From patchwork Sat Jul 1 10:00:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 106810 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp3327770qge; Sat, 1 Jul 2017 03:11:07 -0700 (PDT) X-Received: by 10.237.35.76 with SMTP id i12mr9772002qtc.25.1498903866983; Sat, 01 Jul 2017 03:11:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498903866; cv=none; d=google.com; s=arc-20160816; b=g0izokhiJHBYjDaGl/VDLiCi7X8iOUcyw4nGSfvxAYMTWHiqksxB/xdxMFt4IEaHrK y5OUEuLBnA+arKbg9z/IIgcG2mTmv/rUhCavR7C3E1U6JouB4jfvpV4vHikoqpggNkIK 2iD/5rY/hP6w3fvKvGoCNTehvTE//vGFk2qCyjmT2YYjODh4mLZavc676+bZDrzwnXQb EMGk53UDU97NFCop16WmSA9R6QbKGUFAIxoU2wnvwJ2Nfn+OAPlucCT3XfLrm7OmYpS1 XlgvtUiWgH5rDrolfHLco2LQ0bEz38zBydpkVTZmslI7CmJ5P75quv03qf+0f0eMrkl2 0GiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=FUbJV+AvuST+zDLbGdZRcWkGg/vK03ycvBAJaQ429Bc=; b=Lxbt7ES6CbNnYDsurPGBhtgDm/aVTeH213l9u83W8wKfzrInrXv6WnjaW/xqj89TPY 40c1SR+P9stCSl0rOR7hj1DfsVt9EhRTFoKFr5gTOCsuSIOtCO0yOSGvykf12kSOt07y Lu+zxWKjJvwolCyRwDdBWA8pQQrzziMVoyxcL5swzgtvJLCqHKmEM+Ry69JUWueVbLly +FlpXO06jNAFizK3U3+XsBk4LqDQhQTHwYqvEM6AHpXTm9Yku2Xx+GkYntmEuv7B0p1J p+gqjTBkJ3JxYDGPC6MlEmsYS+bZQg1sO/vcCTqVTifqUl3rCZvLM1++RWznKk9ftWRz lNww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id q48si9610733qtc.219.2017.07.01.03.11.06; Sat, 01 Jul 2017 03:11:06 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 9BA1D60A06; Sat, 1 Jul 2017 10:11:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 938B462DF4; Sat, 1 Jul 2017 10:01:57 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 834DF62DFB; Sat, 1 Jul 2017 10:01:45 +0000 (UTC) Received: from forward3h.cmail.yandex.net (forward3h.cmail.yandex.net [87.250.230.18]) by lists.linaro.org (Postfix) with ESMTPS id 67AB160985 for ; Sat, 1 Jul 2017 10:00:25 +0000 (UTC) Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b6:7]) by forward3h.cmail.yandex.net (Yandex) with ESMTP id 19984210AE for ; Sat, 1 Jul 2017 13:00:24 +0300 (MSK) Received: from smtp2p.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp2p.mail.yandex.net (Yandex) with ESMTP id EA6451A80057 for ; Sat, 1 Jul 2017 13:00:23 +0300 (MSK) Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id qX4dfs6pfd-0Nf48sLg; Sat, 01 Jul 2017 13:00:23 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sat, 1 Jul 2017 13:00:08 +0300 Message-Id: <1498903208-7527-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1498903208-7527-1-git-send-email-odpbot@yandex.ru> References: <1498903208-7527-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 64 Subject: [lng-odp] [PATCH API-NEXT v5 10/10] example: ipsec: rewrite using Crypto packet API X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 64 (lumag:crypto-packet) ** https://github.com/Linaro/odp/pull/64 ** Patch: https://github.com/Linaro/odp/pull/64.patch ** Base sha: 7a5813042d58598e1c66243d8cfed548302edfc4 ** Merge commit sha: 503ae4dbca9c82be6657b05369d23a484ef0cba8 **/ example/ipsec/odp_ipsec.c | 116 +++++++++++++++++++++++----------------- example/ipsec/odp_ipsec_cache.c | 17 ++++-- example/ipsec/odp_ipsec_cache.h | 7 ++- example/ipsec/odp_ipsec_misc.h | 2 +- 4 files changed, 89 insertions(+), 53 deletions(-) diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index c618cc46..91d19abf 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -144,7 +144,7 @@ typedef struct { uint32_t dst_ip; /**< SA dest IP address */ /* Output only */ - odp_crypto_op_param_t params; /**< Parameters for crypto call */ + odp_crypto_packet_op_param_t params; /**< Parameters for crypto call */ uint32_t *ah_seq; /**< AH sequence number location */ uint32_t *esp_seq; /**< ESP sequence number location */ uint16_t *tun_hdr_id; /**< Tunnel header ID > */ @@ -393,7 +393,9 @@ void ipsec_init_post(crypto_api_mode_e api_mode) auth_sa, tun, api_mode, - entry->input)) { + entry->input, + completionq, + out_pool)) { EXAMPLE_ERR("Error: IPSec cache entry failed.