#include "misc.h"
#include "pad.h"
-typedef uint16_t (*esp_inb_process_t)(const struct rte_ipsec_sa *sa,
+typedef uint16_t (*esp_inb_process_t)(struct rte_ipsec_sa *sa,
struct rte_mbuf *mb[], uint32_t sqn[], uint32_t dr[], uint16_t num,
uint8_t sqh_len);
* *process* function for tunnel packets
*/
static inline uint16_t
-tun_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
+tun_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t sqh_len)
{
- uint32_t adj, i, k, tl;
+ uint32_t adj, i, k, tl, bytes;
uint32_t hl[num], to[num];
struct rte_esp_tail espt[num];
struct rte_mbuf *ml[num];
process_step1(mb[i], tlen, &ml[i], &espt[i], &hl[i], &to[i]);
k = 0;
+ bytes = 0;
for (i = 0; i != num; i++) {
adj = hl[i] + cofs;
tun_process_step3(mb[i], sa->tx_offload.msk,
sa->tx_offload.val);
k++;
+ bytes += mb[i]->pkt_len;
} else
dr[i - k] = i;
}
+ sa->statistics.count += k;
+ sa->statistics.bytes += bytes;
return k;
}
* *process* function for tunnel packets
*/
static inline uint16_t
-trs_process(const struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
+trs_process(struct rte_ipsec_sa *sa, struct rte_mbuf *mb[],
uint32_t sqn[], uint32_t dr[], uint16_t num, uint8_t sqh_len)
{
char *np;
- uint32_t i, k, l2, tl;
+ uint32_t i, k, l2, tl, bytes;
uint32_t hl[num], to[num];
struct rte_esp_tail espt[num];
struct rte_mbuf *ml[num];
process_step1(mb[i], tlen, &ml[i], &espt[i], &hl[i], &to[i]);
k = 0;
+ bytes = 0;
for (i = 0; i != num; i++) {
tl = tlen + espt[i].pad_len;
/* update mbuf's metadata */
trs_process_step3(mb[i]);
k++;
+ bytes += mb[i]->pkt_len;
} else
dr[i - k] = i;
}
+ sa->statistics.count += k;
+ sa->statistics.bytes += bytes;
return k;
}
esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
uint16_t num)
{
- uint32_t i, k, icv_len, *icv;
+ uint32_t i, k, icv_len, *icv, bytes;
struct rte_mbuf *ml;
struct rte_ipsec_sa *sa;
uint32_t dr[num];
k = 0;
icv_len = sa->icv_len;
+ bytes = 0;
for (i = 0; i != num; i++) {
if ((mb[i]->ol_flags & PKT_RX_SEC_OFFLOAD_FAILED) == 0) {
icv = rte_pktmbuf_mtod_offset(ml, void *,
ml->data_len - icv_len);
remove_sqh(icv, icv_len);
+ bytes += mb[i]->pkt_len;
k++;
} else
dr[i - k] = i;
}
+ sa->statistics.count += k;
+ sa->statistics.bytes += bytes;
/* handle unprocessed mbufs */
if (k != num) {
inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss,
struct rte_mbuf *mb[], uint16_t num)
{
- uint32_t i, ol_flags;
+ uint32_t i, ol_flags, bytes;
ol_flags = ss->security.ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA;
+ bytes = 0;
for (i = 0; i != num; i++) {
mb[i]->ol_flags |= PKT_TX_SEC_OFFLOAD;
+ bytes += mb[i]->pkt_len;
if (ol_flags != 0)
rte_security_set_pkt_metadata(ss->security.ctx,
ss->security.ses, mb[i], NULL);
}
+ ss->sa->statistics.count += num;
+ ss->sa->statistics.bytes += bytes;
}
/*
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2021 Intel Corporation
+ */
+
+#include <rte_ipsec.h>
+#include <rte_telemetry.h>
+#include <rte_malloc.h>
+#include "sa.h"
+
+
+struct ipsec_telemetry_entry {
