FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
crypto_node.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * crypto_node.c - DPDK Cryptodev input node
4  *
5  * Copyright (c) 2017 Intel and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a opy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vlib/vlib.h>
21 #include <vnet/ip/ip.h>
22 #include <vnet/ethernet/ethernet.h>
23 #include <vnet/ipsec/ipsec.h>
24 
25 #include <dpdk/buffer.h>
26 #include <dpdk/device/dpdk.h>
27 #include <dpdk/device/dpdk_priv.h>
28 #include <dpdk/ipsec/ipsec.h>
29 
30 #define foreach_dpdk_crypto_input_error \
31  _(DQ_COPS, "Crypto ops dequeued") \
32  _(AUTH_FAILED, "Crypto verification failed") \
33  _(STATUS, "Crypto operation failed")
34 
35 typedef enum
36 {
37 #define _(f,s) DPDK_CRYPTO_INPUT_ERROR_##f,
39 #undef _
42 
44 #define _(n, s) s,
46 #undef _
47 };
48 
50 
51 typedef struct
52 {
53  /* dev id of this cryptodev */
57 
58 static u8 *
59 format_dpdk_crypto_input_trace (u8 * s, va_list * args)
60 {
61  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
62  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
64 
65  s = format (s, "cryptodev-id %d next-index %d", t->dev_id, t->next_index);
66 
67  return s;
68 }
69 
72  struct rte_crypto_op *op0, u16 * next)
73 {
74  if (PREDICT_FALSE (op0->status != RTE_CRYPTO_OP_STATUS_SUCCESS))
75  {
76  next[0] = DPDK_CRYPTO_INPUT_NEXT_DROP;
78  node->node_index,
79  DPDK_CRYPTO_INPUT_ERROR_STATUS, 1);
80  /* if auth failed */
81  if (op0->status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)
83  node->node_index,
84  DPDK_CRYPTO_INPUT_ERROR_AUTH_FAILED, 1);
85  }
86 }
87 
88 always_inline void
90  u8 dev_id, u32 * bis, u16 * nexts, u32 n_deq)
91 {
92  u32 n_left, n_trace;
93 
94  if (PREDICT_FALSE ((n_trace = vlib_get_trace_count (vm, node))))
95  {
96  n_left = n_deq;
97 
98  while (n_trace && n_left)
99  {
100  vlib_buffer_t *b0;
101  u16 next;
102  u32 bi;
103 
104  bi = bis[0];
105  next = nexts[0];
106 
107  b0 = vlib_get_buffer (vm, bi);
108 
109  if (PREDICT_TRUE
110  (vlib_trace_buffer (vm, node, next, b0, /* follow_chain */ 0)))
111  {
113  vlib_add_trace (vm, node, b0, sizeof (*tr));
114  tr->dev_id = dev_id;
115  tr->next_index = next;
116  n_trace--;
117  }
118 
119  n_left--;
120  nexts++;
121  bis++;
122  }
123  vlib_set_trace_count (vm, node, n_trace);
124  }
125 }
126 
130 {
131  u8 numa = rte_socket_id ();
132  u32 n_ops, total_n_deq, n_deq[2];
133  u32 bis[VLIB_FRAME_SIZE], *bi;
135  struct rte_crypto_op **ops;
136 
137  n_deq[0] = 0;
138  n_deq[1] = 0;
139  bi = bis;
140  next = nexts;
141  ops = cwm->ops;
142 
143  n_ops = total_n_deq = rte_cryptodev_dequeue_burst (res->dev_id,
144  res->qp_id,
145  ops, VLIB_FRAME_SIZE);
146  /* no op dequeued, do not proceed */
147  if (n_ops == 0)
148  return 0;
149 
150  while (n_ops >= 4)
151  {
152  struct rte_crypto_op *op0, *op1, *op2, *op3;
153 
154  /* Prefetch next iteration. */
155  if (n_ops >= 8)
156  {
157  CLIB_PREFETCH (ops[4], CLIB_CACHE_LINE_BYTES, LOAD);
158  CLIB_PREFETCH (ops[5], CLIB_CACHE_LINE_BYTES, LOAD);
159  CLIB_PREFETCH (ops[6], CLIB_CACHE_LINE_BYTES, LOAD);
160  CLIB_PREFETCH (ops[7], CLIB_CACHE_LINE_BYTES, LOAD);
161 
163  CLIB_CACHE_LINE_BYTES, LOAD);
165  CLIB_CACHE_LINE_BYTES, LOAD);
167  CLIB_CACHE_LINE_BYTES, LOAD);
169  CLIB_CACHE_LINE_BYTES, LOAD);
170  }
171 
172  op0 = ops[0];
173  op1 = ops[1];
174  op2 = ops[2];
175  op3 = ops[3];
176 
177  next[0] = crypto_op_get_priv (op0)->next;
178  next[1] = crypto_op_get_priv (op1)->next;
179  next[2] = crypto_op_get_priv (op2)->next;
180  next[3] = crypto_op_get_priv (op3)->next;
181 
