examples/l2fwd-crypto/main.c

   1 /*-
   2  *   BSD LICENSE
   3  *
   4  *   Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
   5  *   All rights reserved.
   6  *
   7  *   Redistribution and use in source and binary forms, with or without
   8  *   modification, are permitted provided that the following conditions
   9  *   are met:
  10  *
  11  *     * Redistributions of source code must retain the above copyright
  12  *       notice, this list of conditions and the following disclaimer.
  13  *     * Redistributions in binary form must reproduce the above copyright
  14  *       notice, this list of conditions and the following disclaimer in
  15  *       the documentation and/or other materials provided with the
  16  *       distribution.
  17  *     * Neither the name of Intel Corporation nor the names of its
  18  *       contributors may be used to endorse or promote products derived
  19  *       from this software without specific prior written permission.
  20  *
  21  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  22  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  23  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  24  *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  25  *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  26  *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  27  *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  28  *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  29  *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  30  *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  31  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  32  */
  33
  34 #include <time.h>
  35 #include <stdio.h>
  36 #include <stdlib.h>
  37 #include <string.h>
  38 #include <stdint.h>
  39 #include <inttypes.h>
  40 #include <sys/types.h>
  41 #include <sys/queue.h>
  42 #include <netinet/in.h>
  43 #include <setjmp.h>
  44 #include <stdarg.h>
  45 #include <ctype.h>
  46 #include <errno.h>
  47 #include <getopt.h>
  48 #include <fcntl.h>
  49 #include <unistd.h>
  50
  51 #include <rte_atomic.h>
  52 #include <rte_branch_prediction.h>
  53 #include <rte_common.h>
  54 #include <rte_cryptodev.h>
  55 #include <rte_cycles.h>
  56 #include <rte_debug.h>
  57 #include <rte_eal.h>
  58 #include <rte_ether.h>
  59 #include <rte_ethdev.h>
  60 #include <rte_interrupts.h>
  61 #include <rte_ip.h>
  62 #include <rte_launch.h>
  63 #include <rte_lcore.h>
  64 #include <rte_log.h>
  65 #include <rte_malloc.h>
  66 #include <rte_mbuf.h>
  67 #include <rte_memcpy.h>
  68 #include <rte_memory.h>
  69 #include <rte_mempool.h>
  70 #include <rte_pci.h>
  71 #include <rte_per_lcore.h>
  72 #include <rte_prefetch.h>
  73 #include <rte_random.h>
  74 #include <rte_hexdump.h>
  75
  76 enum cdev_type {
  77         CDEV_TYPE_ANY,
  78         CDEV_TYPE_HW,
  79         CDEV_TYPE_SW
  80 };
  81
  82 #define RTE_LOGTYPE_L2FWD RTE_LOGTYPE_USER1
  83
  84 #define NB_MBUF   8192
  85
  86 #define MAX_STR_LEN 32
  87 #define MAX_KEY_SIZE 128
  88 #define MAX_IV_SIZE 16
  89 #define MAX_AAD_SIZE 65535
  90 #define MAX_PKT_BURST 32
  91 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
  92 #define MAX_SESSIONS 32
  93 #define SESSION_POOL_CACHE_SIZE 0
  94
  95 #define MAXIMUM_IV_LENGTH       16
  96 #define IV_OFFSET               (sizeof(struct rte_crypto_op) + \
  97                                 sizeof(struct rte_crypto_sym_op))
  98
  99 /*
 100  * Configurable number of RX/TX ring descriptors
 101  */
 102 #define RTE_TEST_RX_DESC_DEFAULT 128
 103 #define RTE_TEST_TX_DESC_DEFAULT 512
 104
 105 static uint16_t nb_rxd = RTE_TEST_RX_DESC_DEFAULT;
 106 static uint16_t nb_txd = RTE_TEST_TX_DESC_DEFAULT;
 107
 108 /* ethernet addresses of ports */
 109 static struct ether_addr l2fwd_ports_eth_addr[RTE_MAX_ETHPORTS];
 110
 111 /* mask of enabled ports */
 112 static uint64_t l2fwd_enabled_port_mask;
 113 static uint64_t l2fwd_enabled_crypto_mask;
 114
 115 /* list of enabled ports */
 116 static uint16_t l2fwd_dst_ports[RTE_MAX_ETHPORTS];
 117
 118
 119 struct pkt_buffer {
 120         unsigned len;
 121         struct rte_mbuf *buffer[MAX_PKT_BURST];
 122 };
 123
 124 struct op_buffer {
 125         unsigned len;
 126         struct rte_crypto_op *buffer[MAX_PKT_BURST];
 127 };
 128
 129 #define MAX_RX_QUEUE_PER_LCORE 16
 130 #define MAX_TX_QUEUE_PER_PORT 16
 131
 132 enum l2fwd_crypto_xform_chain {
 133         L2FWD_CRYPTO_CIPHER_HASH,
 134         L2FWD_CRYPTO_HASH_CIPHER,
 135         L2FWD_CRYPTO_CIPHER_ONLY,
 136         L2FWD_CRYPTO_HASH_ONLY,
 137         L2FWD_CRYPTO_AEAD
 138 };
 139
 140 struct l2fwd_key {
 141         uint8_t *data;
 142         uint32_t length;
 143         phys_addr_t phys_addr;
 144 };
 145
 146 struct l2fwd_iv {
 147         uint8_t *data;
 148         uint16_t length;
 149 };
 150
 151 /** l2fwd crypto application command line options */
 152 struct l2fwd_crypto_options {
 153         unsigned portmask;
 154         unsigned nb_ports_per_lcore;
 155         unsigned refresh_period;
 156         unsigned single_lcore:1;
 157
 158         enum cdev_type type;
 159         unsigned sessionless:1;
 160
 161         enum l2fwd_crypto_xform_chain xform_chain;
 162
 163         struct rte_crypto_sym_xform cipher_xform;
 164         unsigned ckey_param;
 165         int ckey_random_size;
 166
 167         struct l2fwd_iv cipher_iv;
 168         unsigned int cipher_iv_param;
 169         int cipher_iv_random_size;
 170
 171         struct rte_crypto_sym_xform auth_xform;
 172         uint8_t akey_param;
 173         int akey_random_size;
 174
 175         struct l2fwd_iv auth_iv;
 176         unsigned int auth_iv_param;
 177         int auth_iv_random_size;
 178
 179         struct rte_crypto_sym_xform aead_xform;
 180         unsigned int aead_key_param;
 181         int aead_key_random_size;
 182
 183         struct l2fwd_iv aead_iv;
 184         unsigned int aead_iv_param;
 185         int aead_iv_random_size;
 186
 187         struct l2fwd_key aad;
 188         unsigned aad_param;
 189         int aad_random_size;
 190
 191         int digest_size;
 192
 193         uint16_t block_size;
 194         char string_type[MAX_STR_LEN];
 195
 196         uint64_t cryptodev_mask;
 197
 198         unsigned int mac_updating;
 199 };
 200
 201 /** l2fwd crypto lcore params */
 202 struct l2fwd_crypto_params {
 203         uint8_t dev_id;
 204         uint8_t qp_id;
 205
 206         unsigned digest_length;
 207         unsigned block_size;
 208
 209         struct l2fwd_iv cipher_iv;
 210         struct l2fwd_iv auth_iv;
 211         struct l2fwd_iv aead_iv;
 212         struct l2fwd_key aad;
 213         struct rte_cryptodev_sym_session *session;
 214
 215         uint8_t do_cipher;
 216         uint8_t do_hash;
 217         uint8_t do_aead;
 218         uint8_t hash_verify;
 219
 220         enum rte_crypto_cipher_algorithm cipher_algo;
 221         enum rte_crypto_auth_algorithm auth_algo;
 222         enum rte_crypto_aead_algorithm aead_algo;
 223 };
 224
 225 /** lcore configuration */
 226 struct lcore_queue_conf {
 227         unsigned nb_rx_ports;
 228         uint16_t rx_port_list[MAX_RX_QUEUE_PER_LCORE];
 229
 230         unsigned nb_crypto_devs;
 231         unsigned cryptodev_list[MAX_RX_QUEUE_PER_LCORE];
 232
 233         struct op_buffer op_buf[RTE_CRYPTO_MAX_DEVS];
 234         struct pkt_buffer pkt_buf[RTE_MAX_ETHPORTS];
 235 } __rte_cache_aligned;
 236
 237 struct lcore_queue_conf lcore_queue_conf[RTE_MAX_LCORE];
 238
 239 static const struct rte_eth_conf port_conf = {
 240         .rxmode = {
 241                 .mq_mode = ETH_MQ_RX_NONE,
 242                 .max_rx_pkt_len = ETHER_MAX_LEN,
 243                 .split_hdr_size = 0,
 244                 .header_split   = 0, /**< Header Split disabled */
 245                 .hw_ip_checksum = 0, /**< IP checksum offload disabled */
 246                 .hw_vlan_filter = 0, /**< VLAN filtering disabled */
 247                 .jumbo_frame    = 0, /**< Jumbo Frame Support disabled */
 248                 .hw_strip_crc   = 1, /**< CRC stripped by hardware */
 249         },
 250         .txmode = {
 251                 .mq_mode = ETH_MQ_TX_NONE,
 252         },
 253 };
 254
 255 struct rte_mempool *l2fwd_pktmbuf_pool;
 256 struct rte_mempool *l2fwd_crypto_op_pool;
 257 struct rte_mempool *session_pool_socket[RTE_MAX_NUMA_NODES] = { 0 };
 258
 259 /* Per-port statistics struct */
 260 struct l2fwd_port_statistics {
 261         uint64_t tx;
 262         uint64_t rx;
 263
 264         uint64_t crypto_enqueued;
 265         uint64_t crypto_dequeued;
 266
 267         uint64_t dropped;
 268 } __rte_cache_aligned;
 269
 270 struct l2fwd_crypto_statistics {
 271         uint64_t enqueued;
 272         uint64_t dequeued;
 273
 274         uint64_t errors;
 275 } __rte_cache_aligned;
 276
 277 struct l2fwd_port_statistics port_statistics[RTE_MAX_ETHPORTS];
 278 struct l2fwd_crypto_statistics crypto_statistics[RTE_CRYPTO_MAX_DEVS];
 279
 280 /* A tsc-based timer responsible for triggering statistics printout */
 281 #define TIMER_MILLISECOND 2000000ULL /* around 1ms at 2 Ghz */
 282 #define MAX_TIMER_PERIOD 86400UL /* 1 day max */
 283
 284 /* default period is 10 seconds */
 285 static int64_t timer_period = 10 * TIMER_MILLISECOND * 1000;
 286
 287 /* Print out statistics on packets dropped */
 288 static void
 289 print_stats(void)
 290 {
 291         uint64_t total_packets_dropped, total_packets_tx, total_packets_rx;
 292         uint64_t total_packets_enqueued, total_packets_dequeued,
 293                 total_packets_errors;
 294         uint16_t portid;
 295         uint64_t cdevid;
 296
 297         total_packets_dropped = 0;
 298         total_packets_tx = 0;
 299         total_packets_rx = 0;
 300         total_packets_enqueued = 0;
 301         total_packets_dequeued = 0;
 302         total_packets_errors = 0;
 303
 304         const char clr[] = { 27, '[', '2', 'J', '\0' };
 305         const char topLeft[] = { 27, '[', '1', ';', '1', 'H', '\0' };
 306
 307                 /* Clear screen and move to top left */
 308         printf("%s%s", clr, topLeft);
 309
 310         printf("\nPort statistics ====================================");
 311
 312         for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
 313                 /* skip disabled ports */
 314                 if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
 315                         continue;
 316                 printf("\nStatistics for port %u ------------------------------"
 317                            "\nPackets sent: %32"PRIu64
 318                            "\nPackets received: %28"PRIu64
 319                            "\nPackets dropped: %29"PRIu64,
 320                            portid,
 321                            port_statistics[portid].tx,
 322                            port_statistics[portid].rx,
 323                            port_statistics[portid].dropped);
 324
 325                 total_packets_dropped += port_statistics[portid].dropped;
 326                 total_packets_tx += port_statistics[portid].tx;
 327                 total_packets_rx += port_statistics[portid].rx;
 328         }
 329         printf("\nCrypto statistics ==================================");
 330
 331         for (cdevid = 0; cdevid < RTE_CRYPTO_MAX_DEVS; cdevid++) {
 332                 /* skip disabled ports */
 333                 if ((l2fwd_enabled_crypto_mask & (((uint64_t)1) << cdevid)) == 0)
 334                         continue;
 335                 printf("\nStatistics for cryptodev %"PRIu64
 336                                 " -------------------------"
 337                            "\nPackets enqueued: %28"PRIu64
