From patchwork Tue Jul 11 14:00:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 107376 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp4921071qge; Tue, 11 Jul 2017 07:05:54 -0700 (PDT) X-Received: by 10.200.58.65 with SMTP id w59mr106243qte.136.1499781954792; Tue, 11 Jul 2017 07:05:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1499781954; cv=none; d=google.com; s=arc-20160816; b=XaYzUJEdhtvXcp7zd+cm+11xh41fQWZnBvGEW/PoO7V/gHfvujz8jFOVP3qGWsMjmW kGrN6EanPTIEdCzOl59X8g7wpbInvRBLjZMd4Rxoce8RoH/ymDwbUHXuRp5nwNwhLkKs t9MGcdyMzcPz/NUMt2oY+SQGMMznyHFwp9WQ7t/oLQlAp6CShzn0VleNkOkrd9444qsL 0QyuX7VAUTv2p0zP8WP7pTstq/hfIxVK3n8xl9Zr8IcPi5oKr0Mit/862AJ8dXUUzLBv LotFXTNcsu7Q9Pxx04IRRj3nnSxG+mjB/Qzt6pGi0vyXODgwt6kwsGl8C7/9i1Ww3zJH 9BBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=IkZJygbjwxyiw2yLmrPzqAPGA7/HpDfkjoh51OzoRyI=; b=YGR2XKrH9sD2ZrE7+1rfDVg7S+3qbOGuLcrFb7oYAdfKZhzozzYWwLY5//GDjc3Av6 MbVJ4TjOoo6oUowklxaB95NZ9x3a1m0a31H8tWBCmdp0jQbLUqcpbNKWGb+qvPJsr0t5 G/GxVo0KS0Gm7l5bciXrqlUWBuVuJM4ImeWeumtqwsfnQcdR8zX09iqFlHMGHeM32Vla 4hpXRFtJsd88R5g3aeAbp7KWkIsKDS0XIXDVl7t9sTvwvAGBR/1YrrNV2Jw9LaYD4SdM H07SvNU+beHPeI1qQxY7qoxxlY2sLXmK1nqNN3DhqwP6QtXDkrlVL5uEipI2TRpMY/Kd T56A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id a7si33521qtb.208.2017.07.11.07.05.54; Tue, 11 Jul 2017 07:05:54 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 22BFB60CD1; Tue, 11 Jul 2017 14:05:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 0CC4160D69; Tue, 11 Jul 2017 14:04:46 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 3932160CD1; Tue, 11 Jul 2017 14:04:40 +0000 (UTC) Received: from forward1j.cmail.yandex.net (forward1j.cmail.yandex.net [5.255.227.19]) by lists.linaro.org (Postfix) with ESMTPS id E4C1560A49 for ; Tue, 11 Jul 2017 14:03:52 +0000 (UTC) Received: from smtp2j.mail.yandex.net (smtp2j.mail.yandex.net [95.108.130.60]) by forward1j.cmail.yandex.net (Yandex) with ESMTP id 9963021199 for ; Tue, 11 Jul 2017 17:03:51 +0300 (MSK) Received: from smtp2j.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp2j.mail.yandex.net (Yandex) with ESMTP id 0EA573EC35B7 for ; Tue, 11 Jul 2017 17:00:50 +0300 (MSK) Received: by smtp2j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id OI4ujX4Yll-0oLmJCbu; Tue, 11 Jul 2017 17:00:50 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 11 Jul 2017 17:00:29 +0300 Message-Id: <1499781629-30670-11-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1499781629-30670-1-git-send-email-odpbot@yandex.ru> References: <1499781629-30670-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 64 Subject: [lng-odp] [PATCH API-NEXT v9 10/10] example: ipsec: rewrite using Crypto packet API X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 64 (lumag:crypto-packet) ** https://github.com/Linaro/odp/pull/64 ** Patch: https://github.com/Linaro/odp/pull/64.patch ** Base sha: c7718962c6633c80eb71a0400d89c31f11f88045 ** Merge commit sha: 6b4b95ac299d32801f55cf75ba31016675ac1afb **/ example/ipsec/odp_ipsec.c | 118 ++++++++++++++++++++++++---------------- example/ipsec/odp_ipsec_cache.c | 17 +++++- example/ipsec/odp_ipsec_cache.h | 7 ++- example/ipsec/odp_ipsec_misc.h | 2 +- 4 files changed, 91 insertions(+), 53 deletions(-) diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index c618cc46..5df8f154 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -144,7 +144,7 @@ typedef struct { uint32_t dst_ip; /**< SA dest IP address */ /* Output only */ - odp_crypto_op_param_t params; /**< Parameters for crypto call */ + odp_crypto_packet_op_param_t params; /**< Parameters for crypto call */ uint32_t *ah_seq; /**< AH sequence number location */ uint32_t *esp_seq; /**< ESP sequence number location */ uint16_t *tun_hdr_id; /**< Tunnel header ID > */ @@ -393,7 +393,9 @@ void ipsec_init_post(crypto_api_mode_e api_mode) auth_sa, tun, api_mode, - entry->input)) { + entry->input, + completionq, + out_pool)) { EXAMPLE_ERR("Error: IPSec cache entry failed.