From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, bernard.iremonger@intel.com,
akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API
Date: Tue, 3 Sep 2019 17:55:29 +0100 [thread overview]
Message-ID: <19809d0541aa8fd36156987f0925b498032a1a42.1567529480.git.vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <cover.1567529480.git.vladimir.medvedkin@intel.com>
In-Reply-To: <cover.1567529480.git.vladimir.medvedkin@intel.com>
Replace rte_ipsec_sad_create(), rte_ipsec_sad_free() and
rte_ipsec_sad_find_existing() API stubs with actual
implementation.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
lib/librte_ipsec/Makefile | 2 +-
lib/librte_ipsec/ipsec_sad.c | 221 +++++++++++++++++++++++++++++++++++++++++--
lib/librte_ipsec/meson.build | 2 +-
3 files changed, 216 insertions(+), 9 deletions(-)
diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
index 5aaab72..81fb999 100644
--- a/lib/librte_ipsec/Makefile
+++ b/lib/librte_ipsec/Makefile
@@ -10,7 +10,7 @@ CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
CFLAGS += -DALLOW_EXPERIMENTAL_API
LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
-LDLIBS += -lrte_cryptodev -lrte_security
+LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash
EXPORT_MAP := rte_ipsec_version.map
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index cae46df..7797628 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -2,10 +2,41 @@
* Copyright(c) 2019 Intel Corporation
*/
+#include <rte_eal_memconfig.h>
#include <rte_errno.h>
+#include <rte_hash.h>
+#include <rte_jhash.h>
+#include <rte_malloc.h>
+#include <rte_random.h>
+#include <rte_rwlock.h>
+#include <rte_tailq.h>
#include "rte_ipsec_sad.h"
+#define IPSEC_SAD_NAMESIZE 64
+#define SAD_PREFIX "SAD_"
+/* "SAD_<name>" */
+#define SAD_FORMAT SAD_PREFIX "%s"
+
+#define DEFAULT_HASH_FUNC rte_jhash
+
+struct hash_cnt {
+ uint32_t cnt_2;
+ uint32_t cnt_3;
+};
+
+struct rte_ipsec_sad {
+ char name[IPSEC_SAD_NAMESIZE];
+ struct rte_hash *hash[RTE_IPSEC_SAD_KEY_TYPE_MASK];
+ __extension__ struct hash_cnt cnt_arr[];
+};
+
+TAILQ_HEAD(rte_ipsec_sad_list, rte_tailq_entry);
+static struct rte_tailq_elem rte_ipsec_sad_tailq = {
+ .name = "RTE_IPSEC_SAD",
+};
+EAL_REGISTER_TAILQ(rte_ipsec_sad_tailq)
+
int
rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,
__rte_unused union rte_ipsec_sad_key *key,
@@ -23,22 +54,198 @@ rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,
}
struct rte_ipsec_sad *
-rte_ipsec_sad_create(__rte_unused const char *name,
- __rte_unused struct rte_ipsec_sad_conf *conf)
+rte_ipsec_sad_create(const char *name, struct rte_ipsec_sad_conf *conf)
{
- return NULL;
+ char hash_name[RTE_HASH_NAMESIZE];
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+ struct rte_ipsec_sad *sad, *tmp_sad = NULL;
+ struct rte_hash_parameters hash_params = {0};
+ int ret;
+ uint32_t sa_sum;
+
+ RTE_BUILD_BUG_ON(RTE_IPSEC_SAD_KEY_TYPE_MASK != 3);
+
+ if ((name == NULL) || (conf == NULL) ||
+ (conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY] == 0) ||
+ (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP] == 0) ||
+ (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] == 0) ||
+ /* check that either IPv4 or IPv6 type flags
+ * are configured
+ */
+ ((!!(conf->flags & RTE_IPSEC_SAD_FLAG_IPV4) ^
+ !!(conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)) == 0)) {
+ rte_errno = EINVAL;
+ return NULL;
+ }
+
+ /** Init SAD*/
+ sa_sum = conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY] +
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP] +
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP];
+ sad = rte_zmalloc_socket(NULL, sizeof(*sad) +
+ (sizeof(struct hash_cnt) * sa_sum),
+ RTE_CACHE_LINE_SIZE, conf->socket_id);
+ if (sad == NULL) {
+ rte_errno = ENOMEM;
+ return NULL;
+ }
+
+ ret = snprintf(sad->name, sizeof(sad->name), SAD_FORMAT, name);
+ if (ret < 0 || ret >= (int)sizeof(sad->name)) {
+ rte_errno = ENAMETOOLONG;
+ return NULL;
+ }
+
+ hash_params.hash_func = DEFAULT_HASH_FUNC;
+ hash_params.hash_func_init_val = rte_rand();
+ hash_params.socket_id = conf->socket_id;
+ hash_params.name = hash_name;
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY)
+ hash_params.extra_flag = RTE_HASH_EXTRA_FLAGS_RW_CONCURRENCY;
+
+ /** Init hash[RTE_IPSEC_SAD_SPI_ONLY] for SPI only */
+ ret = snprintf(hash_name, sizeof(hash_name),
+ "sad_%p_1", sad);
+ if (ret < 0 || ret >= (int)sizeof(hash_name)) {
+ rte_errno = ENAMETOOLONG;
+ return NULL;
+ }
+ hash_params.key_len = sizeof(((struct rte_ipsec_sadv4_key *)0)->spi);
+ hash_params.entries = sa_sum;
