From: Bernard Iremonger <bernard.iremonger@intel.com>
To: dev@dpdk.org, konstantin.ananyev@intel.com, akhil.goyal@nxp.com
Cc: Bernard Iremonger <bernard.iremonger@intel.com>, stable@dpdk.org
Subject: [PATCH 1/6] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto
Date: Wed, 6 Mar 2019 16:00:06 +0000 [thread overview]
Message-ID: <1551888011-27692-2-git-send-email-bernard.iremonger@intel.com> (raw)
In-Reply-To: <1551888011-27692-1-git-send-email-bernard.iremonger@intel.com>
Refactor create_session() into create_inline_session() and
create_lookaside_session() in ipsec.c
Use socket_ctx in create_inline_session()
Fixes: ec17993a145a ("examples/ipsec-secgw: support security offload")
Cc: stable@dpdk.org
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
---
examples/ipsec-secgw/ipsec.c | 123 +++++++++++++++++++++++------------
examples/ipsec-secgw/ipsec.h | 5 +-
examples/ipsec-secgw/ipsec_process.c | 9 +--
3 files changed, 90 insertions(+), 47 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4352cb8..7090dbe 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -40,7 +40,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
}
int
-create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
+create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
{
struct rte_cryptodev_info cdev_info;
unsigned long cdev_id_qp = 0;
@@ -108,23 +108,82 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
"SEC Session init failed: err: %d\n", ret);
return -1;
}
- } else if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
+ } else if ((sa->type ==
+ RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) ||
+ (sa->type ==
+ RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL)) {
+ RTE_LOG(ERR, IPSEC,
+ "Inline not supported\n");
+ return -1;
+ }
+ } else {
+ sa->crypto_session = rte_cryptodev_sym_session_create(
+ ipsec_ctx->session_pool);
+ rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
+ sa->crypto_session, sa->xforms,
+ ipsec_ctx->session_priv_pool);
+
+ rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
+ &cdev_info);
+ }
+
+ sa->cdev_id_qp = cdev_id_qp;
+
+ return 0;
+}
+
+int
+create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa)
+{
+ unsigned long cdev_id_qp = 0;
+ int32_t ret = 0;
+ struct rte_security_ctx *sec_ctx;
+
+ RTE_LOG_DP(DEBUG, IPSEC, "Create session for SA spi %u on port %u\n",
+ sa->spi, sa->portid);
+
+ if (sa->type != RTE_SECURITY_ACTION_TYPE_NONE) {
+ struct rte_security_session_conf sess_conf = {
+ .action_type = sa->type,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ {.ipsec = {
+ .spi = sa->spi,
+ .salt = sa->salt,
+ .options = { 0 },
+ .direction = sa->direction,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = (sa->flags == IP4_TUNNEL ||
+ sa->flags == IP6_TUNNEL) ?
+ RTE_SECURITY_IPSEC_SA_MODE_TUNNEL :
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ } },
+ .crypto_xform = sa->xforms,
+ .userdata = NULL,
+ };
+
+ if (sa->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) {
struct rte_flow_error err;
- struct rte_security_ctx *ctx = (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(
- sa->portid);
const struct rte_security_capability *sec_cap;
int ret = 0;
- sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ sec_ctx = (struct rte_security_ctx *)
+ rte_eth_dev_get_sec_ctx(
+ sa->portid);
+ if (sec_ctx == NULL) {
+ RTE_LOG(ERR, IPSEC,
+ " rte_eth_dev_get_sec_ctx failed\n");
+ return -1;
+ }
+
+ sa->sec_session = rte_security_session_create(sec_ctx,
+ &sess_conf, skt_ctx->session_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
return -1;
}
- sec_cap = rte_security_capabilities_get(ctx);
+ sec_cap = rte_security_capabilities_get(sec_ctx);
/* iterate until ESP tunnel*/
while (sec_cap->action !=
@@ -147,7 +206,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
}
sa->ol_flags = sec_cap->ol_flags;
- sa->security_ctx = ctx;
+ sa->security_ctx = sec_ctx;
sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH;
sa->pattern[1].type = RTE_FLOW_ITEM_TYPE_IPV4;
