[dpdk-dev] [RFC 3/3] examples/ipsec-secgw: support for setting seq no
Anoob Joseph
anoob.joseph at caviumnetworks.com
Mon Jan 22 14:11:08 CET 2018
Adding support for setting sequence number for inline protocol processed
packets.
Signed-off-by: Anoob Joseph <anoob.joseph at caviumnetworks.com>
---
examples/ipsec-secgw/esp.h | 9 +++++++++
examples/ipsec-secgw/ipsec.c | 42 ++++++++++++++++++++++++++++++++++++------
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h
index 792312c..ec9dbd1 100644
--- a/examples/ipsec-secgw/esp.h
+++ b/examples/ipsec-secgw/esp.h
@@ -6,6 +6,15 @@
struct mbuf;
+static inline int
+esp_inline_protocol_fill_mdata(struct ipsec_sa *sa,
+ struct rte_security_ipsec_mdata *md_ipsec)
+{
+ /* Set sequence number */
+ md_ipsec->seq_no = ++(sa->seq);
+
+ return 0;
+}
int
esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 05e89a1..d602c6b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -359,6 +359,40 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop)
}
}
+static inline int
+inline_protocol_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+ int ret;
+ struct rte_security_mdata md = { 0 };
+
+ md.sess = sa->sec_session;
+
+ ret = esp_inline_protocol_fill_mdata(sa, &md.ipsec);
+
+ if (ret != 0) {
+ RTE_LOG(ERR, IPSEC,
+ "Could not generate per packet metadata for IPsec offload\n");
+ return ret;
+ }
+
+ /* Update flags to hint the PMD to use seq_no provided */
+ md.mdata_flags.set = RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO;
+
+ rte_security_set_pkt_metadata(sa->security_ctx, &md, pkt);
+
+ return 0;
+}
+
+static inline void
+inline_crypto_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+ struct rte_security_mdata mdata = { 0 };
+
+ mdata.sess = sa->sec_session;
+
+ rte_security_set_pkt_metadata(sa->security_ctx, &mdata, pkt);
+}
+
static inline void
ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct rte_mbuf *pkts[], struct ipsec_sa *sas[],
@@ -434,9 +468,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
- rte_security_set_pkt_metadata(
- sa->security_ctx,
- sa->sec_session, pkts[i], NULL);
+ inline_protocol_set_pkt_metadata(sa, pkts[i]);
continue;
case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
@@ -462,9 +494,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
- rte_security_set_pkt_metadata(
- sa->security_ctx,
- sa->sec_session, pkts[i], NULL);
+ inline_crypto_set_pkt_metadata(sa, pkts[i]);
continue;
}
--
2.7.4
More information about the dev
mailing list