[dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation

Ananyev, Konstantin konstantin.ananyev at intel.com
Wed Oct 2 14:04:02 CEST 2019

Previous message: [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation
Next message: [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Replace rte_ipsec_sad_add(), rte_ipsec_sad_del() and
> rte_ipsec_sad_lookup() stubs with actual implementation.
> 
> It uses three librte_hash tables each of which contains
> an entries for a specific SA type (either it is addressed by SPI only
> or SPI+DIP or SPI+DIP+SIP)
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
> ---


> +/*
> + * @internal helper function
> + * Lookup a batch of keys in three hash tables.
> + * First lookup key in SPI_ONLY table.
> + * If there is an entry for the corresponding SPI check its value.
> + * Two least significant bits of the value indicate
> + * the presence of more specific rule in other tables.
> + * Perform additional lookup in corresponding hash tables
> + * and update the value if lookup succeeded.
> + */
> +static int
> +__ipsec_sad_lookup(const struct rte_ipsec_sad *sad,
> +		const union rte_ipsec_sad_key *keys[], void *sa[], uint32_t n)
> +{
> +	const void *keys_2[RTE_HASH_LOOKUP_BULK_MAX];
> +	const void *keys_3[RTE_HASH_LOOKUP_BULK_MAX];
> +	void *vals_2[RTE_HASH_LOOKUP_BULK_MAX] = {NULL};
> +	void *vals_3[RTE_HASH_LOOKUP_BULK_MAX] = {NULL};
> +	uint32_t idx_2[RTE_HASH_LOOKUP_BULK_MAX];
> +	uint32_t idx_3[RTE_HASH_LOOKUP_BULK_MAX];
> +	uint64_t mask_1, mask_2, mask_3;
> +	uint64_t map, map_spec;
> +	uint32_t n_2 = 0;
> +	uint32_t n_3 = 0;
> +	uint32_t i;
> +	int found = 0;
> +
> +	for (i = 0; i < n; i++)
> +		sa[i] = NULL;
> +
> +	/*
> +	 * Lookup keys in SPI only hash table first.
> +	 */
> +	rte_hash_lookup_bulk_data(sad->hash[RTE_IPSEC_SAD_SPI_ONLY],
> +		(const void **)keys, n, &mask_1, sa);
> +	for (map = mask_1; map; map &= (map - 1)) {
> +		i = rte_bsf64(map);
> +		/*
> +		 * if returned value indicates presence of a rule in other
> +		 * tables save a key for further lookup.
> +		 */
> +		if ((uintptr_t)sa[i] & RTE_IPSEC_SAD_SPI_DIP_SIP) {
> +			idx_3[n_3] = i;
> +			keys_3[n_3++] = keys[i];
> +		}
> +		if ((uintptr_t)sa[i] & RTE_IPSEC_SAD_SPI_DIP) {
> +			idx_2[n_2] = i;
> +			keys_2[n_2++] = keys[i];
> +		}
> +		/* clear 2 LSB's which idicate the presence

s/idicate/indicate/

> +		 * of more specific rules
> +		 */
> +		sa[i] = CLEAR_BIT(sa[i], RTE_IPSEC_SAD_KEY_TYPE_MASK);
> +	}
> +
> +	/* Lookup for more specific rules in SPI_DIP table */
> +	if (n_2 != 0) {
> +		rte_hash_lookup_bulk_data(sad->hash[RTE_IPSEC_SAD_SPI_DIP],
> +			keys_2, n_2, &mask_2, vals_2);
> +		for (map_spec = mask_2; map_spec; map_spec &= (map_spec - 1)) {
> +			i = rte_bsf64(map_spec);
> +			sa[idx_2[i]] = vals_2[i];
> +		}
> +	}
> +	/* Lookup for more specific rules in SPI_DIP_SIP table */
> +	if (n_3 != 0) {
> +		rte_hash_lookup_bulk_data(sad->hash[RTE_IPSEC_SAD_SPI_DIP_SIP],
> +			keys_3, n_3, &mask_3, vals_3);
> +		for (map_spec = mask_3; map_spec; map_spec &= (map_spec - 1)) {
> +			i = rte_bsf64(map_spec);
> +			sa[idx_3[i]] = vals_3[i];
> +		}
> +	}
> +
> +	for (i = 0; i < n; i++)
> +		found += (sa[i] != NULL);
> +
> +	return found;
> +}
> +
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev at intel.com>

> 2.7.4

Previous message: [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation
Next message: [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list