d0/ddf/devices_2dpdk_2ipsec_2ipsec_8c_source.html

 /*
  * Copyright (c) 2016 Intel and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 #include <vnet/vnet.h>
 #include <vnet/ip/ip.h>
 #include <vnet/api_errno.h>
 #include <vnet/devices/dpdk/dpdk.h>
 #include <vnet/devices/dpdk/ipsec/ipsec.h>
 #include <vnet/devices/dpdk/ipsec/esp.h>
 #include <vnet/ipsec/ipsec.h>

 #define DPDK_CRYPTO_NB_OBJS       2048
 #define DPDK_CRYPTO_CACHE_SIZE    512
 #define DPDK_CRYPTO_PRIV_SIZE     128
 #define DPDK_CRYPTO_N_QUEUE_DESC  512
 #define DPDK_CRYPTO_NB_COPS       (1024 * 4)

 /*
  * return:
  * -1:  update failed
  * 0:   already exist
  * 1:   mapped
  */
 static int
 update_qp_data (crypto_worker_main_t * cwm,
                 u8 cdev_id, u16 qp_id, u8 is_outbound, u16 * idx)
 {
   crypto_qp_data_t *qpd;

   /* *INDENT-OFF* */
   vec_foreach_index (*idx, cwm->qp_data)
     {
       qpd = vec_elt_at_index(cwm->qp_data, *idx);

       if (qpd->dev_id == cdev_id && qpd->qp_id == qp_id &&
           qpd->is_outbound == is_outbound)
           return 0;
     }
   /* *INDENT-ON* */

   vec_add2 (cwm->qp_data, qpd, 1);

   qpd->dev_id = cdev_id;
   qpd->qp_id = qp_id;
   qpd->is_outbound = is_outbound;

   return 1;
 }

 /*
  * return:
  *      -1: error
  *      0: already exist
  *      1: mapped
  */
 static int
 add_mapping (crypto_worker_main_t * cwm,
              u8 cdev_id, u16 qp, u8 is_outbound,
              const struct rte_cryptodev_capabilities *cipher_cap,
              const struct rte_cryptodev_capabilities *auth_cap)
 {
   int mapped;
   u16 qp_index;
   uword key = 0, data, *ret;
   crypto_worker_qp_key_t *p_key = (crypto_worker_qp_key_t *) & key;

   p_key->cipher_algo = (u8) cipher_cap->sym.cipher.algo;
   p_key->auth_algo = (u8) auth_cap->sym.auth.algo;
   p_key->is_outbound = is_outbound;

   ret = hash_get (cwm->algo_qp_map, key);
   if (ret)
     return 0;

   mapped = update_qp_data (cwm, cdev_id, qp, is_outbound, &qp_index);
   if (mapped < 0)
     return -1;

   data = (uword) qp_index;

   ret = hash_set (cwm->algo_qp_map, key, data);
   if (!ret)
     rte_panic ("Failed to insert hash table\n");

   return mapped;
 }

 /*
  * return:
  *      0: already exist
  *      1: mapped
  */
 static int
 add_cdev_mapping (crypto_worker_main_t * cwm,
                   struct rte_cryptodev_info *dev_info, u8 cdev_id,
                   u16 qp, u8 is_outbound)
 {
   const struct rte_cryptodev_capabilities *i, *j;
   u32 mapped = 0;

   for (i = dev_info->capabilities; i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++)
     {
       if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
         continue;

       if (check_algo_is_supported (i, NULL) != 0)
         continue;

       for (j = dev_info->capabilities; j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED;
            j++)
         {
           int status = 0;

           if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
             continue;

           if (check_algo_is_supported (j, NULL) != 0)
             continue;

           status = add_mapping (cwm, cdev_id, qp, is_outbound, i, j);
           if (status == 1)
             mapped += 1;
           if (status < 0)
             return status;
         }
     }

   return mapped;
 }

 static int
 check_cryptodev_queues ()
 {
   u32 n_qs = 0;
   u8 cdev_id;
   u32 n_req_qs = 2;

   if (vlib_num_workers () > 0)
     n_req_qs = vlib_num_workers () * 2;

   for (cdev_id = 0; cdev_id < rte_cryptodev_count (); cdev_id++)
     {
       struct rte_cryptodev_info cdev_info;

       rte_cryptodev_info_get (cdev_id, &cdev_info);

       if (!
           (cdev_info.feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
         continue;

       n_qs += cdev_info.max_nb_queue_pairs;
     }

   if (n_qs >= n_req_qs)
     return 0;
   else
     return -1;
 }

 static clib_error_t *
 dpdk_ipsec_init (vlib_main_t * vm)
 {
   dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
   vlib_thread_main_t *tm = vlib_get_thread_main ();
   struct rte_cryptodev_config dev_conf;
   struct rte_cryptodev_qp_conf qp_conf;
   struct rte_cryptodev_info cdev_info;
   struct rte_mempool *rmp;
   i32 dev_id, ret;
   u32 i, skip_master;

   if (check_cryptodev_queues () < 0)
     return clib_error_return (0, "not enough cryptodevs for ipsec");

