Added support for DPDK 19.05 / IPSec

Note that since 6073b359 (April 2018) IPsec PROX support requires
at least DPDK 17.11. Hence README has been updated.

Change-Id: I34b7a968c16db5c3a3fc7bb6af111fdb49ad6b91
Signed-off-by: Xavier Simonart <xavier.simonart@intel.com>

3 files changed, 52 insertions, 28 deletions

diff --git a/VNFs/DPPD-PROX/README b/VNFs/DPPD-PROX/README
index 8f2b775b..b4ccc2ea 100644
--- a/VNFs/DPPD-PROX/README
+++ b/VNFs/DPPD-PROX/README
@@ -32,7 +32,7 @@ The following commands assume that the following variables have been set:
 export RTE_SDK=/path/to/dpdk
 export RTE_TARGET=x86_64-native-linuxapp-gcc
 
-IPSec is only supported in PROX starting from DPDK 17.02
+IPSec is only supported in PROX starting from DPDK 17.11
 It will only be compiled if CONFIG_RTE_LIBRTE_PMD_AESNI_MB is
 set in DPDK .config. This also requires AESNI_MULTI_BUFFER_LIB_PATH to point to
 the multi-buffer library which can be downloaded from 
diff --git a/VNFs/DPPD-PROX/handle_esp.c b/VNFs/DPPD-PROX/handle_esp.c
index 0d359c6a..31969de3 100644
--- a/VNFs/DPPD-PROX/handle_esp.c
+++ b/VNFs/DPPD-PROX/handle_esp.c
@@ -99,12 +99,6 @@ static uint8_t aes_cbc_iv[] = {
 	0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
 	0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A };
 
-//RFC4303
-struct esp_hdr {
-	uint32_t spi;
-	uint32_t sn;
-};
-
 static void printf_cdev_info(uint8_t cdev_id)
 {
 	struct rte_cryptodev_info dev_info;
@@ -194,11 +188,10 @@ static void init_task_esp_enc(struct task_base *tbase, struct task_args *targ)
 
 	task->qp_id=0;
 	plog_info("enc: task->qp_id=%u\n", task->qp_id);
-	struct rte_cryptodev_qp_conf qp_conf;
-	//qp_conf.nb_descriptors = 4096;
+	struct prox_rte_cryptodev_qp_conf qp_conf;
 	qp_conf.nb_descriptors = 128;
-	rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id,
-		&qp_conf, rte_cryptodev_socket_id(task->cdev_id), task->session_pool);
+	qp_conf.mp_session = task->session_pool;
+	prox_rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id, &qp_conf, rte_cryptodev_socket_id(task->cdev_id));
 
 	int ret = rte_cryptodev_start(task->cdev_id);
 	PROX_PANIC(ret < 0, "Failed to start device\n");
@@ -295,11 +288,10 @@ static void init_task_esp_dec(struct task_base *tbase, struct task_args *targ)
 
 	task->qp_id=0;
 	plog_info("dec: task->qp_id=%u\n", task->qp_id);
-	struct rte_cryptodev_qp_conf qp_conf;
-	//qp_conf.nb_descriptors = 4096;
+	struct prox_rte_cryptodev_qp_conf qp_conf;
 	qp_conf.nb_descriptors = 128;
-	rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id,
-		&qp_conf, rte_cryptodev_socket_id(task->cdev_id), task->session_pool);
+	qp_conf.mp_session = task->session_pool;
+	prox_rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id, &qp_conf, rte_cryptodev_socket_id(task->cdev_id));
 
 	int ret = rte_cryptodev_start(task->cdev_id);
 	PROX_PANIC(ret < 0, "Failed to start device\n");
@@ -397,7 +389,7 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb
 		encrypt_len += padding;
 	}
 
-	const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
+	const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
 
 	struct ether_addr src_mac = peth->s_addr;
 	struct ether_addr dst_mac = peth->d_addr;
@@ -427,7 +419,7 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb
 	pip4->time_to_live = ttl;
 	pip4->next_proto_id = IPPROTO_ESP; // 50 for ESP, ip in ip next proto trailer
 	pip4->version_ihl = version_ihl; // 20 bytes, ipv4
-	pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth
+	pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth
 	pip4->packet_id = 0x0101;
 	pip4->type_of_service = 0;
 	pip4->time_to_live = 64;
@@ -438,12 +430,12 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb
 	*((u32*) data) = 0x2016; // FIXME SPI
 	*((u32*) data + 1) = 0x2; // FIXME SN
 #else
-	struct esp_hdr *pesp = (struct esp_hdr*)(pip4+1);
+	struct prox_esp_hdr *pesp = (struct prox_esp_hdr*)(pip4+1);
 	pesp->spi = src_addr;//for simplicity assume 1 tunnel per source ip
 	static u32 sn = 0;
-	pesp->sn = ++sn;
+	pesp->seq = ++sn;
 	pesp->spi=0xAAAAAAAA;//debug
-	pesp->sn =0xBBBBBBBB;//debug
+	pesp->seq =0xBBBBBBBB;//debug
 #endif
 	u8 *padl = (u8*)data + (8 + encrypt_len - 2 + CIPHER_IV_LENGTH_AES_CBC); // No ESN yet. (-2 means NH is crypted)
 	//padl += CIPHER_IV_LENGTH_AES_CBC;
@@ -473,12 +465,12 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb
 #else
 	//uint64_t *iv = (uint64_t *)(pesp + 1);
 	//memset(iv, 0, CIPHER_IV_LENGTH_AES_CBC);
-	sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr);
+	sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr);
 	sym_cop->cipher.data.length = encrypt_len + CIPHER_IV_LENGTH_AES_CBC;
 #endif
 
 	sym_cop->auth.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr);
-	sym_cop->auth.data.length = sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;// + 4;// FIXME
+	sym_cop->auth.data.length = sizeof(struct prox_esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;// + 4;// FIXME
 
 	sym_cop->m_src = mbuf;
 	rte_crypto_op_attach_sym_session(cop, task->sess);
@@ -505,8 +497,8 @@ static inline uint8_t handle_esp_ah_dec(struct task_esp_dec *task, struct rte_mb
 	rte_crypto_op_attach_sym_session(cop, task->sess);
 
 	sym_cop->auth.digest.data = (unsigned char *)((unsigned char*)pip4 + ipv4_length - DIGEST_BYTE_LENGTH_SHA1);
-	//sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr)); // FIXME
-	sym_cop->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr));
+	//sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr)); // FIXME
+	sym_cop->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr));
 	//sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
 
