summaryrefslogtreecommitdiffstats
path: root/src/plugins/dpdk/ipsec
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/dpdk/ipsec')
-rw-r--r--src/plugins/dpdk/ipsec/cli.c11
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c16
-rw-r--r--src/plugins/dpdk/ipsec/esp_encrypt.c6
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c76
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.h41
5 files changed, 5 insertions, 145 deletions
diff --git a/src/plugins/dpdk/ipsec/cli.c b/src/plugins/dpdk/ipsec/cli.c
index 9f470bfe990..b5ac105a4b1 100644
--- a/src/plugins/dpdk/ipsec/cli.c
+++ b/src/plugins/dpdk/ipsec/cli.c
@@ -532,7 +532,6 @@ show_dpdk_crypto_pools_fn (vlib_main_t * vm,
{
if (data->crypto_op)
vlib_cli_output (vm, "%U\n", format_dpdk_mempool, data->crypto_op);
-#if ! DPDK_NO_AEAD
if (data->session_h)
vlib_cli_output (vm, "%U\n", format_dpdk_mempool, data->session_h);
@@ -540,19 +539,9 @@ show_dpdk_crypto_pools_fn (vlib_main_t * vm,
vec_foreach (mp, data->session_drv)
if (mp[0])
vlib_cli_output (vm, "%U\n", format_dpdk_mempool, mp[0]);
-#endif
}
/* *INDENT-ON* */
-#if DPDK_NO_AEAD
- crypto_dev_t *dev;
- /* *INDENT-OFF* */
- vec_foreach (dev, dcm->dev) if (rte_cryptodevs[dev->id].data->session_pool)
- vlib_cli_output (vm, "%U\n", format_dpdk_mempool,
- rte_cryptodevs[dev->id].data->session_pool);
- /* *INDENT-ON* */
-#endif
-
return NULL;
}
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index ab98d56bbfd..6815f53e2b1 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -170,13 +170,7 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm,
cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
auth_alg = vec_elt_at_index (dcm->auth_algs, sa0->integ_alg);
-#if DPDK_NO_AEAD
- is_aead = (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 ||
- sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192 ||
- sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256);
-#else
is_aead = (cipher_alg->type == RTE_CRYPTO_SYM_XFORM_AEAD);
-#endif
if (is_aead)
auth_alg = cipher_alg;
@@ -291,11 +285,7 @@ dpdk_esp_decrypt_node_fn (vlib_main_t * vm,
u32 *_iv = (u32 *) iv;
crypto_set_icb (icb, sa0->salt, _iv[0], _iv[1]);
-#if DPDK_NO_AEAD
- iv_size = 16;
-#else
iv_size = 12;
-#endif
}
if (is_aead)
@@ -470,13 +460,7 @@ dpdk_esp_decrypt_post_node_fn (vlib_main_t * vm,
cipher_alg = vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
auth_alg = vec_elt_at_index (dcm->auth_algs, sa0->integ_alg);
-#if DPDK_NO_AEAD
- is_aead = (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 ||
- sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192 ||
- sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256);
-#else
is_aead = cipher_alg->type == RTE_CRYPTO_SYM_XFORM_AEAD;
-#endif
if (is_aead)
auth_alg = cipher_alg;
diff --git a/src/plugins/dpdk/ipsec/esp_encrypt.c b/src/plugins/dpdk/ipsec/esp_encrypt.c
index ac60fdd589f..eea3e81605d 100644
--- a/src/plugins/dpdk/ipsec/esp_encrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_encrypt.c
@@ -197,13 +197,7 @@ dpdk_esp_encrypt_node_fn (vlib_main_t * vm,
vec_elt_at_index (dcm->cipher_algs, sa0->crypto_alg);
auth_alg = vec_elt_at_index (dcm->auth_algs, sa0->integ_alg);
-#if DPDK_NO_AEAD
- is_aead = ((sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) ||
- (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) ||