+ sad->hash[RTE_IPSEC_SAD_SPI_ONLY] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_ONLY] == NULL) {
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+
+ /** Init hash_2 for SPI + DIP */
+ ret = snprintf(hash_name, sizeof(hash_name),
+ "sad_%p_2", sad);
+ if (ret < 0 || ret >= (int)sizeof(hash_name)) {
+ rte_errno = ENAMETOOLONG;
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV4)
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv4_key *)0)->dip);
+ else
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv6_key *)0)->dip);
+ hash_params.entries = conf->max_sa[RTE_IPSEC_SAD_SPI_DIP];
+ sad->hash[RTE_IPSEC_SAD_SPI_DIP] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_DIP] == NULL) {
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+
+ /** Init hash_3 for SPI + DIP + SIP */
+ ret = snprintf(hash_name, sizeof(hash_name),
+ "sad_%p_3", name);
+ if (ret < 0 || ret >= (int)sizeof(hash_name)) {
+ rte_errno = ENAMETOOLONG;
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV4)
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv4_key *)0)->sip);
+ else
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv6_key *)0)->sip);
+ hash_params.entries = conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP];
+ sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] == NULL) {
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+ rte_mcfg_tailq_write_lock();
+ /* guarantee there's no existing */
+ TAILQ_FOREACH(te, sad_list, next) {
+ tmp_sad = (struct rte_ipsec_sad *)te->data;
+ if (strncmp(name, tmp_sad->name, IPSEC_SAD_NAMESIZE) == 0)
+ break;
+ }
+ if (te != NULL) {
+ rte_mcfg_tailq_write_unlock();
+ rte_errno = EEXIST;
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+
+ /* allocate tailq entry */
+ te = rte_zmalloc("IPSEC_SAD_TAILQ_ENTRY", sizeof(*te), 0);
+ if (te == NULL) {
+ rte_mcfg_tailq_write_unlock();
+ rte_errno = ENOMEM;
+ rte_ipsec_sad_free(sad);
+ return NULL;
+ }
+
+ te->data = (void *)sad;
+ TAILQ_INSERT_TAIL(sad_list, te, next);
+ rte_mcfg_tailq_write_unlock();
+ return sad;
}
struct rte_ipsec_sad *
-rte_ipsec_sad_find_existing(__rte_unused const char *name)
+rte_ipsec_sad_find_existing(const char *name)
{
- return NULL;
+ struct rte_ipsec_sad *sad = NULL;
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+
+ rte_mcfg_tailq_read_lock();
+ TAILQ_FOREACH(te, sad_list, next) {
+ sad = (struct rte_ipsec_sad *) te->data;
+ if (strncmp(name, sad->name, IPSEC_SAD_NAMESIZE) == 0)
+ break;
+ }
+ rte_mcfg_tailq_read_unlock();
+
+ if (te == NULL) {
+ rte_errno = ENOENT;
+ return NULL;
+ }
+
+ return sad;
}
void
-rte_ipsec_sad_free(__rte_unused struct rte_ipsec_sad *sad)
+rte_ipsec_sad_free(struct rte_ipsec_sad *sad)
{
- return;
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+
+ if (sad == NULL)
+ return;
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+ rte_mcfg_tailq_write_lock();
+ TAILQ_FOREACH(te, sad_list, next) {
+ if (te->data == (void *)sad)
+ break;
+ }
+ if (te != NULL)
+ TAILQ_REMOVE(sad_list, te, next);
+
+ rte_mcfg_tailq_write_unlock();
+
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_ONLY]);
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP]);
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+ rte_free(sad);
+ if (te != NULL)
+ rte_free(te);
}
int
diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
index 91b9867..7035852 100644
--- a/lib/librte_ipsec/meson.build
+++ b/lib/librte_ipsec/meson.build
@@ -7,4 +7,4 @@ sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')
headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')
-deps += ['mbuf', 'net', 'cryptodev', 'security']
+deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash']
--
2.7.4
next prev parent reply other threads:[~2019-09-03 16:56 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 15:13 [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34 ` Akhil Goyal
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22 7:53 ` Akhil Goyal
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21 9:57 ` Akhil Goyal
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09 ` Ananyev, Konstantin
2019-10-21 8:19 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05 ` Ananyev, Konstantin
2019-09-03 16:55 ` Vladimir Medvedkin [this message]
2019-09-12 18:08 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58 ` Ananyev, Konstantin
2019-10-01 17:24 ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30 ` Ananyev, Konstantin
2019-09-12 18:33 ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19809d0541aa8fd36156987f0925b498032a1a42.1567529480.git.vladimir.medvedkin@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.