   vec_alloc (dcm->workers_main, tm->n_vlib_mains);
   _vec_len (dcm->workers_main) = tm->n_vlib_mains;

   fprintf (stdout, "DPDK Cryptodevs info:\n");
   fprintf (stdout, "dev_id\tn_qp\tnb_obj\tcache_size\n");
   /* HW cryptodevs have higher dev_id, use HW first */
   for (dev_id = rte_cryptodev_count () - 1; dev_id >= 0; dev_id--)
     {
       u16 max_nb_qp, qp = 0;
       skip_master = vlib_num_workers () > 0;

       rte_cryptodev_info_get (dev_id, &cdev_info);

       if (!
           (cdev_info.feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
         continue;

       max_nb_qp = cdev_info.max_nb_queue_pairs;

       for (i = 0; i < tm->n_vlib_mains; i++)
         {
           u8 is_outbound;
           crypto_worker_main_t *cwm;
           uword *map;

           if (skip_master)
             {
               skip_master = 0;
               continue;
             }

           cwm = vec_elt_at_index (dcm->workers_main, i);
           map = cwm->algo_qp_map;

           if (!map)
             {
               map = hash_create (0, sizeof (crypto_worker_qp_key_t));
               if (!map)
                 return clib_error_return (0, "unable to create hash table "
                                           "for worker %u",
                                           vlib_mains[i]->cpu_index);
               cwm->algo_qp_map = map;
             }

           for (is_outbound = 0; is_outbound < 2 && qp < max_nb_qp;
                is_outbound++)
             {
               int mapped = add_cdev_mapping (cwm, &cdev_info,
                                              dev_id, qp, is_outbound);
               if (mapped > 0)
                 qp++;

               if (mapped < 0)
                 return clib_error_return (0,
                                           "too many queues for one worker");
             }
         }

       if (qp == 0)
         continue;

       dev_conf.socket_id = rte_cryptodev_socket_id (dev_id);
       dev_conf.nb_queue_pairs = cdev_info.max_nb_queue_pairs;
       dev_conf.session_mp.nb_objs = DPDK_CRYPTO_NB_OBJS;
       dev_conf.session_mp.cache_size = DPDK_CRYPTO_CACHE_SIZE;

       ret = rte_cryptodev_configure (dev_id, &dev_conf);
       if (ret < 0)
         return clib_error_return (0, "cryptodev %u config error", dev_id);

       qp_conf.nb_descriptors = DPDK_CRYPTO_N_QUEUE_DESC;
       for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
         {
           ret = rte_cryptodev_queue_pair_setup (dev_id, qp, &qp_conf,
                                                 dev_conf.socket_id);
           if (ret < 0)
             return clib_error_return (0, "cryptodev %u qp %u setup error",
                                       dev_id, qp);
         }
       fprintf (stdout, "%u\t%u\t%u\t%u\n", dev_id, dev_conf.nb_queue_pairs,
                DPDK_CRYPTO_NB_OBJS, DPDK_CRYPTO_CACHE_SIZE);
     }

   u32 socket_id = rte_socket_id ();

   vec_validate_aligned (dcm->cop_pools, socket_id, CLIB_CACHE_LINE_BYTES);

   /* pool already exists, nothing to do */
   if (dcm->cop_pools[socket_id])
     return 0;

   u8 *pool_name = format (0, "crypto_op_pool_socket%u%c", socket_id, 0);

   rmp = rte_crypto_op_pool_create ((char *) pool_name,
                                    RTE_CRYPTO_OP_TYPE_SYMMETRIC,
                                    DPDK_CRYPTO_NB_COPS *
                                    (1 + vlib_num_workers ()),
                                    DPDK_CRYPTO_CACHE_SIZE,
                                    DPDK_CRYPTO_PRIV_SIZE, socket_id);
   vec_free (pool_name);

   if (!rmp)
     return clib_error_return (0, "failed to allocate mempool on socket %u",
                               socket_id);
   dcm->cop_pools[socket_id] = rmp;

   dpdk_esp_init ();

   if (vec_len (vlib_mains) == 0)
     vlib_node_set_state (&vlib_global_main, dpdk_crypto_input_node.index,
                          VLIB_NODE_STATE_POLLING);
   else
     for (i = 1; i < tm->n_vlib_mains; i++)
       vlib_node_set_state (vlib_mains[i], dpdk_crypto_input_node.index,
                            VLIB_NODE_STATE_POLLING);

   return 0;
 }

 VLIB_MAIN_LOOP_ENTER_FUNCTION (dpdk_ipsec_init);

 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
add_mapping
static int add_mapping(crypto_worker_main_t *cwm, u8 cdev_id, u16 qp, u8 is_outbound, const struct rte_cryptodev_capabilities *cipher_cap, const struct rte_cryptodev_capabilities *auth_cap)
Definition: ipsec.c:68

vec_foreach_index
#define vec_foreach_index(var, v)
Iterate over vector indices.
Definition: vec_bootstrap.h:191

hash_set
#define hash_set(h, key, value)
Definition: hash.h:254

i
sll srl srl sll sra u16x4 i
Definition: vector_sse2.h:343

esp.h

dpdk_ipsec_init
static clib_error_t * dpdk_ipsec_init(vlib_main_t *vm)
Definition: ipsec.c:172

