numam-dpdk/lib/ipsec/rte_ipsec_group.h

151 lines
3.6 KiB
C
Raw Normal View History

/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2018 Intel Corporation
*/
#ifndef _RTE_IPSEC_GROUP_H_
#define _RTE_IPSEC_GROUP_H_
/**
* @file rte_ipsec_group.h
*
* RTE IPsec support.
* It is not recommended to include this file directly,
* include <rte_ipsec.h> instead.
* Contains helper functions to process completed crypto-ops
* and group related packets by sessions they belong to.
*/
#ifdef __cplusplus
extern "C" {
#endif
/**
* Used to group mbufs by some id.
* See below for particular usage.
*/
struct rte_ipsec_group {
union {
uint64_t val;
void *ptr;
} id; /**< grouped by value */
struct rte_mbuf **m; /**< start of the group */
uint32_t cnt; /**< number of entries in the group */
int32_t rc; /**< status code associated with the group */
};
/**
* Take crypto-op as an input and extract pointer to related ipsec session.
* @param cop
* The address of an input *rte_crypto_op* structure.
* @return
* The pointer to the related *rte_ipsec_session* structure.
*/
enforce experimental tag at beginning of declarations Putting a '__attribute__((deprecated))' in the middle of a function prototype does not result in the expected result with gcc (while clang is fine with this syntax). $ cat deprecated.c void * __attribute__((deprecated)) incorrect() { return 0; } __attribute__((deprecated)) void *correct(void) { return 0; } int main(int argc, char *argv[]) { incorrect(); correct(); return 0; } $ gcc -o deprecated.o -c deprecated.c deprecated.c: In function ‘main’: deprecated.c:3:1: warning: ‘correct’ is deprecated (declared at deprecated.c:2) [-Wdeprecated-declarations] int main(int argc, char *argv[]) { incorrect(); correct(); return 0; } ^ Move the tag on a separate line and make it the first thing of function prototypes. This is not perfect but we will trust reviewers to catch the other not so easy to detect patterns. sed -i \ -e '/^\([^#].*\)\?__rte_experimental */{' \ -e 's//\1/; s/ *$//; i\' \ -e __rte_experimental \ -e '/^$/d}' \ $(git grep -l __rte_experimental -- '*.h') Special mention for rte_mbuf_data_addr_default(): There is either a bug or a (not yet understood) issue with gcc. gcc won't drop this inline when unused and rte_mbuf_data_addr_default() calls rte_mbuf_buf_addr() which itself is experimental. This results in a build warning when not accepting experimental apis from sources just including rte_mbuf.h. For this specific case, we hide the call to rte_mbuf_buf_addr() under the ALLOW_EXPERIMENTAL_API flag. Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> Signed-off-by: David Marchand <david.marchand@redhat.com>
2019-06-29 11:58:53 +00:00
static inline struct rte_ipsec_session *
rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
{
const struct rte_security_session *ss;
const struct rte_cryptodev_sym_session *cs;
if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
ss = cop->sym[0].sec_session;
return (void *)(uintptr_t)ss->opaque_data;
} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
cs = cop->sym[0].session;
return (void *)(uintptr_t)cs->opaque_data;
}
return NULL;
}
/**
* Take as input completed crypto ops, extract related mbufs
* and group them by rte_ipsec_session they belong to.
* For mbuf which crypto-op wasn't completed successfully
* PKT_RX_SEC_OFFLOAD_FAILED will be raised in ol_flags.
* Note that mbufs with undetermined SA (session-less) are not freed
* by the function, but are placed beyond mbufs for the last valid group.
* It is a user responsibility to handle them further.
* @param cop
* The address of an array of *num* pointers to the input *rte_crypto_op*
* structures.
* @param mb
* The address of an array of *num* pointers to output *rte_mbuf* structures.
* @param grp
* The address of an array of *num* to output *rte_ipsec_group* structures.
* @param num
* The maximum number of crypto-ops to process.
* @return
* Number of filled elements in *grp* array.
*/
enforce experimental tag at beginning of declarations Putting a '__attribute__((deprecated))' in the middle of a function prototype does not result in the expected result with gcc (while clang is fine with this syntax). $ cat deprecated.c void * __attribute__((deprecated)) incorrect() { return 0; } __attribute__((deprecated)) void *correct(void) { return 0; } int main(int argc, char *argv[]) { incorrect(); correct(); return 0; } $ gcc -o deprecated.o -c deprecated.c deprecated.c: In function ‘main’: deprecated.c:3:1: warning: ‘correct’ is deprecated (declared at deprecated.c:2) [-Wdeprecated-declarations] int main(int argc, char *argv[]) { incorrect(); correct(); return 0; } ^ Move the tag on a separate line and make it the first thing of function prototypes. This is not perfect but we will trust reviewers to catch the other not so easy to detect patterns. sed -i \ -e '/^\([^#].*\)\?__rte_experimental */{' \ -e 's//\1/; s/ *$//; i\' \ -e __rte_experimental \ -e '/^$/d}' \ $(git grep -l __rte_experimental -- '*.h') Special mention for rte_mbuf_data_addr_default(): There is either a bug or a (not yet understood) issue with gcc. gcc won't drop this inline when unused and rte_mbuf_data_addr_default() calls rte_mbuf_buf_addr() which itself is experimental. This results in a build warning when not accepting experimental apis from sources just including rte_mbuf.h. For this specific case, we hide the call to rte_mbuf_buf_addr() under the ALLOW_EXPERIMENTAL_API flag. Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> Signed-off-by: David Marchand <david.marchand@redhat.com>
2019-06-29 11:58:53 +00:00
static inline uint16_t
rte_ipsec_pkt_crypto_group(const struct rte_crypto_op *cop[],
struct rte_mbuf *mb[], struct rte_ipsec_group grp[], uint16_t num)
{
uint32_t i, j, k, n;
void *ns, *ps;
struct rte_mbuf *m, *dr[num];
j = 0;
k = 0;
n = 0;
ps = NULL;
for (i = 0; i != num; i++) {
m = cop[i]->sym[0].m_src;
ns = cop[i]->sym[0].session;
m->ol_flags |= PKT_RX_SEC_OFFLOAD;
if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS)
m->ol_flags |= PKT_RX_SEC_OFFLOAD_FAILED;
/* no valid session found */
if (ns == NULL) {
dr[k++] = m;
continue;
}
/* different SA */
if (ps != ns) {
/*
* we already have an open group - finalize it,
* then open a new one.
*/
if (ps != NULL) {
grp[n].id.ptr =
rte_ipsec_ses_from_crypto(cop[i - 1]);
grp[n].cnt = mb + j - grp[n].m;
n++;
}
/* start new group */
grp[n].m = mb + j;
ps = ns;
}
mb[j++] = m;
}
/* finalise last group */
if (ps != NULL) {
grp[n].id.ptr = rte_ipsec_ses_from_crypto(cop[i - 1]);
grp[n].cnt = mb + j - grp[n].m;
n++;
}
/* copy mbufs with unknown session beyond recognised ones */
if (k != 0 && k != num) {
for (i = 0; i != k; i++)
mb[j + i] = dr[i];
}
return n;
}
#ifdef __cplusplus
}
#endif
#endif /* _RTE_IPSEC_GROUP_H_ */