@@ -196,7 +255,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
/* Try RSS. */
sa->action[1].type = RTE_FLOW_ACTION_TYPE_RSS;
sa->action[1].conf = &action_rss;
- eth_dev = ctx->device;
+ eth_dev = sec_ctx->device;
rte_eth_dev_rss_hash_conf_get(sa->portid,
&rss_conf);
for (i = 0, j = 0;
@@ -252,12 +311,12 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
}
} else if (sa->type ==
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {
- struct rte_security_ctx *ctx =
- (struct rte_security_ctx *)
- rte_eth_dev_get_sec_ctx(sa->portid);
const struct rte_security_capability *sec_cap;
- if (ctx == NULL) {
+ sec_ctx = (struct rte_security_ctx *)
+ rte_eth_dev_get_sec_ctx(sa->portid);
+
+ if (sec_ctx == NULL) {
RTE_LOG(ERR, IPSEC,
"Ethernet device doesn't have security features registered\n");
return -1;
@@ -279,15 +338,15 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
sess_conf.userdata = (void *) sa;
- sa->sec_session = rte_security_session_create(ctx,
- &sess_conf, ipsec_ctx->session_pool);
+ sa->sec_session = rte_security_session_create(sec_ctx,
+ &sess_conf, skt_ctx->session_pool);
if (sa->sec_session == NULL) {
RTE_LOG(ERR, IPSEC,
"SEC Session init failed: err: %d\n", ret);
return -1;
}
- sec_cap = rte_security_capabilities_get(ctx);
+ sec_cap = rte_security_capabilities_get(sec_ctx);
if (sec_cap == NULL) {
RTE_LOG(ERR, IPSEC,
@@ -316,17 +375,8 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
}
sa->ol_flags = sec_cap->ol_flags;
- sa->security_ctx = ctx;
+ sa->security_ctx = sec_ctx;
}
- } else {
- sa->crypto_session = rte_cryptodev_sym_session_create(
- ipsec_ctx->session_pool);
- rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
- sa->crypto_session, sa->xforms,
- ipsec_ctx->session_priv_pool);
-
- rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
- &cdev_info);
}
sa->cdev_id_qp = cdev_id_qp;
@@ -395,7 +445,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
rte_prefetch0(&priv->sym_cop);
if ((unlikely(sa->sec_session == NULL)) &&
- create_session(ipsec_ctx, sa)) {
+ create_lookaside_session(ipsec_ctx, sa)) {
rte_pktmbuf_free(pkts[i]);
continue;
}
@@ -414,7 +464,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
rte_prefetch0(&priv->sym_cop);
if ((unlikely(sa->crypto_session == NULL)) &&
- create_session(ipsec_ctx, sa)) {
+ create_lookaside_session(ipsec_ctx, sa)) {
rte_pktmbuf_free(pkts[i]);
continue;
}
@@ -429,12 +479,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
}
break;
case RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL:
- if ((unlikely(sa->sec_session == NULL)) &&
- create_session(ipsec_ctx, sa)) {
- rte_pktmbuf_free(pkts[i]);
- continue;
- }
-
+ RTE_ASSERT(sa->sec_session != NULL);
ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
@@ -442,17 +487,11 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
sa->sec_session, pkts[i], NULL);
continue;
case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
+ RTE_ASSERT(sa->sec_session != NULL);
priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
priv->cop.status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
rte_prefetch0(&priv->sym_cop);
-
- if ((unlikely(sa->sec_session == NULL)) &&
- create_session(ipsec_ctx, sa)) {
- rte_pktmbuf_free(pkts[i]);
- continue;
- }
-
rte_security_attach_session(&priv->cop,
sa->sec_session);
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 99f49d6..db5a5c1 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -306,6 +306,9 @@ void
enqueue_cop_burst(struct cdev_qp *cqp);
int
-create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa);
+create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa);
+
+int
+create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa);
#endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
index e403c46..152a684 100644
--- a/examples/ipsec-secgw/ipsec_process.c
+++ b/examples/ipsec-secgw/ipsec_process.c
@@ -95,22 +95,23 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct ipsec_ctx *ctx,
/* setup crypto section */
if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE) {