182  bi[0] = crypto_op_get_priv (op0)->bi;
183  bi[1] = crypto_op_get_priv (op1)->bi;
184  bi[2] = crypto_op_get_priv (op2)->bi;
185  bi[3] = crypto_op_get_priv (op3)->bi;
186 
187  n_deq[crypto_op_get_priv (op0)->encrypt] += 1;
188  n_deq[crypto_op_get_priv (op1)->encrypt] += 1;
189  n_deq[crypto_op_get_priv (op2)->encrypt] += 1;
190  n_deq[crypto_op_get_priv (op3)->encrypt] += 1;
191 
192  dpdk_crypto_input_check_op (vm, node, op0, next + 0);
193  dpdk_crypto_input_check_op (vm, node, op1, next + 1);
194  dpdk_crypto_input_check_op (vm, node, op2, next + 2);
195  dpdk_crypto_input_check_op (vm, node, op3, next + 3);
196 
197  op0->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
198  op1->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
199  op2->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
200  op3->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
201 
202  /* next */
203  next += 4;
204  n_ops -= 4;
205  ops += 4;
206  bi += 4;
207  }
208  while (n_ops > 0)
209  {
210  struct rte_crypto_op *op0;
211 
212  op0 = ops[0];
213 
214  next[0] = crypto_op_get_priv (op0)->next;
215  bi[0] = crypto_op_get_priv (op0)->bi;
216 
217  n_deq[crypto_op_get_priv (op0)->encrypt] += 1;
218 
219  dpdk_crypto_input_check_op (vm, node, op0, next + 0);
220 
221  op0->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
222 
223  /* next */
224  next += 1;
225  n_ops -= 1;
226  ops += 1;
227  bi += 1;
228  }
229 
230  vlib_node_increment_counter (vm, node->node_index,
231  DPDK_CRYPTO_INPUT_ERROR_DQ_COPS, total_n_deq);
232 
233  res->inflights[0] -= n_deq[0];
234  res->inflights[1] -= n_deq[1];
235 
236  vlib_buffer_enqueue_to_next (vm, node, bis, nexts, total_n_deq);
237 
238  dpdk_crypto_input_trace (vm, node, res->dev_id, bis, nexts, total_n_deq);
239 
240  crypto_free_ops (numa, cwm->ops, total_n_deq);
241 
242  return total_n_deq;
243 }
244 
248 {
251  crypto_resource_t *res;
252  u32 n_deq = 0;
253  u16 *remove = NULL, *res_idx;
254  word i;
255 
256  /* *INDENT-OFF* */
257  vec_foreach (res_idx, cwm->resource_idx)
258  {
259  res = vec_elt_at_index (dcm->resource, res_idx[0]);
260  u32 inflights = res->inflights[0] + res->inflights[1];
261 
262  if (inflights)
263  n_deq += dpdk_crypto_dequeue (vm, cwm, node, res);
264 
265  inflights = res->inflights[0] + res->inflights[1];
266  if (PREDICT_FALSE (res->remove && !(inflights)))
267  vec_add1 (remove, res_idx[0]);
268  }
269  /* *INDENT-ON* */
270 
271  /* TODO removal on master thread? */
272  if (PREDICT_FALSE (remove != NULL))
273  {
274  /* *INDENT-OFF* */
275  vec_foreach (res_idx, remove)
276  {
277  i = vec_search (cwm->resource_idx, res_idx[0]);
278  vec_del1 (cwm->resource_idx, i);
279 
280  res = vec_elt_at_index (dcm->resource, res_idx[0]);
281  res->thread_idx = (u16) ~0;
282  res->remove = 0;
283 
284  i = vec_search (dcm->dev[res->dev_id].used_resources, res_idx[0]);
285  ASSERT (i != (u16) ~0);
286  vec_del1 (dcm->dev[res->dev_id].used_resources, i);
287  vec_add1 (dcm->dev[res->dev_id].free_resources, res_idx[0]);
288  }
289  /* *INDENT-ON* */
290 
291  vec_free (remove);
292  }
293 
294  return n_deq;
295 }
296 
300 {
302 }
303 
304 /* *INDENT-OFF* */
306 {
307  .name = "dpdk-crypto-input",
309  .format_trace = format_dpdk_crypto_input_trace,
310  .type = VLIB_NODE_TYPE_INPUT,
311  .state = VLIB_NODE_STATE_DISABLED,
312  .n_errors = DPDK_CRYPTO_INPUT_N_ERROR,
313  .error_strings = dpdk_crypto_input_error_strings,
314  .n_next_nodes = DPDK_CRYPTO_INPUT_N_NEXT,
315  .next_nodes =
316  {
317 #define _(s,n) [DPDK_CRYPTO_INPUT_NEXT_##s] = n,
319 #undef _
320  },
321 };
322 /* *INDENT-ON* */
323 
324 /*
325  * fd.io coding-style-patch-verification: ON