- (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256));
-#else
is_aead = (cipher_alg->type == RTE_CRYPTO_SYM_XFORM_AEAD);
-#endif
if (is_aead)
auth_alg = cipher_alg;
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index fdfe0e65c70..b42d208094b 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -91,13 +91,8 @@ algos_init (u32 n_mains)
a->key_len = 32;
a->iv_len = 8;
-#if DPDK_NO_AEAD
-#define AES_GCM_TYPE RTE_CRYPTO_SYM_XFORM_CIPHER
-#define AES_GCM_ALG RTE_CRYPTO_CIPHER_AES_GCM
-#else
#define AES_GCM_TYPE RTE_CRYPTO_SYM_XFORM_AEAD
#define AES_GCM_ALG RTE_CRYPTO_AEAD_AES_GCM
-#endif
a = &dcm->cipher_algs[IPSEC_CRYPTO_ALG_AES_GCM_128];
a->type = AES_GCM_TYPE;
@@ -209,13 +204,11 @@ cipher_cap_to_alg (const struct rte_cryptodev_capabilities *cap, u8 key_len)
(cap->sym.cipher.algo == alg->alg) &&
(alg->key_len == key_len))
return alg;
-#if ! DPDK_NO_AEAD
if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
(alg->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
(cap->sym.aead.algo == alg->alg) &&
(alg->key_len == key_len))
return alg;
-#endif
}
/* *INDENT-ON* */
@@ -244,7 +237,6 @@ auth_cap_to_alg (const struct rte_cryptodev_capabilities *cap, u8 trunc_size)
return NULL;
}
-#if ! DPDK_NO_AEAD
static void
crypto_set_aead_xform (struct rte_crypto_sym_xform *xform,
ipsec_sa_t * sa, u8 is_outbound)
@@ -272,7 +264,6 @@ crypto_set_aead_xform (struct rte_crypto_sym_xform *xform,
else
xform->aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
}
-#endif
static void
crypto_set_cipher_xform (struct rte_crypto_sym_xform *xform,
@@ -289,11 +280,9 @@ crypto_set_cipher_xform (struct rte_crypto_sym_xform *xform,
xform->cipher.algo = c->alg;
xform->cipher.key.data = sa->crypto_key;
xform->cipher.key.length = c->key_len;
-#if ! DPDK_NO_AEAD
xform->cipher.iv.offset =
crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb);
xform->cipher.iv.length = c->iv_len;
-#endif
xform->next = NULL;
if (is_outbound)
@@ -318,20 +307,6 @@ crypto_set_auth_xform (struct rte_crypto_sym_xform *xform,
xform->auth.key.data = sa->integ_key;
xform->auth.key.length = a->key_len;
xform->auth.digest_length = a->trunc_size;
-#if DPDK_NO_AEAD
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 ||
- sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192 ||
- sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)
- xform->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
- xform->auth.add_auth_data_length = sa->use_esn ? 12 : 8;
-#else
-#if 0
- xform->auth.iv.offset =
- sizeof (struct rte_crypto_op) + sizeof (struct rte_crypto_sym_op) +
- offsetof (dpdk_op_priv_t, cb);
- xform->auth.iv.length = a->iv_len;
-#endif
-#endif
xform->next = NULL;
if (is_outbound)
@@ -360,7 +335,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
sa = pool_elt_at_index (im->sad, sa_idx);
-#if ! DPDK_NO_AEAD
if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) |
(sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) |
(sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256))
@@ -369,7 +343,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
xfs = &cipher_xform;
}
else
-#endif /* ! DPDK_NO_AEAD */
{
crypto_set_cipher_xform (&cipher_xform, sa, is_outbound);
crypto_set_auth_xform (&auth_xform, sa, is_outbound);
@@ -388,19 +361,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
