[dpdk-dev] [RFC 3/3] examples/ipsec-secgw: support for setting seq no

Anoob Joseph anoob.joseph at caviumnetworks.com
Mon Jan 22 14:11:08 CET 2018


Adding support for setting sequence number for inline protocol processed
packets.

Signed-off-by: Anoob Joseph <anoob.joseph at caviumnetworks.com>
---
 examples/ipsec-secgw/esp.h   |  9 +++++++++
 examples/ipsec-secgw/ipsec.c | 42 ++++++++++++++++++++++++++++++++++++------
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h
index 792312c..ec9dbd1 100644
--- a/examples/ipsec-secgw/esp.h
+++ b/examples/ipsec-secgw/esp.h
@@ -6,6 +6,15 @@
 
 struct mbuf;
 
+static inline int
+esp_inline_protocol_fill_mdata(struct ipsec_sa *sa,
+			       struct rte_security_ipsec_mdata *md_ipsec)
+{
+	/* Set sequence number */
+	md_ipsec->seq_no = ++(sa->seq);
+
+	return 0;
+}
 
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 05e89a1..d602c6b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -359,6 +359,40 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop)
 	}
 }
 
+static inline int
+inline_protocol_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+	int ret;
+	struct rte_security_mdata md = { 0 };
+
+	md.sess = sa->sec_session;
+
+	ret = esp_inline_protocol_fill_mdata(sa, &md.ipsec);
+
+	if (ret != 0) {
+		RTE_LOG(ERR, IPSEC,
+			"Could not generate per packet metadata for IPsec offload\n");
+		return ret;
+	}
+
+	/* Update flags to hint the PMD to use seq_no provided */
+	md.mdata_flags.set = RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO;
+
+	rte_security_set_pkt_metadata(sa->security_ctx, &md, pkt);
+
+	return 0;
+}
+
+static inline void
+inline_crypto_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+	struct rte_security_mdata mdata = { 0 };
+
+	mdata.sess = sa->sec_session;
+
+	rte_security_set_pkt_metadata(sa->security_ctx, &mdata, pkt);
+}
+
 static inline void
 ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		struct rte_mbuf *pkts[], struct ipsec_sa *sas[],
@@ -434,9 +468,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
 			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
-				rte_security_set_pkt_metadata(
-						sa->security_ctx,
-						sa->sec_session, pkts[i], NULL);
+				inline_protocol_set_pkt_metadata(sa, pkts[i]);
 			continue;
 		case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
 			priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
@@ -462,9 +494,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
 			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
-				rte_security_set_pkt_metadata(
-						sa->security_ctx,
-						sa->sec_session, pkts[i], NULL);
+				inline_crypto_set_pkt_metadata(sa, pkts[i]);
 			continue;
 		}
 
-- 
2.7.4



More information about the dev mailing list