1 /*- 2 * BSD LICENSE 3 * 4 * Copyright(c) 2016 Intel Corporation. All rights reserved. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * * Neither the name of Intel Corporation nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <netinet/in.h> 35 #include <netinet/ip.h> 36 37 #include <rte_branch_prediction.h> 38 #include <rte_log.h> 39 #include <rte_crypto.h> 40 #include <rte_cryptodev.h> 41 #include <rte_mbuf.h> 42 #include <rte_hash.h> 43 44 #include "ipsec.h" 45 46 static inline int 47 create_session(struct ipsec_ctx *ipsec_ctx __rte_unused, struct ipsec_sa *sa) 48 { 49 uint32_t cdev_id_qp = 0; 50 int32_t ret; 51 struct cdev_key key = { 0 }; 52 53 key.lcore_id = (uint8_t)rte_lcore_id(); 54 55 key.cipher_algo = (uint8_t)sa->cipher_algo; 56 key.auth_algo = (uint8_t)sa->auth_algo; 57 58 ret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key, 59 (void **)&cdev_id_qp); 60 if (ret < 0) { 61 IPSEC_LOG(ERR, IPSEC, "No cryptodev: core %u, cipher_algo %u, " 62 "auth_algo %u\n", key.lcore_id, key.cipher_algo, 63 key.auth_algo); 64 return -1; 65 } 66 67 IPSEC_LOG(DEBUG, IPSEC, "Create session for SA spi %u on cryptodev " 68 "%u qp %u\n", sa->spi, ipsec_ctx->tbl[cdev_id_qp].id, 69 ipsec_ctx->tbl[cdev_id_qp].qp); 70 71 sa->crypto_session = rte_cryptodev_sym_session_create( 72 ipsec_ctx->tbl[cdev_id_qp].id, sa->xforms); 73 74 sa->cdev_id_qp = cdev_id_qp; 75 76 return 0; 77 } 78 79 static inline void 80 enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop) 81 { 82 int ret, i; 83 84 cqp->buf[cqp->len++] = cop; 85 86 if (cqp->len == MAX_PKT_BURST) { 87 ret = rte_cryptodev_enqueue_burst(cqp->id, cqp->qp, 88 cqp->buf, cqp->len); 89 if (ret < cqp->len) { 90 IPSEC_LOG(DEBUG, IPSEC, "Cryptodev %u queue %u:" 91 " enqueued %u crypto ops out of %u\n", 92 cqp->id, cqp->qp, 93 ret, cqp->len); 94 for (i = ret; i < cqp->len; i++) 95 rte_pktmbuf_free(cqp->buf[i]->sym->m_src); 96 } 97 cqp->in_flight += ret; 98 cqp->len = 0; 99 } 100 } 101 102 static inline uint16_t 103 ipsec_processing(struct ipsec_ctx *ipsec_ctx, struct rte_mbuf *pkts[], 104 struct ipsec_sa *sas[], uint16_t nb_pkts, uint16_t max_pkts) 105 { 106 int ret = 0, i, j, nb_cops; 107 struct ipsec_mbuf_metadata *priv; 108 struct rte_crypto_op *cops[max_pkts]; 109 struct ipsec_sa *sa; 110 struct rte_mbuf *pkt; 111 112 for (i = 0; i < nb_pkts; i++) { 113 rte_prefetch0(sas[i]); 114 rte_prefetch0(pkts[i]); 115 116 priv = get_priv(pkts[i]); 117 sa = sas[i]; 118 priv->sa = sa; 119 120 IPSEC_ASSERT(sa != NULL); 121 122 priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC; 123 124 rte_prefetch0(&priv->sym_cop); 125 priv->cop.sym = &priv->sym_cop; 126 127 if ((unlikely(sa->crypto_session == NULL)) && 128 create_session(ipsec_ctx, sa)) { 129 rte_pktmbuf_free(pkts[i]); 130 continue; 131 } 132 133 rte_crypto_op_attach_sym_session(&priv->cop, 134 sa->crypto_session); 135 136 ret = sa->pre_crypto(pkts[i], sa, &priv->cop); 137 if (unlikely(ret)) { 138 rte_pktmbuf_free(pkts[i]); 139 continue; 140 } 141 142 IPSEC_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps); 143 enqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop); 144 } 145 146 nb_pkts = 0; 147 for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) { 148 struct cdev_qp *cqp; 149 150 cqp = &ipsec_ctx->tbl[ipsec_ctx->last_qp++]; 151 if (ipsec_ctx->last_qp == ipsec_ctx->nb_qps) 152 ipsec_ctx->last_qp %= ipsec_ctx->nb_qps; 153 154 if (cqp->in_flight == 0) 155 continue; 156 157 nb_cops = rte_cryptodev_dequeue_burst(cqp->id, cqp->qp, 158 cops, max_pkts - nb_pkts); 159 160 cqp->in_flight -= nb_cops; 161 162 for (j = 0; j < nb_cops; j++) { 163 pkt = cops[j]->sym->m_src; 164 rte_prefetch0(pkt); 165 166 priv = get_priv(pkt); 167 sa = priv->sa; 168 169 IPSEC_ASSERT(sa != NULL); 170 171 ret = sa->post_crypto(pkt, sa, cops[j]); 172 if (unlikely(ret)) 173 rte_pktmbuf_free(pkt); 174 else 175 pkts[nb_pkts++] = pkt; 176 } 177 } 178 179 /* return packets */ 180 return nb_pkts; 181 } 182 183 uint16_t 184 ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], 185 uint16_t nb_pkts, uint16_t len) 186 { 187 struct ipsec_sa *sas[nb_pkts]; 188 189 inbound_sa_lookup(ctx->sa_ctx, pkts, sas, nb_pkts); 190 191 return ipsec_processing(ctx, pkts, sas, nb_pkts, len); 192 } 193 194 uint16_t 195 ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], 196 uint32_t sa_idx[], uint16_t nb_pkts, uint16_t len) 197 { 198 struct ipsec_sa *sas[nb_pkts]; 199 200 outbound_sa_lookup(ctx->sa_ctx, sa_idx, sas, nb_pkts); 201 202 return ipsec_processing(ctx, pkts, sas, nb_pkts, len); 203 } 204