+ LIST_ENTRY(ipsec_telemetry_entry) next;
+ const struct rte_ipsec_sa *sa;
+};
+static LIST_HEAD(ipsec_telemetry_head, ipsec_telemetry_entry)
+ ipsec_telemetry_list = LIST_HEAD_INITIALIZER();
+
+static int
+handle_telemetry_cmd_ipsec_sa_list(const char *cmd __rte_unused,
+ const char *params __rte_unused,
+ struct rte_tel_data *data)
+{
+ struct ipsec_telemetry_entry *entry;
+ rte_tel_data_start_array(data, RTE_TEL_U64_VAL);
+
+ LIST_FOREACH(entry, &ipsec_telemetry_list, next) {
+ const struct rte_ipsec_sa *sa = entry->sa;
+ rte_tel_data_add_array_u64(data, rte_be_to_cpu_32(sa->spi));
+ }
+
+ return 0;
+}
+
+/**
+ * Handle IPsec SA statistics telemetry request
+ *
+ * Return dict of SA's with dict of key/value counters
+ *
+ * {
+ * "SA_SPI_XX": {"count": 0, "bytes": 0, "errors": 0},
+ * "SA_SPI_YY": {"count": 0, "bytes": 0, "errors": 0}
+ * }
+ *
+ */
+static int
+handle_telemetry_cmd_ipsec_sa_stats(const char *cmd __rte_unused,
+ const char *params,
+ struct rte_tel_data *data)
+{
+ struct ipsec_telemetry_entry *entry;
+ const struct rte_ipsec_sa *sa;
+ uint32_t sa_spi = 0;
+
+ if (params) {
+ sa_spi = rte_cpu_to_be_32((uint32_t)strtoul(params, NULL, 0));
+ if (sa_spi == 0)
+ return -EINVAL;
+ }
+
+ rte_tel_data_start_dict(data);
+
+ LIST_FOREACH(entry, &ipsec_telemetry_list, next) {
+ char sa_name[64];
+ sa = entry->sa;
+ static const char *name_pkt_cnt = "count";
+ static const char *name_byte_cnt = "bytes";
+ static const char *name_error_cnt = "errors";
+ struct rte_tel_data *sa_data;
+
+ /* If user provided SPI only get telemetry for that SA */
+ if (sa_spi && (sa_spi != sa->spi))
+ continue;
+
+ /* allocate telemetry data struct for SA telemetry */
+ sa_data = rte_tel_data_alloc();
+ if (!sa_data)
+ return -ENOMEM;
+
+ rte_tel_data_start_dict(sa_data);
+
+ /* add telemetry key/values pairs */
+ rte_tel_data_add_dict_u64(sa_data, name_pkt_cnt,
+ sa->statistics.count);
+
+ rte_tel_data_add_dict_u64(sa_data, name_byte_cnt,
+ sa->statistics.bytes -
+ (sa->statistics.count * sa->hdr_len));
+
+ rte_tel_data_add_dict_u64(sa_data, name_error_cnt,
+ sa->statistics.errors.count);
+
+ /* generate telemetry label */
+ snprintf(sa_name, sizeof(sa_name), "SA_SPI_%i",
+ rte_be_to_cpu_32(sa->spi));
+
+ /* add SA telemetry to dictionary container */
+ rte_tel_data_add_dict_container(data, sa_name, sa_data, 0);
+ }
+
+ return 0;
+}
+
+static int
+handle_telemetry_cmd_ipsec_sa_details(const char *cmd __rte_unused,
+ const char *params,
+ struct rte_tel_data *data)
+{
+ struct ipsec_telemetry_entry *entry;
+ const struct rte_ipsec_sa *sa;
+ uint32_t sa_spi = 0;
+
+ if (params)
+ sa_spi = rte_cpu_to_be_32((uint32_t)strtoul(params, NULL, 0));
+ /* valid SPI needed */
+ if (sa_spi == 0)
+ return -EINVAL;
+
+
+ rte_tel_data_start_dict(data);
+
+ LIST_FOREACH(entry, &ipsec_telemetry_list, next) {
+ uint64_t mode;
+ sa = entry->sa;
+ if (sa_spi != sa->spi)
+ continue;
+
+ /* add SA configuration key/values pairs */
+ rte_tel_data_add_dict_string(data, "Type",
