From 2c8d4cb2c7ed986f084e393259a0fec89072ef3d Mon Sep 17 00:00:00 2001 From: Szymon Sliwa Date: Wed, 7 Feb 2018 13:06:25 +0100 Subject: plugins: odp: Cosmetic changes in the IPsec implementation 1) renamed ipsec_api to enable_odp_ipsec, for consistency 2) added crude ASSERTs to make sure the configuration is sane 3) removed passing ipsec_api as argument, as this is a global flag now 4) reorder code - put ipsec initialization before putting workers in polling mode 5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c 6) change clib_error_return to clib_error in ipsec.c, as clib_error_return silently passes when 0 is the first argument Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10 Signed-off-by: Szymon Sliwa --- src/plugins/odp/ipsec/crypto_input.c | 2 +- src/plugins/odp/ipsec/esp_decrypt.c | 4 -- src/plugins/odp/ipsec/esp_encrypt.c | 4 -- src/plugins/odp/ipsec/ipsec.c | 83 +++++++++++++++++++++--------------- src/plugins/odp/ipsec/ipsec.h | 2 +- src/plugins/odp/odp_packet.c | 6 +-- src/plugins/odp/odp_packet.h | 2 +- 7 files changed, 55 insertions(+), 48 deletions(-) diff --git a/src/plugins/odp/ipsec/crypto_input.c b/src/plugins/odp/ipsec/crypto_input.c index 4e91822c..4e580c7c 100644 --- a/src/plugins/odp/ipsec/crypto_input.c +++ b/src/plugins/odp/ipsec/crypto_input.c @@ -211,7 +211,7 @@ odp_crypto_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, odp_crypto_worker_main_t *cwm = vec_elt_at_index (ocm->workers, thread_index); u32 n_cops_dequeued = 0; - if (!ipsec_api) { + if (!enable_odp_ipsec) { n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_encrypt, ODP_CRYPTO_INPUT_NEXT_ENCRYPT_POST); n_cops_dequeued += odp_dequeue_cops(vm, node, frame, cwm->post_decrypt, ODP_CRYPTO_INPUT_NEXT_DECRYPT_POST); } else { diff --git a/src/plugins/odp/ipsec/esp_decrypt.c b/src/plugins/odp/ipsec/esp_decrypt.c index 06707e3c..442776a3 100644 --- a/src/plugins/odp/ipsec/esp_decrypt.c +++ b/src/plugins/odp/ipsec/esp_decrypt.c @@ -104,7 +104,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm, u32 n_left_from, *from, next_index, *to_next; ipsec_main_t *im = &ipsec_main; esp_main_t *em = &odp_esp_main; - u32 *recycle = 0; from = vlib_frame_vector_args (from_frame); n_left_from = from_frame->n_vectors; odp_crypto_main_t *ocm = &odp_crypto_main; @@ -415,9 +414,6 @@ odp_crypto_esp_decrypt_node_fn (vlib_main_t * vm, from_frame->n_vectors); free_buffers_and_exit: - if (recycle) - vlib_buffer_free (vm, recycle, vec_len (recycle)); - vec_free (recycle); return from_frame->n_vectors; } diff --git a/src/plugins/odp/ipsec/esp_encrypt.c b/src/plugins/odp/ipsec/esp_encrypt.c index a9caba67..1b42effd 100644 --- a/src/plugins/odp/ipsec/esp_encrypt.c +++ b/src/plugins/odp/ipsec/esp_encrypt.c @@ -107,7 +107,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm, from = vlib_frame_vector_args (from_frame); n_left_from = from_frame->n_vectors; ipsec_main_t *im = &ipsec_main; - u32 *recycle = 0; odp_crypto_main_t *ocm = &odp_crypto_main; u32 thread_index = vlib_get_thread_index (); esp_main_t *em = &odp_esp_main; @@ -445,9 +444,6 @@ odp_crypto_esp_encrypt_node_fn (vlib_main_t * vm, from_frame->n_vectors); free_buffers_and_exit: - if (recycle) - vlib_buffer_free (vm, recycle, vec_len (recycle)); - vec_free (recycle); return