326  *
327  * Local Variables:
328  * eval: (c-set-style "gnu")
329  * End:
330  */
vlib.h
ipsec.h
dpdk_crypto_input_trace_t::next_index
u16 next_index
Definition: crypto_node.c:55
dpdk.h
frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
Definition: nat44_ei.c:3048
vlib_get_buffer
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:111
dpdk_crypto_input_trace
static void dpdk_crypto_input_trace(vlib_main_t *vm, vlib_node_runtime_t *node, u8 dev_id, u32 *bis, u16 *nexts, u32 n_deq)
Definition: crypto_node.c:89
dpdk_crypto_main_t
Definition: ipsec.h:162
foreach_dpdk_crypto_input_error
#define foreach_dpdk_crypto_input_error
Definition: crypto_node.c:30
dpdk_op_priv_t::encrypt
u8 encrypt
Definition: ipsec.h:67
crypto_dev_t::free_resources
u16 * free_resources
Definition: ipsec.h:99
next
u16 * next
Definition: nat44_ei_out2in.c:718
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:368
foreach_dpdk_crypto_input_next
#define foreach_dpdk_crypto_input_next
Definition: ipsec.h:37
node
vlib_main_t vlib_node_runtime_t * node
Definition: nat44_ei.c:3047
VLIB_NODE_TYPE_INPUT
@ VLIB_NODE_TYPE_INPUT
Definition: node.h:76
dpdk_op_priv_t::bi
u32 bi
Definition: ipsec.h:66
crypto_dev_t::used_resources
u16 * used_resources
Definition: ipsec.h:100
u16
unsigned short u16
Definition: types.h:57
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
vlib_get_trace_count
static u32 vlib_get_trace_count(vlib_main_t *vm, vlib_node_runtime_t *rt)
Definition: trace_funcs.h:212
from_frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * from_frame
Definition: esp_encrypt.c:1328
vlib_buffer_enqueue_to_next
vlib_buffer_enqueue_to_next(vm, node, from,(u16 *) nexts, frame->n_vectors)
dpdk_crypto_input_error_strings
static char * dpdk_crypto_input_error_strings[]
Definition: crypto_node.c:43
vlib_frame_t
Definition: node.h:372
ethernet.h
dpdk_crypto_input_inline
static_always_inline uword dpdk_crypto_input_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: crypto_node.c:246
dpdk_crypto_main
dpdk_crypto_main_t dpdk_crypto_main
Definition: ipsec.c:26
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:80
crypto_worker_main_t
Definition: ipsec.h:74
dpdk_op_priv_t::next
u32 next
Definition: ipsec.h:65
dpdk_crypto_input_trace_t::dev_id
u16 dev_id
Definition: crypto_node.c:54
VLIB_NODE_FN
#define VLIB_NODE_FN(node)
Definition: node.h:202
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:606
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:90
vec_elt_at_index
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
Definition: vec_bootstrap.h:203
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
crypto_resource_t::thread_idx
u16 thread_idx
Definition: ipsec.h:119
static_always_inline
#define static_always_inline
Definition: clib.h:112
DPDK_CRYPTO_INPUT_N_ERROR
@ DPDK_CRYPTO_INPUT_N_ERROR
Definition: crypto_node.c:40
uword
u64 uword
Definition: types.h:112
buffer.h
crypto_resource_t::remove
u8 remove
Definition: ipsec.h:120
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:213
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1244
i
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:261
dpdk_crypto_main_t::resource
crypto_resource_t * resource
Definition: ipsec.h:166
VLIB_NODE_FLAG_TRACE_SUPPORTED
#define VLIB_NODE_FLAG_TRACE_SUPPORTED
Definition: node.h:295
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
vlib_set_trace_count
static void vlib_set_trace_count(vlib_main_t *vm, vlib_node_runtime_t *rt, u32 count)
Definition: trace_funcs.h:226
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
vec_search
#define vec_search(v, E)
Search a vector for the index of the entry that matches.
