single_sa = 1;
-			single_sa_idx = ret;
-			printf("Configured with single SA index %u\n",
-					single_sa_idx);
-			ret = 0;
-		}
-	}
-
-	if (__STRNCMP(optname, OPTION_CRYPTODEV_MASK)) {
-		ret = parse_portmask(optarg);
-		if (ret != -1) {
-			enabled_cryptodev_mask = ret;
-			ret = 0;
-		}
-	}
-
-	return ret;
-}
-#undef __STRNCMP
-
 static int32_t
 parse_args(int32_t argc, char **argv)
 {
@@ -1070,12 +1062,6 @@ parse_args(int32_t argc, char **argv)
 	char **argvopt;
 	int32_t option_index;
 	char *prgname = argv[0];
-	static struct option lgopts[] = {
-		{OPTION_CONFIG, 1, 0, 0},
-		{OPTION_SINGLE_SA, 1, 0, 0},
-		{OPTION_CRYPTODEV_MASK, 1, 0, 0},
-		{NULL, 0, 0, 0}
-	};
 	int32_t f_present = 0;
 
 	argvopt = argv;
@@ -1136,11 +1122,38 @@ parse_args(int32_t argc, char **argv)
 			}
 			printf("Enabled jumbo frames size %u\n", frame_size);
 			break;
-		case 0:
-			if (parse_args_long_options(lgopts, option_index)) {
+		case CMD_LINE_OPT_CONFIG_NUM:
+			ret = parse_config(optarg);
+			if (ret) {
+				printf("Invalid config\n");
+				print_usage(prgname);
+				return -1;
+			}
+			break;
+		case CMD_LINE_OPT_SINGLE_SA_NUM:
+			ret = parse_decimal(optarg);
+			if (ret == -1) {
+				printf("Invalid argument[sa_idx]\n");
+				print_usage(prgname);
+				return -1;
+			}
+
+			/* else */
+			single_sa = 1;
+			single_sa_idx = ret;
+			printf("Configured with single SA index %u\n",
+					single_sa_idx);
+			break;
+		case CMD_LINE_OPT_CRYPTODEV_MASK_NUM:
+			ret = parse_portmask(optarg);
+			if (ret == -1) {
+				printf("Invalid argument[portmask]\n");
 				print_usage(prgname);
 				return -1;
 			}
+
+			/* else */
+			enabled_cryptodev_mask = ret;
 			break;
 		default:
 			print_usage(prgname);
@@ -1638,6 +1651,61 @@ pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
 		printf("Allocated mbuf pool on socket %d\n", socket_id);
 }
 
+static inline int
+inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, uint64_t md)
+{
+	struct ipsec_sa *sa;
+
+	/* For inline protocol processing, the metadata in the event will
+	 * uniquely identify the security session which raised the event.
+	 * Application would then need the userdata it had registered with the
+	 * security session to process the event.
+	 */
+
+	sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md);
+
+	if (sa == NULL) {
+		/* userdata could not be retrieved */
+		return -1;
+	}
+
+	/* Sequence number over flow. SA need to be re-established */
+	RTE_SET_USED(sa);
+	return 0;
+}
+
+static int
+inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
+		 void *param, void *ret_param)
+{
+	uint64_t md;
+	struct rte_eth_event_ipsec_desc *event_desc = NULL;
+	struct rte_security_ctx *ctx = (struct rte_security_ctx *)
+					rte_eth_dev_get_sec_ctx(port_id);
+
+	RTE_SET_USED(param);
+
+	if (type != RTE_ETH_EVENT_IPSEC)
+		return -1;
+
+	event_desc = ret_param;
+	if (event_desc == NULL) {
+		printf("Event descriptor not set\n");
+		return -1;
+	}
+
+	md = event_desc->metadata;
+
+	if (event_desc->subtype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW)
+		return inline_ipsec_event_esn_overflow(ctx, md);
+	else if (event_desc->subtype >= RTE_ETH_EVENT_IPSEC_MAX) {
+		printf("Invalid IPsec event reported\n");
+		return -1;
+	}
+
+	return -1;
+}
+
 int32_t
 main(int32_t argc, char **argv)
 {
@@ -1723,6 +1791,9 @@ main(int32_t argc, char **argv)
 		 */
 		if (promiscuous_on)
 			rte_eth_promiscuous_enable(portid);
+
+		rte_eth_dev_callback_register(portid,
+			RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL);
 	}
 
 	check_all_ports_link_status(enabled_port_mask);