Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ipsec: add helpers to group completed crypto-ops
Introduce helper functions to process completed crypto-ops and group related packets by sessions they belong to. Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
- Loading branch information
1 parent
c0308cd
commit f901d9c
Showing
5 changed files
with
157 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
/* SPDX-License-Identifier: BSD-3-Clause | ||
* Copyright(c) 2018 Intel Corporation | ||
*/ | ||
|
||
#ifndef _RTE_IPSEC_GROUP_H_ | ||
#define _RTE_IPSEC_GROUP_H_ | ||
|
||
/** | ||
* @file rte_ipsec_group.h | ||
* @b EXPERIMENTAL: this API may change without prior notice | ||
* | ||
* RTE IPsec support. | ||
* It is not recommended to include this file direclty, | ||
* include <rte_ipsec.h> instead. | ||
* Contains helper functions to process completed crypto-ops | ||
* and group related packets by sessions they belong to. | ||
*/ | ||
|
||
|
||
#ifdef __cplusplus | ||
extern "C" { | ||
#endif | ||
|
||
/** | ||
* Used to group mbufs by some id. | ||
* See below for particular usage. | ||
*/ | ||
struct rte_ipsec_group { | ||
union { | ||
uint64_t val; | ||
void *ptr; | ||
} id; /**< grouped by value */ | ||
struct rte_mbuf **m; /**< start of the group */ | ||
uint32_t cnt; /**< number of entries in the group */ | ||
int32_t rc; /**< status code associated with the group */ | ||
}; | ||
|
||
/** | ||
* Take crypto-op as an input and extract pointer to related ipsec session. | ||
* @param cop | ||
* The address of an input *rte_crypto_op* structure. | ||
* @return | ||
* The pointer to the related *rte_ipsec_session* structure. | ||
*/ | ||
static inline __rte_experimental struct rte_ipsec_session * | ||
rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) | ||
{ | ||
const struct rte_security_session *ss; | ||
const struct rte_cryptodev_sym_session *cs; | ||
|
||
if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { | ||
ss = cop->sym[0].sec_session; | ||
return (void *)(uintptr_t)ss->opaque_data; | ||
} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { | ||
cs = cop->sym[0].session; | ||
return (void *)(uintptr_t)cs->opaque_data; | ||
} | ||
return NULL; | ||
} | ||
|
||
/** | ||
* Take as input completed crypto ops, extract related mbufs | ||
* and group them by rte_ipsec_session they belong to. | ||
* For mbuf which crypto-op wasn't completed successfully | ||
* PKT_RX_SEC_OFFLOAD_FAILED will be raised in ol_flags. | ||
* Note that mbufs with undetermined SA (session-less) are not freed | ||
* by the function, but are placed beyond mbufs for the last valid group. | ||
* It is a user responsibility to handle them further. | ||
* @param cop | ||
* The address of an array of *num* pointers to the input *rte_crypto_op* | ||
* structures. | ||
* @param mb | ||
* The address of an array of *num* pointers to output *rte_mbuf* structures. | ||
* @param grp | ||
* The address of an array of *num* to output *rte_ipsec_group* structures. | ||
* @param num | ||
* The maximum number of crypto-ops to process. | ||
* @return | ||
* Number of filled elements in *grp* array. | ||
*/ | ||
static inline uint16_t __rte_experimental | ||
rte_ipsec_pkt_crypto_group(const struct rte_crypto_op *cop[], | ||
struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num) | ||
{ | ||
uint32_t i, j, k, n; | ||
void *ns, *ps; | ||
struct rte_mbuf *m, *dr[num]; | ||
|
||
j = 0; | ||
k = 0; | ||
n = 0; | ||
ps = NULL; | ||
|
||
for (i = 0; i != num; i++) { | ||
|
||
m = cop[i]->sym[0].m_src; | ||
ns = cop[i]->sym[0].session; | ||
|
||
m->ol_flags |= PKT_RX_SEC_OFFLOAD; | ||
if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) | ||
m->ol_flags |= PKT_RX_SEC_OFFLOAD_FAILED; | ||
|
||
/* no valid session found */ | ||
if (ns == NULL) { | ||
dr[k++] = m; | ||
continue; | ||
} | ||
|
||
/* different SA */ | ||
if (ps != ns) { | ||
|
||
/* | ||
* we already have an open group - finalize it, | ||
* then open a new one. | ||
*/ | ||
if (ps != NULL) { | ||
grp[n].id.ptr = | ||
rte_ipsec_ses_from_crypto(cop[i - 1]); | ||
grp[n].cnt = mb + j - grp[n].m; | ||
n++; | ||
} | ||
|
||
/* start new group */ | ||
grp[n].m = mb + j; | ||
ps = ns; | ||
} | ||
|
||
mb[j++] = m; | ||
} | ||
|
||
/* finalise last group */ | ||
if (ps != NULL) { | ||
grp[n].id.ptr = rte_ipsec_ses_from_crypto(cop[i - 1]); | ||
grp[n].cnt = mb + j - grp[n].m; | ||
n++; | ||
} | ||
|
||
/* copy mbufs with unknown session beyond recognised ones */ | ||
if (k != 0 && k != num) { | ||
for (i = 0; i != k; i++) | ||
mb[j + i] = dr[i]; | ||
} | ||
|
||
return n; | ||
} | ||
|
||
#ifdef __cplusplus | ||
} | ||
#endif | ||
|
||
#endif /* _RTE_IPSEC_GROUP_H_ */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters