diff options
Diffstat (limited to 'VNFs')
-rw-r--r-- | VNFs/DPPD-PROX/Makefile | 4 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/cfgfile.h | 3 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/defaults.h | 3 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/handle_esp.c | 622 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/handle_gen.c | 80 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/parse_utils.h | 2 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/prox_args.c | 3 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/task_base.h | 6 | ||||
-rw-r--r-- | VNFs/DPPD-PROX/task_init.h | 2 |
9 files changed, 382 insertions, 343 deletions
diff --git a/VNFs/DPPD-PROX/Makefile b/VNFs/DPPD-PROX/Makefile index 7109cb48..fe8e87da 100644 --- a/VNFs/DPPD-PROX/Makefile +++ b/VNFs/DPPD-PROX/Makefile @@ -172,14 +172,10 @@ SRCS-y += handle_mirror.c SRCS-y += handle_genl4.c SRCS-y += handle_ipv6_tunnel.c SRCS-y += handle_read.c -ifeq ($(call rte_ver_LT,17,8,0,0),y) -ifeq ($(call rte_ver_GE,17,2,0,16),y) SRCS-$(CONFIG_RTE_LIBRTE_PMD_AESNI_MB) += handle_esp.c ifneq ($(CONFIG_RTE_LIBRTE_PMD_AESNI_MB),y) $(warning "Building w/o IPSEC support") endif -endif -endif SRCS-y += handle_cgnat.c SRCS-y += handle_nat.c SRCS-y += handle_dump.c diff --git a/VNFs/DPPD-PROX/cfgfile.h b/VNFs/DPPD-PROX/cfgfile.h index 41b474ee..c0de4f16 100644 --- a/VNFs/DPPD-PROX/cfgfile.h +++ b/VNFs/DPPD-PROX/cfgfile.h @@ -18,6 +18,7 @@ #define _CFG_FILE_H_ #include <stdio.h> +#include "defaults.h" #define DEFAULT_CONFIG_FILE "./prox.cfg" @@ -38,7 +39,7 @@ struct cfg_section { int error; }; -#define MAX_CFG_STRING_LEN 8192 +#define MAX_CFG_STRING_LEN (3 * MAX_PKT_SIZE) #define STRING_TERMINATOR_LEN 4 struct cfg_file { diff --git a/VNFs/DPPD-PROX/defaults.h b/VNFs/DPPD-PROX/defaults.h index 573cc9c5..4cf3cf7a 100644 --- a/VNFs/DPPD-PROX/defaults.h +++ b/VNFs/DPPD-PROX/defaults.h @@ -26,9 +26,10 @@ void set_global_defaults(struct prox_cfg* prox_cfg); void set_task_defaults(struct prox_cfg* prox_cfg, struct lcore_cfg* lcore_cfg_init); void set_port_defaults(void); +#define MAX_PKT_SIZE 10000 #define MAX_PKT_BURST 64 #define MAX_RING_BURST 64 -#define DUMP_PKT_LEN 128 +#define DUMP_PKT_LEN MAX_PKT_SIZE #if MAX_RING_BURST < MAX_PKT_BURST #error MAX_RING_BURST < MAX_PKT_BURST diff --git a/VNFs/DPPD-PROX/handle_esp.c b/VNFs/DPPD-PROX/handle_esp.c index 15996d58..2b0bfbda 100644 --- a/VNFs/DPPD-PROX/handle_esp.c +++ b/VNFs/DPPD-PROX/handle_esp.c @@ -31,74 +31,58 @@ #include "cfgfile.h" #include "log.h" #include "prox_cksum.h" +#include "defines.h" #include <rte_ip.h> #include <rte_cryptodev.h> #include <rte_cryptodev_pmd.h> +#include <rte_bus_vdev.h> #include "prox_port_cfg.h" typedef unsigned int u32; typedef unsigned char u8; -#define MAX_ASYNC_SESSIONS 256 #define BYTE_LENGTH(x) (x/8) #define DIGEST_BYTE_LENGTH_SHA1 (BYTE_LENGTH(160)) //#define CIPHER_KEY_LENGTH_AES_CBC (32) #define CIPHER_KEY_LENGTH_AES_CBC (16)//==TEST #define CIPHER_IV_LENGTH_AES_CBC 16 -//#define SINGLE_VDEV 1 -static inline void *get_sym_cop(struct rte_crypto_op *cop) -{ - //return (cop + 1);//makes no sense on dpdk_17.05.2; TODO: doublecheck - return cop->sym; -} +#define MAXIMUM_IV_LENGTH 16 +#define IV_OFFSET (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op)) + +#define MAX_SESSIONS 1024 +#define POOL_CACHE_SIZE 128 + +#define NUM_OPS 256 struct task_esp_enc { - struct task_base base; - uint8_t crypto_dev_id; - uint16_t qp_id; - u8 iv[16]; - uint32_t local_ipv4; - struct ether_addr local_mac; - uint32_t remote_ipv4; - u8 key[16]; - uint32_t ipaddr; - struct rte_cryptodev_sym_session *sess; - struct rte_crypto_sym_xform cipher_xform; - struct rte_crypto_sym_xform auth_xform; - uint8_t head; - uint8_t nb_enc; - struct rte_crypto_op *ops_rx_burst[MAX_ASYNC_SESSIONS]; - struct rte_crypto_op *ops_tx_burst[MAX_ASYNC_SESSIONS]; + struct task_base base; + uint8_t cdev_id; + uint16_t qp_id; + uint32_t local_ipv4; + struct ether_addr local_mac; + uint32_t remote_ipv4; + struct ether_addr dst_mac; + struct rte_mempool *crypto_op_pool; + struct rte_mempool *session_pool; + struct rte_cryptodev_sym_session *sess; + struct rte_crypto_op *ops_burst[NUM_OPS]; }; struct task_esp_dec { - struct task_base base; - uint8_t crypto_dev_id; - uint16_t qp_id; - u8 iv[16]; - uint32_t local_ipv4; - struct ether_addr local_mac; - u8 key[16]; - uint32_t ipaddr; - struct rte_cryptodev_sym_session *sess; - struct rte_crypto_sym_xform cipher_xform; - struct rte_crypto_sym_xform auth_xform; - struct rte_crypto_op *ops_burst[MAX_PKT_BURST]; -}; - -struct crypto_testsuite_params { - struct rte_mempool *mbuf_ol_pool_enc; - struct rte_mempool *mbuf_ol_pool_dec; - - struct rte_cryptodev_config conf; - struct rte_cryptodev_qp_conf qp_conf; + struct task_base base; + uint8_t cdev_id; + uint16_t qp_id; + uint32_t local_ipv4; + struct ether_addr local_mac; + struct ether_addr dst_mac; + struct rte_mempool *crypto_op_pool; + struct rte_mempool *session_pool; + struct rte_cryptodev_sym_session *sess; + struct rte_crypto_op *ops_burst[NUM_OPS]; }; -static struct crypto_testsuite_params testsuite_params = { NULL }; -static enum rte_cryptodev_type gbl_cryptodev_preftest_devtype = RTE_CRYPTODEV_AESNI_MB_PMD; - static uint8_t hmac_sha1_key[] = { 0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA, 0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD, @@ -116,234 +100,261 @@ static uint8_t aes_cbc_iv[] = { //RFC4303 struct esp_hdr { - uint32_t spi; - uint32_t sn; + uint32_t spi; + uint32_t sn; }; -static void init_task_esp_common(struct task_base *tbase, struct task_args *targ) +static void printf_cdev_info(uint8_t cdev_id) { - struct task_esp_enc *task = (struct task_esp_enc *)tbase; - char name[30]; - static int vdev_initialized = 0; - struct crypto_testsuite_params *ts_params = &testsuite_params; - -#ifdef SINGLE_VDEV - if (!vdev_initialized) { - rte_vdev_init("crypto_aesni_mb", "max_nb_queue_pairs=16,max_nb_sessions=1024,socket_id=0"); - int nb_devs = rte_cryptodev_count_devtype(RTE_CRYPTODEV_AESNI_MB_PMD); - PROX_PANIC(nb_devs < 1, "No crypto devices found?