\n" ); exit(EXIT_FAILURE); @@ -627,19 +629,18 @@ pkt_disposition_e do_route_fwd_db(odp_packet_t pkt, pkt_ctx_t *ctx) * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, +pkt_disposition_e do_ipsec_in_classify(odp_packet_t *pkt, pkt_ctx_t *ctx, - odp_bool_t *skip, - odp_crypto_op_result_t *result) + odp_bool_t *skip) { - uint8_t *buf = odp_packet_data(pkt); - odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); int hdr_len; odph_ahhdr_t *ah = NULL; odph_esphdr_t *esp = NULL; ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; - odp_bool_t posted = 0; + odp_crypto_packet_op_param_t params; + odp_packet_t out_pkt; /* Default to skip IPsec */ *skip = TRUE; @@ -661,8 +662,7 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; /*Save everything to context */ ctx->ipsec.ip_tos = ip->tos; @@ -697,12 +697,16 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Issue crypto request */ *skip = FALSE; ctx->state = PKT_STATE_IPSEC_IN_FINISH; - if (odp_crypto_operation(¶ms, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, ¶ms, 1)) + abort(); + return PKT_POSTED; + } else { + if (odp_crypto_packet_op(pkt, &out_pkt, ¶ms, 1)) + abort(); + *pkt = out_pkt; + return PKT_CONTINUE; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; } /** @@ -715,18 +719,20 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_in_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_op_result_t result; int hdr_len = ctx->ipsec.hdr_len; int trl_len = 0; + odp_crypto_packet_result(&result, pkt); + /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_op_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_op_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -816,7 +822,7 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, uint16_t ip_data_len = ipv4_data_len(ip); uint8_t *ip_data = ipv4_data_p(ip); ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; + odp_crypto_packet_op_param_t params; int hdr_len = 0; int trl_len = 0; odph_ahhdr_t *ah = NULL; @@ -840,8 +846,6 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; if (entry->mode == IPSEC_SA_MODE_TUNNEL) { hdr_len += sizeof(odph_ipv4hdr_t); @@ -949,12 +953,19 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) +pkt_disposition_e do_ipsec_out_seq(odp_packet_t *pkt, + pkt_ctx_t *ctx) { - uint8_t *buf = odp_packet_data(pkt); - odp_bool_t posted = 0; + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); + odp_packet_t out_pkt; + ipsec_cache_entry_t *entry; + + entry = find_ipsec_cache_entry_out(odp_be_to_cpu_32(ip->src_addr), + odp_be_to_cpu_32(ip->dst_addr), + ip->proto); + if (!entry) + return PKT_DROP; /* We were dispatched from atomic queue, assign sequence numbers */ if (ctx->ipsec.ah_offset) { @@ -985,13 +996,21 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, } } + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; + /* Issue crypto request */ - if (odp_crypto_operation(&ctx->ipsec.params, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, + &ctx->ipsec.params, 1)) + abort(); + return PKT_POSTED; + } else { + if (odp_crypto_packet_op(pkt, &out_pkt, + &ctx->ipsec.params, 1)) + abort(); + *pkt = out_pkt; + return PKT_CONTINUE; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; } /** @@ -1004,16 +1023,18 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_out_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_op_result_t result; + + odp_crypto_packet_result(&result, pkt); /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_op_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_op_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -1063,15 +1084,15 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) pkt_disposition_e rc; pkt_ctx_t *ctx; odp_queue_t