[dpdk-dev] [RFC PATCH 11/13] examples/ipsec-secgw: add driver outbound worker

Wed, 09 Oct 2019 08:12:53 -0700 

This patch adds the driver outbound worker thread for ipsec-secgw.
In this mode the security session is a fixed one and sa update
is not done.

Signed-off-by: Anoob Joseph <[email protected]>
Signed-off-by: Lukasz Bartosik <[email protected]>
---
 examples/ipsec-secgw/ipsec-secgw.c  |  6 +++
 examples/ipsec-secgw/ipsec.c        |  4 ++
 examples/ipsec-secgw/ipsec_worker.c | 91 ++++++++++++++++++++++++++++++++++++-
 3 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c 
b/examples/ipsec-secgw/ipsec-secgw.c
index 1c102cf..f43e1b1 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1981,6 +1981,12 @@ cryptodevs_init(void)
                        i++;
                }
 
+               /*
+                * Setting the queue pair to atleast the number of ethernet
+                * devices for inline outbound.
+                */
+               qp = RTE_MAX(rte_eth_dev_count_avail(), qp);
+
                if (qp == 0)
                        continue;
 
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 1145ca1..53a868a 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -137,6 +137,8 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, 
struct ipsec_sa *sa)
        return 0;
 }
 
+uint16_t sa_no;
+struct rte_security_session *sec_session_fixed[10];
 int
 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa)
 {
@@ -382,6 +384,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct 
ipsec_sa *sa)
 
                sa->ol_flags = sec_cap->ol_flags;
                sa->security_ctx = sec_ctx;
+               sec_session_fixed[sa_no] = sa->sec_session;
+               sa_no++;
        }
        sa->cdev_id_qp = 0;
 
diff --git a/examples/ipsec-secgw/ipsec_worker.c 
b/examples/ipsec-secgw/ipsec_worker.c
index f93da4d..842fd5d 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -263,7 +263,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct 
route_table *rt,
  */
 
 /* Workers registered */
-#define IPSEC_EVENTMODE_WORKERS                2
+#define IPSEC_EVENTMODE_WORKERS                3
 
 /*
  * Event mode worker
@@ -425,6 +425,85 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct eh_conf 
*mode_conf,
        return;
 }
 
+/*
+ * Event mode worker
+ * Operating parameters : non-burst - Tx internal port - driver mode - outbound
+ */
+extern struct rte_security_session *sec_session_fixed[10];
+static void
+ipsec_wrkr_non_burst_int_port_drvr_mode_outb(struct eh_conf *mode_conf,
+               struct eh_event_link_info *links, uint8_t nb_links)
+{
+       struct rte_event ev;
+       struct rte_mbuf *pkt;
+       uint32_t lcore_id;
+       unsigned int nb_rx = 0;
+       unsigned int portid;
+
+       RTE_SET_USED(mode_conf);
+
+       /* Check if we have links registered for this lcore */
+       if (nb_links == 0) {
+               /* No links registered - exit */
+               goto exit;
+       }
+
+       /* Get core ID */
+       lcore_id = rte_lcore_id();
+
+       RTE_LOG(INFO, IPSEC,
+               "Launching event mode worker (non-burst - Tx internal port - "
+               "driver mode - outbound) on lcore %d\n", lcore_id);
+
+       /* We have valid links */
+
+       /* See if it's single link */
+       if (nb_links != 1) {
+               RTE_LOG(INFO, IPSEC,
+                       "Multiple links not supported. Using first link\n");
+       }
+
+       RTE_LOG(INFO, IPSEC, " -- lcoreid=%u event_port_id=%u\n", lcore_id,
+                       links[0].event_portid);
+       while (!force_quit) {
+               /* Read packet from event queues */
+               nb_rx = rte_event_dequeue_burst(links[0].eventdev_id,
+                               links[0].event_portid,
+                               &ev,    /* events */
+                               1,      /* nb_events */
+                               0       /* timeout_ticks */);
+
+               if (nb_rx == 0)
+                       continue;
+
+               portid = ev.queue_id;
+               pkt = ev.mbuf;
+
+               rte_prefetch0(rte_pktmbuf_mtod(pkt, void *));
+
+               /* Process packet */
+               ipsec_event_pre_forward(pkt, portid);
+
+               pkt->udata64 = (uint64_t) sec_session_fixed[portid];
+
+               /* Mark the packet for Tx security offload */
+               pkt->ol_flags |= PKT_TX_SEC_OFFLOAD;
+
+               /*
+                * Since tx internal port is available, events can be
+                * directly enqueued to the adapter and it would be
+                * internally submitted to the eth device.
+                */
+               rte_event_eth_tx_adapter_enqueue(links[0].eventdev_id,
+                               links[0].event_portid,
+                               &ev,    /* events */
+                               1       /* nb_events */);
+       }
+
+exit:
+       return;
+}
+
 static uint8_t
 ipsec_eventmode_populate_wrkr_params(struct eh_app_worker_params *wrkrs)
 {
@@ -451,6 +530,16 @@ ipsec_eventmode_populate_wrkr_params(struct 
eh_app_worker_params *wrkrs)
        wrkr->cap.ipsec_dir = EH_IPSEC_DIR_TYPE_INBOUND;
        wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_app_mode_inb;
 
+       wrkr++;
+       nb_wrkr_param++;
+
+       /* Non-burst - Tx internal port - driver mode - outbound */
+       wrkr->cap.burst = EH_RX_TYPE_NON_BURST;
+       wrkr->cap.tx_internal_port = EH_TX_TYPE_INTERNAL_PORT;
+       wrkr->cap.ipsec_mode = EH_IPSEC_MODE_TYPE_DRIVER;
+       wrkr->cap.ipsec_dir = EH_IPSEC_DIR_TYPE_OUTBOUND;
+       wrkr->worker_thread = ipsec_wrkr_non_burst_int_port_drvr_mode_outb;
+
        nb_wrkr_param++;
        return nb_wrkr_param;
 }
-- 
2.7.4

Reply via email to