From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, bernard.iremonger@intel.com,
akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation
Date: Thu, 10 Oct 2019 17:49:23 +0100 [thread overview]
Message-ID: <732f5dfe98246316e9be6cbd9201b7d2a9e3be85.1570725872.git.vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <cover.1570725871.git.vladimir.medvedkin@intel.com>
In-Reply-To: <cover.1570725871.git.vladimir.medvedkin@intel.com>
Replace rte_ipsec_sad_create(), rte_ipsec_sad_destroy() and
rte_ipsec_sad_find_existing() API stubs with actual
implementation.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
lib/librte_ipsec/Makefile | 2 +-
lib/librte_ipsec/ipsec_sad.c | 225 +++++++++++++++++++++++++++++++++++++++++--
lib/librte_ipsec/meson.build | 2 +-
3 files changed, 220 insertions(+), 9 deletions(-)
diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
index 5aaab72..81fb999 100644
--- a/lib/librte_ipsec/Makefile
+++ b/lib/librte_ipsec/Makefile
@@ -10,7 +10,7 @@ CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS) -I$(SRCDIR)
CFLAGS += -DALLOW_EXPERIMENTAL_API
LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_net
-LDLIBS += -lrte_cryptodev -lrte_security
+LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash
EXPORT_MAP := rte_ipsec_version.map
diff --git a/lib/librte_ipsec/ipsec_sad.c b/lib/librte_ipsec/ipsec_sad.c
index 703be65..e16c7d9 100644
--- a/lib/librte_ipsec/ipsec_sad.c
+++ b/lib/librte_ipsec/ipsec_sad.c
@@ -2,10 +2,53 @@
* Copyright(c) 2019 Intel Corporation
*/
+#include <rte_eal_memconfig.h>
#include <rte_errno.h>
+#include <rte_hash.h>
+#include <rte_jhash.h>
+#include <rte_malloc.h>
+#include <rte_random.h>
+#include <rte_rwlock.h>
+#include <rte_tailq.h>
#include "rte_ipsec_sad.h"
+/*
+ * Rules are stored in three hash tables depending on key_type.
+ * Each rule will also be stored in SPI_ONLY table.
+ * for each data entry within this table last two bits are reserved to
+ * indicate presence of entries with the same SPI in DIP and DIP+SIP tables.
+ */
+
+#define IPSEC_SAD_NAMESIZE 64
+#define SAD_PREFIX "SAD_"
+/* "SAD_<name>" */
+#define SAD_FORMAT SAD_PREFIX "%s"
+
+#define DEFAULT_HASH_FUNC rte_jhash
+#define MIN_HASH_ENTRIES 8U /* From rte_cuckoo_hash.h */
+
+struct hash_cnt {
+ uint32_t cnt_dip;
+ uint32_t cnt_dip_sip;
+};
+
+struct rte_ipsec_sad {
+ char name[IPSEC_SAD_NAMESIZE];
+ struct rte_hash *hash[RTE_IPSEC_SAD_KEY_TYPE_MASK];
+ /* Array to track number of more specific rules
+ * (spi_dip or spi_dip_sip). Used only in add/delete
+ * as a helper struct.