+ (sa->type & RTE_IPSEC_SATP_PROTO_MASK) ==
+ RTE_IPSEC_SATP_PROTO_AH ? "AH" : "ESP");
+
+ rte_tel_data_add_dict_string(data, "Direction",
+ (sa->type & RTE_IPSEC_SATP_DIR_MASK) ==
+ RTE_IPSEC_SATP_DIR_IB ? "Inbound" : "Outbound");
+
+ mode = sa->type & RTE_IPSEC_SATP_MODE_MASK;
+
+ if (mode == RTE_IPSEC_SATP_MODE_TRANS) {
+ rte_tel_data_add_dict_string(data, "Mode", "Transport");
+ } else {
+ rte_tel_data_add_dict_string(data, "Mode", "Tunnel");
+
+ if ((sa->type & RTE_IPSEC_SATP_NATT_MASK) ==
+ RTE_IPSEC_SATP_NATT_ENABLE) {
+ if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {
+ rte_tel_data_add_dict_string(data,
+ "Tunnel-Type",
+ "IPv4-UDP");
+ } else if (sa->type &
+ RTE_IPSEC_SATP_MODE_TUNLV6) {
+ rte_tel_data_add_dict_string(data,
+ "Tunnel-Type",
+ "IPv4-UDP");
+ }
+ } else {
+ if (sa->type & RTE_IPSEC_SATP_MODE_TUNLV4) {
+ rte_tel_data_add_dict_string(data,
+ "Tunnel-Type",
+ "IPv4-UDP");
+ } else if (sa->type &
+ RTE_IPSEC_SATP_MODE_TUNLV6) {
+ rte_tel_data_add_dict_string(data,
+ "Tunnel-Type",
+ "IPv4-UDP");
+ }
+ }
+ }
+
+ rte_tel_data_add_dict_string(data,
+ "extended-sequence-number",
+ (sa->type & RTE_IPSEC_SATP_ESN_MASK) ==
+ RTE_IPSEC_SATP_ESN_ENABLE ?
+ "enabled" : "disabled");
+
+ if ((sa->type & RTE_IPSEC_SATP_DIR_MASK) ==
+ RTE_IPSEC_SATP_DIR_IB)
+
+ if (sa->sqn.inb.rsn[sa->sqn.inb.rdidx])
+ rte_tel_data_add_dict_u64(data,
+ "sequence-number",
+ sa->sqn.inb.rsn[sa->sqn.inb.rdidx]->sqn);
+ else
+ rte_tel_data_add_dict_u64(data,
+ "sequence-number", 0);
+ else
+ rte_tel_data_add_dict_u64(data, "sequence-number",
+ sa->sqn.outb);
+
+ rte_tel_data_add_dict_string(data,
+ "explicit-congestion-notification",
+ (sa->type & RTE_IPSEC_SATP_ECN_MASK) ==
+ RTE_IPSEC_SATP_ECN_ENABLE ?
+ "enabled" : "disabled");
+
+ rte_tel_data_add_dict_string(data,
+ "copy-DSCP",
+ (sa->type & RTE_IPSEC_SATP_DSCP_MASK) ==
+ RTE_IPSEC_SATP_DSCP_ENABLE ?
+ "enabled" : "disabled");
+ }
+
+ return 0;
+}
+
+
+int
+rte_ipsec_telemetry_sa_add(const struct rte_ipsec_sa *sa)
+{
+ struct ipsec_telemetry_entry *entry = rte_zmalloc(NULL,
+ sizeof(struct ipsec_telemetry_entry), 0);
+ if (entry == NULL)
+ return -ENOMEM;
+ entry->sa = sa;
+ LIST_INSERT_HEAD(&ipsec_telemetry_list, entry, next);
+ return 0;
+}
+
+void
+rte_ipsec_telemetry_sa_del(const struct rte_ipsec_sa *sa)
+{
+ struct ipsec_telemetry_entry *entry;
+ LIST_FOREACH(entry, &ipsec_telemetry_list, next) {
+ if (sa == entry->sa) {
+ LIST_REMOVE(entry, next);
+ rte_free(entry);
+ return;
+ }
+ }
+}
+
+
+RTE_INIT(rte_ipsec_telemetry_init)
+{
+ rte_telemetry_register_cmd("/ipsec/sa/list",
+ handle_telemetry_cmd_ipsec_sa_list,
+ "Return list of IPsec SAs with telemetry enabled.");
+ rte_telemetry_register_cmd("/ipsec/sa/stats",
+ handle_telemetry_cmd_ipsec_sa_stats,
+ "Returns IPsec SA stastistics. Parameters: int sa_spi");
+ rte_telemetry_register_cmd("/ipsec/sa/details",
+ handle_telemetry_cmd_ipsec_sa_details,
+ "Returns IPsec SA configuration. Parameters: int sa_spi");
+}
git.droids-corp.org / dpdk.git / commitdiff