From patchwork Fri Mar 17 11:15:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikhil Agarwal X-Patchwork-Id: 95416 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp246967obz; Fri, 17 Mar 2017 04:16:28 -0700 (PDT) X-Received: by 10.237.34.59 with SMTP id n56mr12995941qtc.231.1489749388355; Fri, 17 Mar 2017 04:16:28 -0700 (PDT) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id s23si4315735qka.239.2017.03.17.04.16.27; Fri, 17 Mar 2017 04:16:28 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B2DB360855; Fri, 17 Mar 2017 11:16:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAD_ENC_HEADER,BAYES_00, RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id D0FBB62DC3; Fri, 17 Mar 2017 11:15:55 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7931F62DC6; Fri, 17 Mar 2017 11:15:50 +0000 (UTC) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0065.outbound.protection.outlook.com [104.47.42.65]) by lists.linaro.org (Postfix) with ESMTPS id 2529B6050F for ; Fri, 17 Mar 2017 11:15:45 +0000 (UTC) Received: from BN3PR03CA0105.namprd03.prod.outlook.com (10.174.66.23) by BN1PR03MB186.namprd03.prod.outlook.com (10.255.200.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.17; Fri, 17 Mar 2017 11:15:43 +0000 Received: from BN1AFFO11FD017.protection.gbl (2a01:111:f400:7c10::170) by BN3PR03CA0105.outlook.office365.com (2603:10b6:400:4::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.933.12 via Frontend Transport; Fri, 17 Mar 2017 11:15:42 +0000 Received-SPF: SoftFail (protection.outlook.com: domain of transitioning linaro.org discourages use of 192.88.168.50 as permitted sender) Received: from tx30smr01.am.freescale.net (192.88.168.50) by BN1AFFO11FD017.mail.protection.outlook.com (10.58.52.77) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.977.7 via Frontend Transport; Fri, 17 Mar 2017 11:15:42 +0000 Received: from netperf2.ap.freescale.net ([10.232.133.164]) by tx30smr01.am.freescale.net (8.14.3/8.14.0) with ESMTP id v2HBFdMn018692 for ; Fri, 17 Mar 2017 04:15:40 -0700 From: Nikhil Agarwal To: Date: Fri, 17 Mar 2017 16:45:21 +0530 Message-ID: <20170317111521.2878-1-nikhil.agarwal@linaro.org> X-Mailer: git-send-email 2.9.3 X-EOPAttributedMessage: 0 X-Matching-Connectors: 131342229424037356; (91ab9b29-cfa4-454e-5278-08d120cd25b8); () X-Forefront-Antispam-Report: CIP:192.88.168.50; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(6009001)(336005)(39840400002)(39450400003)(39400400002)(39410400002)(39860400002)(39850400002)(39380400002)(2980300002)(199003)(189002)(15404003)(9170700003)(575784001)(5003940100001)(86362001)(77096006)(356003)(305945005)(53936002)(16200700003)(47776003)(8676002)(81166006)(53946003)(110136004)(81156014)(8936002)(50226002)(105596002)(104016004)(1076002)(38730400002)(50986999)(2351001)(106466001)(5660300001)(6916009)(48376002)(6666003)(33646002)(189998001)(2906002)(36756003)(50466002)(21314002)(579004)(569005); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR03MB186; H:tx30smr01.am.freescale.net; FPR:; SPF:SoftFail; MLV:ovrnspm; A:1; MX:1; PTR:InfoDomainNonexistent; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD017; 1:9WjYywDoKpuBj/MGF9BRjFDFJP90txC+7RuJofq+X9q2UFWXYAub/Zl+sZAxaepoCpzvnu38c1zSKwovm68zn0ZG6x3GX0Ts1A0BlN9/HA3wUTdy4QrfdescRcwACSOOvUMNXqGGZwKv4Vo6V7jUCxVwTCxGu/pBCHdW3P1MKaVK4LkHj5JKPUrBRD21CpjuKDbG8+bhFVMb+GvWAw9SAPjltL8beMYT5zmAY06i3l5d2elnjoR8YRRu67PaxVYqG/CqKFq4wleKfROMhItfjEOxw22KPMNg5R7Gb39mUDZz8qfXHavi3Uq+//YVyic6y/MwP3F8xXApRQ6RwwsW0rN/DLFEar6be1qFRNJzecf9Unl4LrNMAHdF1bShyIXYsBjx0cayjLqNj8JlHCnwyvL3IIVseIz/BMvuA2vu5UizD52FH9TPpb+OU3Ax+isDwBNq31fWi84P0fyoU0PCxEt+/bzLuflHbguy43GswvQPU0vt1fLe8FAJWf3zTJ9zau+rdlVU/uesnz2ib6n3M7b/xxRBJvRaO5cP10iY9dk= MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: e479dc91-4b59-4708-ddec-08d46d26f34a X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN1PR03MB186; X-Microsoft-Exchange-Diagnostics: 1; BN1PR03MB186; 3:suHwjy4p/2OTwXEUOxoY0HWv+tkXjaeqwMxIa+z6yoG+8M7GW30mUEgm1h1K8YYY2P0WqSg0e1i6kl6WtiwpyRb84+4J6iui3N8vO5KVNFswuzlRVvK9rPh+YDiz/B0XmJ6i7ALc5VK/TGZu/4DuMy28idX0Ef121KKlrs4M5AH1q19FyoWgsk5hEw3H8NPlNZ+2NF22HTJTF5GzQlVgfegKOxRDmTdSCYyNJ5zA4CCBsckwB02C62hMYErHrJeY52fU+i5Mve9oRNeMKzIvIuL0xl0xS0q5wqnr8U3rmknJ9OrPdeoAb512euDecDNYBMQnoaemlxhX/pxh64UIipk9iJvWWV6dq+RVafhbU9yt6hNLKD3ryJ2PlOekQLYi; 25:hIrOZlESiZjbcCP3fSDmENBGLqwSayr/+scGPyrqYXvhWL5p8IPAF90wTir0Er0iWeKMrXwOwI9XS05We+kttQZoo0+/qiMg08tQOVKDzwoioPP4fAuG/OOKZRFjUcyhgnBKcVeKUm6XknrnPJ+YA8AW1WU+YxRArz0WzW9R1wr0UpdA7OuAgpLR0h0HkVD8UlXHgLEyTLygPA6LjbE5UNh6YD5XGSmIzIlfbXqmRCTMkLyR9NEd/sFzvZ78tOLFHIgXAykJHFG5MS8V52z1Twb0bV1MaYRrQZf4LKug+MsDOdUT0B26oyyMPu0oAWhE0Ud59dQiL7Cvf4CWeAwI7SUyI1AmIo1uIhEiU1I5Jcdm8nIRaDec+NrLomwqsYLyz6cqP410PKu53ABdEX+UGwkENN/4iThiBw/b33aY5GI7ol6ORmYYwaSCqGwjcWyApeFdfU5A4d6uWDFgISFc4g== X-Microsoft-Exchange-Diagnostics: 1; BN1PR03MB186; 31:M+c8KpR6ydsISYD8+G8IV6FBMtOA0LN/3oOPGtfROLsk6cCF6O9ZcOpKhvTDFSiJEHOBs1vDb4IocCR1Cz/TuVFcoskqwAAvjL9ph3e/ZKAVYaEvhHIMFNbomRYpQ23Sj6INVLkKJhFV6ljl1XOzG13yWKh5YFJYQeZA++2l5x+WUQMcFM2s8IlrCD7ZC8t1Yhp/TjO9KKGW6kEfArGyXNQEab5207DtRHtr8MdSeCiXv1+EGaNPaYO0iY1HlBvXPFIljP3x4Nb2VPqK8fP8OwrGpo0xphio3sMDm9xVtmA= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(116097685857584)(21532816269658); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6095060)(601004)(2401047)(8121501046)(13017025)(13015025)(5005006)(13024025)(13018025)(13023025)(10201501046)(3002001)(6055026)(6096035)(20161123563025)(20161123565025)(20161123561025)(20161123559025)(20161123556025); SRVR:BN1PR03MB186; BCL:0; PCL:0; RULEID:(400006); SRVR:BN1PR03MB186; X-Microsoft-Exchange-Diagnostics: 1; BN1PR03MB186; 4:UrqyULFC5SaBjlklpGXY5DzCembHP6fKlkBkb7V8VEofyT/fSHCsKuhfsj5jti2OtsIqVnM3N0imKIWf75q7bCYKG1N59psLheuuZBxkHFDpsteIZqxPQonaTIrFPeYs3O7DTOS5EZSHXzgZr6zYv2InR1yIxB3id63Mdbwnw8fKDx8rXA6dRbSQhAD/qFhI6qshNoKE59pj6trGlWhsPXdwZG5EGBti0FC3gWpuraMCi4F1gEvvNOjtunG9DZu27jMl6F9MnwdGsaWkfrTWqmca12qMkXsDRebD5HRaF0LTDWiCapAtMEraWqNII9CLJkpR/xVdtF8OFdPuv/as1muCLLOHwAqidm+X7K93ghWoAPTljZDvKcD+RxAlvOQ3BKBNNWlslAIRPfu07GSCSm+gm/3Irlhz1CEnKYzANxR0oBc8HBKaOQv3LLphxgpX+eYVDYqtsVhHtAFnIiHuZElpPDf09U7m6foY3X85MsCLNezlIS/i6qGX2389bCAgvgetHOz98CdJ/UyNSc9iMEtQKSqhL/4xRNl1q9A/ko0SBYjJX/pbvim3XAcof8oiYLVWzi0sN9lxq6rsU3GxwLs9cgX0l7azPLzuQPSMJ1ts7bZkJebOk8aYafzwyrCPR7L52OhtAnxdE5lnApoEhIvI1+r8SDvAEYeHTgcT7qT+uys3rE8E+D/Jnmu5g5lQOWVu8aufNuDQvL5xaPb+e+xfQH2BmVCvzzwSgd0SjkY7mU3qI++XAvpfuvmKqlTo6z7F5iAERnhKnr0/KlgQjAPI++T3ntScTzCmLhnaKFOm++zdSHluSYuFMWHva9+G X-Forefront-PRVS: 0249EFCB0B X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN1PR03MB186; 23:BctPFIeOr4HTKybACQ5tUZKuOI29V9PT+rEKy+pEeC?= 7qrRmmfuJttYHnAu63/IRy9Pzx+mdJkrGDc0N/V8/UkAGEU/D1ZacLzTFYnKDiEixvGA+JUnzEZAkGGPcdHNL7KGuNN68Skfl8+SrSM4vdwi3HZ1ZeE7pm6gOT2cC+jWsZ+Vv7bCsOurDmtMYZbduJ2EYmlAZchiesGQB4S4RiHcGUanzI1K2flPBh7INKxTKiUSB44cJ9MgCOaolo+0C6jNEOdWwckfGhy5ssMm1d0IlGFhGM3MnhzEM400b/m8USpLa5hHULZyQW8h+P5VWMhTjOqPyZSA2zrCUNFE8McrxYNWM3qSEE6IN5dBd75fxzMuzaX/YBOj5UVadBmGD5XgsLdTiUh1EgRPd2ao+RLfwWYdRK00fyQYLzWEziyNqXxc59RuQxMUgojBYWqjpgmP81pbMZiTT8k+aLclinOhcXmlaDy7CzihnkRTXZ1eKklZgqGWLy/l9+6VDKn0hb+vjlNiuic+hspjzCNFw+Ot0brO4nsGq7YI2+XOXiF3GZ+LrIqGmijZlb0POQIub+wMfDLt536dmmP2DZh1kkUEtyCde+Ngilx1sBSxgRM6sgVJV2bZfxs36HEcIKqHwqhUzLTFiZtQcOzUEbp3U1yHcn7bhiYcFL+LE6GP9w1wmC0tAejXH6pGsGbx694kG4dt/Y5PlbRE5ENsV3bB9qIEiV5YhB3L6vLh9/M+5S4p2tIlO5xIKi2sJ0CLqinHvNvpCeANq+d1TqQpXgs6/WqJGlXLohLj8EjSxFrT81yODrsYaGePkWq8jXa+VKqD7WmsdYeYefX3gMKwzZJyTTGAvIWVVErjLYuYsbdUbr10b/wo/Lv9CmMkBYUhTNJOz4akMjb7cIhnkeGoUPOymvN/ctPRaPB764YvKobRvUJNxvA+l7QCXsl+EcsEU0qwVcSrvMKP4/tiTO6xq8NsDNyjLAzZH2uHKmwwAqwjTF9Mhnu0wsiFSHsZV4FEpHOTZ5kGwPyUps15IkRMe9nJ7dYeq8+M0OaoPXcKo3lzjO5L5V3N140csqCYIEjpqUwv6BWst5Y79Q7YIZLTpKDS73gaIUi8EtBrCTXTbSf1CDa1RqhRkOpWUQWC/dDtbWlPXhE2sYsqyDiFXdptsIWx+vgwyaqd+L0xp68mZ8sJzPVlx55J9nXf4PsKPxU5jrvCg/ X-Microsoft-Exchange-Diagnostics: 1; BN1PR03MB186; 6:LPDbLlssRF8QODA+zXEcyZ6sJh/CnfUgAOSkF8RMAV4NFGYdS8yNdZxz5ADunj2++XI/VbOFIXSaLGEVcPS+Ft7S2UVe3jvcYTy5hUhLjdySPxupGnLg4RcrAkrkviDhdozUncyJDRAGfH1jB3OPm2jSli1D1InA++N7T+YSK0OK2GkrMBgYmQgPC8KrKE8AJVc96QCES8elCc2ABvZGwzKclAS4hlLXD+jW8EKVH5lPJQRezljzMiEj6vp2OHdfFSwMZ2J+qr4+xZsXKnC7LjZooI2BbiTadmC8ldur0BXTCZ71ah6r6sMy06LWO7NsfRhCtOOa761q3DguMJHSLL7Lqi6yeCqNUvNzdBVXGCLiuCsp784fAg/sOoz/s3g3meRzvaRIwx7zgfRfwjFSG/b8DXepALDMceSErOzFxPw=; 5:hpAI7nBC5z4JsB5NbIwinVDAkQl7OenvIcqt7fW21X2wSmjVcFL/mHfc1Eax1lLLjhHKC7j5TowBFV58w7qmJpz9WArh9ONLga+SYYoAW3YeAFjkIrP4pX5t460xPf5DVJoiFM3qK1t6pgcT/HtopuEfOHt6PbdBYycJwPKoVAUrKaRH/683Q63uH8vd9wg2; 24:NGQPSruVB2V+hyCqjkZ253bD4cVJk7dy+/jO9eRQwF2i7gXy+GDUUWJIA+1LFmmW9BfIJ9r0AXvn5PvVZvopKd7M9AtArT9msRjbZ8CFays= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN1PR03MB186; 7:ZC/CU7o3JayQwxFeZbsGjD4MAS+C3FfFC9ybNDxaAWRMLWQCiNcOd4W2VdtLTsKZoAByvbJwYU25uqvHGbJnlUEt5VVceqswlWh+SNbZ8HrynwFsI+MgG+h1VsVnb2023FXgiXxV9gFF4VI0p9jX6OV9MJsuDJg6xDu4dj/4xY7xMDSAljuCYttqg8MA6mDIvsi2sX5UE+VI3J4TUvbhZC80ERodkKsZhnRxFqrFYcgiA9Wg0VKZRVsDznPyZNfLFAR0qerKVVrnghQE/Ml4+IFUOj46fl4AvYTzW1D9HH9mwHkxTt+AZea+QPvBQNa2LfCjDRoV40MWA43A05vFHA== X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2017 11:15:42.2321 (UTC) X-MS-Exchange-CrossTenant-Id: 5afe0b00-7697-4969-b663-5eab37d5f47e X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=5afe0b00-7697-4969-b663-5eab37d5f47e; Ip=[192.88.168.50]; Helo=[tx30smr01.am.freescale.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR03MB186 Subject: [lng-odp] [PATCHv3] example:ipsec_offload: Adding ipsec_offload example X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" Signed-off-by: Nikhil Agarwal --- example/Makefile.am | 1 + example/ipsec_offload/.gitignore | 1 + example/ipsec_offload/Makefile.am | 19 + example/ipsec_offload/odp_ipsec_offload.c | 872 +++++++++++++++++++++++ example/ipsec_offload/odp_ipsec_offload_cache.c | 148 ++++ example/ipsec_offload/odp_ipsec_offload_cache.h | 78 ++ example/ipsec_offload/odp_ipsec_offload_fwd_db.c | 223 ++++++ example/ipsec_offload/odp_ipsec_offload_fwd_db.h | 198 +++++ example/ipsec_offload/odp_ipsec_offload_misc.h | 384 ++++++++++ example/ipsec_offload/odp_ipsec_offload_sa_db.c | 361 ++++++++++ example/ipsec_offload/odp_ipsec_offload_sa_db.h | 126 ++++ example/ipsec_offload/odp_ipsec_offload_sp_db.c | 166 +++++ example/ipsec_offload/odp_ipsec_offload_sp_db.h | 72 ++ example/ipsec_offload/run_left | 14 + example/ipsec_offload/run_right | 14 + example/m4/configure.m4 | 1 + 16 files changed, 2678 insertions(+) create mode 100644 example/ipsec_offload/.gitignore create mode 100644 example/ipsec_offload/Makefile.am create mode 100644 example/ipsec_offload/odp_ipsec_offload.c create mode 100644 example/ipsec_offload/odp_ipsec_offload_cache.c create mode 100644 example/ipsec_offload/odp_ipsec_offload_cache.h create mode 100644 example/ipsec_offload/odp_ipsec_offload_fwd_db.c create mode 100644 example/ipsec_offload/odp_ipsec_offload_fwd_db.h create mode 100644 example/ipsec_offload/odp_ipsec_offload_misc.h create mode 100644 example/ipsec_offload/odp_ipsec_offload_sa_db.c create mode 100644 example/ipsec_offload/odp_ipsec_offload_sa_db.h create mode 100644 example/ipsec_offload/odp_ipsec_offload_sp_db.c create mode 100644 example/ipsec_offload/odp_ipsec_offload_sp_db.h create mode 100644 example/ipsec_offload/run_left create mode 100644 example/ipsec_offload/run_right -- 