Definition: vec.h:1054
crypto_resource_t::dev_id
u8 dev_id
Definition: ipsec.h:122
crypto_free_ops
static_always_inline void crypto_free_ops(u8 numa, struct rte_crypto_op **ops, u32 n)
Definition: ipsec.h:301
vec_free
#define vec_free(V)
Free vector's memory (no header).
Definition: vec.h:395
dpdk_crypto_main_t::workers_main
crypto_worker_main_t * workers_main
Definition: ipsec.h:164
always_inline
#define always_inline
Definition: rdma_mlx5dv.h:23
format
description fragment has unexpected format
Definition: map.api:433
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
dpdk_crypto_main_t::dev
crypto_dev_t * dev
Definition: ipsec.h:165
dpdk_crypto_input_error_t
dpdk_crypto_input_error_t
Definition: crypto_node.c:35
ip.h
u32
unsigned int u32
Definition: types.h:88
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:213
n_left
u32 n_left
Definition: interface_output.c:1078
crypto_worker_main_t::ops
struct rte_crypto_op ** ops
Definition: ipsec.h:77
crypto_resource_t::qp_id
u16 qp_id
Definition: ipsec.h:124
dpdk_crypto_dequeue
static_always_inline u32 dpdk_crypto_dequeue(vlib_main_t *vm, crypto_worker_main_t *cwm, vlib_node_runtime_t *node, crypto_resource_t *res)
Definition: crypto_node.c:128
vlib_main_t
Definition: main.h:102
vlib_node_t
Definition: node.h:247
vlib_add_trace
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace.c:628
u8
unsigned char u8
Definition: types.h:56
crypto_worker_main_t::resource_idx
u16 * resource_idx
Definition: ipsec.h:76
dpdk_crypto_input_trace_t
Definition: crypto_node.c:51
word
i64 word
Definition: types.h:111
nexts
u16 nexts[VLIB_FRAME_SIZE]
Definition: nat44_ei_out2in.c:718
vlib_node_runtime_t
Definition: node.h:454
DPDK_CRYPTO_INPUT_N_NEXT
@ DPDK_CRYPTO_INPUT_N_NEXT
Definition: ipsec.h:51
vlib_trace_buffer
static __clib_warn_unused_result int vlib_trace_buffer(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, vlib_buffer_t *b, int follow_chain)
Definition: trace_funcs.h:153
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:125
crypto_resource_t::inflights
u16 inflights[2]
Definition: ipsec.h:125
dpdk_crypto_input_check_op
static_always_inline void dpdk_crypto_input_check_op(vlib_main_t *vm, vlib_node_runtime_t *node, struct rte_crypto_op *op0, u16 *next)
Definition: crypto_node.c:71
format_dpdk_crypto_input_trace
static u8 * format_dpdk_crypto_input_trace(u8 *s, va_list *args)
Definition: crypto_node.c:59
dpdk_crypto_input_node
vlib_node_registration_t dpdk_crypto_input_node
(constructor) VLIB_REGISTER_NODE (dpdk_crypto_input_node)
Definition: crypto_node.c:305
crypto_resource_t
Definition: ipsec.h:117
crypto_op_get_priv
static_always_inline dpdk_op_priv_t * crypto_op_get_priv(struct rte_crypto_op *op)
Definition: ipsec.h:209
vec_del1
#define vec_del1(v, i)
Delete the element at index I.
Definition: vec.h:896
dpdk_priv.h
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169