\n"); - vdev_initialized = 1; - plog_info("%d crypto \n", nb_devs); - task->crypto_dev_id = rte_cryptodev_get_dev_id("crypto_aesni_mb"); - } else { - task->crypto_dev_id = 0; + struct rte_cryptodev_info dev_info; + rte_cryptodev_info_get(cdev_id, &dev_info); + plog_info("!!!numdevs:%d\n", rte_cryptodev_count()); + //uint16_t rte_cryptodev_queue_pair_count(uint8_t dev_id); + plog_info("dev:%d name:%s nb_queue_pairs:%d max_nb_sessions:%d\n", + cdev_id, dev_info.driver_name, dev_info.max_nb_queue_pairs, dev_info.sym.max_nb_sessions); + const struct rte_cryptodev_capabilities *cap = &dev_info.capabilities[0]; + int i=0; + while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { + //plog_info("cap->sym.xform_type:%d,"); + if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) + plog_info("RTE_CRYPTO_SYM_XFORM_CIPHER: %d\n", cap->sym.cipher.algo); + cap = &dev_info.capabilities[++i]; } -#else - sprintf(name, "crypto_aesni_mb%02d", targ->lconf->id); - rte_vdev_init(name, "max_nb_queue_pairs=4,max_nb_sessions=128,socket_id=0"); - int nb_devs = rte_cryptodev_count_devtype(RTE_CRYPTODEV_AESNI_MB_PMD); - PROX_PANIC(nb_devs < 1, "No crypto devices found?\n"); - plog_info("%d crypto \n", nb_devs); - task->crypto_dev_id = rte_cryptodev_get_dev_id(name); -#endif - -#if 1 - plog_info("cryptodev_count=%d\n", rte_cryptodev_count()); - plog_info("cryptodev_count_devtype(RTE_CRYPTODEV_AESNI_MB_PMD)=%d\n", - rte_cryptodev_count_devtype(RTE_CRYPTODEV_AESNI_MB_PMD)); - - struct rte_cryptodev_info info; - rte_cryptodev_info_get(task->crypto_dev_id, &info); - plog_info("driver_name=%s pci_dev=? feature_flags=? capabilities=? max_nb_queue_pairs=%u, max_nb_sessions=%u max_nb_sessions_per_qp=%u\n", - info.driver_name, - info.max_nb_queue_pairs, - info.sym.max_nb_sessions, - info.sym.max_nb_sessions_per_qp - ); -#endif - - ts_params->conf.socket_id = SOCKET_ID_ANY; - ts_params->conf.session_mp.nb_objs = 2048; -#ifdef SINGLE_VDEV - ts_params->conf.nb_queue_pairs = 16; - ts_params->qp_conf.nb_descriptors = 4096; -#else - ts_params->conf.nb_queue_pairs = 4; - ts_params->qp_conf.nb_descriptors = 2048; - ts_params->conf.session_mp.cache_size = 64; -#endif - - /*Now reconfigure queues to size we actually want to use in this testsuite.*/ - rte_cryptodev_configure(task->crypto_dev_id, &ts_params->conf); - //TODO: move qp init here - //rte_cryptodev_start(task->crypto_dev_id);//call after setup qp - //to undo call rte_cryptodev_stop() } -static uint16_t get_qp_id(void) +#if 0 +static uint8_t get_cdev_id(void) { - static uint16_t qp_id=0; - PROX_PANIC(qp_id >= 16, "exceeded max_nb_queue_pairs\n"); - return qp_id++; -} + //crypto devices must be configured in the config file + //eal=-b 0000:00:03.0 --vdev crypto_aesni_mb0 --vdev crypto_aesni_mb1 -static void init_task_esp_enc(struct task_base *tbase, struct task_args *targ) + static uint8_t cdev_id=0; + PROX_PANIC(cdev_id+1 > rte_cryptodev_count(), "not enough crypto devices\n"); + //eal=-b 0000:00:03.0 --vdev crypto_aesni_mb0 --vdev crypto_aesni_mb1 + return cdev_id++; +} +#else +static uint8_t get_cdev_id(void) { - int i, nb_devs, valid_dev_id = 0; - struct rte_cryptodev_info info; - struct crypto_testsuite_params *ts_params = &testsuite_params; + static uint8_t cdev_id=0; + char name[64]={0}; - init_task_esp_common(tbase, targ); - tbase->flags |= FLAG_NEVER_FLUSH; + sprintf(name, "crypto_aesni_mb%d", cdev_id); - char name[30]; - sprintf(name, "crypto_op_pool_enc_%03d", targ->lconf->id); + int cdev_id1 = rte_cryptodev_get_dev_id(name); + if (cdev_id1 >= 0){ + plog_info("crypto dev %d preconfigured\n", cdev_id1); + ++cdev_id; + return cdev_id1; + } -#ifdef SINGLE_VDEV - ts_params->mbuf_ol_pool_enc = rte_crypto_op_pool_create("crypto_op_pool_enc", - RTE_CRYPTO_OP_TYPE_SYMMETRIC, (2*1024*1024), 128, 0, - rte_socket_id()); -#else - ts_params->mbuf_ol_pool_enc = rte_crypto_op_pool_create(name, - RTE_CRYPTO_OP_TYPE_SYMMETRIC, (2*1024*1024/8), 128, 0, - rte_socket_id()); + int ret = rte_vdev_init(name, "max_nb_queue_pairs=8,max_nb_sessions=1024,socket_id=0"); + PROX_PANIC(ret != 0, "Failed rte_vdev_init\n"); + + return cdev_id++; +} #endif - PROX_PANIC(ts_params->mbuf_ol_pool_enc == NULL, "Can't create ENC CRYPTO_OP_POOL\n"); +static void init_task_esp_enc(struct task_base *tbase, struct task_args *targ) +{ struct task_esp_enc *task = (struct task_esp_enc *)tbase; - /* - * Since we can't free and re-allocate queue memory always set the queues - * on this device up to max size first so enough memory is allocated for - * any later re-configures needed by other tests - */ + tbase->flags |= FLAG_NEVER_FLUSH; + + uint8_t lcore_id = targ->lconf->id; + char name[64]; + sprintf(name, "core_%03u_crypto_pool", lcore_id); + task->crypto_op_pool = rte_crypto_op_pool_create(name, RTE_CRYPTO_OP_TYPE_SYMMETRIC, + 8192, 128, MAXIMUM_IV_LENGTH, rte_socket_id()); + PROX_PANIC(task->crypto_op_pool == NULL, "Can't create ENC CRYPTO_OP_POOL\n"); + + task->cdev_id = get_cdev_id(); + + struct rte_cryptodev_config cdev_conf; + cdev_conf.nb_queue_pairs = 2; + //cdev_conf.socket_id = SOCKET_ID_ANY; + cdev_conf.socket_id = rte_socket_id(); + rte_cryptodev_configure(task->cdev_id, &cdev_conf); + + unsigned int session_size = rte_cryptodev_get_private_session_size(task->cdev_id); + plog_info("rte_cryptodev_get_private_session_size=%d\n", session_size); + sprintf(name, "core_%03u_session_pool", lcore_id); + task->session_pool = rte_mempool_create(name, + MAX_SESSIONS, + session_size, + POOL_CACHE_SIZE, + 0, NULL, NULL, NULL, + NULL, rte_socket_id(), + 0); + PROX_PANIC(task->session_pool == NULL, "Failed rte_mempool_create\n"); -#ifdef SINGLE_VDEV - task->qp_id=get_qp_id(); -#else task->qp_id=0; -#endif plog_info("enc: task->qp_id=%u\n", task->qp_id); - rte_cryptodev_queue_pair_setup(task->crypto_dev_id, task->qp_id, - &ts_params->qp_conf, rte_cryptodev_socket_id(task->crypto_dev_id)); + struct rte_cryptodev_qp_conf qp_conf; + //qp_conf.nb_descriptors = 4096; + qp_conf.nb_descriptors = 128; + rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id, + &qp_conf, rte_cryptodev_socket_id(task->cdev_id), task->session_pool); + + int ret = rte_cryptodev_start(task->cdev_id); + PROX_PANIC(ret < 0, "Failed to start device\n"); struct rte_cryptodev *dev; - dev = rte_cryptodev_pmd_get_dev(task->crypto_dev_id); + dev = rte_cryptodev_pmd_get_dev(task->cdev_id); PROX_PANIC(dev->attached != RTE_CRYPTODEV_ATTACHED, "No ENC cryptodev attached\n"); - /* Setup Cipher Parameters */ - task->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; - task->cipher_xform.next = &(task->auth_xform); - - task->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; - task->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; - task->cipher_xform.cipher.key.data = aes_cbc_key; - task->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC; - - /* Setup HMAC Parameters */ - task->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; - task->auth_xform.next = NULL; - task->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; - task->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC; - task->auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1; - task->auth_xform.auth.key.data = hmac_sha1_key; - task->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1; - - task->sess = rte_cryptodev_sym_session_create(task->crypto_dev_id, &task->cipher_xform); + //Setup Cipher Parameters + struct rte_crypto_sym_xform cipher_xform = {0}; + struct rte_crypto_sym_xform auth_xform = {0}; + + cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cipher_xform.next = &auth_xform; + + cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; + cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + cipher_xform.cipher.key.data = aes_cbc_key; + cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC; + + cipher_xform.cipher.iv.offset = IV_OFFSET; + cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; + + //Setup HMAC Parameters + auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + auth_xform.next = NULL; + auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; + auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC; + auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1; + auth_xform.auth.key.data = hmac_sha1_key; + auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1; + + auth_xform.auth.iv.offset = 0; + auth_xform.auth.iv.length = 0; + + task->sess = rte_cryptodev_sym_session_create(task->session_pool); PROX_PANIC(task->sess == NULL, "Failed to create ENC session\n"); + ret = rte_cryptodev_sym_session_init(task->cdev_id, task->sess, &cipher_xform, task->session_pool); + PROX_PANIC(ret < 0, "Failed sym_session_init\n"); + //TODO: doublecheck task->ops_burst lifecycle! - if (rte_crypto_op_bulk_alloc(ts_params->mbuf_ol_pool_enc, + if (rte_crypto_op_bulk_alloc(task->crypto_op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, - task->ops_rx_burst, MAX_ASYNC_SESSIONS) != MAX_ASYNC_SESSIONS) { + task->ops_burst, NUM_OPS) != NUM_OPS) { PROX_PANIC(1, "Failed to allocate ENC crypto operations\n"); } - //to clean up after rte_crypto_op_bulk_alloc: - //for (j = 0; j < MAX_PKT_BURST; j++) { - // rte_crypto_op_free(task->ops_burst[j]); - //} - // Read config file with SAs task->local_ipv4 = rte_cpu_to_be_32(targ->local_ipv4); task->remote_ipv4 = rte_cpu_to_be_32(targ->remote_ipv4); //memcpy(&task->src_mac, &prox_port_cfg[task->base.tx_params_hw.tx_port_queue->port].eth_addr, sizeof(struct ether_addr)); struct prox_port_cfg *port = find_reachable_port(targ); memcpy(&task->local_mac, &port->eth_addr, sizeof(struct ether_addr)); - for (i = 0; i < 16; i++) task->key[i] = i+2; - for (i = 0; i < 16; i++) task->iv[i] = i; + if (targ->flags & TASK_ARG_DST_MAC_SET){ + memcpy(&task->dst_mac, &targ->edaddr, sizeof(task->dst_mac)); + plog_info("TASK_ARG_DST_MAC_SET ("MAC_BYTES_FMT")\n", MAC_BYTES(task->dst_mac.addr_bytes)); + //ether_addr_copy(&ptask->dst_mac, &peth->d_addr); + //rte_memcpy(hdr, task->src_dst_mac, sizeof(task->src_dst_mac)); + } } static void init_task_esp_dec(struct task_base *tbase, struct task_args *targ) { - int i, nb_devs; - struct crypto_testsuite_params *ts_params = &testsuite_params; - init_task_esp_common(tbase, targ); + struct task_esp_dec *task = (struct task_esp_dec *)tbase; tbase->flags |= FLAG_NEVER_FLUSH; - ts_params->mbuf_ol_pool_dec = rte_crypto_op_pool_create("crypto_op_pool_dec", - RTE_CRYPTO_OP_TYPE_SYMMETRIC, (2*1024*1024), 128, 0, - rte_socket_id()); - PROX_PANIC(ts_params->mbuf_ol_pool_dec == NULL, "Can't create DEC CRYPTO_OP_POOL\n"); - struct task_esp_dec *task = (struct task_esp_dec *)tbase; - - static struct rte_cryptodev_session *sess_dec = NULL; - // Read config file with SAs - task->local_ipv4 = rte_cpu_to_be_32(targ->local_ipv4); + uint8_t lcore_id = targ->lconf->id; + char name[64]; + sprintf(name, "core_%03u_crypto_pool", lcore_id); + task->crypto_op_pool = rte_crypto_op_pool_create(name, RTE_CRYPTO_OP_TYPE_SYMMETRIC, + 