2.9.3 diff --git a/example/Makefile.am b/example/Makefile.am index dfc07b6..24b9e52 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -2,6 +2,7 @@ SUBDIRS = classifier \ generator \ hello \ ipsec \ + ipsec_offload \ l2fwd_simple \ l3fwd \ packet \ diff --git a/example/ipsec_offload/.gitignore b/example/ipsec_offload/.gitignore new file mode 100644 index 0000000..2fc73aa --- /dev/null +++ b/example/ipsec_offload/.gitignore @@ -0,0 +1 @@ +odp_ipsec_offload diff --git a/example/ipsec_offload/Makefile.am b/example/ipsec_offload/Makefile.am new file mode 100644 index 0000000..a61b923 --- /dev/null +++ b/example/ipsec_offload/Makefile.am @@ -0,0 +1,19 @@ +include $(top_srcdir)/example/Makefile.inc + +bin_PROGRAMS = odp_ipsec_offload$(EXEEXT) +odp_ipsec_offload_LDFLAGS = $(AM_LDFLAGS) -static +odp_ipsec_offload_CFLAGS = $(AM_CFLAGS) -I${top_srcdir}/example + +noinst_HEADERS = \ + $(top_srcdir)/example/ipsec_offload/odp_ipsec_offload_cache.h \ + $(top_srcdir)/example/ipsec_offload/odp_ipsec_offload_fwd_db.h \ + $(top_srcdir)/example/ipsec_offload/odp_ipsec_offload_misc.h \ + $(top_srcdir)/example/ipsec_offload/odp_ipsec_offload_sa_db.h \ + $(top_srcdir)/example/ipsec_offload/odp_ipsec_offload_sp_db.h \ + $(top_srcdir)/example/example_debug.h + +dist_odp_ipsec_offload_SOURCES = odp_ipsec_offload.c \ + odp_ipsec_offload_sa_db.c \ + odp_ipsec_offload_sp_db.c \ + odp_ipsec_offload_fwd_db.c \ + odp_ipsec_offload_cache.c diff --git a/example/ipsec_offload/odp_ipsec_offload.c b/example/ipsec_offload/odp_ipsec_offload.c new file mode 100644 index 0000000..ebf70d7 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload.c @@ -0,0 +1,872 @@ +/* Copyright (c) 2017, Linaro Limited + * Copyright (C) 2017 NXP + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * @example odp_ipsec_offload.c ODP basic packet IO cross connect with IPsec + * test application + */ + +#define _DEFAULT_SOURCE +/* enable strtok */ +#define _POSIX_C_SOURCE 200112L +#include +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#define MAX_WORKERS 32 /**< maximum number of worker threads */ + +/** + * Parsed command line application arguments + */ +typedef struct { + int cpu_count; + int flows; + int if_count; /**< Number of interfaces to be used */ + char **if_names; /**< Array of pointers to interface names */ + char *if_str; /**< Storage for interface names */ + int queue_type; /**< Queue synchronization type*/ +} appl_args_t; +/** + * Grouping of both parsed CL args and thread specific args - alloc together + */ +typedef struct { + /** Application (parsed) arguments */ + appl_args_t appl; +} args_t; + +/* helper funcs */ +static void parse_args(int argc, char *argv[], appl_args_t *appl_args); +static void print_info(char *progname, appl_args_t *appl_args); +static void usage(char *progname); + +/** Global pointer to args */ +static args_t *args; + +/** + * Buffer pool for packet IO + */ +#define SHM_PKT_POOL_BUF_COUNT 1024 +#define SHM_PKT_POOL_BUF_SIZE 4096 +#define SHM_PKT_POOL_SIZE (SHM_PKT_POOL_BUF_COUNT * SHM_PKT_POOL_BUF_SIZE) + +static odp_pool_t pkt_pool = ODP_POOL_INVALID; + +/** Synchronize threads before packet processing begins */ +static odp_barrier_t sync_barrier; + +/** + * Packet processing result codes + */ +typedef enum { + PKT_CONTINUE, /**< No events posted, keep processing */ + PKT_POSTED, /**< Event posted, stop processing */ + PKT_DROP, /**< Reason to drop detected, stop processing */ + PKT_DONE /**< Finished with packet, stop processing */ +} pkt_disposition_e; + +#define MAX_COMPL_QUEUES 32 +#define GET_THR_QUEUE_ID(x) ((odp_thread_id()-1) % (x)) + +/** Atomic queue IPSEC completion events */ +static odp_queue_t completionq[MAX_COMPL_QUEUES]; + +static int num_compl_queues; +static int