diff options
| author |   Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> | 2017-11-26 15:25:43 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion.lists@gmail.com> | 2017-12-05 18:18:58 +0000 |
| commit | 99214ce0aeaab67335c6adbf3327878bd3dc0fc9 (patch) | |
| tree | 2e55890742cdbdc82c3c67dfdfc92b05b94ad6f6 /src/plugins/dpdk/ipsec/ipsec.h | |
| parent | 3a699b28bbc6f33fd7e8e504ee1cff64c164881a (diff) | |
dpdk/ipsec: multiple fixes
- fix ESP transport mode
- safely free crypto sessions
- use rte_mempool_virt2phy/rte_mempool_virt2iova
- align DPDK QAT capabilities for IPsec usage (DPDK 17.08)
- reserve 16B for aad (reference cryptodev doc)
Change-Id: I3822a7456fb5a255c767f5a44a429f91a140fe64
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Diffstat (limited to 'src/plugins/dpdk/ipsec/ipsec.h')
| -rw-r--r-- | src/plugins/dpdk/ipsec/ipsec.h | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/plugins/dpdk/ipsec/ipsec.h b/src/plugins/dpdk/ipsec/ipsec.h index c902ce097b8..a46f5bf5735 100644 --- a/src/plugins/dpdk/ipsec/ipsec.h +++ b/src/plugins/dpdk/ipsec/ipsec.h @@ -56,16 +56,15 @@ typedef struct typedef struct { - dpdk_gcm_cnt_blk cb; - u8 aad[12]; u32 next; + dpdk_gcm_cnt_blk cb __attribute__ ((aligned (16))); + u8 aad[16]; u8 icv[32]; -} dpdk_op_priv_t __attribute__ ((aligned (16))); +} dpdk_op_priv_t; typedef struct { u16 *resource_idx; - uword *session_by_drv_id_and_sa_index; struct rte_crypto_op **ops; u16 cipher_resource_idx[IPSEC_CRYPTO_N_ALG]; u16 auth_resource_idx[IPSEC_INTEG_N_ALG]; @@ -121,10 +120,18 @@ typedef struct typedef struct { + u64 ts; + struct rte_cryptodev_sym_session *session; +} crypto_session_disposal_t; + +typedef struct +{ struct rte_mempool *crypto_op; struct rte_mempool *session_h; struct rte_mempool **session_drv; + crypto_session_disposal_t *session_disposal; uword *session_by_sa_index; + uword *session_by_drv_id_and_sa_index; u64 crypto_op_get_failed; u64 session_h_failed; u64 *session_drv_failed; @@ -140,7 +147,7 @@ typedef struct crypto_alg_t *auth_algs; crypto_data_t *data; crypto_drv_t *drv; - u8 max_drv_id; + u64 session_timeout; /* nsec */ u8 enabled; } dpdk_crypto_main_t; @@ -158,7 +165,7 @@ clib_error_t *create_sym_session (struct rte_cryptodev_sym_session **session, static_always_inline u32 crypto_op_len (void) { - const u32 align = 16; + const u32 align = 4; u32 op_size = sizeof (struct rte_crypto_op) + sizeof (struct rte_crypto_sym_op); @@ -200,12 +207,16 @@ crypto_get_session (struct rte_cryptodev_sym_session **session, crypto_resource_t * res, crypto_worker_main_t * cwm, u8 is_outbound) { + dpdk_crypto_main_t *dcm = &dpdk_crypto_main; + crypto_data_t *data; + uword *val; crypto_session_key_t key = { 0 }; key.drv_id = res->drv_id; key.sa_idx = sa_idx; - uword *val = hash_get (cwm->session_by_drv_id_and_sa_index, key.val); + data = vec_elt_at_index (dcm->data, res->numa); + val = hash_get (data->session_by_drv_id_and_sa_index, key.val); if (PREDICT_FALSE (!val)) return create_sym_session (session, sa_idx, res, cwm, is_outbound); @@ -314,10 +325,8 @@ static_always_inline void crypto_op_setup (u8 is_aead, struct rte_mbuf *mb0, struct rte_crypto_op *op, void *session, u32 cipher_off, u32 cipher_len, - u8 * icb __clib_unused, u32 iv_size __clib_unused, u32 auth_off, u32 auth_len, - u8 * aad __clib_unused, u32 aad_size __clib_unused, - u8 * digest, u64 digest_paddr, u32 digest_size __clib_unused) + u8 * aad, u8 * digest, u64 digest_paddr) { struct rte_crypto_sym_op *sym_op; |