8192, 128, MAXIMUM_IV_LENGTH, rte_socket_id()); + PROX_PANIC(task->crypto_op_pool == NULL, "Can't create DEC CRYPTO_OP_POOL\n"); + + task->cdev_id = get_cdev_id(); + struct rte_cryptodev_config cdev_conf; + cdev_conf.nb_queue_pairs = 2; + cdev_conf.socket_id = SOCKET_ID_ANY; + cdev_conf.socket_id = rte_socket_id(); + rte_cryptodev_configure(task->cdev_id, &cdev_conf); + + unsigned int session_size = rte_cryptodev_get_private_session_size(task->cdev_id); + plog_info("rte_cryptodev_get_private_session_size=%d\n", session_size); + sprintf(name, "core_%03u_session_pool", lcore_id); + task->session_pool = rte_mempool_create(name, + MAX_SESSIONS, + session_size, + POOL_CACHE_SIZE, + 0, NULL, NULL, NULL, + NULL, rte_socket_id(), + 0); + PROX_PANIC(task->session_pool == NULL, "Failed rte_mempool_create\n"); - task->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; - task->cipher_xform.next = NULL; - task->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; - task->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; - task->cipher_xform.cipher.key.data = aes_cbc_key; - task->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC; - - /* Setup HMAC Parameters */ - task->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; - task->auth_xform.next = &task->cipher_xform; - task->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; - task->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC; - task->auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1; - task->auth_xform.auth.key.data = hmac_sha1_key; - task->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1; - - task->qp_id=get_qp_id(); + task->qp_id=0; plog_info("dec: task->qp_id=%u\n", task->qp_id); - rte_cryptodev_queue_pair_setup(task->crypto_dev_id, task->qp_id, - &ts_params->qp_conf, rte_cryptodev_socket_id(task->crypto_dev_id)); + struct rte_cryptodev_qp_conf qp_conf; + //qp_conf.nb_descriptors = 4096; + qp_conf.nb_descriptors = 128; + rte_cryptodev_queue_pair_setup(task->cdev_id, task->qp_id, + &qp_conf, rte_cryptodev_socket_id(task->cdev_id), task->session_pool); + + int ret = rte_cryptodev_start(task->cdev_id); + PROX_PANIC(ret < 0, "Failed to start device\n"); struct rte_cryptodev *dev; - dev = rte_cryptodev_pmd_get_dev(task->crypto_dev_id); - PROX_PANIC(dev->attached != RTE_CRYPTODEV_ATTACHED, "No DEC cryptodev attached\n"); + dev = rte_cryptodev_pmd_get_dev(task->cdev_id); + PROX_PANIC(dev->attached != RTE_CRYPTODEV_ATTACHED, "No ENC cryptodev attached\n"); - ts_params->qp_conf.nb_descriptors = 128; + //Setup Cipher Parameters + struct rte_crypto_sym_xform cipher_xform = {0}; + struct rte_crypto_sym_xform auth_xform = {0}; + + cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cipher_xform.next = NULL; + cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; + cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + cipher_xform.cipher.key.data = aes_cbc_key; + cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC; + + cipher_xform.cipher.iv.offset = IV_OFFSET; + cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; + + //Setup HMAC Parameters + auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + auth_xform.next = &cipher_xform; + auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC; + auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1; + auth_xform.auth.key.data = hmac_sha1_key; + auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1; + + auth_xform.auth.iv.offset = 0; + auth_xform.auth.iv.length = 0; + + task->sess = rte_cryptodev_sym_session_create(task->session_pool); + PROX_PANIC(task->sess == NULL, "Failed to create ENC session\n"); - task->sess = rte_cryptodev_sym_session_create(task->crypto_dev_id, &task->auth_xform); - PROX_PANIC(task->sess == NULL, "Failed to create DEC session\n"); + ret = rte_cryptodev_sym_session_init(task->cdev_id, task->sess, &cipher_xform, task->session_pool); + PROX_PANIC(ret < 0, "Failed sym_session_init\n"); - if (rte_crypto_op_bulk_alloc(ts_params->mbuf_ol_pool_dec, + //TODO: doublecheck task->ops_burst lifecycle! + if (rte_crypto_op_bulk_alloc(task->crypto_op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, - task->ops_burst, MAX_PKT_BURST) != MAX_PKT_BURST) { + task->ops_burst, NUM_OPS) != NUM_OPS) { PROX_PANIC(1, "Failed to allocate DEC crypto operations\n"); } - //to clean up after rte_crypto_op_bulk_alloc: - //for (int j = 0; j < MAX_PKT_BURST; j++) { - // rte_crypto_op_free(task->ops_burst[j]); - //} + task->local_ipv4 = rte_cpu_to_be_32(targ->local_ipv4); + //memcpy(&task->src_mac, &prox_port_cfg[task->base.tx_params_hw.tx_port_queue->port].eth_addr, sizeof(struct ether_addr)); struct prox_port_cfg *port = find_reachable_port(targ); memcpy(&task->local_mac, &port->eth_addr, sizeof(struct ether_addr)); -// FIXME debug data - for (i = 0; i < 16; i++) task->key[i] = i+2; - for (i = 0; i < 16; i++) task->iv[i] = i; -} + if (targ->flags & TASK_ARG_DST_MAC_SET){ + memcpy(&task->dst_mac, &targ->edaddr, sizeof(task->dst_mac)); + plog_info("TASK_ARG_DST_MAC_SET ("MAC_BYTES_FMT")\n", MAC_BYTES(task->dst_mac.addr_bytes)); + //ether_addr_copy(&ptask->dst_mac, &peth->d_addr); + //rte_memcpy(hdr, task->src_dst_mac, sizeof(task->src_dst_mac)); + } -static inline struct rte_mbuf *get_mbuf(struct task_esp_enc *task, struct rte_crypto_op *cop) -{ - struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop); - return sym_cop->m_src; } static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mbuf *mbuf, struct rte_crypto_op *cop) @@ -352,7 +363,7 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1); uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length); - struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop); + struct