data = vec_elt_at_index (dcm->data, res->numa);
-#if DPDK_NO_AEAD
- /*
- * DPDK_VER <= 1705:
- * Each worker/thread has its own session per device driver
- */
- session[0] = rte_cryptodev_sym_session_create (res->dev_id, xfs);
- if (!session[0])
- {
- data->session_drv_failed[res->drv_id] += 1;
- return clib_error_return (0, "failed to create session for dev %u",
- res->dev_id);
- }
-#else
/*
* DPDK_VER >= 1708:
* Multiple worker/threads share the session for an SA
@@ -431,7 +391,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
return clib_error_return (0, "failed to init session for drv %u",
res->drv_id);
}
-#endif /* DPDK_NO_AEAD */
hash_set (cwm->session_by_drv_id_and_sa_index, key.val, session[0]);
@@ -447,7 +406,6 @@ static void __attribute__ ((unused)) clear_and_free_obj (void *obj)
rte_mempool_put (mp, obj);
}
-#if ! DPDK_NO_AEAD
/* This is from rte_cryptodev_pmd.h */
static inline void *
get_session_private_data (const struct rte_cryptodev_sym_session *sess,
@@ -463,7 +421,6 @@ set_session_private_data (struct rte_cryptodev_sym_session *sess,
{
sess->sess_private_data[driver_id] = private_data;
}
-#endif
static clib_error_t *
add_del_sa_session (u32 sa_index, u8 is_add)
@@ -515,16 +472,11 @@ add_del_sa_session (u32 sa_index, u8 is_add)
if (!s)
continue;
-#if DPDK_NO_AEAD
- ret = (rte_cryptodev_sym_session_free (s->dev_id, s) == NULL);
- ASSERT (ret);
-#endif
hash_unset (cwm->session_by_drv_id_and_sa_index, key.val);
}
}
/* *INDENT-ON* */
-#if ! DPDK_NO_AEAD
crypto_data_t *data;
/* *INDENT-OFF* */
vec_foreach (data, dcm->data)
@@ -558,7 +510,6 @@ add_del_sa_session (u32 sa_index, u8 is_add)
ASSERT (!ret);
}
/* *INDENT-ON* */
-#endif
return 0;
}
@@ -609,9 +560,7 @@ crypto_parse_capabilities (crypto_dev_t * dev,
/* A single capability maps to multiple cipher/auth algorithms */
switch (cap->sym.xform_type)
{
-#if ! DPDK_NO_AEAD
case RTE_CRYPTO_SYM_XFORM_AEAD:
-#endif
case RTE_CRYPTO_SYM_XFORM_CIPHER:
inc = cap->sym.cipher.key_size.increment;
inc = inc ? inc : 1;
@@ -662,10 +611,6 @@ crypto_dev_conf (u8 dev, u16 n_qp, u8 numa)
dev_conf.socket_id = numa;
dev_conf.nb_queue_pairs = n_qp;
-#if DPDK_NO_AEAD
- dev_conf.session_mp.nb_objs = DPDK_CRYPTO_NB_SESS_OBJS;
- dev_conf.session_mp.cache_size = 512;
-#endif
error_str = "failed to configure crypto device %u";
ret = rte_cryptodev_configure (dev, &dev_conf);
@@ -676,11 +621,7 @@ crypto_dev_conf (u8 dev, u16 n_qp, u8 numa)
qp_conf.nb_descriptors = DPDK_CRYPTO_N_QUEUE_DESC;
for (qp = 0; qp < n_qp; qp++)
{
-#if DPDK_NO_AEAD
- ret = rte_cryptodev_queue_pair_setup (dev, qp, &qp_conf, numa);
-#else
ret = rte_cryptodev_queue_pair_setup (dev, qp, &qp_conf, numa, NULL);
-#endif
if (ret < 0)
return clib_error_return (0, error_str, dev, qp);
}
@@ -716,11 +657,7 @@ crypto_scan_devs (u32 n_mains)
dev->numa = rte_cryptodev_socket_id (i);
dev->features = info.feature_flags;
dev->max_qp = info.max_nb_queue_pairs;
-#if DPDK_NO_AEAD
- drv_id = cryptodev->dev_type;
-#else
drv_id = info.driver_id;
-#endif
if (drv_id >= vec_len (dcm->drv))
vec_validate_init_empty (dcm->drv, drv_id,
(crypto_drv_t) EMPTY_STRUCT);
@@ -842,12 +779,7 @@ crypto_op_init (struct rte_mempool *mempool,
{
struct rte_crypto_op *op = _obj;
-#if DPDK_NO_AEAD
- op->sym = (struct rte_crypto_sym_op *) (op + 1);
- op->sym->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION;
