X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec.c;h=5fb5bc16e7bf08011d2143717106deff14617f7e;hb=72b75134b89667baf4aaf4fcb516ab6bc2b1ebd7;hp=a19acb039646bd4b2742c9218a12a653bef0dbb6;hpb=a4cde424aa89cab213e12dfbb93e47871fcfe5dc;p=dpdk.git diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index a19acb0396..5fb5bc16e7 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -113,6 +113,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) rte_eth_dev_get_sec_ctx( sa->portid); const struct rte_security_capability *sec_cap; + int ret = 0; sa->sec_session = rte_security_session_create(ctx, &sess_conf, ipsec_ctx->session_pool); @@ -165,7 +166,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) sa->pattern[2].type = RTE_FLOW_ITEM_TYPE_ESP; sa->pattern[2].spec = &sa->esp_spec; sa->pattern[2].mask = &rte_flow_item_esp_mask; - sa->esp_spec.hdr.spi = sa->spi; + sa->esp_spec.hdr.spi = rte_cpu_to_be_32(sa->spi); sa->pattern[3].type = RTE_FLOW_ITEM_TYPE_END; @@ -178,9 +179,72 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) RTE_SECURITY_IPSEC_SA_DIR_EGRESS); sa->attr.ingress = (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS); + if (sa->attr.ingress) { + uint8_t rss_key[40]; + struct rte_eth_rss_conf rss_conf = { + .rss_key = rss_key, + .rss_key_len = 40, + }; + struct rte_eth_dev *eth_dev; + union { + struct rte_flow_action_rss rss; + struct { + const struct rte_eth_rss_conf *rss_conf; + uint16_t num; + uint16_t queue[RTE_MAX_QUEUES_PER_PORT]; + } local; + } action_rss; + unsigned int i; + unsigned int j; + + sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; + /* Try RSS. */ + sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS; + sa->action[1].conf = &action_rss; + eth_dev = ctx->device; + rte_eth_dev_rss_hash_conf_get(sa->portid, + &rss_conf); + for (i = 0, j = 0; + i < eth_dev->data->nb_rx_queues; ++i) + if (eth_dev->data->rx_queues[i]) + action_rss.local.queue[j++] = i; + action_rss.local.num = j; + action_rss.local.rss_conf = &rss_conf; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + if (!ret) + goto flow_create; + /* Try Queue. */ + sa->action[1].type = RTE_FLOW_ACTION_TYPE_QUEUE; + sa->action[1].conf = + &(struct rte_flow_action_queue){ + .index = 0, + }; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + /* Try End. */ + sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; + sa->action[1].conf = NULL; + ret = rte_flow_validate(sa->portid, &sa->attr, + sa->pattern, sa->action, + &err); + if (ret) + goto flow_create_failure; + } else if (sa->attr.egress && + (sa->ol_flags & + RTE_SECURITY_TX_HW_TRAILER_OFFLOAD)) { + sa->action[1].type = + RTE_FLOW_ACTION_TYPE_PASSTHRU; + sa->action[2].type = + RTE_FLOW_ACTION_TYPE_END; + } +flow_create: sa->flow = rte_flow_create(sa->portid, &sa->attr, sa->pattern, sa->action, &err); if (sa->flow == NULL) { +flow_create_failure: RTE_LOG(ERR, IPSEC, "Failed to create ipsec flow msg: %s\n", err.message); @@ -310,7 +374,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, struct ipsec_mbuf_metadata *priv; struct rte_crypto_sym_op *sym_cop; struct ipsec_sa *sa; - struct cdev_qp *cqp; for (i = 0; i < nb_pkts; i++) { if (unlikely(sas[i] == NULL)) { @@ -373,8 +436,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, continue; } - cqp = &ipsec_ctx->tbl[sa->cdev_id_qp]; - cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i]; + ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i]; if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) rte_security_set_pkt_metadata( sa->security_ctx, @@ -401,8 +463,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, continue; } - cqp = &ipsec_ctx->tbl[sa->cdev_id_qp]; - cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i]; + ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i]; if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA) rte_security_set_pkt_metadata( sa->security_ctx, @@ -427,11 +488,10 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx, for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts;) { struct cdev_qp *cqp; - cqp = &ipsec_ctx->tbl[ipsec_ctx->last_qp]; - while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) { - pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt]; + while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) { + pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt]; rte_prefetch0(pkt); priv = get_priv(pkt); sa = priv->sa;