num_workers; + + +/** + * Calculate hash value on given 2-tuple i.e. sip, dip + * + * @param ip_src Source IP Address + * @param ip_dst Destination IP Address + * + * @return Resultant hash value + */ +static inline uint64_t calculate_flow_hash(uint32_t ip_src, uint32_t ip_dst) +{ + uint64_t hash = 0; + + ip_dst += JHASH_GOLDEN_RATIO; + BJ3_MIX(ip_src, ip_dst, hash); + return hash; +} + +/** + * IPsec pre argument processing intialization + */ +static +void ipsec_init_pre(void) +{ + /* Initialize our data bases */ + init_sp_db(); + init_sa_db(); + init_tun_db(); + init_ipsec_cache(); +} + +/** + * IPsec post argument processing intialization + * + * Resolve SP DB with SA DB and create corresponding IPsec cache entries + */ +static +void ipsec_init_post(void) +{ + sp_db_entry_t *entry; + int queue_id = 0; + + /* Attempt to find appropriate SA for each SP */ + for (entry = sp_db->list; NULL != entry; entry = entry->next) { + sa_db_entry_t *cipher_sa = NULL; + sa_db_entry_t *auth_sa = NULL; + tun_db_entry_t *tun = NULL; + queue_id %= num_workers; + if (num_compl_queues < num_workers) + num_compl_queues++; + queue_id++; + if (entry->esp) { + cipher_sa = find_sa_db_entry(&entry->src_subnet, + &entry->dst_subnet, 1); + tun = find_tun_db_entry(cipher_sa->src_ip, + cipher_sa->dst_ip); + } + if (entry->ah) { + auth_sa = find_sa_db_entry(&entry->src_subnet, + &entry->dst_subnet, 0); + tun = find_tun_db_entry(auth_sa->src_ip, + auth_sa->dst_ip); + } + + if (cipher_sa && auth_sa) { + if (create_ipsec_cache_entry(cipher_sa, + auth_sa, + tun, + entry->input, + completionq[queue_id - 1])) { + EXAMPLE_ABORT("Error: IPSec cache entry failed.\n"); + } + } else { + printf(" WARNING: SA not found for SP\n"); + dump_sp_db_entry(entry); + } + } +} + +/** + * Initialize interface + * + * Initialize ODP pktio and queues, query MAC address and update + * forwarding database. + * + * @param intf Interface name string + * @param queue_type Type of queue to configure. + */ +static void initialize_intf(char *intf, int queue_type) +{ + odp_pktio_t pktio; + odp_pktout_queue_t pktout; + int ret; + uint8_t src_mac[ODPH_ETHADDR_LEN]; + odp_pktio_param_t pktio_param; + odp_pktio_capability_t capa; + odp_pktin_queue_param_t pktin_param; + + odp_pktio_param_init(&pktio_param); + + pktio_param.in_mode = ODP_PKTIN_MODE_SCHED; + + /* + * Open a packet IO instance for thread and get default output queue + */ + pktio = odp_pktio_open(intf, pkt_pool, &pktio_param); + if (ODP_PKTIO_INVALID == pktio) { + EXAMPLE_ABORT("Error: pktio create failed for %s\n", intf); + } + + odp_pktin_queue_param_init(&pktin_param); + + ret = odp_pktio_capability(pktio, &capa); + if (ret != 0) + EXAMPLE_ABORT("Error: Unable to get pktio capability %s\n", intf); + + pktin_param.queue_param.type = ODP_QUEUE_TYPE_SCHED; + pktin_param.queue_param.sched.sync = queue_type; + pktin_param.queue_param.sched.prio = ODP_SCHED_PRIO_DEFAULT; + pktin_param.num_queues = capa.max_input_queues; + + if (pktin_param.num_queues > 1) + pktin_param.hash_enable = 1; + + if (odp_pktin_queue_config(pktio, &pktin_param)) + EXAMPLE_ABORT("Error: pktin config failed for %s\n", intf); + + if (odp_pktout_queue_config(pktio, NULL)) + EXAMPLE_ABORT("Error: pktout config failed for %s\n", intf); + + if (odp_pktout_queue(pktio, &pktout, 1) != 1) + EXAMPLE_ABORT("Error: failed to get pktout queue for %s\n", intf); + + ret = odp_pktio_start(pktio); + if (ret) { + EXAMPLE_ABORT("Error: unable to start %s\n", intf); + } + + /* Read the source MAC address for this interface */ + ret = odp_pktio_mac_addr(pktio, src_mac, sizeof(src_mac)); + if (ret < 0) { + EXAMPLE_ABORT("Error: failed during MAC address get for %s\n", + intf); + } + + printf("Created pktio:%02" PRIu64 "\n", odp_pktio_to_u64(pktio)); + + /* Resolve any routes using this interface for output */ + resolve_fwd_db(intf, pktout, src_mac); +} + +/** + * Packet Processing - Input verification + * + * @param pkt Packet to inspect + * + * @return PKT_CONTINUE if good, supported packet else PKT_DROP + */ +static pkt_disposition_e do_input_verify(odp_packet_t pkt) +{ + if (odp_unlikely(odp_packet_has_error(pkt))) { + odp_packet_free(pkt); + return PKT_DROP; + } + + if (!odp_packet_has_eth(pkt)) { + odp_packet_free(pkt); + return PKT_DROP; + } + + if (!odp_packet_has_ipv4(pkt)) { + odp_packet_free(pkt); + return PKT_DROP; + } + + return PKT_CONTINUE; +} + +/** + * Packet Processing - Route lookup in forwarding database + * + * @param pkt Packet to route + * + * @return PKT_CONTINUE if route found else PKT_DROP + */ +static +pkt_disposition_e do_route_fwd_db(odp_packet_t pkt) +{ + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(pkt, NULL); + fwd_db_entry_t *fwd_entry; + ipsec_cache_entry_t *ipsec_entry; + odp_ipsec_op_param_t params; + uint32_t sip, dip; + uint64_t hash; + odp_flow_entry_t *flow = NULL; + + if (ip->ttl > 1) { + ip->ttl -= 1; + if (ip->chksum >= odp_cpu_to_be_16(0xffff - 0x100)) + ip->chksum += odp_cpu_to_be_16(0x100) + 1; + else + ip->chksum += odp_cpu_to_be_16(0x100); + } else { + odp_packet_free(pkt); + return PKT_DROP; + } + + sip = odp_be_to_cpu_32(ip->src_addr); + dip = odp_be_to_cpu_32(ip->dst_addr); + + hash = calculate_flow_hash(sip, dip); + + flow = odp_route_flow_lookup_in_bucket(sip, dip, + &flow_table[hash & (bucket_count - 1)]); + if (flow) { +do_opt: + odp_packet_user_ptr_set(pkt, &flow->out_port); + if (flow->out_port.sa == ODP_IPSEC_SA_INVALID) + return PKT_CONTINUE; + + /* Initialize parameters block */ + params.sa = &flow->out_port.sa; + params.pkt = &pkt; + params.opt = NULL; + params.num_pkt = 1; + params.num_sa = 1; + params.num_opt = 1; + + /* Issue ipsec request */ + if (odp_unlikely(odp_ipsec_out_enq(¶ms) < 0)) { + EXAMPLE_DBG("Unable to out enqueue\n"); + odp_packet_free(pkt); + return PKT_DROP; + } + return PKT_POSTED; + } else { + /*Check into Routing table*/ + fwd_entry = find_fwd_db_entry(dip); + if (fwd_entry) { + /*Entry found. Updated in Flow table first.*/ + flow = calloc(1, sizeof(odp_flow_entry_t)); + if (!flow) { + EXAMPLE_ABORT("Failure to allocate memory"); + } + flow->l3_src = sip; + flow->l3_dst = dip; + flow->out_port.pktout = fwd_entry->pktout; + memcpy(flow->out_port.addr.addr, fwd_entry->src_mac, ODPH_ETHADDR_LEN); + memcpy(flow->out_port.next_hop_addr.addr, fwd_entry->dst_mac, ODPH_ETHADDR_LEN); + ipsec_entry = find_ipsec_cache_entry_out(sip, dip); + if (ipsec_entry) + flow->out_port.sa = ipsec_entry->sa; + else + flow->out_port.sa = ODP_IPSEC_SA_INVALID; + flow->next = NULL; + /*Insert new flow into flow cache table*/ + odp_route_flow_insert_in_bucket(flow, &flow_table[hash & (bucket_count - 1)]); + goto do_opt; + } else { + EXAMPLE_DBG("No flow match found. Packet is dropped.\n"); + odp_packet_free(pkt); + return PKT_DROP; + + } + } +} + + +/** + * Packet Processing - Input IPsec packet classification + * + * Verify the received packet has IPsec headers, + * if so issue ipsec request else skip. + * + * @param pkt Packet to classify + * + * @return PKT_CONTINUE if done else PKT_POSTED + */ +static +pkt_disposition_e do_ipsec_in_classify(odp_packet_t pkt) +{ + odp_ipsec_op_param_t params; + + if (!odp_packet_has_ipsec(pkt)) + return PKT_CONTINUE; + + /* Initialize parameters block */ + params.pkt = &pkt; + params.num_pkt = 1; + params.num_sa = 0; + params.num_opt = 0; + params.opt = NULL; + + /* Issue ipsec request */ + if (odp_unlikely(odp_ipsec_in_enq(¶ms) < 0)) { + EXAMPLE_DBG("Unable to in enqueue\n"); + odp_packet_free(pkt); + return