dispatchq; - odp_crypto_op_result_t result; + odp_event_subtype_t subtype; /* Use schedule to get event from any input queue */ ev = schedule(&dispatchq); /* Determine new work versus completion or sequence number */ - if (ODP_EVENT_PACKET == odp_event_type(ev)) { + if (ODP_EVENT_PACKET == odp_event_types(ev, &subtype)) { pkt = odp_packet_from_event(ev); - if (seqnumq == dispatchq) { + if (seqnumq == dispatchq || completionq == dispatchq) { ctx = get_pkt_ctx_from_pkt(pkt); } else { ctx = alloc_pkt_ctx(pkt); @@ -1110,15 +1131,14 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_IN_CLASSIFY: ctx->state = PKT_STATE_ROUTE_LOOKUP; - rc = do_ipsec_in_classify(pkt, + rc = do_ipsec_in_classify(&pkt, ctx, - &skip, - &result); + &skip); break; case PKT_STATE_IPSEC_IN_FINISH: - rc = do_ipsec_in_finish(pkt, ctx, &result); + rc = do_ipsec_in_finish(pkt, ctx); ctx->state = PKT_STATE_ROUTE_LOOKUP; break; @@ -1145,12 +1165,12 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_OUT_SEQ: ctx->state = PKT_STATE_IPSEC_OUT_FINISH; - rc = do_ipsec_out_seq(pkt, ctx, &result); + rc = do_ipsec_out_seq(&pkt, ctx); break; case PKT_STATE_IPSEC_OUT_FINISH: - rc = do_ipsec_out_finish(pkt, ctx, &result); + rc = do_ipsec_out_finish(pkt, ctx); ctx->state = PKT_STATE_TRANSMIT; break; diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index e4150336..18a98a29 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -40,7 +40,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in) + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool) { odp_crypto_session_param_t params; ipsec_cache_entry_t *entry; @@ -63,8 +65,17 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, /* Setup parameters and call crypto library to create session */ params.op = (in) ? ODP_CRYPTO_OP_DECODE : ODP_CRYPTO_OP_ENCODE; params.auth_cipher_text = TRUE; - params.compl_queue = ODP_QUEUE_INVALID; - params.output_pool = ODP_POOL_INVALID; + if (CRYPTO_API_SYNC == api_mode) { + params.packet_op_mode = ODP_CRYPTO_SYNC; + params.compl_queue = ODP_QUEUE_INVALID; + params.output_pool = ODP_POOL_INVALID; + entry->async = FALSE; + } else { + params.packet_op_mode = ODP_CRYPTO_ASYNC; + params.compl_queue = completionq; + params.output_pool = out_pool; + entry->async = TRUE; + } if (CRYPTO_API_ASYNC_NEW_BUFFER == api_mode) entry->in_place = FALSE; diff --git a/example/ipsec/odp_ipsec_cache.h b/example/ipsec/odp_ipsec_cache.h index ce37ccce..45010249 100644 --- a/example/ipsec/odp_ipsec_cache.h +++ b/example/ipsec/odp_ipsec_cache.h @@ -32,6 +32,7 @@ typedef enum { typedef struct ipsec_cache_entry_s { struct ipsec_cache_entry_s *next; /**< Next entry on list */ odp_bool_t in_place; /**< Crypto API mode */ + odp_bool_t async; /**< ASYNC or SYNC mode */ uint32_t src_ip; /**< Source v4 address */ uint32_t dst_ip; /**< Destination v4 address */ sa_mode_t mode; /**< SA mode - transport/tun */ @@ -85,6 +86,8 @@ void init_ipsec_cache(void); * @param tun Tunnel DB entry pointer * @param api_mode Crypto API mode for testing * @param in Direction (input versus output) + * @param completionq Completion queue + * @param out_pool Output buffer pool * * @return 0 if successful else -1 */ @@ -92,7 +95,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in); + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool); /** * Find a matching IPsec cache entry for input packet diff --git a/example/ipsec/odp_ipsec_misc.h b/example/ipsec/odp_ipsec_misc.h index 20ebe9fc..346cc1c2 100644 --- a/example/ipsec/odp_ipsec_misc.h +++ b/example/ipsec/odp_ipsec_misc.h @@ -321,7 +321,7 @@ void ipv4_adjust_len(odph_ipv4hdr_t *ip, int adj) /** * Verify crypto operation completed successfully * - * @param status Pointer to crypto op status structure + * @param status Pointer to cryto completion structure * * @return TRUE if all OK else FALSE */