aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSzymon Sliwa <szs@semihalf.com>2018-02-07 13:06:25 +0100
committerSzymon Sliwa <szs@semihalf.com>2018-02-21 16:43:46 +0100
commit2c8d4cb2c7ed986f084e393259a0fec89072ef3d (patch)
tree6666259d76b50efb3dc53f9a835fc030705d07c6
parent9fddc230ddb574398bdcf8e4f1133f6d27d2846f (diff)
plugins: odp: Cosmetic changes in the IPsec implementation
1) renamed ipsec_api to enable_odp_ipsec, for consistency 2) added crude ASSERTs to make sure the configuration is sane 3) removed passing ipsec_api as argument, as this is a global flag now 4) reorder code - put ipsec initialization before putting workers in polling mode 5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c 6) change clib_error_return to clib_error in ipsec.c, as clib_error_return silently passes when 0 is the first argument Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
-rw-r--r--src/plugins/odp/ipsec/crypto_input.c2
-rw-r--r--src/plugins/odp/ipsec/esp_decrypt.c4
-rw-r--r--src/plugins/odp/ipsec/esp_encrypt.c4
-rw-r--r--src/plugins/odp/ipsec/ipsec.c83
-rw-r--r--src/plugins/odp/ipsec/ipsec.h2
-rwxr-xr-xsrc/plugins/odp/odp_packet.c6
-rwxr-xr-xsrc/plugins/odp/odp_packet.h2
7 files changed, 55 insertions, 48 deletions
diff --git a/src/plugins/odp/ipsec/crypto_input.c b/src/plugins/odp/ipsec/crypto_input.c
index 4e91822..4e580c7 100644
--- a/src/plugins/odp/ipsec/crypto_input.c
+++ b/src/plugins/odp/ipsec/crypto_input.c
@@ -211,7 +211,7 @@ odp_crypto_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
odp_crypto_worker_main_t *cwm =
vec_elt_at_index (ocm->workers, thread_index);
u32 n_cops_dequeued = 0;
- if (!ipsec_api) {
+ if (!enable_odp_ipsec) {
n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_encrypt, ODP_CRYPTO_INPUT_NEXT_ENCRYPT_POST);
n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_decrypt, ODP_CRYPTO_INPUT_NEXT_DECRYPT_POST);
} else {
diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c
index 06707e3..442776a 100644
--- a/src/plugins/odp/ipsec/esp_decrypt.c
+++ b/src/plugins/odp/ipsec/esp_decrypt.c
@@ -104,7 +104,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm,
u32 n_left_from, *from, next_index, *to_next;
ipsec_main_t *im = &ipsec_main;
esp_main_t *em = &odp_esp_main;
- u32 *recycle = 0;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
odp_crypto_main_t *ocm = &odp_crypto_main;
@@ -415,9 +414,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm,
from_frame->n_vectors);
free_buffers_and_exit:
- if (recycle)
- vlib_buffer_free (vm, recycle, vec_len (recycle));
- vec_free (recycle);
return from_frame->n_vectors;
}
diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c
index a9caba6..1b42eff 100644
--- a/src/plugins/odp/ipsec/esp_encrypt.c
+++ b/src/plugins/odp/ipsec/esp_encrypt.c
@@ -107,7 +107,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm,
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
ipsec_main_t *im = &ipsec_main;
- u32 *recycle = 0;
odp_crypto_main_t *ocm = &odp_crypto_main;
u32 thread_index = vlib_get_thread_index ();
esp_main_t *em = &odp_esp_main;
@@ -445,9 +444,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm,
from_frame->n_vectors);
free_buffers_and_exit:
- if (recycle)
- vlib_buffer_free (vm, recycle, vec_len (recycle));
- vec_free (recycle);
return from_frame->n_vectors;
}
diff --git a/src/plugins/odp/ipsec/ipsec.c b/src/plugins/odp/ipsec/ipsec.c
index f21f3fe..a26dc35 100644
--- a/src/plugins/odp/ipsec/ipsec.c
+++ b/src/plugins/odp/ipsec/ipsec.c
@@ -24,6 +24,9 @@
#include <odp/ipsec/ipsec.h>
#include <odp/ipsec/esp.h>
+#define CAPA_NOT_SUPP "mode is set in config while capabilities indicate it is not supported"
+
+
static int
add_del_sa_sess (u32 sa_index, u8 is_add)
{
@@ -260,7 +263,7 @@ create_sess (ipsec_sa_t * sa, sa_data_t * sa_sess_data, int is_outbound)
if (ret != size)
{
- clib_error_return (0, "failed to get random from ODP");
+ clib_error ("failed to get random from ODP");
return -1;
}
}
@@ -299,10 +302,13 @@ odp_ipsec_check_support (ipsec_sa_t * sa)
}
clib_error_t *
-ipsec_init (vlib_main_t * vm, u8 ipsec_api)
+ipsec_init (vlib_main_t * vm)
{
- if (!enable_odp_crypto && !ipsec_api)
+ if (!enable_odp_crypto && !enable_odp_ipsec)
return 0;
+ if (enable_odp_crypto && enable_odp_ipsec)
+ clib_error
+ ("enable-odp-crypto and enable-odp-ipsec should not be used together");
ipsec_main_t *im = &ipsec_main;
odp_crypto_main_t *ocm = &odp_crypto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
@@ -328,12 +334,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-output-ip4");
ASSERT (ipsec_node);
- if (ipsec_api)
- crypto_node =
- vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt");
+ if (enable_odp_ipsec)
+ crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt");
else
- crypto_node =
- vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt");
+ crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt");
ASSERT (crypto_node);
im->esp_encrypt_node_index = crypto_node->index;
im->esp_encrypt_next_index =
@@ -341,11 +345,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-input-ip4");
ASSERT (ipsec_node);
- if (ipsec_api)
+ if (enable_odp_ipsec)
crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-decrypt");
else
- crypto_node =
- vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt");
+ crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt");
ASSERT (crypto_node);
im->esp_decrypt_node_index = crypto_node->index;
im->esp_decrypt_next_index =
@@ -365,51 +368,63 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api)
esp_init ();
- int i;
- for (i = 1; i < tm->n_vlib_mains; i++)
- vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index,
- VLIB_NODE_STATE_POLLING);
-
- /* If there are no worker threads, enable polling
- crypto devices on the main thread, else
- assign the post crypt queues of the second
- thread to the main thread crypto sessions */
- if (tm->n_vlib_mains == 1)
- {
- ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL);
- ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL);
- vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index,
- VLIB_NODE_STATE_POLLING);
- }
- else
- {
- ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt;
- ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt;
- }
-
- if (ipsec_api)
+ if (enable_odp_ipsec)
{
odp_ipsec_config_t ipsec_config;
+ odp_ipsec_capability_t ipsec_capa;
+
+ odp_ipsec_capability (&ipsec_capa);
+
odp_ipsec_config_init (&ipsec_config);
if (is_inline)
{
+ if (ipsec_capa.op_mode_inline_in == ODP_SUPPORT_NO
+ || ipsec_capa.op_mode_inline_out == ODP_SUPPORT_NO)
+ clib_error ("Inline " CAPA_NOT_SUPP
+ " (need it at both TX and RX)");
ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_INLINE;
ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_INLINE;
}
else if (is_async)
{
+ if (ipsec_capa.op_mode_async == ODP_SUPPORT_NO)
+ clib_error ("Async " CAPA_NOT_SUPP);
ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_ASYNC;
ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_ASYNC;
}
else
{
+ if (ipsec_capa.op_mode_sync == ODP_SUPPORT_NO)
+ clib_error ("Sync " CAPA_NOT_SUPP);
ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_SYNC;
ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_SYNC;
}
odp_ipsec_config (&ipsec_config);
}
+ int i;
+ for (i = 1; i < tm->n_vlib_mains; i++)
+ vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index,
+ VLIB_NODE_STATE_POLLING);
+
+ /* If there are no worker threads, enable polling
+ crypto devices on the main thread, else
+ assign the post crypt queues of the second
+ thread to the main thread crypto sessions */
+ if (tm->n_vlib_mains == 1)
+ {
+ ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL);
+ ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL);
+ vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index,
+ VLIB_NODE_STATE_POLLING);
+ }
+ else
+ {
+ ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt;
+ ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt;
+ }
+
return 0;
}
diff --git a/src/plugins/odp/ipsec/ipsec.h b/src/plugins/odp/ipsec/ipsec.h
index c947d7c..06fdfed 100644
--- a/src/plugins/odp/ipsec/ipsec.h
+++ b/src/plugins/odp/ipsec/ipsec.h
@@ -49,7 +49,7 @@ int create_sess (ipsec_sa_t * sa, sa_data_t * sess, int is_outbound);
int create_odp_sa (ipsec_sa_t * sa, sa_data_t * sess, int flow_label,
int is_outbound);
-clib_error_t *ipsec_init (vlib_main_t * vm, u8 ipsec_api);
+clib_error_t *ipsec_init (vlib_main_t * vm);
#endif /* __IPSEC_H__ */
diff --git a/src/plugins/odp/odp_packet.c b/src/plugins/odp/odp_packet.c
index 29b2ef0..45f2f27 100755
--- a/src/plugins/odp/odp_packet.c
+++ b/src/plugins/odp/odp_packet.c
@@ -24,7 +24,7 @@ odp_if_mode_t def_if_mode;
odp_if_config_t *if_config;
odp_crypto_main_t odp_crypto_main;
u8 enable_odp_crypto;
-u8 ipsec_api;
+u8 enable_odp_ipsec;
u8 is_async;
u8 is_inline;
@@ -435,7 +435,7 @@ odp_config (vlib_main_t * vm, unformat_input_t * input)
}
else if (unformat (input, "enable-odp-ipsec"))
{
- ipsec_api = 1;
+ enable_odp_ipsec = 1;
}
else if (unformat (input, "async"))
{
@@ -487,7 +487,7 @@ odp_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f)
/* Initialization complete and worker threads can start */
tm->worker_thread_release = 1;
- ipsec_init (vlib_get_main (), ipsec_api);
+ ipsec_init (vlib_get_main ());
return 0;
}
diff --git a/src/plugins/odp/odp_packet.h b/src/plugins/odp/odp_packet.h
index ac98415..d835f84 100755
--- a/src/plugins/odp/odp_packet.h
+++ b/src/plugins/odp/odp_packet.h
@@ -81,7 +81,7 @@ extern u32 tx_burst_size;
extern u32 num_pkts_in_pool;
extern odp_if_mode_t def_if_mode;
extern u8 enable_odp_crypto;
-extern u8 ipsec_api;
+extern u8 enable_odp_ipsec;
extern u8 is_async;
extern u8 is_inline;