PKT_DROP; + } + return PKT_POSTED; +} +/** + * Packet IO worker thread + * + * Loop calling odp_schedule to obtain packet from the two sources, + * and continue processing the packet. + * + * - Input interfaces (i.e. new work) + * - Per packet ipsec API completion queue + * + * @param arg Required by "odph_linux_pthread_create", unused + * + * @return NULL (should never return) + */ +static +void *pktio_thread(void *arg EXAMPLE_UNUSED) +{ + int thr; + odp_packet_t pkt; + odp_pktout_queue_t out_queue; + odp_out_entry_t *out_port; + odp_event_t ev = ODP_EVENT_INVALID; + thr = odp_thread_id(); + + printf("Pktio thread [%02i] starts\n", thr); + odp_barrier_wait(&sync_barrier); + + /* Loop packets */ + for (;;) { + pkt_disposition_e rc; + + ev = odp_schedule(NULL, ODP_SCHED_WAIT); + /* Use schedule to get event from any input queue */ + /* Determine new work versus completion */ + if (ODP_EVENT_PACKET == odp_event_type(ev)) { + pkt = odp_packet_from_event(ev); + + rc = do_input_verify(pkt); + if (odp_unlikely(rc)) + continue; + + rc = do_ipsec_in_classify(pkt); + if (rc) + continue; + + rc = do_route_fwd_db(pkt); + if (rc) + continue; + + out_port = (odp_out_entry_t *)odp_packet_user_ptr(pkt); + out_queue = (odp_pktout_queue_t)out_port->pktout; + + if (odp_unlikely(odp_pktout_send(out_queue, &pkt, 1) < 0)) + odp_packet_free(pkt); + + } else if (ODP_EVENT_IPSEC_RESULT == odp_event_type(ev)) { + odp_ipsec_op_result_t result; + odp_ipsec_packet_result_t res; + odph_ethhdr_t *eth; + odp_packet_t out_pkt; + + result.pkt = &out_pkt; + result.res = &res; + + if (odp_unlikely(odp_ipsec_result(&result, ev) < 0)) { + EXAMPLE_DBG("Error Event\n"); + odp_event_free((odp_packet_t)ev); + continue; + } + + if (odp_unlikely(res.status.all)) { + odp_packet_free((odp_packet_t)ev); + continue; + } + + odph_ipv4hdr_t *ip = (odph_ipv4hdr_t *)odp_packet_l3_ptr(out_pkt, NULL); + + if (ip->proto != IPPROTO_ESP) { + rc = do_route_fwd_db(out_pkt); + if (odp_unlikely(rc)) + continue; + } + + out_port = (odp_out_entry_t *)odp_packet_user_ptr(out_pkt); + out_queue = (odp_pktout_queue_t)out_port->pktout; + + eth = (odph_ethhdr_t *)((uint8_t *)ip - sizeof(odph_ethhdr_t)); + eth->dst = out_port->next_hop_addr; + eth->src = out_port->addr; + eth->type = odp_cpu_to_be_16(0x800); + + if (odp_unlikely(odp_pktout_send(out_queue, &out_pkt, 1) < 0)) + odp_packet_free(out_pkt); + } else { + EXAMPLE_DBG("Invalid Event\n"); + odp_event_free((odp_packet_t)ev); + continue; + } + } + + /* unreachable */ + return NULL; +} + +/** + * ODP ipsec proto example main function + */ +int +main(int argc, char *argv[]) +{ + odph_linux_pthread_t thread_tbl[MAX_WORKERS]; + int i; + odp_shm_t shm; + odp_cpumask_t cpumask; + char cpumaskstr[ODP_CPUMASK_STR_SIZE]; + odp_pool_param_t params; + odp_queue_param_t qparam; + odp_instance_t instance; + odph_linux_thr_params_t thr_params; + odp_ipsec_config_t config; + odp_ipsec_capability_t capa; + + /*Validate if user has passed only help option*/ + if (argc == 2) { + if (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")) { + usage(argv[0]); + exit(EXIT_SUCCESS); + } + } + + /* Initialize ODP before calling anything else */ + if (odp_init_global(&instance, NULL, NULL)) { + EXAMPLE_ABORT("Error: ODP global init failed.\n"); + } + /* Initialize this thread */ + if (odp_init_local(instance, ODP_THREAD_CONTROL)) { + EXAMPLE_ABORT("Error: ODP local init failed.