FD.io VPP  v17.01.1-3-gc6833f8
Vector Packet Processing
ipsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Intel and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __DPDK_IPSEC_H__
16 #define __DPDK_IPSEC_H__
17 
18 #include <vnet/vnet.h>
19 
20 #undef always_inline
21 #include <rte_crypto.h>
22 #include <rte_cryptodev.h>
23 
24 #if CLIB_DEBUG > 0
25 #define always_inline static inline
26 #else
27 #define always_inline static inline __attribute__ ((__always_inline__))
28 #endif
29 
30 
31 #define MAX_QP_PER_LCORE 16
32 
33 typedef struct
34 {
36  u32 iv[2];
39 
40 typedef struct
41 {
43  union
44  {
45  u8 aad[12];
46  u8 icv[64];
47  };
49 
50 typedef struct
51 {
56 
57 typedef struct
58 {
64  struct rte_crypto_op *cops[VLIB_FRAME_SIZE];
65  struct rte_crypto_op **free_cops;
67 
68 typedef struct
69 {
71  void *sess;
73 
74 typedef struct
75 {
76  crypto_sa_session_t *sa_sess_d[2];
80 
81 typedef struct
82 {
83  struct rte_mempool **cop_pools;
86 
88 
90 
91 #define CRYPTO_N_FREE_COPS (VLIB_FRAME_SIZE * 3)
92 
95 {
97  u32 cpu_index = os_get_cpu_number ();
98  crypto_worker_main_t *cwm = &dcm->workers_main[cpu_index];
99  unsigned socket_id = rte_socket_id ();
100  crypto_qp_data_t *qpd;
101 
102  /* *INDENT-OFF* */
103  vec_foreach (qpd, cwm->qp_data)
104  {
105  u32 l = vec_len (qpd->free_cops);
106 
107  if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
108  {
109  u32 n_alloc;
110 
111  if (PREDICT_FALSE (!qpd->free_cops))
113 
114  n_alloc = rte_crypto_op_bulk_alloc (dcm->cop_pools[socket_id],
115  RTE_CRYPTO_OP_TYPE_SYMMETRIC,
116  &qpd->free_cops[l],
117  CRYPTO_N_FREE_COPS - l - 1);
118 
119  _vec_len (qpd->free_cops) = l + n_alloc;
120  }
121  }
122  /* *INDENT-ON* */
123 }
124 
126 crypto_free_cop (crypto_qp_data_t * qpd, struct rte_crypto_op **cops, u32 n)
127 {
128  u32 l = vec_len (qpd->free_cops);
129 
130  if (l + n >= CRYPTO_N_FREE_COPS)
131  {
132  l -= VLIB_FRAME_SIZE;
133  rte_mempool_put_bulk (cops[0]->mempool,
134  (void **) &qpd->free_cops[l], VLIB_FRAME_SIZE);
135  }
136  clib_memcpy (&qpd->free_cops[l], cops, sizeof (*cops) * n);
137 
138  _vec_len (qpd->free_cops) = l + n;
139 }
140 
142 check_algo_is_supported (const struct rte_cryptodev_capabilities *cap,
143  char *name)
144 {
145  struct
146  {
147  uint8_t cipher_algo;
148  enum rte_crypto_sym_xform_type type;
149  union
150  {
151  enum rte_crypto_auth_algorithm auth;
152  enum rte_crypto_cipher_algorithm cipher;
153  };
154  char *name;
155  } supported_algo[] =
156  {
157  {
158  .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
159  RTE_CRYPTO_CIPHER_NULL,.name = "NULL"},
160  {
161  .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
162  RTE_CRYPTO_CIPHER_AES_CBC,.name = "AES_CBC"},
163  {
164  .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
165  RTE_CRYPTO_CIPHER_AES_CTR,.name = "AES_CTR"},
166  {
167  .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
168  RTE_CRYPTO_CIPHER_3DES_CBC,.name = "3DES-CBC"},
169  {
170  .type = RTE_CRYPTO_SYM_XFORM_CIPHER,.auth =
171  RTE_CRYPTO_CIPHER_AES_GCM,.name = "AES-GCM"},
172  {
173  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
174  RTE_CRYPTO_AUTH_SHA1_HMAC,.name = "HMAC-SHA1"},
175  {
176  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
