d5/d6c/extras_2deprecated_2dpdk-ipsec_2ipsec_8h_source.html

/*

 * Copyright (c) 2017 Intel and/or its affiliates.

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef __DPDK_IPSEC_H__

#define __DPDK_IPSEC_H__


#include <vnet/vnet.h>

#include <vppinfra/cache.h>

#include <vnet/ipsec/ipsec.h>

#include <vnet/ipsec/ipsec_sa.h>


#undef always_inline

#include <rte_config.h>

#include <rte_crypto.h>

#include <rte_cryptodev.h>


#if CLIB_DEBUG > 0

#define always_inline static inline

#else

#define always_inline static inline __attribute__ ((__always_inline__))

#endif


#define DPDK_CRYPTO_N_QUEUE_DESC  2048

#define DPDK_CRYPTO_NB_SESS_OBJS  20000


#define foreach_dpdk_crypto_input_next          \

  _(DROP, "error-drop")                         \

  _(IP4_LOOKUP, "ip4-lookup")                   \

  _(IP6_LOOKUP, "ip6-lookup")                   \

  _(INTERFACE_OUTPUT, "interface-output")       \

  _(MIDCHAIN, "adj-midchain-tx")                 \

  _(DECRYPT4_POST, "dpdk-esp4-decrypt-post")     \

  _(DECRYPT6_POST, "dpdk-esp6-decrypt-post")


typedef enum

{

#define _(f,s) DPDK_CRYPTO_INPUT_NEXT_##f,

  foreach_dpdk_crypto_input_next

#undef _

    DPDK_CRYPTO_INPUT_N_NEXT,

} dpdk_crypto_input_next_t;


#define MAX_QP_PER_LCORE 16


typedef struct

{

  u32 salt;

  u32 iv[2];

  u32 cnt;

} dpdk_gcm_cnt_blk;


typedef struct

{

  u32 next;

  u32 bi;

  u8 encrypt;

    CLIB_ALIGN_MARK (mark0, 16);

  dpdk_gcm_cnt_blk cb;

  u8 aad[16];

  u8 icv[32];                   /* XXX last 16B in next cache line */

} dpdk_op_priv_t;


typedef struct

{

  u16 *resource_idx;

  struct rte_crypto_op **ops;

  u16 cipher_resource_idx[IPSEC_CRYPTO_N_ALG];

  u16 auth_resource_idx[IPSEC_INTEG_N_ALG];

    CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);

} crypto_worker_main_t;


typedef struct

{

  CLIB_ALIGN_MARK (pad, 8);     /* align up to 8 bytes for 32bit builds */

  char *name;

  enum rte_crypto_sym_xform_type type;

  u32 alg;

  u8 key_len;

  u8 iv_len;

  u8 trunc_size;

  u8 boundary;

  u8 disabled;

  u8 resources;

} crypto_alg_t;


typedef struct

{

  u16 *free_resources;

  u16 *used_resources;

  u8 cipher_support[IPSEC_CRYPTO_N_ALG];

  u8 auth_support[IPSEC_INTEG_N_ALG];

  u8 drv_id;

  u8 numa;

  u16 id;

  const char *name;

  u32 max_qp;

  u64 features;

} crypto_dev_t;


typedef struct

{

  const char *name;

  u16 *devs;

} crypto_drv_t;


typedef struct

{

  u16 thread_idx;

  u8 remove;

  u8 drv_id;

  u8 dev_id;

  u8 numa;

  u16 qp_id;

  u16 inflights[2];

  u16 n_ops;

  u16 __unused;

  struct rte_crypto_op *ops[VLIB_FRAME_SIZE];

  u32 bi[VLIB_FRAME_SIZE];

    CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);

} crypto_resource_t;


typedef struct

{

  u64 ts;

  struct rte_cryptodev_sym_session *session;

} crypto_session_disposal_t;


typedef struct

{

  struct rte_cryptodev_sym_session *session;

  u64 dev_mask;

    CLIB_ALIGN_MARK (pad, 16);  /* align up to 16 bytes for 32bit builds */

} crypto_session_by_drv_t;


typedef struct

{

  struct rte_mempool *crypto_op;

  struct rte_mempool *session_h;

  struct rte_mempool **session_drv;

  crypto_session_disposal_t *session_disposal;

  uword *session_by_sa_index;

  u64 crypto_op_get_failed;

  u64 session_h_failed;

  u64 *session_drv_failed;

  crypto_session_by_drv_t *session_by_drv_id_and_sa_index;

  clib_spinlock_t lockp;