 338                            "\nPackets dequeued: %28"PRIu64
 339                            "\nPackets errors: %30"PRIu64,
 340                            cdevid,
 341                            crypto_statistics[cdevid].enqueued,
 342                            crypto_statistics[cdevid].dequeued,
 343                            crypto_statistics[cdevid].errors);
 344
 345                 total_packets_enqueued += crypto_statistics[cdevid].enqueued;
 346                 total_packets_dequeued += crypto_statistics[cdevid].dequeued;
 347                 total_packets_errors += crypto_statistics[cdevid].errors;
 348         }
 349         printf("\nAggregate statistics ==============================="
 350                    "\nTotal packets received: %22"PRIu64
 351                    "\nTotal packets enqueued: %22"PRIu64
 352                    "\nTotal packets dequeued: %22"PRIu64
 353                    "\nTotal packets sent: %26"PRIu64
 354                    "\nTotal packets dropped: %23"PRIu64
 355                    "\nTotal packets crypto errors: %17"PRIu64,
 356                    total_packets_rx,
 357                    total_packets_enqueued,
 358                    total_packets_dequeued,
 359                    total_packets_tx,
 360                    total_packets_dropped,
 361                    total_packets_errors);
 362         printf("\n====================================================\n");
 363 }
 364
 365 static int
 366 l2fwd_crypto_send_burst(struct lcore_queue_conf *qconf, unsigned n,
 367                 struct l2fwd_crypto_params *cparams)
 368 {
 369         struct rte_crypto_op **op_buffer;
 370         unsigned ret;
 371
 372         op_buffer = (struct rte_crypto_op **)
 373                         qconf->op_buf[cparams->dev_id].buffer;
 374
 375         ret = rte_cryptodev_enqueue_burst(cparams->dev_id,
 376                         cparams->qp_id, op_buffer, (uint16_t) n);
 377
 378         crypto_statistics[cparams->dev_id].enqueued += ret;
 379         if (unlikely(ret < n)) {
 380                 crypto_statistics[cparams->dev_id].errors += (n - ret);
 381                 do {
 382                         rte_pktmbuf_free(op_buffer[ret]->sym->m_src);
 383                         rte_crypto_op_free(op_buffer[ret]);
 384                 } while (++ret < n);
 385         }
 386
 387         return 0;
 388 }
 389
 390 static int
 391 l2fwd_crypto_enqueue(struct rte_crypto_op *op,
 392                 struct l2fwd_crypto_params *cparams)
 393 {
 394         unsigned lcore_id, len;
 395         struct lcore_queue_conf *qconf;
 396
 397         lcore_id = rte_lcore_id();
 398
 399         qconf = &lcore_queue_conf[lcore_id];
 400         len = qconf->op_buf[cparams->dev_id].len;
 401         qconf->op_buf[cparams->dev_id].buffer[len] = op;
 402         len++;
 403
 404         /* enough ops to be sent */
 405         if (len == MAX_PKT_BURST) {
 406                 l2fwd_crypto_send_burst(qconf, MAX_PKT_BURST, cparams);
 407                 len = 0;
 408         }
 409
 410         qconf->op_buf[cparams->dev_id].len = len;
 411         return 0;
 412 }
 413
 414 static int
 415 l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 416                 struct rte_crypto_op *op,
 417                 struct l2fwd_crypto_params *cparams)
 418 {
 419         struct ether_hdr *eth_hdr;
 420         struct ipv4_hdr *ip_hdr;
 421
 422         uint32_t ipdata_offset, data_len;
 423         uint32_t pad_len = 0;
 424         char *padding;
 425
 426         eth_hdr = rte_pktmbuf_mtod(m, struct ether_hdr *);
 427
 428         if (eth_hdr->ether_type != rte_cpu_to_be_16(ETHER_TYPE_IPv4))
 429                 return -1;
 430
 431         ipdata_offset = sizeof(struct ether_hdr);
 432
 433         ip_hdr = (struct ipv4_hdr *)(rte_pktmbuf_mtod(m, char *) +
 434                         ipdata_offset);
 435
 436         ipdata_offset += (ip_hdr->version_ihl & IPV4_HDR_IHL_MASK)
 437                         * IPV4_IHL_MULTIPLIER;
 438
 439
 440         /* Zero pad data to be crypto'd so it is block aligned */
 441         data_len  = rte_pktmbuf_data_len(m) - ipdata_offset;
 442
 443         if (cparams->do_hash && cparams->hash_verify)
 444                 data_len -= cparams->digest_length;
 445
 446         if (cparams->do_cipher) {
 447                 /*
 448                  * Following algorithms are block cipher algorithms,
 449                  * and might need padding
 450                  */
 451                 switch (cparams->cipher_algo) {
 452                 case RTE_CRYPTO_CIPHER_AES_CBC:
 453                 case RTE_CRYPTO_CIPHER_AES_ECB:
 454                 case RTE_CRYPTO_CIPHER_DES_CBC:
 455                 case RTE_CRYPTO_CIPHER_3DES_CBC:
 456                 case RTE_CRYPTO_CIPHER_3DES_ECB:
 457                         if (data_len % cparams->block_size)
 458                                 pad_len = cparams->block_size -
 459                                         (data_len % cparams->block_size);
 460                         break;
 461                 default:
 462                         pad_len = 0;
 463                 }
 464
 465                 if (pad_len) {
 466                         padding = rte_pktmbuf_append(m, pad_len);
 467                         if (unlikely(!padding))
 468                                 return -1;
 469
 470                         data_len += pad_len;
 471                         memset(padding, 0, pad_len);
 472                 }
 473         }
 474
 475         /* Set crypto operation data parameters */
 476         rte_crypto_op_attach_sym_session(op, cparams->session);
 477
 478         if (cparams->do_hash) {
 479                 if (cparams->auth_iv.length) {
 480                         uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op,
 481                                                 uint8_t *,
 482                                                 IV_OFFSET +
 483                                                 cparams->cipher_iv.length);
 484                         /*
 485                          * Copy IV at the end of the crypto operation,
 486                          * after the cipher IV, if added
 487                          */
 488                         rte_memcpy(iv_ptr, cparams->auth_iv.data,
 489                                         cparams->auth_iv.length);
 490                 }
 491                 if (!cparams->hash_verify) {
 492                         /* Append space for digest to end of packet */
 493                         op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
 494                                 cparams->digest_length);
 495                 } else {
 496                         op->sym->auth.digest.data = rte_pktmbuf_mtod(m,
 497                                 uint8_t *) + ipdata_offset + data_len;
 498                 }
 499
 500                 op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 501                                 rte_pktmbuf_pkt_len(m) - cparams->digest_length);
 502
 503                 /* For wireless algorithms, offset/length must be in bits */
 504                 if (cparams->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
 505                                 cparams->auth_algo == RTE_CRYPTO_AUTH_KASUMI_F9 ||
 506                                 cparams->auth_algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 507                         op->sym->auth.data.offset = ipdata_offset << 3;
 508                         op->sym->auth.data.length = data_len << 3;
 509                 } else {
 510                         op->sym->auth.data.offset = ipdata_offset;
 511                         op->sym->auth.data.length = data_len;
 512                 }
 513         }
 514
 515         if (cparams->do_cipher) {
 516                 uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 517                                                         IV_OFFSET);
 518                 /* Copy IV at the end of the crypto operation */
 519                 rte_memcpy(iv_ptr, cparams->cipher_iv.data,
 520                                 cparams->cipher_iv.length);
 521
 522                 /* For wireless algorithms, offset/length must be in bits */
 523                 if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 524                                 cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 525                                 cparams->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
 526                         op->sym->cipher.data.offset = ipdata_offset << 3;
 527                         op->sym->cipher.data.length = data_len << 3;
 528                 } else {
 529                         op->sym->cipher.data.offset = ipdata_offset;
 530                         op->sym->cipher.data.length = data_len;
 531                 }
 532         }
 533
 534         if (cparams->do_aead) {
 535                 uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 536                                                         IV_OFFSET);
 537                 /* Copy IV at the end of the crypto operation */
 538                 /*
 539                  * If doing AES-CCM, nonce is copied one byte
 540                  * after the start of IV field
 541                  */
 542                 if (cparams->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
 543                         rte_memcpy(iv_ptr + 1, cparams->aead_iv.data,
 544                                         cparams->aead_iv.length);
 545                 else
 546                         rte_memcpy(iv_ptr, cparams->aead_iv.data,
 547                                         cparams->aead_iv.length);
 548
 549                 op->sym->aead.data.offset = ipdata_offset;
 550                 op->sym->aead.data.length = data_len;
 551
 552                 if (!cparams->hash_verify) {
 553                         /* Append space for digest to end of packet */
 554                         op->sym->aead.digest.data = (uint8_t *)rte_pktmbuf_append(m,
 555                                 cparams->digest_length);
 556                 } else {
 557                         op->sym->aead.digest.data = rte_pktmbuf_mtod(m,
 558                                 uint8_t *) + ipdata_offset + data_len;
 559                 }
 560
 561                 op->sym->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 562                                 rte_pktmbuf_pkt_len(m) - cparams->digest_length);
 563
 564                 if (cparams->aad.length) {
 565                         op->sym->aead.aad.data = cparams->aad.data;
 566                         op->sym->aead.aad.phys_addr = cparams->aad.phys_addr;
 567                 }
 568         }
 569
 570         op->sym->m_src = m;
 571
 572         return l2fwd_crypto_enqueue(op, cparams);
 573 }
 574
 575
 576 /* Send the burst of packets on an output interface */
 577 static int
 578 l2fwd_send_burst(struct lcore_queue_conf *qconf, unsigned n,
 579                 uint16_t port)
 580 {
 581         struct rte_mbuf **pkt_buffer;
 582         unsigned ret;
 583
 584         pkt_buffer = (struct rte_mbuf **)qconf->pkt_buf[port].buffer;
 585
 586         ret = rte_eth_tx_burst(port, 0, pkt_buffer, (uint16_t)n);
 587         port_statistics[port].tx += ret;
 588         if (unlikely(ret < n)) {
 589                 port_statistics[port].dropped += (n - ret);
 590                 do {
 591                         rte_pktmbuf_free(pkt_buffer[ret]);
 592                 } while (++ret < n);
 593         }
 594
 595         return 0;
 596 }
 597
 598 /* Enqueue packets for TX and prepare them to be sent */
 599 static int
 600 l2fwd_send_packet(struct rte_mbuf *m, uint16_t port)
 601 {
 602         unsigned lcore_id, len;