if (sa->crypto_session == NULL) {
- rc = create_session(ctx, sa);
+ rc = create_lookaside_session(ctx, sa);
if (rc != 0)
return rc;
}
ss->crypto.ses = sa->crypto_session;
/* setup session action type */
- } else {
+ } else if (sa->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {
if (sa->sec_session == NULL) {
- rc = create_session(ctx, sa);
+ rc = create_lookaside_session(ctx, sa);
if (rc != 0)
return rc;
}
ss->security.ses = sa->sec_session;
ss->security.ctx = sa->security_ctx;
ss->security.ol_flags = sa->ol_flags;
- }
+ } else
+ RTE_ASSERT(0);
rc = rte_ipsec_session_prepare(ss);
if (rc != 0)
--
2.7.4
next prev parent reply other threads:[~2019-03-06 16:00 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 16:00 [PATCH 0/6] examples/ipsec-secgw: fix 1st pkt dropped Bernard Iremonger
2019-03-06 16:00 ` Bernard Iremonger [this message]
2019-03-06 16:00 ` [PATCH 2/6] examples/ipsec-secgw: fix 1st packet dropped patch two Bernard Iremonger
2019-03-06 19:39 ` Ananyev, Konstantin
2019-03-07 9:54 ` Iremonger, Bernard
2019-03-06 16:00 ` [PATCH 3/6] examples/ipsec-secgw: fix 1st packet dropped patch three Bernard Iremonger
2019-03-06 16:00 ` [PATCH 4/6] examples/ipsec-secgw: fix debug in esp.c Bernard Iremonger
2019-03-06 16:00 ` [PATCH 5/6] examples/ipsec-secgw: fix debug in sa.c Bernard Iremonger
2019-03-06 16:00 ` [PATCH 6/6] examples/ipsec-secgw: fix debug in ipsec-secgw.c Bernard Iremonger
2019-03-06 16:14 ` [PATCH 0/6] examples/ipsec-secgw: fix 1st pkt dropped Akhil Goyal
2019-03-07 10:06 ` Iremonger, Bernard
2019-03-07 14:57 ` [PATCH v2 0/2] " Bernard Iremonger
2019-03-08 15:35 ` Ananyev, Konstantin
2019-04-04 13:28 ` [PATCH v3 " Bernard Iremonger
2019-04-05 11:15 ` [dpdk-dev] " Ananyev, Konstantin
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 " Bernard Iremonger
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 " Bernard Iremonger
2019-06-12 14:51 ` [dpdk-dev] [PATCH v6 " Bernard Iremonger
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 " Bernard Iremonger
2019-07-19 12:53 ` Akhil Goyal
2019-07-19 13:03 ` Iremonger, Bernard
2019-07-19 15:40 ` Iremonger, Bernard
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-07-10 11:23 ` [dpdk-dev] [PATCH v7 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-06-12 14:52 ` [dpdk-dev] [PATCH v6 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-06-13 12:34 ` Ananyev, Konstantin
2019-07-03 10:04 ` Akhil Goyal
2019-07-03 10:13 ` Iremonger, Bernard
2019-07-03 10:18 ` Akhil Goyal
2019-07-03 10:30 ` Iremonger, Bernard
2019-07-03 10:32 ` Akhil Goyal
2019-06-12 14:52 ` [dpdk-dev] [PATCH v6 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-06-13 12:34 ` Ananyev, Konstantin
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-06-11 15:29 ` Ananyev, Konstantin
2019-06-12 9:29 ` Iremonger, Bernard
2019-06-06 11:12 ` [dpdk-dev] [PATCH v5 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Bernard Iremonger
2019-04-17 13:42 ` [dpdk-dev] [PATCH v4 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-04-04 13:28 ` [PATCH v3 1/2] examples/ipsec-secgw: fix 1st packet dropped for inline crypto Bernard Iremonger
2019-04-17 11:51 ` [dpdk-dev] " Akhil Goyal
2019-04-17 12:53 ` Iremonger, Bernard
2019-04-17 13:01 ` [dpdk-dev] [EXT] " Akhil Goyal
2019-04-04 13:28 ` [PATCH v3 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
2019-03-07 14:57 ` [PATCH v2 1/2] examples/ipsec-secgw: fix 1st pkt dropped for inline crypto Bernard Iremonger
2019-03-22 13:18 ` Akhil Goyal
2019-03-26 10:22 ` Iremonger, Bernard
2019-03-26 11:04 ` Akhil Goyal
2019-03-26 11:41 ` Iremonger, Bernard
2019-03-26 11:48 ` Akhil Goyal
2019-03-26 12:29 ` Ananyev, Konstantin
2019-03-26 12:55 ` Akhil Goyal
2019-03-07 14:57 ` [PATCH v2 2/2] examples/ipsec-secgw/test: fix inline test scripts Bernard Iremonger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1551888011-27692-2-git-send-email-bernard.iremonger@intel.com \
--to=bernard.iremonger@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.