 	//sym_cop->cipher.iv.data = (uint8_t *)data + 8;
@@ -518,7 +510,7 @@ static inline uint8_t handle_esp_ah_dec(struct task_esp_dec *task, struct rte_mb
 				aes_cbc_iv,
 				CIPHER_IV_LENGTH_AES_CBC);
 #else
-	uint8_t * iv = (uint8_t *)(pip4 + 1) + sizeof(struct esp_hdr);
+	uint8_t * iv = (uint8_t *)(pip4 + 1) + sizeof(struct prox_esp_hdr);
 	rte_memcpy(rte_crypto_op_ctod_offset(cop, uint8_t *, IV_OFFSET),
 				iv,
 				CIPHER_IV_LENGTH_AES_CBC);
@@ -527,7 +519,7 @@ static inline uint8_t handle_esp_ah_dec(struct task_esp_dec *task, struct rte_mb
 	sym_cop->auth.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr);
 	sym_cop->auth.data.length = ipv4_length - sizeof(struct ipv4_hdr) - 4 - CIPHER_IV_LENGTH_AES_CBC;
 
-	sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
+	sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct prox_esp_hdr) + CIPHER_IV_LENGTH_AES_CBC;
 	sym_cop->cipher.data.length = ipv4_length - sizeof(struct ipv4_hdr) - CIPHER_IV_LENGTH_AES_CBC - 28; // FIXME
 
 	sym_cop->m_src = mbuf;
@@ -595,9 +587,9 @@ static inline uint8_t handle_esp_ah_dec_finish(struct task_esp_dec *task, struct
 static inline uint8_t handle_esp_ah_dec_finish2(struct task_esp_dec *task, struct rte_mbuf *mbuf)
 {
 	u8* m = rte_pktmbuf_mtod(mbuf, u8*);
-	rte_memcpy(m+sizeof(struct ipv4_hdr)+sizeof(struct esp_hdr)+CIPHER_IV_LENGTH_AES_CBC,
+	rte_memcpy(m+sizeof(struct ipv4_hdr)+sizeof(struct prox_esp_hdr)+CIPHER_IV_LENGTH_AES_CBC,
 		m, sizeof(struct ether_hdr));
-	m = (u8*)rte_pktmbuf_adj(mbuf, sizeof(struct ipv4_hdr)+sizeof(struct esp_hdr)+CIPHER_IV_LENGTH_AES_CBC);
+	m = (u8*)rte_pktmbuf_adj(mbuf, sizeof(struct ipv4_hdr)+sizeof(struct prox_esp_hdr)+CIPHER_IV_LENGTH_AES_CBC);
 	struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(m+sizeof(struct ether_hdr));
 
 	if (unlikely((pip4->version_ihl >> 4) != 4)) {
diff --git a/VNFs/DPPD-PROX/prox_compat.h b/VNFs/DPPD-PROX/prox_compat.h
index 65bba65d..001caa6d 100644
--- a/VNFs/DPPD-PROX/prox_compat.h
+++ b/VNFs/DPPD-PROX/prox_compat.h
@@ -19,6 +19,7 @@
 #include <rte_common.h>
 #include <rte_table_hash.h>
 #include <rte_hash_crc.h>
+#include <rte_cryptodev.h>
 #include "hash_utils.h"
 #include "quit.h"
 
@@ -159,4 +160,35 @@ static inline char *prox_strncpy(char * dest, const char * src, size_t count)
 	PROX_PANIC(dest[count - 1] != 0, "\t\tError in strncpy: buffer overrun (%lu bytes)", count);
 	return dest;
 }
+#ifdef RTE_LIBRTE_PMD_AESNI_MB
+#if RTE_VERSION < RTE_VERSION_NUM(19,5,0,0)
+//RFC4303
+struct prox_esp_hdr {
+        uint32_t spi;
+        uint32_t seq;
+};
+struct prox_rte_cryptodev_qp_conf {
+	uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
+	struct rte_mempool * 	mp_session;
+	struct rte_mempool * 	mp_session_private;
+};
+
+static int prox_rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id, struct prox_rte_cryptodev_qp_conf *qp_conf, int socket_id)
+{
+	struct rte_mempool *session_pool = qp_conf->mp_session;
+	return rte_cryptodev_queue_pair_setup(dev_id, queue_pair_id, (struct rte_cryptodev_qp_conf *)qp_conf, socket_id, session_pool);
+}
+
+#else
+#define prox_esp_hdr esp_hdr
+#define prox_rte_cryptodev_qp_conf rte_cryptodev_qp_conf
+
+static int prox_rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id, struct prox_rte_cryptodev_qp_conf *qp_conf, int socket_id)
+{
+	return rte_cryptodev_queue_pair_setup(dev_id, queue_pair_id, (struct rte_cryptodev_qp_conf *)qp_conf, socket_id);
+}
+
+#endif
+#endif	// CONFIG_RTE_LIBRTE_PMD_AESNI_MB
+
 #endif // _PROX_COMPAT_H