 603         struct lcore_queue_conf *qconf;
 604
 605         lcore_id = rte_lcore_id();
 606
 607         qconf = &lcore_queue_conf[lcore_id];
 608         len = qconf->pkt_buf[port].len;
 609         qconf->pkt_buf[port].buffer[len] = m;
 610         len++;
 611
 612         /* enough pkts to be sent */
 613         if (unlikely(len == MAX_PKT_BURST)) {
 614                 l2fwd_send_burst(qconf, MAX_PKT_BURST, port);
 615                 len = 0;
 616         }
 617
 618         qconf->pkt_buf[port].len = len;
 619         return 0;
 620 }
 621
 622 static void
 623 l2fwd_mac_updating(struct rte_mbuf *m, uint16_t dest_portid)
 624 {
 625         struct ether_hdr *eth;
 626         void *tmp;
 627
 628         eth = rte_pktmbuf_mtod(m, struct ether_hdr *);
 629
 630         /* 02:00:00:00:00:xx */
 631         tmp = &eth->d_addr.addr_bytes[0];
 632         *((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dest_portid << 40);
 633
 634         /* src addr */
 635         ether_addr_copy(&l2fwd_ports_eth_addr[dest_portid], &eth->s_addr);
 636 }
 637
 638 static void
 639 l2fwd_simple_forward(struct rte_mbuf *m, uint16_t portid,
 640                 struct l2fwd_crypto_options *options)
 641 {
 642         uint16_t dst_port;
 643
 644         dst_port = l2fwd_dst_ports[portid];
 645
 646         if (options->mac_updating)
 647                 l2fwd_mac_updating(m, dst_port);
 648
 649         l2fwd_send_packet(m, dst_port);
 650 }
 651
 652 /** Generate random key */
 653 static void
 654 generate_random_key(uint8_t *key, unsigned length)
 655 {
 656         int fd;
 657         int ret;
 658
 659         fd = open("/dev/urandom", O_RDONLY);
 660         if (fd < 0)
 661                 rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 662
 663         ret = read(fd, key, length);
 664         close(fd);
 665
 666         if (ret != (signed)length)
 667                 rte_exit(EXIT_FAILURE, "Failed to generate random key\n");
 668 }
 669
 670 static struct rte_cryptodev_sym_session *
 671 initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 672 {
 673         struct rte_crypto_sym_xform *first_xform;
 674         struct rte_cryptodev_sym_session *session;
 675         int retval = rte_cryptodev_socket_id(cdev_id);
 676
 677         if (retval < 0)
 678                 return NULL;
 679
 680         uint8_t socket_id = (uint8_t) retval;
 681         struct rte_mempool *sess_mp = session_pool_socket[socket_id];
 682
 683         if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
 684                 first_xform = &options->aead_xform;
 685         } else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
 686                 first_xform = &options->cipher_xform;
 687                 first_xform->next = &options->auth_xform;
 688         } else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {
 689                 first_xform = &options->auth_xform;
 690                 first_xform->next = &options->cipher_xform;
 691         } else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
 692                 first_xform = &options->cipher_xform;
 693         } else {
 694                 first_xform = &options->auth_xform;
 695         }
 696
 697         session = rte_cryptodev_sym_session_create(sess_mp);
 698
 699         if (session == NULL)
 700                 return NULL;
 701
 702         if (rte_cryptodev_sym_session_init(cdev_id, session,
 703                                 first_xform, sess_mp) < 0)
 704                 return NULL;
 705
 706         return session;
 707 }
 708
 709 static void
 710 l2fwd_crypto_options_print(struct l2fwd_crypto_options *options);
 711
 712 /* main processing loop */
 713 static void
 714 l2fwd_main_loop(struct l2fwd_crypto_options *options)
 715 {
 716         struct rte_mbuf *m, *pkts_burst[MAX_PKT_BURST];
 717         struct rte_crypto_op *ops_burst[MAX_PKT_BURST];
 718
 719         unsigned lcore_id = rte_lcore_id();
 720         uint64_t prev_tsc = 0, diff_tsc, cur_tsc, timer_tsc = 0;
 721         unsigned int i, j, nb_rx, len;
 722         uint16_t portid;
 723         struct lcore_queue_conf *qconf = &lcore_queue_conf[lcore_id];
 724         const uint64_t drain_tsc = (rte_get_tsc_hz() + US_PER_S - 1) /
 725                         US_PER_S * BURST_TX_DRAIN_US;
 726         struct l2fwd_crypto_params *cparams;
 727         struct l2fwd_crypto_params port_cparams[qconf->nb_crypto_devs];
 728         struct rte_cryptodev_sym_session *session;
 729
 730         if (qconf->nb_rx_ports == 0) {
 731                 RTE_LOG(INFO, L2FWD, "lcore %u has nothing to do\n", lcore_id);
 732                 return;
 733         }
 734
 735         RTE_LOG(INFO, L2FWD, "entering main loop on lcore %u\n", lcore_id);
 736
 737         for (i = 0; i < qconf->nb_rx_ports; i++) {
 738
 739                 portid = qconf->rx_port_list[i];
 740                 RTE_LOG(INFO, L2FWD, " -- lcoreid=%u portid=%u\n", lcore_id,
 741                         portid);
 742         }
 743
 744         for (i = 0; i < qconf->nb_crypto_devs; i++) {
 745                 port_cparams[i].do_cipher = 0;
 746                 port_cparams[i].do_hash = 0;
 747                 port_cparams[i].do_aead = 0;
 748
 749                 switch (options->xform_chain) {
 750                 case L2FWD_CRYPTO_AEAD:
 751                         port_cparams[i].do_aead = 1;
 752                         break;
 753                 case L2FWD_CRYPTO_CIPHER_HASH:
 754                 case L2FWD_CRYPTO_HASH_CIPHER:
 755                         port_cparams[i].do_cipher = 1;
 756                         port_cparams[i].do_hash = 1;
 757                         break;
 758                 case L2FWD_CRYPTO_HASH_ONLY:
 759                         port_cparams[i].do_hash = 1;
 760                         break;
 761                 case L2FWD_CRYPTO_CIPHER_ONLY:
 762                         port_cparams[i].do_cipher = 1;
 763                         break;
 764                 }
 765
 766                 port_cparams[i].dev_id = qconf->cryptodev_list[i];
 767                 port_cparams[i].qp_id = 0;
 768
 769                 port_cparams[i].block_size = options->block_size;
 770
 771                 if (port_cparams[i].do_hash) {
 772                         port_cparams[i].auth_iv.data = options->auth_iv.data;
 773                         port_cparams[i].auth_iv.length = options->auth_iv.length;
 774                         if (!options->auth_iv_param)
 775                                 generate_random_key(port_cparams[i].auth_iv.data,
 776                                                 port_cparams[i].auth_iv.length);
 777                         if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
 778                                 port_cparams[i].hash_verify = 1;
 779                         else
 780                                 port_cparams[i].hash_verify = 0;
 781
 782                         port_cparams[i].auth_algo = options->auth_xform.auth.algo;
 783                         port_cparams[i].digest_length =
 784                                         options->auth_xform.auth.digest_length;
 785                         /* Set IV parameters */
 786                         if (options->auth_iv.length) {
 787                                 options->auth_xform.auth.iv.offset =
 788                                         IV_OFFSET + options->cipher_iv.length;
 789                                 options->auth_xform.auth.iv.length =
 790                                         options->auth_iv.length;
 791                         }
 792                 }
 793
 794                 if (port_cparams[i].do_aead) {
 795                         port_cparams[i].aead_iv.data = options->aead_iv.data;
 796                         port_cparams[i].aead_iv.length = options->aead_iv.length;
 797                         if (!options->aead_iv_param)
 798                                 generate_random_key(port_cparams[i].aead_iv.data,
 799                                                 port_cparams[i].aead_iv.length);
 800                         port_cparams[i].aead_algo = options->aead_xform.aead.algo;
 801                         port_cparams[i].digest_length =
 802                                         options->aead_xform.aead.digest_length;
 803                         if (options->aead_xform.aead.aad_length) {
 804                                 port_cparams[i].aad.data = options->aad.data;
 805                                 port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 806                                 port_cparams[i].aad.length = options->aad.length;
 807                                 if (!options->aad_param)
 808                                         generate_random_key(port_cparams[i].aad.data,
 809                                                 port_cparams[i].aad.length);
 810                                 /*
 811                                  * If doing AES-CCM, first 18 bytes has to be reserved,
 812                                  * and actual AAD should start from byte 18
 813                                  */
 814                                 if (port_cparams[i].aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
 815                                         memmove(port_cparams[i].aad.data + 18,
 816                                                         port_cparams[i].aad.data,
 817                                                         port_cparams[i].aad.length);
 818
 819                         } else
 820                                 port_cparams[i].aad.length = 0;
 821
 822                         if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_DECRYPT)
 823                                 port_cparams[i].hash_verify = 1;
 824                         else
 825                                 port_cparams[i].hash_verify = 0;
 826
 827                         /* Set IV parameters */
 828                         options->aead_xform.aead.iv.offset = IV_OFFSET;
 829                         options->aead_xform.aead.iv.length = options->aead_iv.length;
 830                 }
 831
 832                 if (port_cparams[i].do_cipher) {
 833                         port_cparams[i].cipher_iv.data = options->cipher_iv.data;
 834                         port_cparams[i].cipher_iv.length = options->cipher_iv.length;
 835                         if (!options->cipher_iv_param)
 836                                 generate_random_key(port_cparams[i].cipher_iv.data,
 837                                                 port_cparams[i].cipher_iv.length);
 838
 839                         port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 840                         /* Set IV parameters */
 841                         options->cipher_xform.cipher.iv.offset = IV_OFFSET;
 842                         options->cipher_xform.cipher.iv.length =
 843                                                 options->cipher_iv.length;
 844                 }
 845
 846                 session = initialize_crypto_session(options,
 847                                 port_cparams[i].dev_id);
 848                 if (session == NULL)
 849                         rte_exit(EXIT_FAILURE, "Failed to initialize crypto session\n");
 850
 851                 port_cparams[i].session = session;
 852
 853                 RTE_LOG(INFO, L2FWD, " -- lcoreid=%u cryptoid=%u\n", lcore_id,
 854                                 port_cparams[i].dev_id);
 855         }
 856
 857         l2fwd_crypto_options_print(options);
 858
 859         /*
 860          * Initialize previous tsc timestamp before the loop,
 861          * to avoid showing the port statistics immediately,
 862          * so user can see the crypto information.