rte_crypto_sym_op *sym_cop = cop->sym; if (unlikely((pip4->version_ihl >> 4) != 4)) { plog_info("Received non IPv4 packet at esp enc %i\n", pip4->version_ihl); @@ -383,8 +394,8 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb encrypt_len += padding; } - // Encapsulate, crypt in a separate buffer - const int extra_space = sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC; // + new IP header, SPI, SN, IV + const int extra_space = sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC; + struct ether_addr src_mac = peth->s_addr; struct ether_addr dst_mac = peth->d_addr; uint32_t src_addr = pip4->src_addr; @@ -397,13 +408,14 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); l1 = rte_pktmbuf_pkt_len(mbuf); peth->ether_type = ETYPE_IPv4; -#if 1 +#if 0 //send it back ether_addr_copy(&dst_mac, &peth->s_addr); ether_addr_copy(&src_mac, &peth->d_addr); #else ether_addr_copy(&task->local_mac, &peth->s_addr); - ether_addr_copy(&dst_mac, &peth->d_addr);//IS: dstmac should be rewritten by arp + //ether_addr_copy(&dst_mac, &peth->d_addr);//IS: dstmac should be rewritten by arp + ether_addr_copy(&task->dst_mac, &peth->d_addr); #endif pip4 = (struct ipv4_hdr *)(peth + 1); @@ -412,16 +424,12 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb pip4->time_to_live = ttl; pip4->next_proto_id = IPPROTO_ESP; // 50 for ESP, ip in ip next proto trailer pip4->version_ihl = version_ihl; // 20 bytes, ipv4 - pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth + pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth pip4->packet_id = 0x0101; pip4->type_of_service = 0; pip4->time_to_live = 64; prox_ip_cksum(mbuf, pip4, sizeof(struct ether_hdr), sizeof(struct ipv4_hdr), 1); - //find the SA when there will be more than one - if (task->ipaddr == pip4->src_addr) - { - } data = (u8*)(pip4 + 1); #if 0 *((u32*) data) = 0x2016; // FIXME SPI @@ -431,32 +439,46 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb pesp->spi = src_addr;//for simplicity assume 1 tunnel per source ip static u32 sn = 0; pesp->sn = ++sn; + pesp->spi=0xAAAAAAAA;//debug + pesp->sn =0xBBBBBBBB;//debug #endif u8 *padl = (u8*)data + (8 + encrypt_len - 2 + CIPHER_IV_LENGTH_AES_CBC); // No ESN yet. (-2 means NH is crypted) //padl += CIPHER_IV_LENGTH_AES_CBC; *padl = padding; *(padl + 1) = 4; // ipv4 in 4 - //one key for them all for now - rte_crypto_op_attach_sym_session(cop, task->sess); - sym_cop->auth.digest.data = data + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len; - sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, (sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len)); - sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1; + //sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, (sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len)); + sym_cop->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf, (sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len)); + //sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1; + + //sym_cop->cipher.iv.data = data + 8; + //sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4; + //sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; - sym_cop->cipher.iv.data = data + 8; - sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4; - sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; + //rte_memcpy(sym_cop->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC); - rte_memcpy(sym_cop->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC); + uint8_t *iv_ptr = rte_crypto_op_ctod_offset(cop, uint8_t *, IV_OFFSET); + rte_memcpy(iv_ptr, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC); +#if 0//old sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC; sym_cop->cipher.data.length = encrypt_len; - sym_cop->auth.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr); - sym_cop->auth.data.length = 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len ;// + 4;// FIXME + uint64_t *iv = (uint64_t *)(pesp + 1); + memset(iv, 0, CIPHER_IV_LENGTH_AES_CBC); +#else + //uint64_t *iv = (uint64_t *)(pesp + 1); + //memset(iv, 0, CIPHER_IV_LENGTH_AES_CBC); + sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr); + sym_cop->cipher.data.length = encrypt_len + CIPHER_IV_LENGTH_AES_CBC; +#endif + + sym_cop->auth.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr); + sym_cop->auth.data.length = sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;// + 4;// FIXME sym_cop->m_src = mbuf; + rte_crypto_op_attach_sym_session(cop, task->sess); //cop->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC; //cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; @@ -465,36 +487,45 @@ static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mb static inline uint8_t handle_esp_ah_dec(struct task_esp_dec *task, struct rte_mbuf *mbuf, struct rte_crypto_op *cop) { - struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop); + struct rte_crypto_sym_op *sym_cop = cop->sym; struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1); uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length); u8 *data = (u8*)(pip4 + 1); - //find the SA + if (pip4->next_proto_id != IPPROTO_ESP) { plog_info("Received non ESP packet on esp dec\n"); plogdx_info(mbuf, "DEC RX: "); return OUT_DISCARD; } - if (task->ipaddr == pip4->src_addr) - { - } rte_crypto_op_attach_sym_session(cop, task->sess); sym_cop->auth.digest.data = (unsigned char *)((unsigned char*)pip4 + ipv4_length - DIGEST_BYTE_LENGTH_SHA1); - sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4); // FIXME - sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1; + //sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr)); // FIXME + sym_cop->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf, sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr)); + //sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1; - sym_cop->cipher.iv.data = (uint8_t *)data + 8; - sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4; - sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; + //sym_cop->cipher.iv.data = (uint8_t *)data + 8; + //sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4; + //sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC; - sym_cop->auth.