-#else
op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
-#endif
op->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
op->phys_addr = rte_mem_virt2phy (_obj);
@@ -900,9 +832,6 @@ crypto_create_crypto_op_pool (vlib_main_t * vm, u8 numa)
static clib_error_t *
crypto_create_session_h_pool (vlib_main_t * vm, u8 numa)
{
-#if DPDK_NO_AEAD
- return NULL;
-#else
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
crypto_data_t *data;
u8 *pool_name;
@@ -932,15 +861,11 @@ crypto_create_session_h_pool (vlib_main_t * vm, u8 numa)
data->session_h = mp;
return NULL;
-#endif
}
static clib_error_t *
crypto_create_session_drv_pool (vlib_main_t * vm, crypto_dev_t * dev)
{
-#if DPDK_NO_AEAD
- return NULL;
-#else
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
crypto_data_t *data;
u8 *pool_name;
@@ -973,7 +898,6 @@ crypto_create_session_drv_pool (vlib_main_t * vm, crypto_dev_t * dev)
data->session_drv[dev->drv_id] = mp;
return NULL;
-#endif
}
static clib_error_t *
diff --git a/src/plugins/dpdk/ipsec/ipsec.h b/src/plugins/dpdk/ipsec/ipsec.h
index d40e480ae42..c902ce097b8 100644
--- a/src/plugins/dpdk/ipsec/ipsec.h
+++ b/src/plugins/dpdk/ipsec/ipsec.h
@@ -249,7 +249,9 @@ crypto_alloc_ops (u8 numa, struct rte_crypto_op ** ops, u32 n)
ret = rte_mempool_get_bulk (data->crypto_op, (void **) ops, n);
+ /* *INDENT-OFF* */
data->crypto_op_get_failed += ! !ret;
+ /* *INDENT-ON* */
return ret;
}
@@ -306,20 +308,16 @@ crypto_set_icb (dpdk_gcm_cnt_blk * icb, u32 salt, u32 seq, u32 seq_hi)
icb->salt = salt;
icb->iv[0] = seq;
icb->iv[1] = seq_hi;
-#if DPDK_NO_AEAD
- icb->cnt = clib_host_to_net_u32 (1);
-#endif
}
-#define __unused __attribute__((unused))
static_always_inline void
crypto_op_setup (u8 is_aead, struct rte_mbuf *mb0,
struct rte_crypto_op *op, void *session,
u32 cipher_off, u32 cipher_len,
- u8 * icb __unused, u32 iv_size __unused,
+ u8 * icb __clib_unused, u32 iv_size __clib_unused,
u32 auth_off, u32 auth_len,
- u8 * aad __unused, u32 aad_size __unused,
- u8 * digest, u64 digest_paddr, u32 digest_size __unused)
+ u8 * aad __clib_unused, u32 aad_size __clib_unused,
+ u8 * digest, u64 digest_paddr, u32 digest_size __clib_unused)
{
struct rte_crypto_sym_op *sym_op;
@@ -328,32 +326,6 @@ crypto_op_setup (u8 is_aead, struct rte_mbuf *mb0,
sym_op->m_src = mb0;
sym_op->session = session;
-#if DPDK_NO_AEAD
- sym_op->cipher.data.offset = cipher_off;
- sym_op->cipher.data.length = cipher_len;
-
- sym_op->cipher.iv.data = icb;
- sym_op->cipher.iv.phys_addr =
- op->phys_addr + (uintptr_t) icb - (uintptr_t) op;
- sym_op->cipher.iv.length = iv_size;
-
- if (is_aead)
- {
- sym_op->auth.aad.data = aad;
- sym_op->auth.aad.phys_addr =
- op->phys_addr + (uintptr_t) aad - (uintptr_t) op;
- sym_op->auth.aad.length = aad_size;
- }
- else
- {
- sym_op->auth.data.offset = auth_off;
- sym_op->auth.data.length = auth_len;
- }
-
- sym_op->auth.digest.data = digest;
- sym_op->auth.digest.phys_addr = digest_paddr;
- sym_op->auth.digest.length = digest_size;
-#else /* ! DPDK_NO_AEAD */
if (is_aead)
{
sym_op->aead.data.offset = cipher_off;
@@ -377,11 +349,8 @@ crypto_op_setup (u8 is_aead, struct rte_mbuf *mb0,
sym_op->auth.digest.data = digest;
sym_op->auth.digest.phys_addr = digest_paddr;
}
-#endif /* DPDK_NO_AEAD */
}
-#undef __unused
-
#endif /* __DPDK_IPSEC_H__ */
/*