 863          */
 864         prev_tsc = rte_rdtsc();
 865         while (1) {
 866
 867                 cur_tsc = rte_rdtsc();
 868
 869                 /*
 870                  * Crypto device/TX burst queue drain
 871                  */
 872                 diff_tsc = cur_tsc - prev_tsc;
 873                 if (unlikely(diff_tsc > drain_tsc)) {
 874                         /* Enqueue all crypto ops remaining in buffers */
 875                         for (i = 0; i < qconf->nb_crypto_devs; i++) {
 876                                 cparams = &port_cparams[i];
 877                                 len = qconf->op_buf[cparams->dev_id].len;
 878                                 l2fwd_crypto_send_burst(qconf, len, cparams);
 879                                 qconf->op_buf[cparams->dev_id].len = 0;
 880                         }
 881                         /* Transmit all packets remaining in buffers */
 882                         for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
 883                                 if (qconf->pkt_buf[portid].len == 0)
 884                                         continue;
 885                                 l2fwd_send_burst(&lcore_queue_conf[lcore_id],
 886                                                  qconf->pkt_buf[portid].len,
 887                                                  portid);
 888                                 qconf->pkt_buf[portid].len = 0;
 889                         }
 890
 891                         /* if timer is enabled */
 892                         if (timer_period > 0) {
 893
 894                                 /* advance the timer */
 895                                 timer_tsc += diff_tsc;
 896
 897                                 /* if timer has reached its timeout */
 898                                 if (unlikely(timer_tsc >=
 899                                                 (uint64_t)timer_period)) {
 900
 901                                         /* do this only on master core */
 902                                         if (lcore_id == rte_get_master_lcore()
 903                                                 && options->refresh_period) {
 904                                                 print_stats();
 905                                                 timer_tsc = 0;
 906                                         }
 907                                 }
 908                         }
 909
 910                         prev_tsc = cur_tsc;
 911                 }
 912
 913                 /*
 914                  * Read packet from RX queues
 915                  */
 916                 for (i = 0; i < qconf->nb_rx_ports; i++) {
 917                         portid = qconf->rx_port_list[i];
 918
 919                         cparams = &port_cparams[i];
 920
 921                         nb_rx = rte_eth_rx_burst(portid, 0,
 922                                                  pkts_burst, MAX_PKT_BURST);
 923
 924                         port_statistics[portid].rx += nb_rx;
 925
 926                         if (nb_rx) {
 927                                 /*
 928                                  * If we can't allocate a crypto_ops, then drop
 929                                  * the rest of the burst and dequeue and
 930                                  * process the packets to free offload structs
 931                                  */
 932                                 if (rte_crypto_op_bulk_alloc(
 933                                                 l2fwd_crypto_op_pool,
 934                                                 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 935                                                 ops_burst, nb_rx) !=
 936                                                                 nb_rx) {
 937                                         for (j = 0; j < nb_rx; j++)
 938                                                 rte_pktmbuf_free(pkts_burst[j]);
 939
 940                                         nb_rx = 0;
 941                                 }
 942
 943                                 /* Enqueue packets from Crypto device*/
 944                                 for (j = 0; j < nb_rx; j++) {
 945                                         m = pkts_burst[j];
 946
 947                                         l2fwd_simple_crypto_enqueue(m,
 948                                                         ops_burst[j], cparams);
 949                                 }
 950                         }
 951
 952                         /* Dequeue packets from Crypto device */
 953                         do {
 954                                 nb_rx = rte_cryptodev_dequeue_burst(
 955                                                 cparams->dev_id, cparams->qp_id,
 956                                                 ops_burst, MAX_PKT_BURST);
 957
 958                                 crypto_statistics[cparams->dev_id].dequeued +=
 959                                                 nb_rx;
 960
 961                                 /* Forward crypto'd packets */
 962                                 for (j = 0; j < nb_rx; j++) {
 963                                         m = ops_burst[j]->sym->m_src;
 964
 965                                         rte_crypto_op_free(ops_burst[j]);
 966                                         l2fwd_simple_forward(m, portid,
 967                                                         options);
 968                                 }
 969                         } while (nb_rx == MAX_PKT_BURST);
 970                 }
 971         }
 972 }
 973
 974 static int
 975 l2fwd_launch_one_lcore(void *arg)
 976 {
 977         l2fwd_main_loop((struct l2fwd_crypto_options *)arg);
 978         return 0;
 979 }
 980
 981 /* Display command line arguments usage */
 982 static void
 983 l2fwd_crypto_usage(const char *prgname)
 984 {
 985         printf("%s [EAL options] --\n"
 986                 "  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 987                 "  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
 988                 "  -s manage all ports from single lcore\n"
 989                 "  -T PERIOD: statistics will be refreshed each PERIOD seconds"
 990                 " (0 to disable, 10 default, 86400 maximum)\n"
 991
 992                 "  --cdev_type HW / SW / ANY\n"
 993                 "  --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /"
 994                 " HASH_ONLY / AEAD\n"
 995
 996                 "  --cipher_algo ALGO\n"
 997                 "  --cipher_op ENCRYPT / DECRYPT\n"
 998                 "  --cipher_key KEY (bytes separated with \":\")\n"
 999                 "  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
1000                 "  --cipher_iv IV (bytes separated with \":\")\n"
1001                 "  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
1002
1003                 "  --auth_algo ALGO\n"
1004                 "  --auth_op GENERATE / VERIFY\n"
1005                 "  --auth_key KEY (bytes separated with \":\")\n"
1006                 "  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
1007                 "  --auth_iv IV (bytes separated with \":\")\n"
1008                 "  --auth_iv_random_size SIZE: size of auth IV when generated randomly\n"
1009
1010                 "  --aead_algo ALGO\n"
1011                 "  --aead_op ENCRYPT / DECRYPT\n"
1012                 "  --aead_key KEY (bytes separated with \":\")\n"
1013                 "  --aead_key_random_size SIZE: size of AEAD key when generated randomly\n"
1014                 "  --aead_iv IV (bytes separated with \":\")\n"
1015                 "  --aead_iv_random_size SIZE: size of AEAD IV when generated randomly\n"
1016                 "  --aad AAD (bytes separated with \":\")\n"
1017                 "  --aad_random_size SIZE: size of AAD when generated randomly\n"
1018
1019                 "  --digest_size SIZE: size of digest to be generated/verified\n"
1020
1021                 "  --sessionless\n"
1022                 "  --cryptodev_mask MASK: hexadecimal bitmask of crypto devices to configure\n"
1023
1024                 "  --[no-]mac-updating: Enable or disable MAC addresses updating (enabled by default)\n"
1025                 "      When enabled:\n"
1026                 "       - The source MAC address is replaced by the TX port MAC address\n"
1027                 "       - The destination MAC address is replaced by 02:00:00:00:00:TX_PORT_ID\n",
1028                prgname);
1029 }
1030
1031 /** Parse crypto device type command line argument */
1032 static int
1033 parse_cryptodev_type(enum cdev_type *type, char *optarg)
1034 {
1035         if (strcmp("HW", optarg) == 0) {
1036                 *type = CDEV_TYPE_HW;
1037                 return 0;
1038         } else if (strcmp("SW", optarg) == 0) {
1039                 *type = CDEV_TYPE_SW;
1040                 return 0;
1041         } else if (strcmp("ANY", optarg) == 0) {
1042                 *type = CDEV_TYPE_ANY;
1043                 return 0;
1044         }
1045
1046         return -1;
1047 }
1048
1049 /** Parse crypto chain xform command line argument */
1050 static int
1051 parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
1052 {
1053         if (strcmp("CIPHER_HASH", optarg) == 0) {
1054                 options->xform_chain = L2FWD_CRYPTO_CIPHER_HASH;
1055                 return 0;
1056         } else if (strcmp("HASH_CIPHER", optarg) == 0) {
1057                 options->xform_chain = L2FWD_CRYPTO_HASH_CIPHER;
1058                 return 0;
1059         } else if (strcmp("CIPHER_ONLY", optarg) == 0) {
1060                 options->xform_chain = L2FWD_CRYPTO_CIPHER_ONLY;
1061                 return 0;
1062         } else if (strcmp("HASH_ONLY", optarg) == 0) {
1063                 options->xform_chain = L2FWD_CRYPTO_HASH_ONLY;
1064                 return 0;
1065         } else if (strcmp("AEAD", optarg) == 0) {
1066                 options->xform_chain = L2FWD_CRYPTO_AEAD;
1067                 return 0;
1068         }
1069
1070         return -1;
1071 }
1072
1073 /** Parse crypto cipher algo option command line argument */
1074 static int
1075 parse_cipher_algo(enum rte_crypto_cipher_algorithm *algo, char *optarg)
1076 {
1077
1078         if (rte_cryptodev_get_cipher_algo_enum(algo, optarg) < 0) {
1079                 RTE_LOG(ERR, USER1, "Cipher algorithm specified "
1080                                 "not supported!\n");
1081                 return -1;
1082         }
1083
1084         return 0;
1085 }
1086
1087 /** Parse crypto cipher operation command line argument */
1088 static int
1089 parse_cipher_op(enum rte_crypto_cipher_operation *op, char *optarg)
1090 {
1091         if (strcmp("ENCRYPT", optarg) == 0) {
1092                 *op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
1093                 return 0;
1094         } else if (strcmp("DECRYPT", optarg) == 0) {
1095                 *op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
1096                 return 0;
1097         }
1098
1099         printf("Cipher operation not supported!\n");
1100         return -1;
1101 }
1102
1103 /** Parse bytes from command line argument */
1104 static int
1105 parse_bytes(uint8_t *data, char *input_arg, uint16_t max_size)
1106 {
1107         unsigned byte_count;
1108         char *token;
1109
1110         errno = 0;
1111         for (byte_count = 0, token = strtok(input_arg, ":");
1112                         (byte_count < max_size) && (token != NULL);
1113                         token = strtok(NULL, ":")) {
1114
1115                 int number = (int)strtol(token, NULL, 16);
1116
1117                 if (errno == EINVAL || errno == ERANGE || number > 0xFF)
1118                         return -1;
1119
1120                 data[byte_count++] = (uint8_t)number;
1121         }
1122
1123         return byte_count;
1124 }
1125
1126 /** Parse size param*/
1127 static int
1128 parse_size(int *size, const char *q_arg)
1129 {
1130         char *end = NULL;
1131         unsigned long n;
1132
1133         /* parse hexadecimal string */
1134         n = strtoul(q_arg, &end, 10);
1135         if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
1136                 n = 0;
1137
1138         if (n == 0) {
1139                 printf("invalid size\n");
1140                 return -1;
1141         }
1142
1143         *size = n;
1144         return 0;
1145 }
1146
1147 /** Parse crypto cipher operation command line argument */
1148 static int
1149 parse_auth_algo(enum rte_crypto_auth_algorithm *algo, char *optarg)
1150 {
1151         if (rte_cryptodev_get_auth_algo_enum(algo, optarg) < 0) {
1152                 RTE_LOG(ERR, USER1, "Authentication algorithm specified "
1153                                 "not supported!\n");
1154                 return -1;
1155         }
1156
1157         return 0;
1158 }
1159
1160 static int
1161 parse_auth_op(enum rte_crypto_auth_operation *op, char *optarg)
1162 {
1163         if (strcmp("VERIFY", optarg) == 0) {
1164                 *op = RTE_CRYPTO_AUTH_OP_VERIFY;
1165                 return 0;
1166         } else if (strcmp("GENERATE", optarg) == 0) {
1167                 *op = RTE_CRYPTO_AUTH_OP_GENERATE;
1168                 return 0;
1169         }
1170
1171         printf("Authentication operation specified not supported!\n");
1172         return -1;
1173 }
1174
1175 static int
1176 parse_aead_algo(enum rte_crypto_aead_algorithm *algo, char *optarg)
1177 {
1178         if (rte_cryptodev_get_aead_algo_enum(algo, optarg) < 0) {
1179                 RTE_LOG(ERR, USER1, "AEAD algorithm specified "
1180                                 "not supported!\n");
1181                 return -1;
1182         }
1183
1184         return 0;
1185 }
1186
1187 static int
1188 parse_aead_op(enum rte_crypto_aead_operation *op, char *optarg)
1189 {
1190         if (strcmp("ENCRYPT", optarg) == 0) {
1191                 *op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
1192                 return 0;
1193         } else if (strcmp("DECRYPT", optarg) == 0) {
1194                 *op = RTE_CRYPTO_AEAD_OP_DECRYPT;
1195                 return 0;
1196         }
1197
1198         printf("AEAD operation specified not supported!\n");
1199         return -1;
1200 }
1201 static int
1202 parse_cryptodev_mask(struct l2fwd_crypto_options *options,
1203                 const char *q_arg)
1204 {
1205         char *end = NULL;
1206         uint64_t pm;
1207
1208         /* parse hexadecimal string */
1209         pm = strtoul(q_arg, &end, 16);
1210         if ((pm == '\0') || (end == NULL) || (*end != '\0'))
1211                 pm = 0;
1212
1213         options->cryptodev_mask = pm;
1214         if (options->cryptodev_mask == 0) {
1215                 printf("invalid cryptodev_mask specified\n");
1216                 return -1;
1217         }
1218
1219         return 0;
1220 }
1221
1222 /** Parse long options */
1223 static int
1224 l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
1225                 struct option *lgopts, int option_index)
1226 {
1227         int retval;
1228
1229         if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
1230                 retval = parse_cryptodev_type(&options->type, optarg);
1231                 if (retval == 0)
1232                         snprintf(options->string_type, MAX_STR_LEN,
1233                                 "%s", optarg);
1234                 return retval;
1235         }
1236
1237         else if (strcmp(lgopts[option_index].name, "chain") == 0)
1238                 return parse_crypto_opt_chain(options, optarg);
1239
1240         /* Cipher options */
1241         else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0)
