From patchwork Fri Jun 30 16:00:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 106755 Delivered-To: patch@linaro.org Received: by 10.182.135.102 with SMTP id pr6csp6117776obb; Fri, 30 Jun 2017 09:13:44 -0700 (PDT) X-Received: by 10.55.53.68 with SMTP id c65mr24779234qka.225.1498839224373; Fri, 30 Jun 2017 09:13:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498839224; cv=none; d=google.com; s=arc-20160816; b=e73m3ub4nadeuGyxogN+F2vt9UMXSIC6THPe14aDiXAawvtpj/xxrNATWuhP7NrosB CFqrS+P7phz/PqcDKK/COn9a8cuNRI/PsXg13Ag1jfIJfDKsgjuhvVpYJ1GnFeFEu4NX /DNdAxRs56N3D51WpVMg/HrlXc3AqHqMcSESO/n7REUvvODfRz5Y+c2GLPETU1iIRgiO 2v3CvRu1ekeMuuVFMaRSot9ForGZZAl3KMHT1Rit5xC7MqZMA9rzfpW8WYx67UDvVygT IXQfIdVnDEUDLr7jEFg8w4S6+rKrdXb4X6IgxDPxenMr1wftuEbCUsHAuwq7c1LR3pz0 DE/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=VTZn0+RbpzjIXz07yUKiN0tsTo8G8P7IpWaTD6H3JXU=; b=qFArpu2+X/iXUFvuKv18iBYtEkqrvv3UvLKBr1CCfOji679vYezUGZgxQjJ3iZtt+u kbM/O68TqjpaN7Zi9IKkWUh78Wh0AKNcCxDJ+PzozS2fu9kbkRBa1bBnQIoFM3sSVqph hI9b5Jramr45zgWHuLxNf9Ywmgb5xlc2nTc0SYnshljHG6EGgtmTfGqaJdK9xL4zThpn Hg6GDAre3l14qdlhGb17mvQi35le0mHiSUAKmHA3RBdcIp5P2SuBbvLu46C4JILTRLEj D6xdue/BRXN4WY1x2IbgraeMC4tox2HWnE1OTSjg2Oybr92iIthzDGEB9Vlfrcm6RFBJ lqcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id a13si8041795qka.74.2017.06.30.09.13.44; Fri, 30 Jun 2017 09:13:44 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 0912160C90; Fri, 30 Jun 2017 16:13:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 07F2960CAB; Fri, 30 Jun 2017 16:06:19 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id DA89C62C59; Fri, 30 Jun 2017 16:06:03 +0000 (UTC) Received: from forward1p.cmail.yandex.net (forward1p.cmail.yandex.net [77.88.31.16]) by lists.linaro.org (Postfix) with ESMTPS id 5E89460DB2 for ; Fri, 30 Jun 2017 16:03:54 +0000 (UTC) Received: from smtp2m.mail.yandex.net (smtp2m.mail.yandex.net [IPv6:2a02:6b8:0:2519::122]) by forward1p.cmail.yandex.net (Yandex) with ESMTP id 93E5B211D2 for ; Fri, 30 Jun 2017 19:03:52 +0300 (MSK) Received: from smtp2m.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp2m.mail.yandex.net (Yandex) with ESMTP id 7578323016C0 for ; Fri, 30 Jun 2017 19:00:27 +0300 (MSK) Received: by smtp2m.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 3uDDcvG1pt-0RZ0ZjVG; Fri, 30 Jun 2017 19:00:27 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) X-Yandex-Suid-Status: 1 0 From: Github ODP bot To: lng-odp@lists.linaro.org Date: Fri, 30 Jun 2017 19:00:09 +0300 Message-Id: <1498838409-4597-10-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1498838409-4597-1-git-send-email-odpbot@yandex.ru> References: <1498838409-4597-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 64 Subject: [lng-odp] [PATCH API-NEXT v1 9/9] example: ipsec: rewrite using Crypto packet API X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov Signed-off-by: Dmitry Eremin-Solenikov --- /** Email created from pull request 64 (lumag:crypto-packet) ** https://github.com/Linaro/odp/pull/64 ** Patch: https://github.com/Linaro/odp/pull/64.patch ** Base sha: 7a5813042d58598e1c66243d8cfed548302edfc4 ** Merge commit sha: 25273ed7dee29d26a2ef7357e84a36aa4443f63e **/ example/ipsec/odp_ipsec.c | 118 ++++++++++++++++++++++++---------------- example/ipsec/odp_ipsec_cache.c | 17 +++++- example/ipsec/odp_ipsec_cache.h | 7 ++- example/ipsec/odp_ipsec_misc.h | 2 +- 4 files changed, 91 insertions(+), 53 deletions(-) diff --git a/example/ipsec/odp_ipsec.c b/example/ipsec/odp_ipsec.c index 1ed03585..487b84b9 100644 --- a/example/ipsec/odp_ipsec.c +++ b/example/ipsec/odp_ipsec.c @@ -144,7 +144,7 @@ typedef struct { uint32_t dst_ip; /**< SA dest IP address */ /* Output only */ - odp_crypto_op_param_t params; /**< Parameters for crypto call */ + odp_crypto_packet_op_param_t params; /**< Parameters for crypto call */ uint32_t *ah_seq; /**< AH sequence number location */ uint32_t *esp_seq; /**< ESP sequence number location */ uint16_t *tun_hdr_id; /**< Tunnel header ID > */ @@ -393,7 +393,9 @@ void ipsec_init_post(crypto_api_mode_e api_mode) auth_sa, tun, api_mode, - entry->input)) { + entry->input, + completionq, + out_pool)) { EXAMPLE_ERR("Error: IPSec cache entry failed.\n" ); exit(EXIT_FAILURE); @@ -627,19 +629,18 @@ pkt_disposition_e do_route_fwd_db(odp_packet_t pkt, pkt_ctx_t *ctx) * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, +pkt_disposition_e do_ipsec_in_classify(odp_packet_t *pkt, pkt_ctx_t *ctx, - odp_bool_t *skip, - odp_crypto_op_result_t *result) + odp_bool_t *skip) { - uint8_t *buf = odp_packet_data(pkt); - odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); int hdr_len; odph_ahhdr_t *ah = NULL; odph_esphdr_t *esp = NULL; ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; - odp_bool_t posted = 0; + odp_crypto_packet_op_param_t params; + odp_packet_t out_pkt; /* Default to skip IPsec */ *skip = TRUE; @@ -661,8 +662,7 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; /*Save everything to context */ ctx->ipsec.ip_tos = ip->tos; @@ -697,12 +697,18 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, /* Issue crypto request */ *skip = FALSE; ctx->state = PKT_STATE_IPSEC_IN_FINISH; - if (odp_crypto_operation(¶ms, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, 1, ¶ms)) { + abort(); + } + return PKT_POSTED; + } else { + if (odp_crypto_packet_op(pkt, &out_pkt, 1, ¶ms)) { + abort(); + } + *pkt = out_pkt; + return PKT_CONTINUE; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; } /** @@ -715,18 +721,20 @@ pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_in_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_op_result_t result; int hdr_len = ctx->ipsec.hdr_len; int trl_len = 0; + odp_crypto_packet_result(&result, pkt); + /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_compl_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_compl_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -816,7 +824,7 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, uint16_t ip_data_len = ipv4_data_len(ip); uint8_t *ip_data = ipv4_data_p(ip); ipsec_cache_entry_t *entry; - odp_crypto_op_param_t params; + odp_crypto_packet_op_param_t params; int hdr_len = 0; int trl_len = 0; odph_ahhdr_t *ah = NULL; @@ -840,8 +848,6 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, /* Initialize parameters block */ memset(¶ms, 0, sizeof(params)); params.session = entry->state.session; - params.pkt = pkt; - params.out_pkt = entry->in_place ? pkt : ODP_PACKET_INVALID; if (entry->mode == IPSEC_SA_MODE_TUNNEL) { hdr_len += sizeof(odph_ipv4hdr_t); @@ -949,12 +955,19 @@ pkt_disposition_e do_ipsec_out_classify(odp_packet_t pkt, * @return PKT_CONTINUE if done else PKT_POSTED */ static -pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) +pkt_disposition_e do_ipsec_out_seq(odp_packet_t *pkt, + pkt_ctx_t *ctx) { - uint8_t *buf = odp_packet_data(pkt); - odp_bool_t posted = 0; + uint8_t *buf = odp_packet_data(*pkt); + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(*pkt, NULL); + odp_packet_t out_pkt; + ipsec_cache_entry_t *entry; + + entry = find_ipsec_cache_entry_out(odp_be_to_cpu_32(ip->src_addr), + odp_be_to_cpu_32(ip->dst_addr), + ip->proto); + if (!entry) + return PKT_DROP; /* We were dispatched from atomic queue, assign sequence numbers */ if (ctx->ipsec.ah_offset) { @@ -985,13 +998,21 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, } } + out_pkt = entry->in_place ? *pkt : ODP_PACKET_INVALID; + /* Issue crypto request */ - if (odp_crypto_operation(&ctx->ipsec.params, - &posted, - result)) { - abort(); + if (entry->async) { + if (odp_crypto_packet_op_enq(pkt, &out_pkt, 1, &ctx->ipsec.params)) { + abort(); + } + return PKT_POSTED; + } else { + if (odp_crypto_packet_op(pkt, &out_pkt, 1, &ctx->ipsec.params)) { + abort(); + } + *pkt = out_pkt; + return PKT_CONTINUE; } - return (posted) ? PKT_POSTED : PKT_CONTINUE; } /** @@ -1004,16 +1025,18 @@ pkt_disposition_e do_ipsec_out_seq(odp_packet_t pkt, */ static pkt_disposition_e do_ipsec_out_finish(odp_packet_t pkt, - pkt_ctx_t *ctx, - odp_crypto_op_result_t *result) + pkt_ctx_t *ctx) { odph_ipv4hdr_t *ip; + odp_crypto_packet_op_result_t result; + + odp_crypto_packet_result(&result, pkt); /* Check crypto result */ - if (!result->ok) { - if (!is_crypto_compl_status_ok(&result->cipher_status)) + if (!result.ok) { + if (!is_crypto_op_status_ok(&result.cipher_status)) return PKT_DROP; - if (!is_crypto_compl_status_ok(&result->auth_status)) + if (!is_crypto_op_status_ok(&result.auth_status)) return PKT_DROP; } ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); @@ -1063,15 +1086,15 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) pkt_disposition_e rc; pkt_ctx_t *ctx; odp_queue_t dispatchq; - odp_crypto_op_result_t result; + odp_event_subtype_t subtype; /* Use schedule to get event from any input queue */ ev = schedule(&dispatchq); /* Determine new work versus completion or sequence number */ - if (ODP_EVENT_PACKET == odp_event_type(ev)) { + if (ODP_EVENT_PACKET == odp_event_types(ev, &subtype)) { pkt = odp_packet_from_event(ev); - if (seqnumq == dispatchq) { + if (seqnumq == dispatchq || completionq == dispatchq) { ctx = get_pkt_ctx_from_pkt(pkt); } else { ctx = alloc_pkt_ctx(pkt); @@ -1110,15 +1133,14 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_IN_CLASSIFY: ctx->state = PKT_STATE_ROUTE_LOOKUP; - rc = do_ipsec_in_classify(pkt, + rc = do_ipsec_in_classify(&pkt, ctx, - &skip, - &result); + &skip); break; case PKT_STATE_IPSEC_IN_FINISH: - rc = do_ipsec_in_finish(pkt, ctx, &result); + rc = do_ipsec_in_finish(pkt, ctx); ctx->state = PKT_STATE_ROUTE_LOOKUP; break; @@ -1145,12 +1167,12 @@ int pktio_thread(void *arg EXAMPLE_UNUSED) case PKT_STATE_IPSEC_OUT_SEQ: ctx->state = PKT_STATE_IPSEC_OUT_FINISH; - rc = do_ipsec_out_seq(pkt, ctx, &result); + rc = do_ipsec_out_seq(&pkt, ctx); break; case PKT_STATE_IPSEC_OUT_FINISH: - rc = do_ipsec_out_finish(pkt, ctx, &result); + rc = do_ipsec_out_finish(pkt, ctx); ctx->state = PKT_STATE_TRANSMIT; break; diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c index e4150336..18a98a29 100644 --- a/example/ipsec/odp_ipsec_cache.c +++ b/example/ipsec/odp_ipsec_cache.c @@ -40,7 +40,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in) + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool) { odp_crypto_session_param_t params; ipsec_cache_entry_t *entry; @@ -63,8 +65,17 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, /* Setup parameters and call crypto library to create session */ params.op = (in) ? ODP_CRYPTO_OP_DECODE : ODP_CRYPTO_OP_ENCODE; params.auth_cipher_text = TRUE; - params.compl_queue = ODP_QUEUE_INVALID; - params.output_pool = ODP_POOL_INVALID; + if (CRYPTO_API_SYNC == api_mode) { + params.packet_op_mode = ODP_CRYPTO_SYNC; + params.compl_queue = ODP_QUEUE_INVALID; + params.output_pool = ODP_POOL_INVALID; + entry->async = FALSE; + } else { + params.packet_op_mode = ODP_CRYPTO_ASYNC; + params.compl_queue = completionq; + params.output_pool = out_pool; + entry->async = TRUE; + } if (CRYPTO_API_ASYNC_NEW_BUFFER == api_mode) entry->in_place = FALSE; diff --git a/example/ipsec/odp_ipsec_cache.h b/example/ipsec/odp_ipsec_cache.h index ce37ccce..45010249 100644 --- a/example/ipsec/odp_ipsec_cache.h +++ b/example/ipsec/odp_ipsec_cache.h @@ -32,6 +32,7 @@ typedef enum { typedef struct ipsec_cache_entry_s { struct ipsec_cache_entry_s *next; /**< Next entry on list */ odp_bool_t in_place; /**< Crypto API mode */ + odp_bool_t async; /**< ASYNC or SYNC mode */ uint32_t src_ip; /**< Source v4 address */ uint32_t dst_ip; /**< Destination v4 address */ sa_mode_t mode; /**< SA mode - transport/tun */ @@ -85,6 +86,8 @@ void init_ipsec_cache(void); * @param tun Tunnel DB entry pointer * @param api_mode Crypto API mode for testing * @param in Direction (input versus output) + * @param completionq Completion queue + * @param out_pool Output buffer pool * * @return 0 if successful else -1 */ @@ -92,7 +95,9 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, sa_db_entry_t *auth_sa, tun_db_entry_t *tun, crypto_api_mode_e api_mode, - odp_bool_t in); + odp_bool_t in, + odp_queue_t completionq, + odp_pool_t out_pool); /** * Find a matching IPsec cache entry for input packet diff --git a/example/ipsec/odp_ipsec_misc.h b/example/ipsec/odp_ipsec_misc.h index 45cb022e..346cc1c2 100644 --- a/example/ipsec/odp_ipsec_misc.h +++ b/example/ipsec/odp_ipsec_misc.h @@ -326,7 +326,7 @@ void ipv4_adjust_len(odph_ipv4hdr_t *ip, int adj) * @return TRUE if all OK else FALSE */ static inline -odp_bool_t is_crypto_compl_status_ok(odp_crypto_compl_status_t *status) +odp_bool_t is_crypto_op_status_ok(odp_crypto_op_status_t *status) { if (status->alg_err != ODP_CRYPTO_ALG_ERR_NONE) return FALSE;