+ */
+ __extension__ struct hash_cnt cnt_arr[];
+};
+
+TAILQ_HEAD(rte_ipsec_sad_list, rte_tailq_entry);
+static struct rte_tailq_elem rte_ipsec_sad_tailq = {
+ .name = "RTE_IPSEC_SAD",
+};
+EAL_REGISTER_TAILQ(rte_ipsec_sad_tailq)
+
int
rte_ipsec_sad_add(__rte_unused struct rte_ipsec_sad *sad,
__rte_unused const union rte_ipsec_sad_key *key,
@@ -23,22 +66,190 @@ rte_ipsec_sad_del(__rte_unused struct rte_ipsec_sad *sad,
}
struct rte_ipsec_sad *
-rte_ipsec_sad_create(__rte_unused const char *name,
- __rte_unused const struct rte_ipsec_sad_conf *conf)
+rte_ipsec_sad_create(const char *name, const struct rte_ipsec_sad_conf *conf)
{
- return NULL;
+ char hash_name[RTE_HASH_NAMESIZE];
+ char sad_name[IPSEC_SAD_NAMESIZE];
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+ struct rte_ipsec_sad *sad, *tmp_sad = NULL;
+ struct rte_hash_parameters hash_params = {0};
+ int ret;
+ uint32_t sa_sum;
+
+ RTE_BUILD_BUG_ON(RTE_IPSEC_SAD_KEY_TYPE_MASK != 3);
+
+ if ((name == NULL) || (conf == NULL) ||
+ ((conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY] == 0) &&
+ (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP] == 0) &&
+ (conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] == 0))) {
+ rte_errno = EINVAL;
+ return NULL;
+ }
+
+ ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
+ if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
+ rte_errno = ENAMETOOLONG;
+ return NULL;
+ }
+
+ /** Init SAD*/
+ sa_sum = RTE_MAX(MIN_HASH_ENTRIES,
+ conf->max_sa[RTE_IPSEC_SAD_SPI_ONLY]) +
+ RTE_MAX(MIN_HASH_ENTRIES,
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]) +
+ RTE_MAX(MIN_HASH_ENTRIES,
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+ sad = rte_zmalloc_socket(NULL, sizeof(*sad) +
+ (sizeof(struct hash_cnt) * sa_sum),
+ RTE_CACHE_LINE_SIZE, conf->socket_id);
+ if (sad == NULL) {
+ rte_errno = ENOMEM;
+ return NULL;
+ }
+ memcpy(sad->name, sad_name, sizeof(sad_name));
+
+ hash_params.hash_func = DEFAULT_HASH_FUNC;
+ hash_params.hash_func_init_val = rte_rand();
+ hash_params.socket_id = conf->socket_id;
+ hash_params.name = hash_name;
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY)
+ hash_params.extra_flag = RTE_HASH_EXTRA_FLAGS_RW_CONCURRENCY;
+
+ /** Init hash[RTE_IPSEC_SAD_SPI_ONLY] for SPI only */
+ snprintf(hash_name, sizeof(hash_name), "sad_1_%p", sad);
+ hash_params.key_len = sizeof(((struct rte_ipsec_sadv4_key *)0)->spi);
+ hash_params.entries = sa_sum;
+ sad->hash[RTE_IPSEC_SAD_SPI_ONLY] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_ONLY] == NULL) {
+ rte_ipsec_sad_destroy(sad);
+ return NULL;
+ }
+
+ /** Init hash[RTE_IPSEC_SAD_SPI_DIP] for SPI + DIP */
+ snprintf(hash_name, sizeof(hash_name), "sad_2_%p", sad);
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv6_key *)0)->dip);
+ else
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv4_key *)0)->dip);
+ hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP]);
+ sad->hash[RTE_IPSEC_SAD_SPI_DIP] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_DIP] == NULL) {
+ rte_ipsec_sad_destroy(sad);
+ return NULL;
+ }
+
+ /** Init hash[[RTE_IPSEC_SAD_SPI_DIP_SIP] for SPI + DIP + SIP */
+ snprintf(hash_name, sizeof(hash_name), "sad_3_%p", sad);
+ if (conf->flags & RTE_IPSEC_SAD_FLAG_IPV6)
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv6_key *)0)->sip);
+ else
+ hash_params.key_len +=
+ sizeof(((struct rte_ipsec_sadv4_key *)0)->sip);
+ hash_params.entries = RTE_MAX(MIN_HASH_ENTRIES,
+ conf->max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+ sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] = rte_hash_create(&hash_params);
+ if (sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP] == NULL) {
+ rte_ipsec_sad_destroy(sad);
+ return NULL;
+ }
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+ rte_mcfg_tailq_write_lock();
+ /* guarantee there's no existing */
+ TAILQ_FOREACH(te, sad_list, next) {
+ tmp_sad = (struct rte_ipsec_sad *)te->data;
+ if (strncmp(sad_name, tmp_sad->name, IPSEC_SAD_NAMESIZE) == 0)