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr); +#if 0 + rte_memcpy(rte_crypto_op_ctod_offset(cop, uint8_t *, IV_OFFSET), + aes_cbc_iv, + CIPHER_IV_LENGTH_AES_CBC); +#else + uint8_t * iv = (uint8_t *)(pip4 + 1) + sizeof(struct esp_hdr); + rte_memcpy(rte_crypto_op_ctod_offset(cop, uint8_t *, IV_OFFSET), + iv, + CIPHER_IV_LENGTH_AES_CBC); +#endif + + sym_cop->auth.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr); sym_cop->auth.data.length = ipv4_length - sizeof(struct ipv4_hdr) - 4 - CIPHER_IV_LENGTH_AES_CBC; - sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC; + sym_cop->cipher.data.offset = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr) + sizeof(struct esp_hdr) + CIPHER_IV_LENGTH_AES_CBC; sym_cop->cipher.data.length = ipv4_length - sizeof(struct ipv4_hdr) - CIPHER_IV_LENGTH_AES_CBC - 28; // FIXME sym_cop->m_src = mbuf; @@ -547,19 +578,14 @@ static inline uint8_t handle_esp_ah_dec_finish(struct task_esp_dec *task, struct rte_pktmbuf_trim(mbuf, len - sizeof (struct ether_hdr) - ipv4_length); peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); -#if 1 +#if 0 do_ipv4_swap(task, mbuf); +#else + ether_addr_copy(&task->local_mac, &peth->s_addr); + ether_addr_copy(&task->dst_mac, &peth->d_addr); + //rte_memcpy(peth, task->dst_mac, sizeof(task->dst_mac)); #endif - prox_ip_cksum_sw(pip4); -// one key for them all for now -// set key -// struct crypto_aes_ctx ctx; -// ctx.iv = (u8*)&iv_onstack; -// *((u32*)ctx.iv) = *((u32*)data + 2); -// aes_set_key(&ctx, task->key, 16);// -// -// result = ctr_crypt(&ctx, dest, data + 12, len);// -// memcpy(pip4, dest, len); + prox_ip_cksum(mbuf, pip4, sizeof(struct ether_hdr), sizeof(struct ipv4_hdr), 1); return 0; } @@ -588,71 +614,49 @@ static inline uint8_t handle_esp_ah_dec_finish2(struct task_esp_dec *task, struc int len = rte_pktmbuf_pkt_len(mbuf); rte_pktmbuf_trim(mbuf, len - sizeof (struct ether_hdr) - ipv4_length); -#if 1 +#if 0 do_ipv4_swap(task, mbuf); +#else + struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *); + ether_addr_copy(&task->local_mac, &peth->s_addr); + ether_addr_copy(&task->dst_mac, &peth->d_addr); + //rte_memcpy(peth, task->dst_mac, sizeof(task->dst_mac)); #endif - prox_ip_cksum_sw(pip4); + + prox_ip_cksum(mbuf, pip4, sizeof(struct ether_hdr), sizeof(struct ipv4_hdr), 1); return 0; } static int handle_esp_enc_bulk(struct task_base *tbase, struct rte_mbuf **mbufs, uint16_t n_pkts) { struct task_esp_enc *task = (struct task_esp_enc *)tbase; - struct crypto_testsuite_params *ts_params = &testsuite_params; - - uint8_t out[MAX_ASYNC_SESSIONS]; - uint16_t i = 0, nb_rx = 0, j = 0, nb_del = 0, n_fwd = 0, ret; - uint8_t nb_enc = 0; - uint8_t head = task->head; - struct rte_mbuf *del_mbufs[MAX_PKT_BURST], *fwd_mbufs[MAX_ASYNC_SESSIONS]; - - if (task->nb_enc + n_pkts >= MAX_ASYNC_SESSIONS) { - // Discards all packets for now - TODO fine grain... - for (uint16_t j = 0; j < n_pkts; ++j) { - out[j] = OUT_DISCARD; - } - task->base.tx_pkt(&task->base, mbufs, n_pkts, out); - n_pkts = 0; - } + uint8_t out[MAX_PKT_BURST]; + uint16_t i = 0, nb_rx = 0, nb_enc=0, j = 0; for (uint16_t j = 0; j < n_pkts; ++j) { - ret = handle_esp_ah_enc(task, mbufs[j], task->ops_rx_burst[head]); - if (ret != OUT_DISCARD) { + out[j] = handle_esp_ah_enc(task, mbufs[j], task->ops_burst[nb_enc]); + if (out[j] != OUT_DISCARD) ++nb_enc; - head++; - } else { - out[nb_del] = ret; - del_mbufs[nb_del++] = mbufs[j]; - } } - if ((ret = rte_cryptodev_enqueue_burst(task->crypto_dev_id, task->qp_id, &task->ops_rx_burst[task->head], nb_enc)) != nb_enc) { - for (uint16_t j = 0; j < nb_enc - ret; ++j) { - out[nb_del] = OUT_DISCARD; - del_mbufs[nb_del++] = get_mbuf(task, task->ops_rx_burst[task->head+ret]); - } + if (rte_cryptodev_enqueue_burst(task->cdev_id, task->qp_id, task->ops_burst, nb_enc) != nb_enc) { + plog_info("Error enc enqueue_burst\n"); + return -1; } - task->head+=ret; - if (nb_del) - task->base.tx_pkt(&task->base, del_mbufs, nb_del, out); - task->nb_enc += nb_enc; - - if (task->nb_enc == 0) - return 0; - - ret = rte_cryptodev_dequeue_burst(task->crypto_dev_id, task->qp_id, task->ops_tx_burst, task->nb_enc); - for (uint16_t j = 0; j < ret; ++j) { - out[n_fwd] = 0; - fwd_mbufs[n_fwd++] = get_mbuf(task, task->ops_tx_burst[j]); - } - task->nb_enc -= n_fwd; - return task->base.tx_pkt(&task->base, fwd_mbufs, n_fwd, out); + + do { + nb_rx = rte_cryptodev_dequeue_burst( + task->cdev_id, task->qp_id, + task->ops_burst+i, nb_enc-i); + i += nb_rx; + } while (i < nb_enc); + + return task->base.tx_pkt(&task->base, mbufs, n_pkts, out); } static int handle_esp_dec_bulk(struct task_base *tbase, struct rte_mbuf **mbufs, uint16_t n_pkts) { struct task_esp_dec *task = (struct task_esp_dec *)tbase; - struct crypto_testsuite_params *ts_params = &testsuite_params; uint8_t out[MAX_PKT_BURST]; uint16_t j, nb_dec=0, nb_rx=0; @@ -662,14 +666,14 @@ static int handle_esp_dec_bulk(struct task_base *tbase, struct rte_mbuf **mbufs, ++nb_dec; } - if (rte_cryptodev_enqueue_burst(task->crypto_dev_id, task->qp_id, task->ops_burst, nb_dec) != nb_dec) { + if (rte_cryptodev_enqueue_burst(task->cdev_id, task->qp_id, task->ops_burst, nb_dec) != nb_dec) { plog_info("Error dec enqueue_burst\n"); return -1; } j=0; do { - nb_rx = rte_cryptodev_dequeue_burst(task->crypto_dev_id, task->qp_id, + nb_rx = rte_cryptodev_dequeue_burst(task->cdev_id, task->qp_id, task->ops_burst+j, nb_dec-j); j += nb_rx; } while (j < nb_dec); @@ -695,7 +699,6 @@ struct task_init task_init_esp_enc = { .mode_str = "esp_enc", .init = init_task_esp_enc, .handle = handle_esp_enc_bulk, - .flag_features = TASK_FEATURE_ZERO_RX, .size = sizeof(struct task_esp_enc), .mbuf_size = 2048 + sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM }; @@ -705,7 +708,6 @@ struct task_init task_init_esp_dec = { .mode_str = "esp_dec", .init = init_task_esp_dec, .handle = handle_esp_dec_bulk, - .flag_features = TASK_FEATURE_ZERO_RX, .size = sizeof(struct task_esp_dec), .mbuf_size = 2048 + sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM }; diff --git a/VNFs/DPPD-PROX/handle_gen.c b/VNFs/DPPD-PROX/handle_gen.c index 89dbe9e4..0e5164bc 100644 --- a/VNFs/DPPD-PROX/handle_gen.c +++ b/VNFs/DPPD-PROX/handle_gen.c @@ -52,7 +52,7 @@ struct pkt_template { uint16_t len; uint16_t l2_len; uint16_t l3_len; - uint8_t buf[ETHER_MAX_LEN]; + uint8_t *buf; }; #define MAX_TEMPLATE_INDEX 65536 @@ -97,6 +97,7 @@ struct task_gen { uint32_t n_pkts; /* number of packets in pcap */ uint32_t pkt_idx; /* current packet from pcap */ uint32_t pkt_count; /* how many pakets to generate */ + uint32_t max_frame_size; uint32_t runtime_flags; uint16_t lat_pos; uint16_t packet_id_pos; @@ -697,14 +698,17 @@ static void init_task_gen_seeds(struct task_gen *task) random_init_seed(&task->rand[i].state); } -static uint32_t pcap_count_pkts(pcap_t *handle) +static uint32_t pcap_count_pkts(pcap_t *handle, uint32_t *max_frame_size) { struct pcap_pkthdr header; const uint8_t *buf; uint32_t ret = 0; + *max_frame_size = 0; long pkt1_fpos = ftell(pcap_file(handle)); while ((buf = pcap_next(handle, &header))) { + if (header.len > *max_frame_size) + *max_frame_size = header.len; ret++; } int ret2 = fseek(pcap_file(handle), pkt1_fpos, SEEK_SET); @@ -767,7 +771,7 @@ static int pcap_read_pkts(pcap_t *handle, const char *file_name, uint32_t n_pkts static int check_pkt_size(struct task_gen *task, uint32_t pkt_size, int do_panic) { const uint16_t min_len = sizeof(struct ether_hdr) + sizeof(struct ipv4_hdr); - const uint16_t max_len = ETHER_MAX_LEN - 4; + const uint16_t max_len = task->max_frame_size; if (do_panic) { PROX_PANIC(pkt_size == 0, "Invalid packet size length (no packet defined?)\n"); @@ -928,8 +932,6 @@ static void task_init_gen_load_pkt_inline(struct task_gen *task, struct task_arg { const int socket_id = rte_lcore_to_socket_id(targ->lconf->id); - if (targ->pkt_size > sizeof(task->pkt_template[0].buf)) - targ->pkt_size = sizeof(task->pkt_template[0].buf); task->n_pkts = 1; size_t mem_size = task->n_pkts * sizeof(*task->pkt_template); @@ -938,7 +940,17 @@ static void task_init_gen_load_pkt_inline(struct task_gen *task, struct task_arg PROX_PANIC(task->pkt_template == NULL || task->pkt_template_orig == NULL, - "Failed to allocate %lu bytes (in huge pages) for pcap file\n", mem_size); + "Failed to allocate %lu bytes (in huge pages) for packet template\n", mem_size); + + task->pkt_template->buf = prox_zmalloc(task->max_frame_size, socket_id); + task->pkt_template_orig->buf = prox_zmalloc(task->max_frame_size, socket_id); + PROX_PANIC(task->pkt_template->buf == NULL || + task->pkt_template_orig->buf == NULL, + "Failed to allocate %u bytes (in huge pages) for packet\n", task->max_frame_size); + + PROX_PANIC(targ->pkt_size > task->max_frame_size, + targ->pkt_size > ETHER_MAX_LEN + 2 * PROX_VLAN_TAG_SIZE - 4 ? + "pkt_size too high and jumbo frames disabled" : "pkt_size > mtu"); rte_memcpy(task->pkt_template_orig[0].buf, targ->pkt_inline, targ->pkt_size); task->pkt_template_orig[0].len = targ->pkt_size; @@ -951,11 +963,15 @@ static void task_init_gen_load_pcap(struct task_gen *task, struct task_args *tar { const int socket_id = rte_lcore_to_socket_id(targ->lconf->id); char err[PCAP_ERRBUF_SIZE]; + uint32_t max_frame_size; pcap_t *handle = pcap_open_offline(targ->pcap_file, err); PROX_PANIC(handle == NULL, "Failed to open PCAP file: %s\n", err); - task->n_pkts = pcap_count_pkts(handle); + task->n_pkts = pcap_count_pkts(handle, &max_frame_size); plogx_info("%u packets in pcap file '%s'\n", task->n_pkts, targ->pcap_file); + PROX_PANIC(max_frame_size > task->max_frame_size, + max_frame_size > ETHER_MAX_LEN + 2 * PROX_VLAN_TAG_SIZE -4 ? + "pkt_size too high and jumbo frames disabled" : "pkt_size > mtu"); if (targ->n_pkts) task->n_pkts = RTE_MIN(task->n_pkts, targ->n_pkts); @@ -968,19 +984,31 @@ static void task_init_gen_load_pcap(struct task_gen *task, struct task_args *tar task->pkt_template_orig == NULL, "Failed to allocate %lu bytes (in huge pages) for pcap file\n", mem_size); + for (uint i = 0; i < task->n_pkts; i++) { + task->pkt_template[i].buf = prox_zmalloc(max_frame_size, socket_id); + task->pkt_template_orig[i].buf = prox_zmalloc(max_frame_size, socket_id); + + PROX_PANIC(task->pkt_template->buf == NULL || + task->pkt_template_orig->buf == NULL, + "Failed to allocate %u bytes (in huge pages) for pcap file\n", task->max_frame_size); + } + pcap_read_pkts(handle, targ->pcap_file, task->n_pkts, task->pkt_template_orig, NULL); pcap_close(handle); task_gen_reset_pkt_templates(task); } -static struct rte_mempool *task_gen_create_mempool(struct task_args *targ) +static struct rte_mempool *task_gen_create_mempool(struct task_args *targ, uint16_t max_frame_size) { static char name[] = "gen_pool"; struct rte_mempool *ret; const int sock_id = rte_lcore_to_socket_id(targ->lconf->id); name[0]++; - ret = rte_mempool_create(name, targ->nb_mbuf - 1, MBUF_SIZE, + uint32_t mbuf_size = MBUF_SIZE; + if (max_frame_size + (unsigned)sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM > mbuf_size) + mbuf_size = max_frame_size + (unsigned)sizeof(struct rte_mbuf) + RTE_PKTMBUF_HEADROOM; + ret = rte_mempool_create(name, targ->nb_mbuf - 1, mbuf_size, targ->nb_cache_mbuf, sizeof(struct rte_pktmbuf_pool_private), rte_pktmbuf_pool_init, NULL, rte_pktmbuf_init, 0, sock_id, 0); @@ -1062,22 +1090,23 @@ static void init_task_gen_pcap(struct task_base *tbase, struct task_args *targ) { struct task_gen_pcap *task = (struct task_gen_pcap *)tbase; const uint32_t sockid = rte_lcore_to_socket_id(targ->lconf->id); + uint32_t max_frame_size; task->loop = targ->loop; task->pkt_idx = 0; task->hz = rte_get_tsc_hz(); - task->local_mbuf.mempool = task_gen_create_mempool(targ); - - PROX_PANIC(!strcmp(targ->pcap_file, ""), "No pcap file defined\n"); - char err[PCAP_ERRBUF_SIZE]; pcap_t *handle = pcap_open_offline(targ->pcap_file, err); PROX_PANIC(handle == NULL, "Failed to open PCAP file: %s\n", err); - task->n_pkts = pcap_count_pkts(handle); + task->n_pkts = pcap_count_pkts(handle, &max_frame_size); plogx_info("%u packets in pcap file '%s'\n", task->n_pkts, targ->pcap_file); + task->local_mbuf.mempool = task_gen_create_mempool(targ, max_frame_size); + + PROX_PANIC(!strcmp(targ->pcap_file, ""), "No pcap file defined\n"); + if (targ->n_pkts) { plogx_info("Configured to load %u packets\n", targ->n_pkts); if (task->n_pkts > targ->n_pkts) @@ -1094,6 +1123,11 @@ static void init_task_gen_pcap(struct task_base *tbase, struct task_args *targ) task->proto = (struct pkt_template *) mem; task->proto_tsc = (uint64_t *)(mem + task->n_pkts * sizeof(*task->proto)); + for (uint i = 0; i < targ->n_pkts; i++) { + task->proto[i].buf = prox_zmalloc(max_frame_size, sockid); + PROX_PANIC(task->proto[i].buf == NULL, "Failed to allocate %u bytes (in huge pages) for pcap file\n", max_frame_size); + } + pcap_read_pkts(handle, targ->pcap_file, task->n_pkts, task->proto, task->proto_tsc); pcap_close(handle); } @@ -1204,7 +1238,17 @@ static void init_task_gen(struct task_base *tbase, struct task_args *targ) task->packet_id_pos = targ->packet_id_pos; - task->local_mbuf.mempool = task_gen_create_mempool(targ); + struct prox_port_cfg *port = find_reachable_port(targ); + // TODO: check that all reachable ports have the same mtu... + if (port) { + task->cksum_offload = port->capabilities.tx_offload_cksum; + task->port = port; + task->max_frame_size = port->mtu + ETHER_HDR_LEN + 2 * PROX_VLAN_TAG_SIZE; + } else { + // Not generating to any port... + task->max_frame_size = ETHER_MAX_LEN; + } + task->local_mbuf.mempool = task_gen_create_mempool(targ, task->max_frame_size); PROX_PANIC(task->local_mbuf.mempool == NULL, "Failed to create mempool\n"); task->pkt_idx = 0; task->hz = rte_get_tsc_hz(); @@ -1263,12 +1307,6 @@ static void init_task_gen(struct task_base *tbase, struct task_args *targ) PROX_PANIC(task_gen_add_rand(tbase, targ->rand_str[i], targ->rand_offset[i], UINT32_MAX), "Failed to add random\n"); } - - struct prox_port_cfg *port = find_reachable_port(targ); - if (port) { - task->cksum_offload = port->capabilities.tx_offload_cksum; - task->port = port; - } } static struct task_init task_init_gen = { diff --git a/VNFs/DPPD-PROX/parse_utils.h b/VNFs/DPPD-PROX/parse_utils.h index 27ebb0bd..6e4bc770 100644 --- a/VNFs/DPPD-PROX/parse_utils.h +++ b/VNFs/DPPD-PROX/parse_utils.h @@ -20,7 +20,7 @@ #include <inttypes.h> #include "ip_subnet.h" -#define MAX_STR_LEN_PROC (3 * 1518 + 20) +#define MAX_STR_LEN_PROC (3 * MAX_PKT_SIZE + 20) struct ipv6_addr; struct ether_addr; diff --git a/VNFs/DPPD-PROX/prox_args.c b/VNFs/DPPD-PROX/prox_args.c index 53223cad..aa7ff51c 100644 --- a/VNFs/DPPD-PROX/prox_args.c +++ b/VNFs/DPPD-PROX/prox_args.c @@ -973,7 +973,8 @@ static int get_core_cfg(unsigned sindex, char *str, void *data) return -1; } if (targ->pkt_size == sizeof(targ->pkt_inline)) { - set_errf("Inline packet definition can't be longer than 1518"); + set_errf("Inline packet definition can't be longer than %u", sizeof(targ->pkt_inline)); + return -1; } targ->pkt_inline[targ->pkt_size++] = byte; diff --git a/VNFs/DPPD-PROX/task_base.h b/VNFs/DPPD-PROX/task_base.h index 00087ab6..95c50ba0 100644 --- a/VNFs/DPPD-PROX/task_base.h +++ b/VNFs/DPPD-PROX/task_base.h @@ -153,7 +153,6 @@ typedef uint16_t (*rx_pkt_func) (struct task_base *tbase, struct rte_mbuf ***mbu struct task_base_aux { /* Not used when PROX_STATS is not defined */ struct task_rt_stats stats; - struct task_rt_dump task_rt_dump; /* Used if TASK_TSC_RX is enabled*/ struct { @@ -163,8 +162,8 @@ struct task_base_aux { struct rte_mbuf **all_mbufs; - int rx_prev_count; - int rx_prev_idx; + uint16_t rx_prev_count; + uint16_t rx_prev_idx; uint16_t (*rx_pkt_prev[MAX_STACKED_RX_FUCTIONS])(struct task_base *tbase, struct rte_mbuf ***mbufs); uint32_t rx_bucket[RX_BUCKET_SIZE]; @@ -177,6 +176,7 @@ struct task_base_aux { void (*start)(struct task_base *tbase); void (*stop_last)(struct task_base *tbase); void (*start_first)(struct task_base *tbase); + struct task_rt_dump task_rt_dump; }; /* The task_base is accessed for _all_ task types. In case diff --git a/VNFs/DPPD-PROX/task_init.h b/VNFs/DPPD-PROX/task_init.h index c5a17796..a8ac14c9 100644 --- a/VNFs/DPPD-PROX/task_init.h +++ b/VNFs/DPPD-PROX/task_init.h @@ -194,7 +194,7 @@ struct task_args { uint32_t bucket_size; uint32_t lat_enabled; uint32_t pkt_size; - uint8_t pkt_inline[ETHER_MAX_LEN]; + uint8_t pkt_inline[MAX_PKT_SIZE]; uint32_t probability; char nat_table[256]; uint32_t use_src; |