X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec.h;h=1efa6e4888234137302e75d399b89a8cd6dfb615;hb=47c90af0571502e17c2fce618abc677fc460d3ca;hp=9b87278c1ff9f29963913f8bd64c6a783bdf47d6;hpb=833e36b870d0c1074aab610bca7d8c8e15af329b;p=dpdk.git diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 9b87278c1f..1efa6e4888 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -11,6 +11,7 @@ #include #include #include +#include #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1 #define RTE_LOGTYPE_IPSEC_ESP RTE_LOGTYPE_USER2 @@ -40,10 +41,8 @@ #define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1)) #define INVALID_SPI (0) -#define DISCARD (0x80000000) -#define BYPASS (0x40000000) -#define PROTECT_MASK (0x3fffffff) -#define PROTECT(sa_idx) (SPI2IDX(sa_idx) & PROTECT_MASK) /* SA idx 30 bits */ +#define DISCARD INVALID_SPI +#define BYPASS UINT32_MAX #define IPSEC_XFORM_MAX 2 @@ -70,7 +69,20 @@ struct ip_addr { #define MAX_KEY_SIZE 32 +/* + * application wide SA parameters + */ +struct app_sa_prm { + uint32_t enable; /* use librte_ipsec API for ipsec pkt processing */ + uint32_t window_size; /* replay window size */ + uint32_t enable_esn; /* enable/disable ESN support */ + uint64_t flags; /* rte_ipsec_sa_prm.flags */ +}; + +extern struct app_sa_prm app_sa_prm; + struct ipsec_sa { + struct rte_ipsec_session ips; /* one session per sa for now */ uint32_t spi; uint32_t cdev_id_qp; uint64_t seq; @@ -89,6 +101,8 @@ struct ipsec_sa { #define IP4_TUNNEL (1 << 0) #define IP6_TUNNEL (1 << 1) #define TRANSPORT (1 << 2) +#define IP4_TRANSPORT (1 << 3) +#define IP6_TRANSPORT (1 << 4) struct ip_addr src; struct ip_addr dst; uint8_t cipher_key[MAX_KEY_SIZE]; @@ -127,6 +141,27 @@ struct ipsec_mbuf_metadata { uint8_t buf[32]; } __rte_cache_aligned; +#define IS_TRANSPORT(flags) ((flags) & TRANSPORT) + +#define IS_TUNNEL(flags) ((flags) & (IP4_TUNNEL | IP6_TUNNEL)) + +#define IS_IP4(flags) ((flags) & (IP4_TUNNEL | IP4_TRANSPORT)) + +#define IS_IP6(flags) ((flags) & (IP6_TUNNEL | IP6_TRANSPORT)) + +#define IS_IP4_TUNNEL(flags) ((flags) & IP4_TUNNEL) + +#define IS_IP6_TUNNEL(flags) ((flags) & IP6_TUNNEL) + +/* + * Macro for getting ipsec_sa flags statuses without version of protocol + * used for transport (IP4_TRANSPORT and IP6_TRANSPORT flags). + */ +#define WITHOUT_TRANSPORT_VERSION(flags) \ + ((flags) & (IP4_TUNNEL | \ + IP6_TUNNEL | \ + TRANSPORT)) + struct cdev_qp { uint16_t id; uint16_t qp; @@ -144,8 +179,11 @@ struct ipsec_ctx { uint16_t last_qp; struct cdev_qp tbl[MAX_QP_PER_LCORE]; struct rte_mempool *session_pool; + struct rte_mempool *session_priv_pool; struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *)); uint16_t ol_pkts_cnt; + uint64_t ipv4_offloads; + uint64_t ipv6_offloads; }; struct cdev_key { @@ -165,7 +203,9 @@ struct socket_ctx { struct rt_ctx *rt_ip4; struct rt_ctx *rt_ip6; struct rte_mempool *mbuf_pool; + struct rte_mempool *mbuf_pool_indir; struct rte_mempool *session_pool; + struct rte_mempool *session_priv_pool; }; struct cnt_blk { @@ -174,6 +214,20 @@ struct cnt_blk { uint32_t cnt; } __attribute__((packed)); +struct traffic_type { + const uint8_t *data[MAX_PKT_BURST * 2]; + struct rte_mbuf *pkts[MAX_PKT_BURST * 2]; + struct ipsec_sa *saptr[MAX_PKT_BURST * 2]; + uint32_t res[MAX_PKT_BURST * 2]; + uint32_t num; +}; + +struct ipsec_traffic { + struct traffic_type ipsec; + struct traffic_type ip4; + struct traffic_type ip6; +}; + uint16_t ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], uint16_t nb_pkts, uint16_t len); @@ -182,6 +236,20 @@ uint16_t ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], uint32_t sa_idx[], uint16_t nb_pkts, uint16_t len); +uint16_t +ipsec_inbound_cqp_dequeue(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], + uint16_t len); + +uint16_t +ipsec_outbound_cqp_dequeue(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], + uint16_t len); + +void +ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf); + +void +ipsec_cqp_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf); + static inline uint16_t ipsec_metadata_size(void) { @@ -191,7 +259,7 @@ ipsec_metadata_size(void) static inline struct ipsec_mbuf_metadata * get_priv(struct rte_mbuf *m) { - return RTE_PTR_ADD(m, sizeof(struct rte_mbuf)); + return rte_mbuf_to_priv(m); } static inline void * @@ -233,10 +301,46 @@ sp4_init(struct socket_ctx *ctx, int32_t socket_id); void sp6_init(struct socket_ctx *ctx, int32_t socket_id); +/* + * Search through SP rules for given SPI. + * Returns first rule index if found(greater or equal then zero), + * or -ENOENT otherwise. + */ +int +sp4_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2], + uint32_t mask[2]); +int +sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2], + uint32_t mask[2]); + +/* + * Search through SA entries for given SPI. + * Returns first entry index if found(greater or equal then zero), + * or -ENOENT otherwise. + */ +int +sa_spi_present(uint32_t spi, int inbound); + void sa_init(struct socket_ctx *ctx, int32_t socket_id); void rt_init(struct socket_ctx *ctx, int32_t socket_id); +int +sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads, + uint64_t *tx_offloads); + +int +add_dst_ethaddr(uint16_t port, const struct rte_ether_addr *addr); + +void +enqueue_cop_burst(struct cdev_qp *cqp); + +int +create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa); + +int +create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa); + #endif /* __IPSEC_H__ */