+ break;
+ }
+ if (te != NULL) {
+ rte_mcfg_tailq_write_unlock();
+ rte_errno = EEXIST;
+ rte_ipsec_sad_destroy(sad);
+ return NULL;
+ }
+
+ /* allocate tailq entry */
+ te = rte_zmalloc("IPSEC_SAD_TAILQ_ENTRY", sizeof(*te), 0);
+ if (te == NULL) {
+ rte_mcfg_tailq_write_unlock();
+ rte_errno = ENOMEM;
+ rte_ipsec_sad_destroy(sad);
+ return NULL;
+ }
+
+ te->data = (void *)sad;
+ TAILQ_INSERT_TAIL(sad_list, te, next);
+ rte_mcfg_tailq_write_unlock();
+ return sad;
}
struct rte_ipsec_sad *
-rte_ipsec_sad_find_existing(__rte_unused const char *name)
+rte_ipsec_sad_find_existing(const char *name)
{
- return NULL;
+ char sad_name[IPSEC_SAD_NAMESIZE];
+ struct rte_ipsec_sad *sad = NULL;
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+ int ret;
+
+ ret = snprintf(sad_name, IPSEC_SAD_NAMESIZE, SAD_FORMAT, name);
+ if (ret < 0 || ret >= IPSEC_SAD_NAMESIZE) {
+ rte_errno = ENAMETOOLONG;
+ return NULL;
+ }
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+
+ rte_mcfg_tailq_read_lock();
+ TAILQ_FOREACH(te, sad_list, next) {
+ sad = (struct rte_ipsec_sad *) te->data;
+ if (strncmp(sad_name, sad->name, IPSEC_SAD_NAMESIZE) == 0)
+ break;
+ }
+ rte_mcfg_tailq_read_unlock();
+
+ if (te == NULL) {
+ rte_errno = ENOENT;
+ return NULL;
+ }
+
+ return sad;
}
void
-rte_ipsec_sad_destroy(__rte_unused struct rte_ipsec_sad *sad)
+rte_ipsec_sad_destroy(struct rte_ipsec_sad *sad)
{
- return;
+ struct rte_tailq_entry *te;
+ struct rte_ipsec_sad_list *sad_list;
+
+ if (sad == NULL)
+ return;
+
+ sad_list = RTE_TAILQ_CAST(rte_ipsec_sad_tailq.head,
+ rte_ipsec_sad_list);
+ rte_mcfg_tailq_write_lock();
+ TAILQ_FOREACH(te, sad_list, next) {
+ if (te->data == (void *)sad)
+ break;
+ }
+ if (te != NULL)
+ TAILQ_REMOVE(sad_list, te, next);
+
+ rte_mcfg_tailq_write_unlock();
+
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_ONLY]);
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP]);
+ rte_hash_free(sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP]);
+ rte_free(sad);
+ if (te != NULL)
+ rte_free(te);
}
int
diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
index 91b9867..7035852 100644
--- a/lib/librte_ipsec/meson.build
+++ b/lib/librte_ipsec/meson.build
@@ -7,4 +7,4 @@ sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')
headers = files('rte_ipsec.h', 'rte_ipsec_group.h', 'rte_ipsec_sa.h', 'rte_ipsec_sad.h')
-deps += ['mbuf', 'net', 'cryptodev', 'security']
+deps += ['mbuf', 'net', 'cryptodev', 'security', 'hash']
--
2.7.4
next prev parent reply other threads:[~2019-10-10 16:49 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 15:13 [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34 ` Akhil Goyal
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22 7:53 ` Akhil Goyal
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35 ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47 ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21 9:57 ` Akhil Goyal
2019-10-17 15:48 ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09 ` Ananyev, Konstantin
2019-10-21 8:19 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49 ` Vladimir Medvedkin [this message]
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42 ` Akhil Goyal
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49 ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56 ` Ananyev, Konstantin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55 ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 9:40 ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16 ` Ananyev, Konstantin
2019-10-01 17:25 ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08 ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58 ` Ananyev, Konstantin
2019-10-01 17:24 ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30 ` Ananyev, Konstantin
2019-09-12 18:33 ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=732f5dfe98246316e9be6cbd9201b7d2a9e3be85.1570725872.git.vladimir.medvedkin@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.