177  RTE_CRYPTO_AUTH_SHA256_HMAC,.name = "HMAC-SHA256"},
178  {
179  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
180  RTE_CRYPTO_AUTH_SHA384_HMAC,.name = "HMAC-SHA384"},
181  {
182  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
183  RTE_CRYPTO_AUTH_SHA512_HMAC,.name = "HMAC-SHA512"},
184  {
185  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
186  RTE_CRYPTO_AUTH_AES_XCBC_MAC,.name = "AES-XCBC-MAC"},
187  {
188  .type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
189  RTE_CRYPTO_AUTH_AES_GCM,.name = "AES-GCM"},
190  {
191  /* tail */
192  .type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED},};
193  uint32_t i = 0;
194 
195  if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
196  return -1;
197 
198  while (supported_algo[i].type != RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)
199  {
200  if (cap->sym.xform_type == supported_algo[i].type)
201  {
202  if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
203  cap->sym.cipher.algo == supported_algo[i].cipher) ||
204  (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
205  cap->sym.auth.algo == supported_algo[i].auth))
206  {
207  if (name)
208  strcpy (name, supported_algo[i].name);
209  return 0;
210  }
211  }
212 
213  i++;
214  }
215 
216  return -1;
217 }
218 
219 #endif /* __DPDK_IPSEC_H__ */
220 
221 /*
222  * fd.io coding-style-patch-verification: ON
223  *
224  * Local Variables:
225  * eval: (c-set-style "gnu")
226  * End:
227  */
struct rte_crypto_op ** free_cops
Definition: ipsec.h:65
sll srl srl sll sra u16x4 i
Definition: vector_sse2.h:343
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
u16 is_outbound
Definition: ipsec.h:61
unsigned rte_socket_id()
struct _vlib_node_registration vlib_node_registration_t
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
Definition: vec.h:239
static_always_inline void crypto_free_cop(crypto_qp_data_t *qpd, struct rte_crypto_op **cops, u32 n)
Definition: ipsec.h:126
uword * algo_qp_map
Definition: ipsec.h:78
#define static_always_inline
Definition: clib.h:85
vlib_node_registration_t dpdk_crypto_input_node
(constructor) VLIB_REGISTER_NODE (dpdk_crypto_input_node)
Definition: crypto_node.c:58
i16 inflights
Definition: ipsec.h:62
dpdk_crypto_main_t dpdk_crypto_main
Definition: ipsec.h:87
static_always_inline void crypto_alloc_cops()
Definition: ipsec.h:94
uword os_get_cpu_number(void)
Definition: unix-misc.c:224
#define PREDICT_FALSE(x)
Definition: clib.h:97
#define VLIB_FRAME_SIZE
Definition: node.h:328
#define CRYPTO_N_FREE_COPS
Definition: ipsec.h:91
dpdk_gcm_cnt_blk cb
Definition: ipsec.h:42
#define clib_memcpy(a, b, c)
Definition: string.h:69
unsigned int u32
Definition: types.h:88
struct rte_mempool ** cop_pools
Definition: ipsec.h:83
crypto_worker_main_t * workers_main
Definition: ipsec.h:84
crypto_qp_data_t * qp_data
Definition: ipsec.h:77
u64 uword
Definition: types.h:112
unsigned short u16
Definition: types.h:57
static_always_inline int check_algo_is_supported(const struct rte_cryptodev_capabilities *cap, char *name)
Definition: ipsec.h:142
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
unsigned char u8
Definition: types.h:56
short i16
Definition: types.h:46
#define vec_foreach(var, vec)
Vector iterator.