  /* Required for vec_validate_aligned */

    CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);

} crypto_data_t;


typedef struct

{

  crypto_worker_main_t *workers_main;

  crypto_dev_t *dev;

  crypto_resource_t *resource;

  crypto_alg_t *cipher_algs;

  crypto_alg_t *auth_algs;

  crypto_data_t *data;

  crypto_drv_t *drv;

  u64 session_timeout;          /* nsec */

  u8 enabled;

} dpdk_crypto_main_t;


extern dpdk_crypto_main_t dpdk_crypto_main;


static const u8 pad_data[] =

  { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0 };


void crypto_auto_placement (void);


clib_error_t *create_sym_session (struct rte_cryptodev_sym_session **session,

                                  u32 sa_idx, crypto_resource_t * res,

                                  crypto_worker_main_t * cwm, u8 is_outbound);


static_always_inline u32

crypto_op_len (void)

{

  const u32 align = 4;

  u32 op_size =

    sizeof (struct rte_crypto_op) + sizeof (struct rte_crypto_sym_op);


  return ((op_size + align - 1) & ~(align - 1)) + sizeof (dpdk_op_priv_t);

}


static_always_inline u32

crypto_op_get_priv_offset (void)

{

  const u32 align = 16;

  u32 offset;


  offset = sizeof (struct rte_crypto_op) + sizeof (struct rte_crypto_sym_op);

  offset = (offset + align - 1) & ~(align - 1);


  return offset;

}


static_always_inline dpdk_op_priv_t *

crypto_op_get_priv (struct rte_crypto_op * op)

{

  return (dpdk_op_priv_t *) (((u8 *) op) + crypto_op_get_priv_offset ());

}


static_always_inline void

add_session_by_drv_and_sa_idx (struct rte_cryptodev_sym_session *session,

                               crypto_data_t * data, u32 drv_id, u32 sa_idx)

{

  crypto_session_by_drv_t *sbd;

  vec_validate_aligned (data->session_by_drv_id_and_sa_index, sa_idx,

                        CLIB_CACHE_LINE_BYTES);

  sbd = vec_elt_at_index (data->session_by_drv_id_and_sa_index, sa_idx);

  sbd->dev_mask |= 1L << drv_id;

  sbd->session = session;

}


static_always_inline struct rte_cryptodev_sym_session *

get_session_by_drv_and_sa_idx (crypto_data_t * data, u32 drv_id, u32 sa_idx)

{

  crypto_session_by_drv_t *sess_by_sa;

  if (_vec_len (data->session_by_drv_id_and_sa_index) <= sa_idx)

    return NULL;

  sess_by_sa =

    vec_elt_at_index (data->session_by_drv_id_and_sa_index, sa_idx);

  return (sess_by_sa->dev_mask & (1L << drv_id)) ? sess_by_sa->session : NULL;

}


static_always_inline clib_error_t *

crypto_get_session (struct rte_cryptodev_sym_session ** session,

                    u32 sa_idx,

                    crypto_resource_t * res,

                    crypto_worker_main_t * cwm, u8 is_outbound)

{

  dpdk_crypto_main_t *dcm = &dpdk_crypto_main;

  crypto_data_t *data;

  struct rte_cryptodev_sym_session *sess;


  data = vec_elt_at_index (dcm->data, res->numa);

  sess = get_session_by_drv_and_sa_idx (data, res->drv_id, sa_idx);


  if (PREDICT_FALSE (!sess))

    return create_sym_session (session, sa_idx, res, cwm, is_outbound);


  session[0] = sess;


  return NULL;

}


static_always_inline u16

get_resource (crypto_worker_main_t * cwm, ipsec_sa_t * sa)

{

  u16 cipher_res = cwm->cipher_resource_idx[sa->crypto_alg];

  u16 auth_res = cwm->auth_resource_idx[sa->integ_alg];

  u8 is_aead;


  /* Not allowed to setup SA with no-aead-cipher/NULL or NULL/NULL */


  is_aead = ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) ||

             (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) ||

             (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256));


