From: Ankur Dwivedi <adwiv...@marvell.com>
This patch adds the driver outbound worker thread for ipsec-secgw.
In this mode the security session is a fixed one and sa update
is not done.
Signed-off-by: Ankur Dwivedi <adwiv...@marvell.com>
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Lukasz Bartosik <lbarto...@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 12 +++++
examples/ipsec-secgw/ipsec.c | 9 ++++
examples/ipsec-secgw/ipsec_worker.c | 90 ++++++++++++++++++++++++++++++++++++-
3 files changed, 110 insertions(+), 1 deletion(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c
b/examples/ipsec-secgw/ipsec-secgw.c
index 2e7d4d8..76719f2 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2011,6 +2011,18 @@ cryptodevs_init(void)
i++;
}
+ /*
+ * Set the queue pair to at least the number of ethernet
+ * devices for inline outbound.
+ */
+ qp = RTE_MAX(rte_eth_dev_count_avail(), qp);
+
+ /*
+ * The requested number of queues should never exceed
+ * the max available
+ */
+ qp = RTE_MIN(qp, max_nb_qps);
+
if (qp == 0)
continue;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index e529f68..9ff8a63 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -141,6 +141,10 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx,
struct ipsec_sa *sa,
return 0;
}
+uint16_t sa_no;
+#define MAX_FIXED_SESSIONS 10
+struct rte_security_session *sec_session_fixed[MAX_FIXED_SESSIONS];
+
int
create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_ipsec_session *ips)
@@ -401,6 +405,11 @@ create_inline_session(struct socket_ctx *skt_ctx, struct
ipsec_sa *sa,
ips->security.ol_flags = sec_cap->ol_flags;
ips->security.ctx = sec_ctx;
+ if (sa_no < MAX_FIXED_SESSIONS) {
+ sec_session_fixed[sa_no] =
+ ipsec_get_primary_session(sa)->security.ses;
+ sa_no++;
+ }
}
set_cdev_id:
diff --git a/examples/ipsec-secgw/ipsec_worker.c
b/examples/ipsec-secgw/ipsec_worker.c
index 2af9475..e202277 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -263,7 +263,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct
route_table *rt,
*/
/* Workers registered */
-#define IPSEC_EVENTMODE_WORKERS 2
+#define IPSEC_EVENTMODE_WORKERS 3
/*
* Event mode worker
@@ -423,6 +423,84 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct
eh_event_link_info *links,
return;
}
+/*
+ * Event mode worker
+ * Operating parameters : non-burst - Tx internal port - driver mode - outbound
+ */
+extern struct rte_security_session *sec_session_fixed[];
+static void
+ipsec_wrkr_non_burst_int_port_drvr_mode_outb(struct eh_event_link_info *links,
+ uint8_t nb_links)
+{
+ unsigned int nb_rx = 0;
+ struct rte_mbuf *pkt;
+ unsigned int port_id;
+ struct rte_event ev;
+ uint32_t lcore_id;
+
+ /* Check if we have links registered for this lcore */
+ if (nb_links == 0) {
+ /* No links registered - exit */
+ goto exit;
+ }
+
+ /* Get core ID */
+ lcore_id = rte_lcore_id();
+
+ RTE_LOG(INFO, IPSEC,
+ "Launching event mode worker (non-burst - Tx internal port - "
+ "driver mode - outbound) on lcore %d\n", lcore_id);
+
+ /* We have valid links */
+
+ /* Check if it's single link */
+ if (nb_links != 1) {
+ RTE_LOG(INFO, IPSEC,
+ "Multiple links not supported. Using first link\n");
+ }
+
+ RTE_LOG(INFO, IPSEC, " -- lcoreid=%u event_port_id=%u\n", lcore_id,
+ links[0].event_port_id);
+ while (!force_quit) {
+ /* Read packet from event queues */
+ nb_rx = rte_event_dequeue_burst(links[0].eventdev_id,
+ links[0].event_port_id,
+ &ev, /* events */
+ 1, /* nb_events */
+ 0 /* timeout_ticks */);
+
+ if (nb_rx == 0)
+ continue;
+
+ port_id = ev.queue_id;
+ pkt = ev.mbuf;
+
+ rte_prefetch0(rte_pktmbuf_mtod(pkt, void *));
+
+ /* Process packet */
+ ipsec_event_pre_forward(pkt, port_id);
+
+ pkt->udata64 = (uint64_t) sec_session_fixed[port_id];
+
+ /* Mark the packet for Tx security offload */
+ pkt->ol_flags |= PKT_TX_SEC_OFFLOAD;
+
+ /*
+ * Since tx internal port is available, events can be
+ * directly enqueued to the adapter and it would be
+ * internally submitted to the eth device.
+ */
+ rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
+ links[0].event_port_id,
+ &ev, /* events */
+ 1, /* nb_events */
+ 0 /* flags */);
+ }
+
+exit:
+ return;
+}
+
static uint8_t
ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params *wrkrs)
{
@@ -449,6 +527,16 @@ ipsec_eventmode_populate_wrkr_params(struct
eh_app_worker_params *wrkrs)
wrkr->cap.ipsec_dir = EH_IPSEC_DIR_TYPE_INBOUND;
wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_app_mode_inb;
+ wrkr++;
+ nb_wrkr_param++;
+
+ /* Non-burst - Tx internal port - driver mode - outbound */
+ wrkr->cap.burst = EH_RX_TYPE_NON_BURST;
+ wrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;
+ wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_DRIVER;
+ wrkr->cap.ipsec_dir = EH_IPSEC_DIR_TYPE_OUTBOUND;
+ wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_drvr_mode_outb;
+
nb_wrkr_param++;
return nb_wrkr_param;
}
--
2.7.4
