[dpdk-dev] [RFC 3/3] examples/ipsec-secgw: support for setting seq no

Mon, 22 Jan 2018 05:12:31 -0800 

Adding support for setting sequence number for inline protocol processed
packets.

Signed-off-by: Anoob Joseph <anoob.jos...@caviumnetworks.com>
---
 examples/ipsec-secgw/esp.h   |  9 +++++++++
 examples/ipsec-secgw/ipsec.c | 42 ++++++++++++++++++++++++++++++++++++------
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/examples/ipsec-secgw/esp.h b/examples/ipsec-secgw/esp.h
index 792312c..ec9dbd1 100644
--- a/examples/ipsec-secgw/esp.h
+++ b/examples/ipsec-secgw/esp.h
@@ -6,6 +6,15 @@
 
 struct mbuf;
 
+static inline int
+esp_inline_protocol_fill_mdata(struct ipsec_sa *sa,
+                              struct rte_security_ipsec_mdata *md_ipsec)
+{
+       /* Set sequence number */
+       md_ipsec->seq_no = ++(sa->seq);
+
+       return 0;
+}
 
 int
 esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 05e89a1..d602c6b 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -359,6 +359,40 @@ enqueue_cop(struct cdev_qp *cqp, struct rte_crypto_op *cop)
        }
 }
 
+static inline int
+inline_protocol_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+       int ret;
+       struct rte_security_mdata md = { 0 };
+
+       md.sess = sa->sec_session;
+
+       ret = esp_inline_protocol_fill_mdata(sa, &md.ipsec);
+
+       if (ret != 0) {
+               RTE_LOG(ERR, IPSEC,
+                       "Could not generate per packet metadata for IPsec 
offload\n");
+               return ret;
+       }
+
+       /* Update flags to hint the PMD to use seq_no provided */
+       md.mdata_flags.set = RTE_SECURITY_IPSEC_MDATA_FLAGS_SEQ_NO;
+
+       rte_security_set_pkt_metadata(sa->security_ctx, &md, pkt);
+
+       return 0;
+}
+
+static inline void
+inline_crypto_set_pkt_metadata(struct ipsec_sa *sa, struct rte_mbuf *pkt)
+{
+       struct rte_security_mdata mdata = { 0 };
+
+       mdata.sess = sa->sec_session;
+
+       rte_security_set_pkt_metadata(sa->security_ctx, &mdata, pkt);
+}
+
 static inline void
 ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
                struct rte_mbuf *pkts[], struct ipsec_sa *sas[],
@@ -434,9 +468,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx 
*ipsec_ctx,
                        cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
                        cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
                        if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
-                               rte_security_set_pkt_metadata(
-                                               sa->security_ctx,
-                                               sa->sec_session, pkts[i], NULL);
+                               inline_protocol_set_pkt_metadata(sa, pkts[i]);
                        continue;
                case RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO:
                        priv->cop.type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
@@ -462,9 +494,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx 
*ipsec_ctx,
                        cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
                        cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
                        if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
-                               rte_security_set_pkt_metadata(
-                                               sa->security_ctx,
-                                               sa->sec_session, pkts[i], NULL);
+                               inline_crypto_set_pkt_metadata(sa, pkts[i]);
                        continue;
                }
 
-- 
2.7.4

Reply via email to