X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=examples%2Fipsec-secgw%2Fipsec.h;h=ad96782cd4215ae510c4a3e19f0828e9c6155c05;hb=cef50fc6f1e2e3fe165793fdd8e1fcc113ac411c;hp=50037e2ed8a4116ee4934c5412a073f21ee14373;hpb=1f49ec153c8f91ee34c23e58c7443eb87f566b60;p=dpdk.git

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 50037e2ed8..ad96782cd4 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -37,7 +37,6 @@
 #include <stdint.h>
 
 #include <rte_byteorder.h>
-#include <rte_ip.h>
 #include <rte_crypto.h>
 
 #define RTE_LOGTYPE_IPSEC       RTE_LOGTYPE_USER1
@@ -47,27 +46,18 @@
 #define MAX_PKT_BURST 32
 #define MAX_QP_PER_LCORE 256
 
-#ifdef IPSEC_DEBUG
-#define IPSEC_ASSERT(exp)                                            \
-if (!(exp)) {                                                        \
-	rte_panic("line%d\tassert \"" #exp "\" failed\n", __LINE__); \
-}
-#else
-#define IPSEC_ASSERT(exp) do {} while (0)
-#endif /* IPSEC_DEBUG */
-
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
 #define uint32_t_to_char(ip, a, b, c, d) do {\
-		*a = (unsigned char)(ip >> 24 & 0xff);\
-		*b = (unsigned char)(ip >> 16 & 0xff);\
-		*c = (unsigned char)(ip >> 8 & 0xff);\
-		*d = (unsigned char)(ip & 0xff);\
+		*a = (uint8_t)(ip >> 24 & 0xff);\
+		*b = (uint8_t)(ip >> 16 & 0xff);\
+		*c = (uint8_t)(ip >> 8 & 0xff);\
+		*d = (uint8_t)(ip & 0xff);\
 	} while (0)
 
 #define DEFAULT_MAX_CATEGORIES	1
 
-#define IPSEC_SA_MAX_ENTRIES (64) /* must be power of 2, max 2 power 30 */
+#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */
 #define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1))
 #define INVALID_SPI (0)
 
@@ -78,6 +68,8 @@ if (!(exp)) {                                                        \
 
 #define IPSEC_XFORM_MAX 2
 
+#define IP6_VERSION (6)
+
 struct rte_crypto_xform;
 struct ipsec_xform;
 struct rte_cryptodev_session;
@@ -85,32 +77,51 @@ struct rte_mbuf;
 
 struct ipsec_sa;
 
-typedef int (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
+typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa,
 		struct rte_crypto_op *cop);
 
+struct ip_addr {
+	union {
+		uint32_t ip4;
+		union {
+			uint64_t ip6[2];
+			uint8_t ip6_b[16];
+		} ip6;
+	} ip;
+};
+
+#define MAX_KEY_SIZE		20
+
 struct ipsec_sa {
 	uint32_t spi;
 	uint32_t cdev_id_qp;
-	uint32_t src;
-	uint32_t dst;
+	uint64_t seq;
+	uint32_t salt;
 	struct rte_cryptodev_sym_session *crypto_session;
-	struct rte_crypto_sym_xform *xforms;
-	ipsec_xform_fn pre_crypto;
-	ipsec_xform_fn post_crypto;
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_auth_algorithm auth_algo;
 	uint16_t digest_len;
 	uint16_t iv_len;
 	uint16_t block_size;
 	uint16_t flags;
-	uint32_t seq;
+#define IP4_TUNNEL (1 << 0)
+#define IP6_TUNNEL (1 << 1)
+#define TRANSPORT  (1 << 2)
+	struct ip_addr src;
+	struct ip_addr dst;
+	uint8_t cipher_key[MAX_KEY_SIZE];
+	uint16_t cipher_key_len;
+	uint8_t auth_key[MAX_KEY_SIZE];
+	uint16_t auth_key_len;
+	struct rte_crypto_sym_xform *xforms;
 } __rte_cache_aligned;
 
 struct ipsec_mbuf_metadata {
+	uint8_t buf[32];
 	struct ipsec_sa *sa;
 	struct rte_crypto_op cop;
 	struct rte_crypto_sym_op sym_cop;
-};
+} __rte_cache_aligned;
 
 struct cdev_qp {
 	uint16_t id;
@@ -122,7 +133,8 @@ struct cdev_qp {
 
 struct ipsec_ctx {
 	struct rte_hash *cdev_map;
-	struct sp_ctx *sp_ctx;
+	struct sp_ctx *sp4_ctx;
+	struct sp_ctx *sp6_ctx;
 	struct sa_ctx *sa_ctx;
 	uint16_t nb_qps;
 	uint16_t last_qp;
@@ -136,14 +148,23 @@ struct cdev_key {
 };
 
 struct socket_ctx {
-	struct sa_ctx *sa_ipv4_in;
-	struct sa_ctx *sa_ipv4_out;
-	struct sp_ctx *sp_ipv4_in;
-	struct sp_ctx *sp_ipv4_out;
-	struct rt_ctx *rt_ipv4;
+	struct sa_ctx *sa_in;
+	struct sa_ctx *sa_out;
+	struct sp_ctx *sp_ip4_in;
+	struct sp_ctx *sp_ip4_out;
+	struct sp_ctx *sp_ip6_in;
+	struct sp_ctx *sp_ip6_out;
+	struct rt_ctx *rt_ip4;
+	struct rt_ctx *rt_ip6;
 	struct rte_mempool *mbuf_pool;
 };
 
+struct cnt_blk {
+	uint32_t salt;
+	uint64_t iv;
+	uint32_t cnt;
+} __attribute__((packed));
+
 uint16_t
 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[],
 		uint16_t nb_pkts, uint16_t len);
@@ -164,6 +185,20 @@ get_priv(struct rte_mbuf *m)
 	return RTE_PTR_ADD(m, sizeof(struct rte_mbuf));
 }
 
+static inline void *
+get_cnt_blk(struct rte_mbuf *m)
+{
+	struct ipsec_mbuf_metadata *priv = get_priv(m);
+
+	return &priv->buf[0];
+}
+
+static inline void *
+get_sym_cop(struct rte_crypto_op *cop)
+{
+	return (cop + 1);
+}
+
 int
 inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx);
 
@@ -176,12 +211,15 @@ outbound_sa_lookup(struct sa_ctx *sa_ctx, uint32_t sa_idx[],
 		struct ipsec_sa *sa[], uint16_t nb_pkts);
 
 void
-sp_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+sp4_init(struct socket_ctx *ctx, int32_t socket_id);
+
+void
+sp6_init(struct socket_ctx *ctx, int32_t socket_id);
 
 void
-sa_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+sa_init(struct socket_ctx *ctx, int32_t socket_id);
 
 void
-rt_init(struct socket_ctx *ctx, int socket_id, unsigned ep);
+rt_init(struct socket_ctx *ctx, int32_t socket_id);
 
 #endif /* __IPSEC_H__ */