dpdk/examples/ipsec-secgw/sad.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: BSD-3-Clause
   2 * Copyright(c) 2019 Intel Corporation
   3 */
   4
   5#ifndef __SAD_H__
   6#define __SAD_H__
   7
   8#include <rte_ipsec_sad.h>
   9
  10#define SA_CACHE_SZ     128
  11#define SPI2IDX(spi, mask)      ((spi) & (mask))
  12
  13struct ipsec_sad_cache {
  14        struct ipsec_sa **v4;
  15        struct ipsec_sa **v6;
  16        uint32_t mask;
  17};
  18
  19RTE_DECLARE_PER_LCORE(struct ipsec_sad_cache, sad_cache);
  20
  21int ipsec_sad_create(const char *name, struct ipsec_sad *sad,
  22        int socket_id, struct ipsec_sa_cnt *sa_cnt);
  23
  24int ipsec_sad_add(struct ipsec_sad *sad, struct ipsec_sa *sa);
  25
  26int ipsec_sad_lcore_cache_init(uint32_t nb_cache_ent);
  27
  28static inline int
  29cmp_sa_key(struct ipsec_sa *sa, int is_v4, struct rte_ipv4_hdr *ipv4,
  30        struct rte_ipv6_hdr *ipv6)
  31{
  32        int sa_type = WITHOUT_TRANSPORT_VERSION(sa->flags);
  33        if ((sa_type == TRANSPORT) ||
  34                        /* IPv4 check */
  35                        (is_v4 && (sa_type == IP4_TUNNEL) &&
  36                        (sa->src.ip.ip4 == ipv4->src_addr) &&
  37                        (sa->dst.ip.ip4 == ipv4->dst_addr)) ||
  38                        /* IPv6 check */
  39                        (!is_v4 && (sa_type == IP6_TUNNEL) &&
  40                        (!memcmp(sa->src.ip.ip6.ip6, ipv6->src_addr, 16)) &&
  41                        (!memcmp(sa->dst.ip.ip6.ip6, ipv6->dst_addr, 16))))
  42                return 1;
  43
  44        return 0;
  45}
  46
  47static inline void
  48sa_cache_update(struct ipsec_sa **sa_cache, struct ipsec_sa *sa, uint32_t mask)
  49{
  50        uint32_t cache_idx;
  51
  52        /* SAD cache is disabled */
  53        if (mask == 0)
  54                return;
  55
  56        cache_idx = SPI2IDX(sa->spi, mask);
  57        sa_cache[cache_idx] = sa;
  58}
  59
  60static inline void
  61sad_lookup(struct ipsec_sad *sad, struct rte_mbuf *pkts[],
  62        void *sa[], uint16_t nb_pkts)
  63{
  64        uint32_t i;
  65        uint32_t nb_v4 = 0, nb_v6 = 0;
  66        struct rte_esp_hdr *esp;
  67        struct rte_ipv4_hdr *ipv4;
  68        struct rte_ipv6_hdr *ipv6;
  69        struct rte_ipsec_sadv4_key      v4[nb_pkts];
  70        struct rte_ipsec_sadv6_key      v6[nb_pkts];
  71        int v4_idxes[nb_pkts];
  72        int v6_idxes[nb_pkts];
  73        const union rte_ipsec_sad_key   *keys_v4[nb_pkts];
  74        const union rte_ipsec_sad_key   *keys_v6[nb_pkts];
  75        void *v4_res[nb_pkts];
  76        void *v6_res[nb_pkts];
  77        uint32_t spi, cache_idx;
  78        struct ipsec_sad_cache *cache;
  79        struct ipsec_sa *cached_sa;
  80        int is_ipv4;
  81
  82        cache  = &RTE_PER_LCORE(sad_cache);
  83
  84        /* split received packets by address family into two arrays */
  85        for (i = 0; i < nb_pkts; i++) {
  86                ipv4 = rte_pktmbuf_mtod(pkts[i], struct rte_ipv4_hdr *);
  87                ipv6 = rte_pktmbuf_mtod(pkts[i], struct rte_ipv6_hdr *);
  88                esp = rte_pktmbuf_mtod_offset(pkts[i], struct rte_esp_hdr *,
  89                                pkts[i]->l3_len);
  90
  91                is_ipv4 = pkts[i]->packet_type & RTE_PTYPE_L3_IPV4;
  92                spi = rte_be_to_cpu_32(esp->spi);
  93                cache_idx = SPI2IDX(spi, cache->mask);
  94
  95                if (is_ipv4) {
  96                        cached_sa = (cache->mask != 0) ?
  97                                cache->v4[cache_idx] : NULL;
  98                        /* check SAD cache entry */
  99                        if ((cached_sa != NULL) && (cached_sa->spi == spi)) {
 100                                if (cmp_sa_key(cached_sa, 1, ipv4, ipv6)) {
 101                                        /* cache hit */
 102                                        sa[i] = cached_sa;
 103                                        continue;
 104                                }
 105                        }
 106                        /*
 107                         * cache miss
 108                         * preparing sad key to proceed with sad lookup
 109                         */
 110                        v4[nb_v4].spi = esp->spi;
 111                        v4[nb_v4].dip = ipv4->dst_addr;
 112                        v4[nb_v4].sip = ipv4->src_addr;
 113                        keys_v4[nb_v4] = (const union rte_ipsec_sad_key *)
 114                                                &v4[nb_v4];
 115                        v4_idxes[nb_v4++] = i;
 116                } else {
 117                        cached_sa = (cache->mask != 0) ?
 118                                cache->v6[cache_idx] : NULL;
 119                        if ((cached_sa != NULL) && (cached_sa->spi == spi)) {
 120                                if (cmp_sa_key(cached_sa, 0, ipv4, ipv6)) {
 121                                        sa[i] = cached_sa;
 122                                        continue;
 123                                }
 124                        }
 125                        v6[nb_v6].spi = esp->spi;
 126                        memcpy(v6[nb_v6].dip, ipv6->dst_addr,
 127                                        sizeof(ipv6->dst_addr));
 128                        memcpy(v6[nb_v6].sip, ipv6->src_addr,
 129                                        sizeof(ipv6->src_addr));
 130                        keys_v6[nb_v6] = (const union rte_ipsec_sad_key *)
 131                                                &v6[nb_v6];
 132                        v6_idxes[nb_v6++] = i;
 133                }
 134        }
 135
 136        if (nb_v4 != 0)
 137                rte_ipsec_sad_lookup(sad->sad_v4, keys_v4, v4_res, nb_v4);
 138        if (nb_v6 != 0)
 139                rte_ipsec_sad_lookup(sad->sad_v6, keys_v6, v6_res, nb_v6);
 140
 141        for (i = 0; i < nb_v4; i++) {
 142                ipv4 = rte_pktmbuf_mtod(pkts[v4_idxes[i]],
 143                        struct rte_ipv4_hdr *);
 144                if ((v4_res[i] != NULL) &&
 145                                (cmp_sa_key(v4_res[i], 1, ipv4, NULL))) {
 146                        sa[v4_idxes[i]] = v4_res[i];
 147                        sa_cache_update(cache->v4, (struct ipsec_sa *)v4_res[i],
 148                                cache->mask);
 149                } else
 150                        sa[v4_idxes[i]] = NULL;
 151        }
 152        for (i = 0; i < nb_v6; i++) {
 153                ipv6 = rte_pktmbuf_mtod(pkts[v6_idxes[i]],
 154                        struct rte_ipv6_hdr *);
 155                if ((v6_res[i] != NULL) &&
 156                                (cmp_sa_key(v6_res[i], 0, NULL, ipv6))) {
 157                        sa[v6_idxes[i]] = v6_res[i];
 158                        sa_cache_update(cache->v6, (struct ipsec_sa *)v6_res[i],
 159                                cache->mask);
 160                } else
 161                        sa[v6_idxes[i]] = NULL;
 162        }
 163}
 164
 165#endif /* __SAD_H__ */
 166
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.