\n" ); exit(EXIT_FAILURE); @@ -627,19 +629,18 @@ pkt_disposition_e do_route_fwd_db(odp_packet_t pkt, pkt_ctx_t *ctx) * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, +pkt_disposition_e do_ipsec_in_classify(odp_packet_t *pkt, pkt_ctx_t *ctx, - odp_bool_t *skip, - odp_crypto_op_result_t *result) + odp_bool_t *skip) { - uint8_t *buf = odp_packet_data(pkt); - odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); int hdr_len; odph_ahhdr_t *ah = NULL; odph_esphdr_t *esp = NULL; ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; - odp_bool_t posted = 0; + odp_crypto_packet_op_param_t params; + odp_packet_t out_pkt; /* Default to skip IPsec */ *skip = TRUE; @@ -661,8 +662,7 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; /*Save everything to context */ ctx->ipsec.ip_tos = ip->tos; @@ -697,12 +697,17 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Issue crypto request */ *skip = FALSE; ctx->state = PKT_STATE_IPSEC_IN_FINISH; - if (odp_crypto_operation(¶ms, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, ¶ms, 1)) + abort(); + return PKT_POSTED; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; + + if (odp_crypto_packet_op(pkt, &out_pkt, ¶ms, 1)) + abort(); + *pkt = out_pkt; + + return PKT_CONTINUE; } /** @@ -715,18 +720,20 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_in_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_result_t result; int hdr_len = ctx->ipsec.hdr_len; int trl_len = 0; + odp_crypto_packet_result(&result, pkt); + /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_op_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_op_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -816,7 +823,7 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, uint16_t ip_data_len = ipv4_data_len(ip); uint8_t *ip_data = ipv4_data_p(ip); ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; + odp_crypto_packet_op_param_t params; int hdr_len = 0; int trl_len = 0; odph_ahhdr_t *ah = NULL; @@ -840,8 +847,6 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; if (entry->mode == IPSEC_SA_MODE_TUNNEL) { hdr_len += sizeof(odph_ipv4hdr_t); @@ -949,12 +954,19 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) +pkt_disposition_e do_ipsec_out_seq(odp_packet_t *pkt, + pkt_ctx_t *ctx) { - uint8_t *buf = odp_packet_data(pkt); - odp_bool_t posted = 0; + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); + odp_packet_t out_pkt; + ipsec_cache_entry_t *entry; + + entry = find_ipsec_cache_entry_out(odp_be_to_cpu_32(ip->src_addr), + odp_be_to_cpu_32(ip->dst_addr), + ip->proto); + if (!entry) + return PKT_DROP; /* We were dispatched from atomic queue, assign sequence numbers */ if (ctx->ipsec.ah_offset) { @@ -985,13 +997,22 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, } } + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; + /* Issue crypto request */ - if (odp_crypto_operation(&ctx->ipsec.params, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, + &ctx->ipsec.params, 1)) + abort(); + return PKT_POSTED; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; + + if (odp_crypto_packet_op(pkt, &out_pkt, + &ctx->ipsec.params, 1)) + abort(); + *pkt = out_pkt; + + return PKT_CONTINUE; } /** @@ -1004,16 +1025,18 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_out_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_result_t result; + + odp_crypto_packet_result(&result, pkt); /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_op_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_op_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -1063,15 +1086,15 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) pkt_disposition_e rc; pkt_ctx_t *ctx; odp_queue_t dispatchq; - odp_crypto_op_result_t result; + odp_event_subtype_t subtype; /* Use schedule to get event from any input queue */ ev = schedule(&dispatchq); /* Determine new work versus completion or sequence number */ - if (ODP_EVENT_PACKET == odp_event_type(ev)) { + if (ODP_EVENT_PACKET == odp_event_types(ev, &subtype)) { pkt = odp_packet_from_event(ev); - if (seqnumq == dispatchq) { + if (seqnumq == dispatchq || completionq == dispatchq) { ctx = get_pkt_ctx_from_pkt(pkt); } else { ctx = alloc_pkt_ctx(pkt); @@ -1110,15 +1133,14 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_IN_CLASSIFY: ctx->state = PKT_STATE_ROUTE_LOOKUP; - rc = do_ipsec_in_classify(pkt, + rc = do_ipsec_in_classify(&pkt, ctx, - &skip, - &result); + &skip); break; case PKT_STATE_IPSEC_IN_FINISH: - rc = do_ipsec_in_finish(pkt, ctx, &result); + rc = do_ipsec_in_finish(pkt, ctx); ctx->state = PKT_STATE_ROUTE_LOOKUP; break; @@ -1145,12 +1167,12 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_OUT_SEQ: ctx->state = PKT_STATE_IPSEC_OUT_FINISH; - rc = do_ipsec_out_seq(pkt, ctx, &result); + rc = do_ipsec_out_seq(&pkt, ctx); break; case PKT_STATE_IPSEC_OUT_FINISH: - rc = do_ipsec_out_finish(pkt, ctx, &result); + rc = do_ipsec_out_finish(pkt, ctx); ctx->state = PKT_STATE_TRANSMIT; break; diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index e4150336..18a98a29 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -40,7 +40,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in) + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool) { odp_crypto_session_param_t params; ipsec_cache_entry_t *entry; @@ -63,8 +65,17 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, /* Setup parameters and call crypto library to create session */ params.op = (in) ? ODP_CRYPTO_OP_DECODE : ODP_CRYPTO_OP_ENCODE; params.auth_cipher_text = TRUE; - params.compl_queue = ODP_QUEUE_INVALID; - params.output_pool = ODP_POOL_INVALID; + if (CRYPTO_API_SYNC == api_mode) { + params.packet_op_mode = ODP_CRYPTO_SYNC; + params.compl_queue = ODP_QUEUE_INVALID; + params.output_pool = ODP_POOL_INVALID; + entry->async = FALSE; + } else { + params.packet_op_mode = ODP_CRYPTO_ASYNC; + params.compl_queue = completionq; + params.output_pool = out_pool; + entry->async = TRUE; + } if (CRYPTO_API_ASYNC_NEW_BUFFER == api_mode) entry->in_place = FALSE; diff --git a/example/ipsec/odp_ipsec_cache.h b/example/ipsec/odp_ipsec_cache.h index ce37ccce..45010249 100644 --- a/example/ipsec/odp_ipsec_cache.h +++ b/example/ipsec/odp_ipsec_cache.h @@ -32,6 +32,7 @@ typedef enum { typedef struct ipsec_cache_entry_s { struct ipsec_cache_entry_s *next; /**< Next entry on list */ odp_bool_t in_place; /**< Crypto API mode */ + odp_bool_t async; /**< ASYNC or SYNC mode */ uint32_t src_ip; /**< Source v4 address */ uint32_t dst_ip; /**< Destination v4 address */ sa_mode_t mode; /**< SA mode - transport/tun */ @@ -85,6 +86,8 @@ void init_ipsec_cache(void); * @param tun Tunnel DB entry pointer * @param api_mode Crypto API mode for testing * @param in Direction (input versus output) + * @param completionq Completion queue + * @param out_pool Output buffer pool * * @return 0 if successful else -1 */ @@ -92,7 +95,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in); + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool); /** * Find a matching IPsec cache entry for input packet diff --git a/example/ipsec/odp_ipsec_misc.h b/example/ipsec/odp_ipsec_misc.h index 20ebe9fc..346cc1c2 100644 --- a/example/ipsec/odp_ipsec_misc.h +++ b/example/ipsec/odp_ipsec_misc.h @@ -321,7 +321,7 @@ void ipv4_adjust_len(odph_ipv4hdr_t *ip, int adj) /** * Verify crypto operation completed successfully * - * @param status Pointer to crypto op status structure + * @param status Pointer to cryto completion structure * * @return TRUE if all OK else FALSE */