25 #define DPDK_CRYPTO_NB_SESS_OBJS 20000 26 #define DPDK_CRYPTO_CACHE_SIZE 512 27 #define DPDK_CRYPTO_PRIV_SIZE 128 28 #define DPDK_CRYPTO_N_QUEUE_DESC 1024 29 #define DPDK_CRYPTO_NB_COPS (1024 * 4) 50 for (is_outbound = 0; is_outbound < 2; is_outbound++)
66 if (rte_cryptodev_sym_session_free(dev_id, sa_sess->
sess))
71 memset(sa_sess, 0,
sizeof(sa_sess[0]));
82 u8 cdev_id,
u16 qp_id,
u8 is_outbound,
u16 * idx)
91 if (qpd->
dev_id == cdev_id && qpd->
qp_id == qp_id &&
111 u8 cdev_id,
u16 qp,
u8 is_outbound,
112 const struct rte_cryptodev_capabilities *cipher_cap,
113 const struct rte_cryptodev_capabilities *auth_cap)
116 uword key = 0, data, *ret;
129 data = (
uword) qp_index;
142 struct rte_cryptodev_info *dev_info,
u8 cdev_id,
143 u16 qp,
u8 is_outbound)
145 const struct rte_cryptodev_capabilities *
i, *j;
148 for (i = dev_info->capabilities; i->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; i++)
150 if (i->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
156 for (j = dev_info->capabilities; j->op != RTE_CRYPTO_OP_TYPE_UNDEFINED;
159 if (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
165 mapped |=
add_mapping (cwm, cdev_id, qp, is_outbound, i, j);
182 for (cdev_id = 0; cdev_id < rte_cryptodev_count (); cdev_id++)
184 struct rte_cryptodev_info cdev_info;
186 rte_cryptodev_info_get (cdev_id, &cdev_info);
189 (cdev_info.feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
192 n_qs += cdev_info.max_nb_queue_pairs;
195 if (n_qs >= n_req_qs)
204 if (sa->
crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
206 if (sa->
integ_alg != IPSEC_INTEG_ALG_NONE)
208 "crypto-algo aes-gcm-128",
210 sa->
integ_alg = IPSEC_INTEG_ALG_AES_GCM_128;
214 if (sa->
integ_alg == IPSEC_INTEG_ALG_NONE ||
215 sa->
integ_alg == IPSEC_INTEG_ALG_AES_GCM_128)
230 struct rte_cryptodev_config dev_conf;
231 struct rte_cryptodev_qp_conf qp_conf;
232 struct rte_cryptodev_info cdev_info;
233 struct rte_mempool *rmp;
239 clib_warning (
"not enough Cryptodevs, default to OpenSSL IPsec");
247 fprintf (stdout,
"DPDK Cryptodevs info:\n");
248 fprintf (stdout,
"dev_id\tn_qp\tnb_obj\tcache_size\n");
250 for (dev_id = rte_cryptodev_count () - 1; dev_id >= 0; dev_id--)
252 u16 max_nb_qp, qp = 0;
255 rte_cryptodev_info_get (dev_id, &cdev_info);
258 (cdev_info.feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
261 max_nb_qp = cdev_info.max_nb_queue_pairs;
283 clib_warning (
"unable to create hash table for worker %u",
290 for (is_outbound = 0; is_outbound < 2 && qp < max_nb_qp;
298 dev_conf.socket_id = rte_cryptodev_socket_id (dev_id);
299 dev_conf.nb_queue_pairs = cdev_info.max_nb_queue_pairs;
303 ret = rte_cryptodev_configure (dev_id, &dev_conf);
311 for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
313 ret = rte_cryptodev_queue_pair_setup (dev_id, qp, &qp_conf,
317 clib_warning (
"cryptodev %u qp %u setup error", dev_id, qp);
326 u8 *pool_name =
format (0,
"crypto_op_pool_socket%u%c",
327 dev_conf.socket_id, 0);
329 rmp = rte_crypto_op_pool_create ((
char *) pool_name,
330 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
340 clib_warning (
"failed to allocate mempool on socket %u",
347 fprintf (stdout,
"%u\t%u\t%u\t%u\n", dev_id, dev_conf.nb_queue_pairs,
377 VLIB_NODE_STATE_POLLING);
386 struct rte_mempool **mp;
394 rte_mempool_free (mp[0]);
407 .name =
"dpdk-ipsec-process",
408 .process_log2_n_stack_bytes = 17,
static int add_mapping(crypto_worker_main_t *cwm, u8 cdev_id, u16 qp, u8 is_outbound, const struct rte_cryptodev_capabilities *cipher_cap, const struct rte_cryptodev_capabilities *auth_cap)
#define vec_foreach_index(var, v)
Iterate over vector indices.
#define hash_set(h, key, value)
sll srl srl sll sra u16x4 i
i32(* add_del_sa_sess_cb)(u32 sa_index, u8 is_add)
#define DPDK_CRYPTO_NB_SESS_OBJS
ipsec_integ_alg_t integ_alg
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
#define DPDK_CRYPTO_PRIV_SIZE
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
vlib_node_registration_t dpdk_crypto_input_node
(constructor) VLIB_REGISTER_NODE (dpdk_crypto_input_node)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
#define vec_alloc(V, N)
Allocate space for N more elements (no header, unspecified alignment)
static uword vlib_node_add_next(vlib_main_t *vm, uword node, uword next_node)
dpdk_crypto_main_t dpdk_crypto_main
static void update_qp_data(crypto_worker_main_t *cwm, u8 cdev_id, u16 qp_id, u8 is_outbound, u16 *idx)
static_always_inline void dpdk_esp_init()
u32 esp_encrypt_next_index
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
#define clib_error_return(e, args...)
ipsec_main_callbacks_t cb
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
clib_error_t *(* check_support_cb)(ipsec_sa_t *sa)
#define DPDK_CRYPTO_NB_COPS
static int check_cryptodev_queues()
u32 esp_encrypt_node_index
#define vec_free(V)
Free vector's memory (no header).
u32 esp_decrypt_next_index
#define clib_warning(format, args...)
static int add_del_sa_sess(u32 sa_index, u8 is_add)
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
static int add_cdev_mapping(crypto_worker_main_t *cwm, struct rte_cryptodev_info *dev_info, u8 cdev_id, u16 qp, u8 is_outbound)
#define hash_create(elts, value_bytes)
struct rte_mempool ** cop_pools
crypto_worker_main_t * workers_main
#define DPDK_CRYPTO_CACHE_SIZE
static void vlib_node_set_state(vlib_main_t *vm, u32 node_index, vlib_node_state_t new_state)
Set node dispatch state.
crypto_qp_data_t * qp_data
crypto_sa_session_t * sa_sess_d[2]
#define vec_elt(v, i)
Get vector value at index i.
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
vlib_main_t ** vlib_mains
static vlib_node_registration_t dpdk_ipsec_process_node
(constructor) VLIB_REGISTER_NODE (dpdk_ipsec_process_node)
static_always_inline int check_algo_is_supported(const struct rte_cryptodev_capabilities *cap, char *name)
#define DPDK_CRYPTO_N_QUEUE_DESC
ipsec_crypto_alg_t crypto_alg
#define VLIB_REGISTER_NODE(x,...)
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
static uword dpdk_ipsec_process(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
#define vec_foreach(var, vec)
Vector iterator.
#define CLIB_CACHE_LINE_BYTES
static clib_error_t * dpdk_ipsec_check_support(ipsec_sa_t *sa)
u32 esp_decrypt_node_index