from_frame->n_vectors; } diff --git a/src/plugins/odp/ipsec/ipsec.c b/src/plugins/odp/ipsec/ipsec.c index f21f3fe1..a26dc352 100644 --- a/src/plugins/odp/ipsec/ipsec.c +++ b/src/plugins/odp/ipsec/ipsec.c @@ -24,6 +24,9 @@ #include #include +#define CAPA_NOT_SUPP "mode is set in config while capabilities indicate it is not supported" + + static int add_del_sa_sess (u32 sa_index, u8 is_add) { @@ -260,7 +263,7 @@ create_sess (ipsec_sa_t * sa, sa_data_t * sa_sess_data, int is_outbound) if (ret != size) { - clib_error_return (0, "failed to get random from ODP"); + clib_error ("failed to get random from ODP"); return -1; } } @@ -299,10 +302,13 @@ odp_ipsec_check_support (ipsec_sa_t * sa) } clib_error_t * -ipsec_init (vlib_main_t * vm, u8 ipsec_api) +ipsec_init (vlib_main_t * vm) { - if (!enable_odp_crypto && !ipsec_api) + if (!enable_odp_crypto && !enable_odp_ipsec) return 0; + if (enable_odp_crypto && enable_odp_ipsec) + clib_error + ("enable-odp-crypto and enable-odp-ipsec should not be used together"); ipsec_main_t *im = &ipsec_main; odp_crypto_main_t *ocm = &odp_crypto_main; vlib_thread_main_t *tm = vlib_get_thread_main (); @@ -328,12 +334,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api) ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-output-ip4"); ASSERT (ipsec_node); - if (ipsec_api) - crypto_node = - vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt"); + if (enable_odp_ipsec) + crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-encrypt"); else - crypto_node = - vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt"); + crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-encrypt"); ASSERT (crypto_node); im->esp_encrypt_node_index = crypto_node->index; im->esp_encrypt_next_index = @@ -341,11 +345,10 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api) ipsec_node = vlib_get_node_by_name (vm, (u8 *) "ipsec-input-ip4"); ASSERT (ipsec_node); - if (ipsec_api) + if (enable_odp_ipsec) crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-ipsec-esp-decrypt"); else - crypto_node = - vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt"); + crypto_node = vlib_get_node_by_name (vm, (u8 *) "odp-crypto-esp-decrypt"); ASSERT (crypto_node); im->esp_decrypt_node_index = crypto_node->index; im->esp_decrypt_next_index = @@ -365,51 +368,63 @@ ipsec_init (vlib_main_t * vm, u8 ipsec_api) esp_init (); - int i; - for (i = 1; i < tm->n_vlib_mains; i++) - vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index, - VLIB_NODE_STATE_POLLING); - - /* If there are no worker threads, enable polling - crypto devices on the main thread, else - assign the post crypt queues of the second - thread to the main thread crypto sessions */ - if (tm->n_vlib_mains == 1) - { - ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL); - ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL); - vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index, - VLIB_NODE_STATE_POLLING); - } - else - { - ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt; - ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt; - } - - if (ipsec_api) + if (enable_odp_ipsec) { odp_ipsec_config_t ipsec_config; + odp_ipsec_capability_t ipsec_capa; + + odp_ipsec_capability (&ipsec_capa); + odp_ipsec_config_init (&ipsec_config); if (is_inline) { + if (ipsec_capa.op_mode_inline_in == ODP_SUPPORT_NO + || ipsec_capa.op_mode_inline_out == ODP_SUPPORT_NO) + clib_error ("Inline " CAPA_NOT_SUPP + " (need it at both TX and RX)"); ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_INLINE; ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_INLINE; } else if (is_async) { + if (ipsec_capa.op_mode_async == ODP_SUPPORT_NO) + clib_error ("Async " CAPA_NOT_SUPP); ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_ASYNC; ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_ASYNC; } else { + if (ipsec_capa.op_mode_sync == ODP_SUPPORT_NO) + clib_error ("Sync " CAPA_NOT_SUPP); ipsec_config.inbound_mode = ODP_IPSEC_OP_MODE_SYNC; ipsec_config.outbound_mode = ODP_IPSEC_OP_MODE_SYNC; } odp_ipsec_config (&ipsec_config); } + int i; + for (i = 1; i < tm->n_vlib_mains; i++) + vlib_node_set_state (vlib_mains[i], odp_crypto_input_node.index, + VLIB_NODE_STATE_POLLING); + + /* If there are no worker threads, enable polling + crypto devices on the main thread, else + assign the post crypt queues of the second + thread to the main thread crypto sessions */ + if (tm->n_vlib_mains == 1) + { + ocm->workers[0].post_encrypt = odp_queue_create (NULL, NULL); + ocm->workers[0].post_decrypt = odp_queue_create (NULL, NULL); + vlib_node_set_state (vlib_mains[0], odp_crypto_input_node.index, + VLIB_NODE_STATE_POLLING); + } + else + { + ocm->workers[0].post_encrypt = ocm->workers[1].post_encrypt; + ocm->workers[0].post_decrypt = ocm->workers[1].post_decrypt; + } + return 0; } diff --git a/src/plugins/odp/ipsec/ipsec.h b/src/plugins/odp/ipsec/ipsec.h index c947d7ce..06fdfed1 100644 --- a/src/plugins/odp/ipsec/ipsec.h +++ b/src/plugins/odp/ipsec/ipsec.h @@ -49,7 +49,7 @@ int create_sess (ipsec_sa_t * sa, sa_data_t * sess, int is_outbound); int create_odp_sa (ipsec_sa_t * sa, sa_data_t * sess, int flow_label, int is_outbound); -clib_error_t *ipsec_init (vlib_main_t * vm, u8 ipsec_api); +clib_error_t *ipsec_init (vlib_main_t * vm); #endif /* __IPSEC_H__ */ diff --git a/src/plugins/odp/odp_packet.c b/src/plugins/odp/odp_packet.c index 29b2ef01..45f2f272 100755 --- a/src/plugins/odp/odp_packet.c +++ b/src/plugins/odp/odp_packet.c @@ -24,7 +24,7 @@ odp_if_mode_t def_if_mode; odp_if_config_t *if_config; odp_crypto_main_t odp_crypto_main; u8 enable_odp_crypto; -u8 ipsec_api; +u8 enable_odp_ipsec; u8 is_async; u8 is_inline; @@ -435,7 +435,7 @@ odp_config (vlib_main_t * vm, unformat_input_t * input) } else if (unformat (input, "enable-odp-ipsec")) { - ipsec_api = 1; + enable_odp_ipsec = 1; } else if (unformat (input, "async")) { @@ -487,7 +487,7 @@ odp_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) /* Initialization complete and worker threads can start */ tm->worker_thread_release = 1; - ipsec_init (vlib_get_main (), ipsec_api); + ipsec_init (vlib_get_main ()); return 0; } diff --git a/src/plugins/odp/odp_packet.h b/src/plugins/odp/odp_packet.h index ac984156..d835f84d 100755 --- a/src/plugins/odp/odp_packet.h +++ b/src/plugins/odp/odp_packet.h @@ -81,7 +81,7 @@ extern u32 tx_burst_size; extern u32 num_pkts_in_pool; extern odp_if_mode_t def_if_mode; extern u8 enable_odp_crypto; -extern u8 ipsec_api; +extern u8 enable_odp_ipsec; extern u8 is_async; extern u8 is_inline; -- cgit 1.2.3-korg