1242                 return parse_cipher_algo(&options->cipher_xform.cipher.algo,
1243                                 optarg);
1244
1245         else if (strcmp(lgopts[option_index].name, "cipher_op") == 0)
1246                 return parse_cipher_op(&options->cipher_xform.cipher.op,
1247                                 optarg);
1248
1249         else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
1250                 options->ckey_param = 1;
1251                 options->cipher_xform.cipher.key.length =
1252                         parse_bytes(options->cipher_xform.cipher.key.data, optarg,
1253                                         MAX_KEY_SIZE);
1254                 if (options->cipher_xform.cipher.key.length > 0)
1255                         return 0;
1256                 else
1257                         return -1;
1258         }
1259
1260         else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
1261                 return parse_size(&options->ckey_random_size, optarg);
1262
1263         else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
1264                 options->cipher_iv_param = 1;
1265                 options->cipher_iv.length =
1266                         parse_bytes(options->cipher_iv.data, optarg, MAX_IV_SIZE);
1267                 if (options->cipher_iv.length > 0)
1268                         return 0;
1269                 else
1270                         return -1;
1271         }
1272
1273         else if (strcmp(lgopts[option_index].name, "cipher_iv_random_size") == 0)
1274                 return parse_size(&options->cipher_iv_random_size, optarg);
1275
1276         /* Authentication options */
1277         else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
1278                 return parse_auth_algo(&options->auth_xform.auth.algo,
1279                                 optarg);
1280         }
1281
1282         else if (strcmp(lgopts[option_index].name, "auth_op") == 0)
1283                 return parse_auth_op(&options->auth_xform.auth.op,
1284                                 optarg);
1285
1286         else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
1287                 options->akey_param = 1;
1288                 options->auth_xform.auth.key.length =
1289                         parse_bytes(options->auth_xform.auth.key.data, optarg,
1290                                         MAX_KEY_SIZE);
1291                 if (options->auth_xform.auth.key.length > 0)
1292                         return 0;
1293                 else
1294                         return -1;
1295         }
1296
1297         else if (strcmp(lgopts[option_index].name, "auth_key_random_size") == 0) {
1298                 return parse_size(&options->akey_random_size, optarg);
1299         }
1300
1301         else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
1302                 options->auth_iv_param = 1;
1303                 options->auth_iv.length =
1304                         parse_bytes(options->auth_iv.data, optarg, MAX_IV_SIZE);
1305                 if (options->auth_iv.length > 0)
1306                         return 0;
1307                 else
1308                         return -1;
1309         }
1310
1311         else if (strcmp(lgopts[option_index].name, "auth_iv_random_size") == 0)
1312                 return parse_size(&options->auth_iv_random_size, optarg);
1313
1314         /* AEAD options */
1315         else if (strcmp(lgopts[option_index].name, "aead_algo") == 0) {
1316                 return parse_aead_algo(&options->aead_xform.aead.algo,
1317                                 optarg);
1318         }
1319
1320         else if (strcmp(lgopts[option_index].name, "aead_op") == 0)
1321                 return parse_aead_op(&options->aead_xform.aead.op,
1322                                 optarg);
1323
1324         else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
1325                 options->aead_key_param = 1;
1326                 options->aead_xform.aead.key.length =
1327                         parse_bytes(options->aead_xform.aead.key.data, optarg,
1328                                         MAX_KEY_SIZE);
1329                 if (options->aead_xform.aead.key.length > 0)
1330                         return 0;
1331                 else
1332                         return -1;
1333         }
1334
1335         else if (strcmp(lgopts[option_index].name, "aead_key_random_size") == 0)
1336                 return parse_size(&options->aead_key_random_size, optarg);
1337
1338
1339         else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
1340                 options->aead_iv_param = 1;
1341                 options->aead_iv.length =
1342                         parse_bytes(options->aead_iv.data, optarg, MAX_IV_SIZE);
1343                 if (options->aead_iv.length > 0)
1344                         return 0;
1345                 else
1346                         return -1;
1347         }
1348
1349         else if (strcmp(lgopts[option_index].name, "aead_iv_random_size") == 0)
1350                 return parse_size(&options->aead_iv_random_size, optarg);
1351
1352         else if (strcmp(lgopts[option_index].name, "aad") == 0) {
1353                 options->aad_param = 1;
1354                 options->aad.length =
1355                         parse_bytes(options->aad.data, optarg, MAX_AAD_SIZE);
1356                 if (options->aad.length > 0)
1357                         return 0;
1358                 else
1359                         return -1;
1360         }
1361
1362         else if (strcmp(lgopts[option_index].name, "aad_random_size") == 0) {
1363                 return parse_size(&options->aad_random_size, optarg);
1364         }
1365
1366         else if (strcmp(lgopts[option_index].name, "digest_size") == 0) {
1367                 return parse_size(&options->digest_size, optarg);
1368         }
1369
1370         else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
1371                 options->sessionless = 1;
1372                 return 0;
1373         }
1374
1375         else if (strcmp(lgopts[option_index].name, "cryptodev_mask") == 0)
1376                 return parse_cryptodev_mask(options, optarg);
1377
1378         else if (strcmp(lgopts[option_index].name, "mac-updating") == 0) {
1379                 options->mac_updating = 1;
1380                 return 0;
1381         }
1382
1383         else if (strcmp(lgopts[option_index].name, "no-mac-updating") == 0) {
1384                 options->mac_updating = 0;
1385                 return 0;
1386         }
1387
1388         return -1;
1389 }
1390
1391 /** Parse port mask */
1392 static int
1393 l2fwd_crypto_parse_portmask(struct l2fwd_crypto_options *options,
1394                 const char *q_arg)
1395 {
1396         char *end = NULL;
1397         unsigned long pm;
1398
1399         /* parse hexadecimal string */
1400         pm = strtoul(q_arg, &end, 16);
1401         if ((pm == '\0') || (end == NULL) || (*end != '\0'))
1402                 pm = 0;
1403
1404         options->portmask = pm;
1405         if (options->portmask == 0) {
1406                 printf("invalid portmask specified\n");
1407                 return -1;
1408         }
1409
1410         return pm;
1411 }
1412
1413 /** Parse number of queues */
1414 static int
1415 l2fwd_crypto_parse_nqueue(struct l2fwd_crypto_options *options,
1416                 const char *q_arg)
1417 {
1418         char *end = NULL;
1419         unsigned long n;
1420
1421         /* parse hexadecimal string */
1422         n = strtoul(q_arg, &end, 10);
1423         if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
1424                 n = 0;
1425         else if (n >= MAX_RX_QUEUE_PER_LCORE)
1426                 n = 0;
1427
1428         options->nb_ports_per_lcore = n;
1429         if (options->nb_ports_per_lcore == 0) {
1430                 printf("invalid number of ports selected\n");
1431                 return -1;
1432         }
1433
1434         return 0;
1435 }
1436
1437 /** Parse timer period */
1438 static int
1439 l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
1440                 const char *q_arg)
1441 {
1442         char *end = NULL;
1443         unsigned long n;
1444
1445         /* parse number string */
1446         n = (unsigned)strtol(q_arg, &end, 10);
1447         if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
1448                 n = 0;
1449
1450         if (n >= MAX_TIMER_PERIOD) {
1451                 printf("Warning refresh period specified %lu is greater than "
1452                                 "max value %lu! using max value",
1453                                 n, MAX_TIMER_PERIOD);
1454                 n = MAX_TIMER_PERIOD;
1455         }
1456
1457         options->refresh_period = n * 1000 * TIMER_MILLISECOND;
1458
1459         return 0;
1460 }
1461
1462 /** Generate default options for application */
1463 static void
1464 l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
1465 {
1466         options->portmask = 0xffffffff;
1467         options->nb_ports_per_lcore = 1;
1468         options->refresh_period = 10000;
1469         options->single_lcore = 0;
1470         options->sessionless = 0;
1471
1472         options->xform_chain = L2FWD_CRYPTO_CIPHER_HASH;
1473
1474         /* Cipher Data */
1475         options->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
1476         options->cipher_xform.next = NULL;
1477         options->ckey_param = 0;
1478         options->ckey_random_size = -1;
1479         options->cipher_xform.cipher.key.length = 0;
1480         options->cipher_iv_param = 0;
1481         options->cipher_iv_random_size = -1;
1482         options->cipher_iv.length = 0;
1483
1484         options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
1485         options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
1486
1487         /* Authentication Data */
1488         options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
1489         options->auth_xform.next = NULL;
1490         options->akey_param = 0;
1491         options->akey_random_size = -1;
1492         options->auth_xform.auth.key.length = 0;
1493         options->auth_iv_param = 0;
1494         options->auth_iv_random_size = -1;
1495         options->auth_iv.length = 0;
1496
1497         options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
1498         options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
1499
1500         /* AEAD Data */
1501         options->aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
1502         options->aead_xform.next = NULL;
1503         options->aead_key_param = 0;
1504         options->aead_key_random_size = -1;
1505         options->aead_xform.aead.key.length = 0;
1506         options->aead_iv_param = 0;
1507         options->aead_iv_random_size = -1;
1508         options->aead_iv.length = 0;
1509
1510         options->auth_xform.aead.algo = RTE_CRYPTO_AEAD_AES_GCM;
1511         options->auth_xform.aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
1512
1513         options->aad_param = 0;
1514         options->aad_random_size = -1;
1515         options->aad.length = 0;
1516
1517         options->digest_size = -1;
1518
1519         options->type = CDEV_TYPE_ANY;
1520         options->cryptodev_mask = UINT64_MAX;
1521
1522         options->mac_updating = 1;
1523 }
1524
1525 static void
1526 display_cipher_info(struct l2fwd_crypto_options *options)
1527 {
1528         printf("\n---- Cipher information ---\n");
1529         printf("Algorithm: %s\n",
1530                 rte_crypto_cipher_algorithm_strings[options->cipher_xform.cipher.algo]);
1531         rte_hexdump(stdout, "Cipher key:",
1532                         options->cipher_xform.cipher.key.data,
1533                         options->cipher_xform.cipher.key.length);
1534         rte_hexdump(stdout, "IV:", options->cipher_iv.data, options->cipher_iv.length);
1535 }
1536
1537 static void
1538 display_auth_info(struct l2fwd_crypto_options *options)
1539 {
1540         printf("\n---- Authentication information ---\n");
1541         printf("Algorithm: %s\n",
1542                 rte_crypto_auth_algorithm_strings[options->auth_xform.auth.algo]);
1543         rte_hexdump(stdout, "Auth key:",
1544                         options->auth_xform.auth.key.data,
1545                         options->auth_xform.auth.key.length);
1546         rte_hexdump(stdout, "IV:", options->auth_iv.data, options->auth_iv.length);
1547 }
1548
1549 static void
1550 display_aead_info(struct l2fwd_crypto_options *options)
1551 {
1552         printf("\n---- AEAD information ---\n");
1553         printf("Algorithm: %s\n",
1554                 rte_crypto_aead_algorithm_strings[options->aead_xform.aead.algo]);
1555         rte_hexdump(stdout, "AEAD key:",
1556                         options->aead_xform.aead.key.data,
1557                         options->aead_xform.aead.key.length);
1558         rte_hexdump(stdout, "IV:", options->aead_iv.data, options->aead_iv.length);
1559         rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
1560 }
1561
1562 static void
1563 l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
1564 {
1565         char string_cipher_op[MAX_STR_LEN];
1566         char string_auth_op[MAX_STR_LEN];
1567         char string_aead_op[MAX_STR_LEN];
1568
1569         if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
1570                 strcpy(string_cipher_op, "Encrypt");
1571         else
1572                 strcpy(string_cipher_op, "Decrypt");
1573
1574         if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
1575                 strcpy(string_auth_op, "Auth generate");
1576         else
1577                 strcpy(string_auth_op, "Auth verify");
1578
1579         if (options->aead_xform.aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
1580                 strcpy(string_aead_op, "Authenticated encryption");
1581         else
1582                 strcpy(string_aead_op, "Authenticated decryption");
1583
1584
1585         printf("Options:-\nn");
1586         printf("portmask: %x\n", options->portmask);
1587         printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
1588         printf("refresh period : %u\n", options->refresh_period);
1589         printf("single lcore mode: %s\n",
1590                         options->single_lcore ? "enabled" : "disabled");
1591         printf("stats_printing: %s\n",
1592                         options->refresh_period == 0 ? "disabled" : "enabled");
1593
1594         printf("sessionless crypto: %s\n",
1595                         options->sessionless ? "enabled" : "disabled");
1596
1597         if (options->ckey_param && (options->ckey_random_size != -1))
1598                 printf("Cipher key already parsed, ignoring size of random key\n");
1599
1600         if (options->akey_param && (options->akey_random_size != -1))
1601                 printf("Auth key already parsed, ignoring size of random key\n");
1602
1603         if (options->cipher_iv_param && (options->cipher_iv_random_size != -1))
1604                 printf("Cipher IV already parsed, ignoring size of random IV\n");
1605
1606         if (options->auth_iv_param && (options->auth_iv_random_size != -1))
1607                 printf("Auth IV already parsed, ignoring size of random IV\n");
1608
1609         if (options->aad_param && (options->aad_random_size != -1))
1610                 printf("AAD already parsed, ignoring size of random AAD\n");
1611
1612         printf("\nCrypto chain: ");
1613         switch (options->xform_chain) {
1614         case L2FWD_CRYPTO_AEAD:
1615                 printf("Input --> %s --> Output\n", string_aead_op);
1616                 display_aead_info(options);
1617                 break;
1618         case L2FWD_CRYPTO_CIPHER_HASH:
1619                 printf("Input --> %s --> %s --> Output\n",
1620                         string_cipher_op, string_auth_op);
1621                 display_cipher_info(options);
1622                 display_auth_info(options);
1623                 break;
1624         case L2FWD_CRYPTO_HASH_CIPHER:
1625                 printf("Input --> %s --> %s --> Output\n",
1626                         string_auth_op, string_cipher_op);
1627                 display_cipher_info(options);
1628                 display_auth_info(options);
1629                 break;
1630         case L2FWD_CRYPTO_HASH_ONLY:
1631                 printf("Input --> %s --> Output\n", string_auth_op);
1632                 display_auth_info(options);
1633                 break;
1634         case L2FWD_CRYPTO_CIPHER_ONLY:
1635                 printf("Input --> %s --> Output\n", string_cipher_op);
1636                 display_cipher_info(options);
1637                 break;
1638         }
1639 }
1640
1641 /* Parse the argument given in the command line of the application */
1642 static int
1643 l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
1644                 int argc, char **argv)
1645 {
1646         int opt, retval, option_index;
1647         char **argvopt = argv, *prgname = argv[0];
1648
1649         static struct option lgopts[] = {
1650                         { "sessionless", no_argument, 0, 0 },
1651
1652                         { "cdev_type", required_argument, 0, 0 },
1653                         { "chain", required_argument, 0, 0 },
1654
1655                         { "cipher_algo", required_argument, 0, 0 },
1656                         { "cipher_op", required_argument, 0, 0 },
1657                         { "cipher_key", required_argument, 0, 0 },
1658                         { "cipher_key_random_size", required_argument, 0, 0 },
1659                         { "cipher_iv", required_argument, 0, 0 },
1660                         { "cipher_iv_random_size", required_argument, 0, 0 },
1661
1662                         { "auth_algo", required_argument, 0, 0 },
1663                         { "auth_op", required_argument, 0, 0 },
1664                         { "auth_key", required_argument, 0, 0 },
1665                         { "auth_key_random_size", required_argument, 0, 0 },
1666                         { "auth_iv", required_argument, 0, 0 },
1667                         { "auth_iv_random_size", required_argument, 0, 0 },
1668
1669                         { "aead_algo", required_argument, 0, 0 },
1670                         { "aead_op", required_argument, 0, 0 },
1671                         { "aead_key", required_argument, 0, 0 },
1672                         { "aead_key_random_size", required_argument, 0, 0 },
1673                         { "aead_iv", required_argument, 0, 0 },
1674                         { "aead_iv_random_size", required_argument, 0, 0 },
1675
1676                         { "aad", required_argument, 0, 0 },
1677                         { "aad_random_size", required_argument, 0, 0 },
1678
1679                         { "digest_size", required_argument, 0, 0 },
1680
1681                         { "sessionless", no_argument, 0, 0 },
1682                         { "cryptodev_mask", required_argument, 0, 0},
1683
1684                         { "mac-updating", no_argument, 0, 0},
1685                         { "no-mac-updating", no_argument, 0, 0},
1686
1687                         { NULL, 0, 0, 0 }
1688         };
1689
1690         l2fwd_crypto_default_options(options);
1691
1692         while ((opt = getopt_long(argc, argvopt, "p:q:sT:", lgopts,
1693                         &option_index)) != EOF) {
1694                 switch (opt) {
1695                 /* long options */
1696                 case 0:
1697                         retval = l2fwd_crypto_parse_args_long_options(options,
1698                                         lgopts, option_index);
1699                         if (retval < 0) {
1700                                 l2fwd_crypto_usage(prgname);
1701                                 return -1;
1702                         }
1703                         break;
1704
1705                 /* portmask */
1706                 case 'p':
1707                         retval = l2fwd_crypto_parse_portmask(options, optarg);
1708                         if (retval < 0) {
1709                                 l2fwd_crypto_usage(prgname);
1710                                 return -1;
1711                         }
1712                         break;
1713
1714                 /* nqueue */
1715                 case 'q':
1716                         retval = l2fwd_crypto_parse_nqueue(options, optarg);
1717                         if (retval < 0) {
1718                                 l2fwd_crypto_usage(prgname);
1719                                 return -1;
1720                         }
1721                         break;
1722
1723                 /* single  */
1724                 case 's':
1725                         options->single_lcore = 1;
1726
1727                         break;
1728
1729                 /* timer period */
1730                 case 'T':
1731                         retval = l2fwd_crypto_parse_timer_period(options,
1732                                         optarg);
1733                         if (retval < 0) {
1734                                 l2fwd_crypto_usage(prgname);
1735                                 return -1;
1736                         }
1737                         break;
1738
1739                 default:
1740                         l2fwd_crypto_usage(prgname);
1741                         return -1;
1742                 }
1743         }
1744
1745
1746         if (optind >= 0)
1747                 argv[optind-1] = prgname;
1748
1749         retval = optind-1;
1750         optind = 1; /* reset getopt lib */
1751
1752         return retval;
1753 }
1754
1755 /* Check the link status of all ports in up to 9s, and print them finally */
1756 static void
1757 check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
1758 {
1759 #define CHECK_INTERVAL 100 /* 100ms */
1760 #define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
1761         uint16_t portid;
1762         uint8_t count, all_ports_up, print_flag = 0;
1763         struct rte_eth_link link;
1764
1765         printf("\nChecking link status");
1766         fflush(stdout);
1767         for (count = 0; count <= MAX_CHECK_TIME; count++) {
1768                 all_ports_up = 1;
1769                 for (portid = 0; portid < port_num; portid++) {
1770                         if ((port_mask & (1 << portid)) == 0)
1771                                 continue;
1772                         memset(&link, 0, sizeof(link));
1773                         rte_eth_link_get_nowait(portid, &link);
1774                         /* print link status if flag set */
1775                         if (print_flag == 1) {
1776                                 if (link.link_status)
1777                                         printf(
1778                                         "Port%d Link Up. Speed %u Mbps - %s\n",
1779                                                 portid, link.link_speed,
1780                                 (link.link_duplex == ETH_LINK_FULL_DUPLEX) ?
1781                                         ("full-duplex") : ("half-duplex\n"));
1782                                 else
1783                                         printf("Port %d Link Down\n", portid);
1784                                 continue;
1785                         }
1786                         /* clear all_ports_up flag if any link down */
1787                         if (link.link_status == ETH_LINK_DOWN) {
1788                                 all_ports_up = 0;
1789                                 break;
1790                         }
1791                 }
1792                 /* after finally printing all link status, get out */
1793                 if (print_flag == 1)
1794                         break;
1795
1796                 if (all_ports_up == 0) {
1797                         printf(".");
1798                         fflush(stdout);
1799                         rte_delay_ms(CHECK_INTERVAL);
1800                 }
1801
1802                 /* set the print_flag if all ports up or timeout */
1803                 if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
1804                         print_flag = 1;
1805                         printf("done\n");
1806                 }
1807         }
1808 }
1809
1810 /* Check if device has to be HW/SW or any */
1811 static int
1812 check_type(const struct l2fwd_crypto_options *options,
1813                 const struct rte_cryptodev_info *dev_info)
1814 {
1815         if (options->type == CDEV_TYPE_HW &&
1816                         (dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
1817                 return 0;
1818         if (options->type == CDEV_TYPE_SW &&
1819                         !(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
1820                 return 0;
1821         if (options->type == CDEV_TYPE_ANY)
1822                 return 0;
1823
1824         return -1;
1825 }
1826
1827 static const struct rte_cryptodev_capabilities *
1828 check_device_support_cipher_algo(const struct l2fwd_crypto_options *options,
1829                 const struct rte_cryptodev_info *dev_info,
1830                 uint8_t cdev_id)
1831 {
1832         unsigned int i = 0;
1833         const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
1834         enum rte_crypto_cipher_algorithm cap_cipher_algo;
1835         enum rte_crypto_cipher_algorithm opt_cipher_algo =
1836                                         options->cipher_xform.cipher.algo;
1837
1838         while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1839                 cap_cipher_algo = cap->sym.cipher.algo;
1840                 if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
1841                         if (cap_cipher_algo == opt_cipher_algo) {
1842                                 if (check_type(options, dev_info) == 0)
1843                                         break;
1844                         }
1845                 }
1846                 cap = &dev_info->capabilities[++i];
1847         }
1848
1849         if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1850                 printf("Algorithm %s not supported by cryptodev %u"
1851                         " or device not of preferred type (%s)\n",
1852                         rte_crypto_cipher_algorithm_strings[opt_cipher_algo],
1853                         cdev_id,
1854                         options->string_type);
1855                 return NULL;
1856         }
1857
1858         return cap;
1859 }
1860
1861 static const struct rte_cryptodev_capabilities *
1862 check_device_support_auth_algo(const struct l2fwd_crypto_options *options,
1863                 const struct rte_cryptodev_info *dev_info,
1864                 uint8_t cdev_id)
1865 {
1866         unsigned int i = 0;
1867         const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
1868         enum rte_crypto_auth_algorithm cap_auth_algo;
1869         enum rte_crypto_auth_algorithm opt_auth_algo =
1870                                         options->auth_xform.auth.algo;
1871
1872         while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1873                 cap_auth_algo = cap->sym.auth.algo;
1874                 if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) {
1875                         if (cap_auth_algo == opt_auth_algo) {
1876                                 if (check_type(options, dev_info) == 0)
1877                                         break;
1878                         }
1879                 }
1880                 cap = &dev_info->capabilities[++i];
1881         }
1882
1883         if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1884                 printf("Algorithm %s not supported by cryptodev %u"
1885                         " or device not of preferred type (%s)\n",
1886                         rte_crypto_auth_algorithm_strings[opt_auth_algo],
1887                         cdev_id,
1888                         options->string_type);
1889                 return NULL;
1890         }
1891
1892         return cap;
1893 }
1894
1895 static const struct rte_cryptodev_capabilities *
1896 check_device_support_aead_algo(const struct l2fwd_crypto_options *options,
1897                 const struct rte_cryptodev_info *dev_info,
1898                 uint8_t cdev_id)
1899 {
1900         unsigned int i = 0;
1901         const struct rte_cryptodev_capabilities *cap = &dev_info->capabilities[0];
1902         enum rte_crypto_aead_algorithm cap_aead_algo;
1903         enum rte_crypto_aead_algorithm opt_aead_algo =
1904                                         options->aead_xform.aead.algo;
1905
1906         while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1907                 cap_aead_algo = cap->sym.aead.algo;
1908                 if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {
1909                         if (cap_aead_algo == opt_aead_algo) {
1910                                 if (check_type(options, dev_info) == 0)
1911                                         break;
1912                         }
1913                 }
1914                 cap = &dev_info->capabilities[++i];
1915         }
1916
1917         if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1918                 printf("Algorithm %s not supported by cryptodev %u"
1919                         " or device not of preferred type (%s)\n",
1920                         rte_crypto_aead_algorithm_strings[opt_aead_algo],
1921                         cdev_id,
1922                         options->string_type);
1923                 return NULL;
1924         }
1925
1926         return cap;
1927 }
1928
1929 /* Check if the device is enabled by cryptodev_mask */
1930 static int
1931 check_cryptodev_mask(struct l2fwd_crypto_options *options,
1932                 uint8_t cdev_id)
1933 {
1934         if (options->cryptodev_mask & (1 << cdev_id))
1935                 return 0;
1936
1937         return -1;
1938 }
1939
1940 static inline int
1941 check_supported_size(uint16_t length, uint16_t min, uint16_t max,
1942                 uint16_t increment)
1943 {
1944         uint16_t supp_size;
1945
1946         /* Single value */
1947         if (increment == 0) {
1948                 if (length == min)
1949                         return 0;
1950                 else
1951                         return -1;
1952         }
1953
1954         /* Range of values */
1955         for (supp_size = min; supp_size <= max; supp_size += increment) {
1956                 if (length == supp_size)
1957                         return 0;
1958         }
1959
1960         return -1;
1961 }
1962
1963 static int
1964 check_iv_param(const struct rte_crypto_param_range *iv_range_size,
1965                 unsigned int iv_param, int iv_random_size,
1966                 uint16_t *iv_length)
1967 {
1968         /*
1969          * Check if length of provided IV is supported
1970          * by the algorithm chosen.
1971          */
1972         if (iv_param) {
1973                 if (check_supported_size(*iv_length,
1974                                 iv_range_size->min,
1975                                 iv_range_size->max,
1976                                 iv_range_size->increment)
1977                                         != 0) {
1978                         printf("Unsupported IV length\n");
1979                         return -1;
1980                 }
1981         /*
1982          * Check if length of IV to be randomly generated
1983          * is supported by the algorithm chosen.