VLIB_MAIN_LOOP_ENTER_FUNCTION
#define VLIB_MAIN_LOOP_ENTER_FUNCTION(x)
Definition: init.h:113

crypto_worker_qp_key_t::auth_algo
u8 auth_algo
Definition: ipsec.h:53

NULL
#define NULL
Definition: clib.h:55

crypto_qp_data_t::is_outbound
u16 is_outbound
Definition: ipsec.h:61

rte_socket_id
unsigned rte_socket_id()

vlib_thread_main_t
Definition: threads.h:266

vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:521

vec_validate_aligned
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:407

dpdk_crypto_input_node
vlib_node_registration_t dpdk_crypto_input_node
(constructor) VLIB_REGISTER_NODE (dpdk_crypto_input_node)
Definition: crypto_node.c:58

update_qp_data
static int update_qp_data(crypto_worker_main_t *cwm, u8 cdev_id, u16 qp_id, u8 is_outbound, u16 *idx)
Definition: ipsec.c:36

ip.h

vec_alloc
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:239

add_cdev_mapping
static int add_cdev_mapping(crypto_worker_main_t *cwm, struct rte_cryptodev_info *dev_info, u8 cdev_id, u16 qp, u8 is_outbound)
Definition: ipsec.c:105

crypto_worker_qp_key_t::is_outbound
u8 is_outbound
Definition: ipsec.h:54

crypto_worker_main_t::algo_qp_map
uword * algo_qp_map
Definition: ipsec.h:78

DPDK_CRYPTO_NB_COPS
#define DPDK_CRYPTO_NB_COPS
Definition: ipsec.c:27

i32
int i32
Definition: types.h:81

vec_elt_at_index
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
Definition: vec_bootstrap.h:174

api_errno.h

ipsec.h

dpdk_crypto_main
dpdk_crypto_main_t dpdk_crypto_main
Definition: ipsec.h:87

hash_get
#define hash_get(h, key)
Definition: hash.h:248

DPDK_CRYPTO_PRIV_SIZE
#define DPDK_CRYPTO_PRIV_SIZE
Definition: ipsec.c:25

dpdk.h

vnet.h

vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:300

vlib_get_thread_main
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32

DPDK_CRYPTO_NB_OBJS
#define DPDK_CRYPTO_NB_OBJS
Definition: ipsec.c:23

dpdk_esp_init
static_always_inline void dpdk_esp_init()
Definition: esp.h:44

crypto_worker_main_t
Definition: ipsec.h:74

crypto_qp_data_t::qp_id
u16 qp_id
Definition: ipsec.h:60

vlib_global_main
vlib_main_t vlib_global_main
Definition: main.c:1562

DPDK_CRYPTO_N_QUEUE_DESC
#define DPDK_CRYPTO_N_QUEUE_DESC
Definition: ipsec.c:26

crypto_qp_data_t
Definition: ipsec.h:57

hash_create
#define hash_create(elts, value_bytes)
Definition: hash.h:658

u32
unsigned int u32
Definition: types.h:88

dpdk_crypto_main_t::cop_pools
struct rte_mempool ** cop_pools
Definition: ipsec.h:83

vlib_thread_main_t::n_vlib_mains
u32 n_vlib_mains
Definition: threads.h:285

dpdk_crypto_main_t::workers_main
crypto_worker_main_t * workers_main
Definition: ipsec.h:84

dpdk_crypto_main_t
Definition: ipsec.h:81

vlib_node_set_state
static void vlib_node_set_state(vlib_main_t *vm, u32 node_index, vlib_node_state_t new_state)
Set node dispatch state.
Definition: node_funcs.h:146

crypto_worker_main_t::qp_data
crypto_qp_data_t * qp_data
Definition: ipsec.h:77

uword
u64 uword
Definition: types.h:112

clib_error_t
Definition: error.h:75

crypto_worker_qp_key_t::cipher_algo
u8 cipher_algo
Definition: ipsec.h:52

u16
unsigned short u16
Definition: types.h:57

ipsec.h

check_algo_is_supported
static_always_inline int check_algo_is_supported(const struct rte_cryptodev_capabilities *cap, char *name)
Definition: ipsec.h:142

vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142

u8
unsigned char u8
Definition: types.h:56

crypto_worker_qp_key_t
Definition: ipsec.h:50

DPDK_CRYPTO_CACHE_SIZE
#define DPDK_CRYPTO_CACHE_SIZE
Definition: ipsec.c:24

check_cryptodev_queues
static int check_cryptodev_queues()
Definition: ipsec.c:143

vlib_main_t
Definition: main.h:59

vlib_mains
vlib_main_t ** vlib_mains
Definition: summary_stats_client.c:94

format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:418

vlib_num_workers
static u32 vlib_num_workers()
Definition: threads.h:340

clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:111

CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:67

crypto_qp_data_t::dev_id
u16 dev_id
Definition: ipsec.h:59