  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)

    return auth_res;


  if (cipher_res == auth_res)

    return cipher_res;


  if (is_aead)

    return cipher_res;


  return (u16) ~ 0;

}


static_always_inline i32

crypto_alloc_ops (u8 numa, struct rte_crypto_op ** ops, u32 n)

{

  dpdk_crypto_main_t *dcm = &dpdk_crypto_main;

  crypto_data_t *data = vec_elt_at_index (dcm->data, numa);

  i32 ret;


  ret = rte_mempool_get_bulk (data->crypto_op, (void **) ops, n);


  /* *INDENT-OFF* */

  data->crypto_op_get_failed += ! !ret;

  /* *INDENT-ON* */


  return ret;

}


static_always_inline void

crypto_free_ops (u8 numa, struct rte_crypto_op **ops, u32 n)

{

  dpdk_crypto_main_t *dcm = &dpdk_crypto_main;

  crypto_data_t *data = vec_elt_at_index (dcm->data, numa);


  if (!n)

    return;


  rte_mempool_put_bulk (data->crypto_op, (void **) ops, n);

}


static_always_inline void

crypto_enqueue_ops (vlib_main_t * vm, crypto_worker_main_t * cwm,

                    u32 node_index, u32 error, u8 numa, u8 encrypt)

{

  dpdk_crypto_main_t *dcm = &dpdk_crypto_main;

  crypto_resource_t *res;

  u16 *res_idx;


  /* *INDENT-OFF* */

  vec_foreach (res_idx, cwm->resource_idx)

    {

      u16 enq, n_ops;

      res = vec_elt_at_index (dcm->resource, res_idx[0]);


      if (!res->n_ops)

        continue;


      n_ops = (DPDK_CRYPTO_N_QUEUE_DESC / 2) - res->inflights[encrypt];

      n_ops = res->n_ops < n_ops ? res->n_ops : n_ops;

      enq = rte_cryptodev_enqueue_burst (res->dev_id, res->qp_id,

                                         res->ops, n_ops);

      ASSERT (n_ops == enq);

      res->inflights[encrypt] += enq;


      if (PREDICT_FALSE (enq < res->n_ops))

        {

          crypto_free_ops (numa, &res->ops[enq], res->n_ops - enq);

          vlib_buffer_free (vm, &res->bi[enq], res->n_ops - enq);


          vlib_node_increment_counter (vm, node_index, error,

                                       res->n_ops - enq);

        }

      res->n_ops = 0;

    }

  /* *INDENT-ON* */

}


static_always_inline void

crypto_set_icb (dpdk_gcm_cnt_blk * icb, u32 salt, u32 seq, u32 seq_hi)

{

  icb->salt = salt;

  icb->iv[0] = seq;

  icb->iv[1] = seq_hi;

}


static_always_inline void

crypto_op_setup (u8 is_aead, struct rte_mbuf *mb0,

                 struct rte_crypto_op *op, void *session,

                 u32 cipher_off, u32 cipher_len,

                 u32 auth_off, u32 auth_len,

                 u8 * aad, u8 * digest, u64 digest_paddr)

{

  struct rte_crypto_sym_op *sym_op;


  sym_op = (struct rte_crypto_sym_op *) (op + 1);


  sym_op->m_src = mb0;

  sym_op->session = session;


  if (is_aead)

    {

      sym_op->aead.data.offset = cipher_off;

      sym_op->aead.data.length = cipher_len;


      sym_op->aead.aad.data = aad;

      sym_op->aead.aad.phys_addr =

        op->phys_addr + (uintptr_t) aad - (uintptr_t) op;


      sym_op->aead.digest.data = digest;

      sym_op->aead.digest.phys_addr = digest_paddr;

    }

  else

    {

      sym_op->cipher.data.offset = cipher_off;

      sym_op->cipher.data.length = cipher_len;


      sym_op->auth.data.offset = auth_off;

      sym_op->auth.data.length = auth_len;


      sym_op->auth.digest.data = digest;

      sym_op->auth.digest.phys_addr = digest_paddr;

    }

}


#endif /* __DPDK_IPSEC_H__ */


/*

 * fd.io coding-style-patch-verification: ON

 *

 * Local Variables:

 * eval: (c-set-style "gnu")

 * End:

 */