1984          */
1985         } else if (iv_random_size != -1) {
1986                 if (check_supported_size(iv_random_size,
1987                                 iv_range_size->min,
1988                                 iv_range_size->max,
1989                                 iv_range_size->increment)
1990                                         != 0) {
1991                         printf("Unsupported IV length\n");
1992                         return -1;
1993                 }
1994                 *iv_length = iv_random_size;
1995         /* No size provided, use minimum size. */
1996         } else
1997                 *iv_length = iv_range_size->min;
1998
1999         return 0;
2000 }
2001
2002 static int
2003 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
2004                 uint8_t *enabled_cdevs)
2005 {
2006         unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
2007         const struct rte_cryptodev_capabilities *cap;
2008         unsigned int sess_sz, max_sess_sz = 0;
2009         int retval;
2010
2011         cdev_count = rte_cryptodev_count();
2012         if (cdev_count == 0) {
2013                 printf("No crypto devices available\n");
2014                 return -1;
2015         }
2016
2017         for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
2018                 sess_sz = rte_cryptodev_get_private_session_size(cdev_id);
2019                 if (sess_sz > max_sess_sz)
2020                         max_sess_sz = sess_sz;
2021         }
2022
2023         for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
2024                         cdev_id++) {
2025                 struct rte_cryptodev_qp_conf qp_conf;
2026                 struct rte_cryptodev_info dev_info;
2027                 retval = rte_cryptodev_socket_id(cdev_id);
2028
2029                 if (retval < 0) {
2030                         printf("Invalid crypto device id used\n");
2031                         return -1;
2032                 }
2033
2034                 uint8_t socket_id = (uint8_t) retval;
2035
2036                 struct rte_cryptodev_config conf = {
2037                         .nb_queue_pairs = 1,
2038                         .socket_id = socket_id,
2039                 };
2040
2041                 if (check_cryptodev_mask(options, (uint8_t)cdev_id))
2042                         continue;
2043
2044                 rte_cryptodev_info_get(cdev_id, &dev_info);
2045
2046                 if (session_pool_socket[socket_id] == NULL) {
2047                         char mp_name[RTE_MEMPOOL_NAMESIZE];
2048                         struct rte_mempool *sess_mp;
2049
2050                         snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
2051                                 "sess_mp_%u", socket_id);
2052
2053                         /*
2054                          * Create enough objects for session headers and
2055                          * device private data
2056                          */
2057                         sess_mp = rte_mempool_create(mp_name,
2058                                                 MAX_SESSIONS * 2,
2059                                                 max_sess_sz,
2060                                                 SESSION_POOL_CACHE_SIZE,
2061                                                 0, NULL, NULL, NULL,
2062                                                 NULL, socket_id,
2063                                                 0);
2064
2065                         if (sess_mp == NULL) {
2066                                 printf("Cannot create session pool on socket %d\n",
2067                                         socket_id);
2068                                 return -ENOMEM;
2069                         }
2070
2071                         printf("Allocated session pool on socket %d\n", socket_id);
2072                         session_pool_socket[socket_id] = sess_mp;
2073                 }
2074
2075                 /* Set AEAD parameters */
2076                 if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
2077                         /* Check if device supports AEAD algo */
2078                         cap = check_device_support_aead_algo(options, &dev_info,
2079                                                         cdev_id);
2080                         if (cap == NULL)
2081                                 continue;
2082
2083                         options->block_size = cap->sym.aead.block_size;
2084
2085                         check_iv_param(&cap->sym.aead.iv_size,
2086                                         options->aead_iv_param,
2087                                         options->aead_iv_random_size,
2088                                         &options->aead_iv.length);
2089
2090                         /*
2091                          * Check if length of provided AEAD key is supported
2092                          * by the algorithm chosen.
2093                          */
2094                         if (options->aead_key_param) {
2095                                 if (check_supported_size(
2096                                                 options->aead_xform.aead.key.length,
2097                                                 cap->sym.aead.key_size.min,
2098                                                 cap->sym.aead.key_size.max,
2099                                                 cap->sym.aead.key_size.increment)
2100                                                         != 0) {
2101                                         printf("Unsupported aead key length\n");
2102                                         return -1;
2103                                 }
2104                         /*
2105                          * Check if length of the aead key to be randomly generated
2106                          * is supported by the algorithm chosen.
2107                          */
2108                         } else if (options->aead_key_random_size != -1) {
2109                                 if (check_supported_size(options->aead_key_random_size,
2110                                                 cap->sym.aead.key_size.min,
2111                                                 cap->sym.aead.key_size.max,
2112                                                 cap->sym.aead.key_size.increment)
2113                                                         != 0) {
2114                                         printf("Unsupported aead key length\n");
2115                                         return -1;
2116                                 }
2117                                 options->aead_xform.aead.key.length =
2118                                                         options->aead_key_random_size;
2119                         /* No size provided, use minimum size. */
2120                         } else
2121                                 options->aead_xform.aead.key.length =
2122                                                 cap->sym.aead.key_size.min;
2123
2124                         if (!options->aead_key_param)
2125                                 generate_random_key(
2126                                         options->aead_xform.aead.key.data,
2127                                         options->aead_xform.aead.key.length);
2128
2129                         /*
2130                          * Check if length of provided AAD is supported
2131                          * by the algorithm chosen.
2132                          */
2133                         if (options->aad_param) {
2134                                 if (check_supported_size(options->aad.length,
2135                                                 cap->sym.aead.aad_size.min,
2136                                                 cap->sym.aead.aad_size.max,
2137                                                 cap->sym.aead.aad_size.increment)
2138                                                         != 0) {
2139                                         printf("Unsupported AAD length\n");
2140                                         return -1;
2141                                 }
2142                         /*
2143                          * Check if length of AAD to be randomly generated
2144                          * is supported by the algorithm chosen.
2145                          */
2146                         } else if (options->aad_random_size != -1) {
2147                                 if (check_supported_size(options->aad_random_size,
2148                                                 cap->sym.aead.aad_size.min,
2149                                                 cap->sym.aead.aad_size.max,
2150                                                 cap->sym.aead.aad_size.increment)
2151                                                         != 0) {
2152                                         printf("Unsupported AAD length\n");
2153                                         return -1;
2154                                 }
2155                                 options->aad.length = options->aad_random_size;
2156                         /* No size provided, use minimum size. */
2157                         } else
2158                                 options->aad.length = cap->sym.auth.aad_size.min;
2159
2160                         options->aead_xform.aead.aad_length =
2161                                                 options->aad.length;
2162
2163                         /* Check if digest size is supported by the algorithm. */
2164                         if (options->digest_size != -1) {
2165                                 if (check_supported_size(options->digest_size,
2166                                                 cap->sym.aead.digest_size.min,
2167                                                 cap->sym.aead.digest_size.max,
2168                                                 cap->sym.aead.digest_size.increment)
2169                                                         != 0) {
2170                                         printf("Unsupported digest length\n");
2171                                         return -1;
2172                                 }
2173                                 options->aead_xform.aead.digest_length =
2174                                                         options->digest_size;
2175                         /* No size provided, use minimum size. */
2176                         } else
2177                                 options->aead_xform.aead.digest_length =
2178                                                 cap->sym.aead.digest_size.min;
2179                 }
2180
2181                 /* Set cipher parameters */
2182                 if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
2183                                 options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
2184                                 options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
2185                         /* Check if device supports cipher algo */
2186                         cap = check_device_support_cipher_algo(options, &dev_info,
2187                                                         cdev_id);
2188                         if (cap == NULL)
2189                                 continue;
2190
2191                         options->block_size = cap->sym.cipher.block_size;
2192
2193                         check_iv_param(&cap->sym.cipher.iv_size,
2194                                         options->cipher_iv_param,
2195                                         options->cipher_iv_random_size,
2196                                         &options->cipher_iv.length);
2197
2198                         /*
2199                          * Check if length of provided cipher key is supported
2200                          * by the algorithm chosen.
2201                          */
2202                         if (options->ckey_param) {
2203                                 if (check_supported_size(
2204                                                 options->cipher_xform.cipher.key.length,
2205                                                 cap->sym.cipher.key_size.min,
2206                                                 cap->sym.cipher.key_size.max,
2207                                                 cap->sym.cipher.key_size.increment)
2208                                                         != 0) {
2209                                         printf("Unsupported cipher key length\n");
2210                                         return -1;
2211                                 }
2212                         /*
2213                          * Check if length of the cipher key to be randomly generated
2214                          * is supported by the algorithm chosen.
2215                          */
2216                         } else if (options->ckey_random_size != -1) {
2217                                 if (check_supported_size(options->ckey_random_size,
2218                                                 cap->sym.cipher.key_size.min,
2219                                                 cap->sym.cipher.key_size.max,
2220                                                 cap->sym.cipher.key_size.increment)
2221                                                         != 0) {
2222                                         printf("Unsupported cipher key length\n");
2223                                         return -1;
2224                                 }
2225                                 options->cipher_xform.cipher.key.length =
2226                                                         options->ckey_random_size;
2227                         /* No size provided, use minimum size. */
2228                         } else
2229                                 options->cipher_xform.cipher.key.length =
2230                                                 cap->sym.cipher.key_size.min;
2231
2232                         if (!options->ckey_param)
2233                                 generate_random_key(
2234                                         options->cipher_xform.cipher.key.data,
2235                                         options->cipher_xform.cipher.key.length);
2236
2237                 }
2238
2239                 /* Set auth parameters */
2240                 if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
2241                                 options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
2242                                 options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
2243                         /* Check if device supports auth algo */
2244                         cap = check_device_support_auth_algo(options, &dev_info,
2245                                                         cdev_id);
2246                         if (cap == NULL)
2247                                 continue;
2248
2249                         check_iv_param(&cap->sym.auth.iv_size,
2250                                         options->auth_iv_param,
2251                                         options->auth_iv_random_size,
2252                                         &options->auth_iv.length);
2253                         /*
2254                          * Check if length of provided auth key is supported
2255                          * by the algorithm chosen.
2256                          */
2257                         if (options->akey_param) {
2258                                 if (check_supported_size(
2259                                                 options->auth_xform.auth.key.length,
2260                                                 cap->sym.auth.key_size.min,
2261                                                 cap->sym.auth.key_size.max,
2262                                                 cap->sym.auth.key_size.increment)
2263                                                         != 0) {
2264                                         printf("Unsupported auth key length\n");
2265                                         return -1;
2266                                 }
2267                         /*
2268                          * Check if length of the auth key to be randomly generated
2269                          * is supported by the algorithm chosen.
2270                          */
2271                         } else if (options->akey_random_size != -1) {
2272                                 if (check_supported_size(options->akey_random_size,
2273                                                 cap->sym.auth.key_size.min,
2274                                                 cap->sym.auth.key_size.max,
2275                                                 cap->sym.auth.key_size.increment)
2276                                                         != 0) {
2277                                         printf("Unsupported auth key length\n");
2278                                         return -1;
2279                                 }
2280                                 options->auth_xform.auth.key.length =
2281                                                         options->akey_random_size;
2282                         /* No size provided, use minimum size. */
2283                         } else
2284                                 options->auth_xform.auth.key.length =
2285                                                 cap->sym.auth.key_size.min;
2286
2287                         if (!options->akey_param)
2288                                 generate_random_key(
2289                                         options->auth_xform.auth.key.data,
2290                                         options->auth_xform.auth.key.length);
2291
2292                         /* Check if digest size is supported by the algorithm. */
2293                         if (options->digest_size != -1) {
2294                                 if (check_supported_size(options->digest_size,
2295                                                 cap->sym.auth.digest_size.min,
2296                                                 cap->sym.auth.digest_size.max,
2297                                                 cap->sym.auth.digest_size.increment)
2298                                                         != 0) {
2299                                         printf("Unsupported digest length\n");
2300                                         return -1;
2301                                 }
2302                                 options->auth_xform.auth.digest_length =
2303                                                         options->digest_size;
2304                         /* No size provided, use minimum size. */
2305                         } else
2306                                 options->auth_xform.auth.digest_length =
2307                                                 cap->sym.auth.digest_size.min;
2308                 }
2309
2310                 retval = rte_cryptodev_configure(cdev_id, &conf);
2311                 if (retval < 0) {
2312                         printf("Failed to configure cryptodev %u", cdev_id);
2313                         return -1;
2314                 }
2315
2316                 qp_conf.nb_descriptors = 2048;
2317
2318                 retval = rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf,
2319                                 socket_id, session_pool_socket[socket_id]);
2320                 if (retval < 0) {
2321                         printf("Failed to setup queue pair %u on cryptodev %u",
2322                                         0, cdev_id);
2323                         return -1;
2324                 }
2325
2326                 retval = rte_cryptodev_start(cdev_id);
2327                 if (retval < 0) {
2328                         printf("Failed to start device %u: error %d\n",
2329                                         cdev_id, retval);
2330                         return -1;
2331                 }
2332
2333                 l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
2334
2335                 enabled_cdevs[cdev_id] = 1;
2336                 enabled_cdev_count++;
2337         }
2338
2339         return enabled_cdev_count;
2340 }
2341
2342 static int
2343 initialize_ports(struct l2fwd_crypto_options *options)
2344 {
2345         uint16_t last_portid, portid;
2346         unsigned enabled_portcount = 0;
2347         unsigned nb_ports = rte_eth_dev_count();
2348
2349         if (nb_ports == 0) {
2350                 printf("No Ethernet ports - bye\n");
2351                 return -1;
2352         }
2353
2354         /* Reset l2fwd_dst_ports */
2355         for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++)
2356                 l2fwd_dst_ports[portid] = 0;
2357
2358         for (last_portid = 0, portid = 0; portid < nb_ports; portid++) {
2359                 int retval;
2360
2361                 /* Skip ports that are not enabled */
2362                 if ((options->portmask & (1 << portid)) == 0)
2363                         continue;
2364
2365                 /* init port */
2366                 printf("Initializing port %u... ", portid);
2367                 fflush(stdout);
2368                 retval = rte_eth_dev_configure(portid, 1, 1, &port_conf);
2369                 if (retval < 0) {
2370                         printf("Cannot configure device: err=%d, port=%u\n",
2371                                   retval, portid);
2372                         return -1;
2373                 }
2374
2375                 retval = rte_eth_dev_adjust_nb_rx_tx_desc(portid, &nb_rxd,
2376                                                           &nb_txd);
2377                 if (retval < 0) {
2378                         printf("Cannot adjust number of descriptors: err=%d, port=%u\n",
2379                                 retval, portid);
2380                         return -1;
2381                 }
2382
2383                 /* init one RX queue */
2384                 fflush(stdout);
2385                 retval = rte_eth_rx_queue_setup(portid, 0, nb_rxd,
2386                                              rte_eth_dev_socket_id(portid),
2387                                              NULL, l2fwd_pktmbuf_pool);
2388                 if (retval < 0) {
2389                         printf("rte_eth_rx_queue_setup:err=%d, port=%u\n",
2390                                         retval, portid);
2391                         return -1;
2392                 }
2393
2394                 /* init one TX queue on each port */
2395                 fflush(stdout);
2396                 retval = rte_eth_tx_queue_setup(portid, 0, nb_txd,
2397                                 rte_eth_dev_socket_id(portid),
2398                                 NULL);
2399                 if (retval < 0) {
2400                         printf("rte_eth_tx_queue_setup:err=%d, port=%u\n",
2401                                 retval, portid);
2402
2403                         return -1;
2404                 }
2405
2406                 /* Start device */
2407                 retval = rte_eth_dev_start(portid);
2408                 if (retval < 0) {
2409                         printf("rte_eth_dev_start:err=%d, port=%u\n",
2410                                         retval, portid);
2411                         return -1;
2412                 }
2413
2414                 rte_eth_promiscuous_enable(portid);
2415
2416                 rte_eth_macaddr_get(portid, &l2fwd_ports_eth_addr[portid]);
2417
2418                 printf("Port %u, MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n\n",
2419                                 portid,
2420                                 l2fwd_ports_eth_addr[portid].addr_bytes[0],
2421                                 l2fwd_ports_eth_addr[portid].addr_bytes[1],
2422                                 l2fwd_ports_eth_addr[portid].addr_bytes[2],
2423                                 l2fwd_ports_eth_addr[portid].addr_bytes[3],
2424                                 l2fwd_ports_eth_addr[portid].addr_bytes[4],
2425                                 l2fwd_ports_eth_addr[portid].addr_bytes[5]);
2426
2427                 /* initialize port stats */
2428                 memset(&port_statistics, 0, sizeof(port_statistics));
2429
2430                 /* Setup port forwarding table */
2431                 if (enabled_portcount % 2) {
2432                         l2fwd_dst_ports[portid] = last_portid;
2433                         l2fwd_dst_ports[last_portid] = portid;
2434                 } else {
2435                         last_portid = portid;
2436                 }
2437
2438                 l2fwd_enabled_port_mask |= (1 << portid);
2439                 enabled_portcount++;
2440         }
2441
2442         if (enabled_portcount == 1) {
2443                 l2fwd_dst_ports[last_portid] = last_portid;
2444         } else if (enabled_portcount % 2) {
2445                 printf("odd number of ports in portmask- bye\n");
2446                 return -1;
2447         }
2448
2449         check_all_ports_link_status(nb_ports, l2fwd_enabled_port_mask);
2450
2451         return enabled_portcount;
2452 }
2453
2454 static void
2455 reserve_key_memory(struct l2fwd_crypto_options *options)
2456 {
2457         options->cipher_xform.cipher.key.data = rte_malloc("crypto key",
2458                                                 MAX_KEY_SIZE, 0);
2459         if (options->cipher_xform.cipher.key.data == NULL)
2460                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
2461
2462         options->auth_xform.auth.key.data = rte_malloc("auth key",
2463                                                 MAX_KEY_SIZE, 0);
2464         if (options->auth_xform.auth.key.data == NULL)
2465                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
2466
2467         options->aead_xform.aead.key.data = rte_malloc("aead key",
2468                                                 MAX_KEY_SIZE, 0);
2469         if (options->aead_xform.aead.key.data == NULL)
2470                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
2471
2472         options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
2473         if (options->cipher_iv.data == NULL)
2474                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher IV");
2475
2476         options->auth_iv.data = rte_malloc("auth iv", MAX_KEY_SIZE, 0);
2477         if (options->auth_iv.data == NULL)
2478                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth IV");
2479
2480         options->aead_iv.data = rte_malloc("aead_iv", MAX_KEY_SIZE, 0);
2481         if (options->aead_iv.data == NULL)
2482                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD iv");
2483
2484         options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
2485         if (options->aad.data == NULL)
2486                 rte_exit(EXIT_FAILURE, "Failed to allocate memory for AAD");
2487         options->aad.phys_addr = rte_malloc_virt2iova(options->aad.data);
2488 }
2489
2490 int
2491 main(int argc, char **argv)
2492 {
2493         struct lcore_queue_conf *qconf;
2494         struct l2fwd_crypto_options options;
2495
2496         uint8_t nb_cryptodevs, cdev_id;
2497         uint16_t nb_ports, portid;
2498         unsigned lcore_id, rx_lcore_id;
2499         int ret, enabled_cdevcount, enabled_portcount;
2500         uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
2501
2502         /* init EAL */
2503         ret = rte_eal_init(argc, argv);
2504         if (ret < 0)
2505                 rte_exit(EXIT_FAILURE, "Invalid EAL arguments\n");
2506         argc -= ret;
2507         argv += ret;
2508
2509         /* reserve memory for Cipher/Auth key and IV */
2510         reserve_key_memory(&options);
2511
2512         /* parse application arguments (after the EAL ones) */
2513         ret = l2fwd_crypto_parse_args(&options, argc, argv);
2514         if (ret < 0)
2515                 rte_exit(EXIT_FAILURE, "Invalid L2FWD-CRYPTO arguments\n");
2516
2517         printf("MAC updating %s\n",
2518                         options.mac_updating ? "enabled" : "disabled");
2519
2520         /* create the mbuf pool */
2521         l2fwd_pktmbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", NB_MBUF, 512,
2522                         sizeof(struct rte_crypto_op),
2523                         RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
2524         if (l2fwd_pktmbuf_pool == NULL)
2525                 rte_exit(EXIT_FAILURE, "Cannot create mbuf pool\n");
2526
2527         /* create crypto op pool */
2528         l2fwd_crypto_op_pool = rte_crypto_op_pool_create("crypto_op_pool",
2529                         RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, MAXIMUM_IV_LENGTH,
2530                         rte_socket_id());
2531         if (l2fwd_crypto_op_pool == NULL)
2532                 rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
2533
2534         /* Enable Ethernet ports */
2535         enabled_portcount = initialize_ports(&options);
2536         if (enabled_portcount < 1)
2537                 rte_exit(EXIT_FAILURE, "Failed to initial Ethernet ports\n");
2538
2539         nb_ports = rte_eth_dev_count();
2540         /* Initialize the port/queue configuration of each logical core */
2541         for (rx_lcore_id = 0, qconf = NULL, portid = 0;
2542                         portid < nb_ports; portid++) {
2543
2544                 /* skip ports that are not enabled */
2545                 if ((options.portmask & (1 << portid)) == 0)
2546                         continue;
2547
2548                 if (options.single_lcore && qconf == NULL) {
2549                         while (rte_lcore_is_enabled(rx_lcore_id) == 0) {
2550                                 rx_lcore_id++;
2551                                 if (rx_lcore_id >= RTE_MAX_LCORE)
2552                                         rte_exit(EXIT_FAILURE,
2553                                                         "Not enough cores\n");
2554                         }
2555                 } else if (!options.single_lcore) {
2556                         /* get the lcore_id for this port */
2557                         while (rte_lcore_is_enabled(rx_lcore_id) == 0 ||
2558                                lcore_queue_conf[rx_lcore_id].nb_rx_ports ==
2559                                options.nb_ports_per_lcore) {
2560                                 rx_lcore_id++;
2561                                 if (rx_lcore_id >= RTE_MAX_LCORE)
2562                                         rte_exit(EXIT_FAILURE,
2563                                                         "Not enough cores\n");
2564                         }
2565                 }
2566
2567                 /* Assigned a new logical core in the loop above. */
2568                 if (qconf != &lcore_queue_conf[rx_lcore_id])
2569                         qconf = &lcore_queue_conf[rx_lcore_id];
2570
2571                 qconf->rx_port_list[qconf->nb_rx_ports] = portid;
2572                 qconf->nb_rx_ports++;
2573
2574                 printf("Lcore %u: RX port %u\n", rx_lcore_id, portid);
2575         }
2576
2577         /* Enable Crypto devices */
2578         enabled_cdevcount = initialize_cryptodevs(&options, enabled_portcount,
2579                         enabled_cdevs);
2580         if (enabled_cdevcount < 0)
2581                 rte_exit(EXIT_FAILURE, "Failed to initialize crypto devices\n");
2582
2583         if (enabled_cdevcount < enabled_portcount)
2584                 rte_exit(EXIT_FAILURE, "Number of capable crypto devices (%d) "
2585                                 "has to be more or equal to number of ports (%d)\n",
2586                                 enabled_cdevcount, enabled_portcount);
2587
2588         nb_cryptodevs = rte_cryptodev_count();
2589
2590         /* Initialize the port/cryptodev configuration of each logical core */
2591         for (rx_lcore_id = 0, qconf = NULL, cdev_id = 0;
2592                         cdev_id < nb_cryptodevs && enabled_cdevcount;
2593                         cdev_id++) {
2594                 /* Crypto op not supported by crypto device */
2595                 if (!enabled_cdevs[cdev_id])
2596                         continue;
2597
2598                 if (options.single_lcore && qconf == NULL) {
2599                         while (rte_lcore_is_enabled(rx_lcore_id) == 0) {
2600                                 rx_lcore_id++;
2601                                 if (rx_lcore_id >= RTE_MAX_LCORE)
2602                                         rte_exit(EXIT_FAILURE,
2603                                                         "Not enough cores\n");
2604                         }
2605                 } else if (!options.single_lcore) {
2606                         /* get the lcore_id for this port */
2607                         while (rte_lcore_is_enabled(rx_lcore_id) == 0 ||
2608                                lcore_queue_conf[rx_lcore_id].nb_crypto_devs ==
2609                                options.nb_ports_per_lcore) {
2610                                 rx_lcore_id++;
2611                                 if (rx_lcore_id >= RTE_MAX_LCORE)
2612                                         rte_exit(EXIT_FAILURE,
2613                                                         "Not enough cores\n");
2614                         }
2615                 }
2616
2617                 /* Assigned a new logical core in the loop above. */
2618                 if (qconf != &lcore_queue_conf[rx_lcore_id])
2619                         qconf = &lcore_queue_conf[rx_lcore_id];
2620
2621                 qconf->cryptodev_list[qconf->nb_crypto_devs] = cdev_id;
2622                 qconf->nb_crypto_devs++;
2623
2624                 enabled_cdevcount--;
2625
2626                 printf("Lcore %u: cryptodev %u\n", rx_lcore_id,
2627                                 (unsigned)cdev_id);
2628         }
2629
2630         /* launch per-lcore init on every lcore */
2631         rte_eal_mp_remote_launch(l2fwd_launch_one_lcore, (void *)&options,
2632                         CALL_MASTER);
2633         RTE_LCORE_FOREACH_SLAVE(lcore_id) {
2634                 if (rte_eal_wait_lcore(lcore_id) < 0)
2635                         return -1;
2636         }
2637
2638         return 0;
2639 }