\n"); + } + /* Reserve memory for arguments from shared memory */ + shm = odp_shm_reserve("shm_args", sizeof(args_t), + ODP_CACHE_LINE_SIZE, 0); + args = odp_shm_addr(shm); + + if (NULL == args) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(args, 0, sizeof(*args)); + + /* Must init our databases before parsing args */ + ipsec_init_pre(); + init_fwd_db(); + + /* Parse and store the application arguments */ + parse_args(argc, argv, &args->appl); + + /*Initialize route table for user given parameter*/ + odp_init_routing_table(); + + /* Print both system and application information */ + print_info(NO_PATH(argv[0]), &args->appl); + + if (odp_ipsec_capability(&capa)) + EXAMPLE_ABORT("Error: Capability not configured.\n"); + + odp_ipsec_config_init(&config); + + if (capa.op_mode_async && (capa.op_mode_async >= capa.op_mode_sync)) + config.op_mode = ODP_IPSEC_OP_MODE_ASYNC; + else + EXAMPLE_ABORT("Error: Sync mode not supported.\n"); + + if (odp_ipsec_config(&config)) + EXAMPLE_ABORT("Error: IPSec not configured.\n"); + + /* Default to system CPU count unless user specified */ + num_workers = MAX_WORKERS; + if (args->appl.cpu_count && args->appl.cpu_count <= MAX_WORKERS) + num_workers = args->appl.cpu_count; + + /* + * By default CPU #0 runs Linux kernel background tasks. + * Start mapping thread from CPU #1 + */ + num_workers = odp_cpumask_default_worker(&cpumask, num_workers); + (void)odp_cpumask_to_str(&cpumask, cpumaskstr, sizeof(cpumaskstr)); + + /* + * Create completion queues + */ + odp_queue_param_init(&qparam); + qparam.type = ODP_QUEUE_TYPE_SCHED; + qparam.sched.prio = ODP_SCHED_PRIO_HIGHEST; + qparam.sched.sync = args->appl.queue_type; + qparam.sched.group = ODP_SCHED_GROUP_ALL; + + for (i = 0; i < num_workers; i++) { + completionq[i] = odp_queue_create("completion", &qparam); + if (ODP_QUEUE_INVALID == completionq[i]) { + EXAMPLE_ABORT("Error: completion queue creation failed\n"); + } + } + printf("num worker threads: %i\n", num_workers); + printf("first CPU: %i\n", odp_cpumask_first(&cpumask)); + printf("cpu mask: %s\n", cpumaskstr); + + /* Create a barrier to synchronize thread startup */ + odp_barrier_init(&sync_barrier, num_workers); + + /* Create packet buffer pool */ + odp_pool_param_init(¶ms); + params.pkt.seg_len = SHM_PKT_POOL_BUF_SIZE; + params.pkt.len = SHM_PKT_POOL_BUF_SIZE; + params.pkt.num = SHM_PKT_POOL_BUF_COUNT; + params.type = ODP_POOL_PACKET; + + pkt_pool = odp_pool_create("packet_pool", ¶ms); + + if (ODP_POOL_INVALID == pkt_pool) { + EXAMPLE_ABORT("Error: packet pool create failed.\n"); + } + + ipsec_init_post(); + + /* Initialize interfaces (which resolves FWD DB entries */ + for (i = 0; i < args->appl.if_count; i++) { + initialize_intf(args->appl.if_names[i], args->appl.queue_type); + } + + printf(" Configured queues SYNC type: [%s]\n", (args->appl.queue_type == 0)? + "PARALLEL":(args->appl.queue_type == 1)? + "ATOMIC":"ORDERED"); + memset(&thr_params, 0, sizeof(thr_params)); + thr_params.start = pktio_thread; + thr_params.arg = NULL; + thr_params.thr_type = ODP_THREAD_WORKER; + thr_params.instance = instance; + + /* Create and initialize worker threads */ + odph_linux_pthread_create(thread_tbl, &cpumask, + &thr_params); + odph_linux_pthread_join(thread_tbl, num_workers); + + free(args->appl.if_names); + free(args->appl.if_str); + printf("Exit\n\n"); + return 0; +} + +/** + * Parse and store the command line arguments + * + * @param argc argument count + * @param argv[] argument vector + * @param appl_args Store application arguments here + */ +static void parse_args(int argc, char *argv[], appl_args_t *appl_args) +{ + int opt; + int long_index; + char *token; + size_t len; + int rc = 0; + int i; + + static struct option longopts[] = { + {"count", required_argument, NULL, 'c'}, + {"interface", required_argument, NULL, 'i'}, /* return 'i' */ + {"route", required_argument, NULL, 'r'}, /* return 'r' */ + {"policy", required_argument, NULL, 'p'}, /* return 'p' */ + {"ah", required_argument, NULL, 'a'}, /* return 'a' */ + {"esp", required_argument, NULL, 'e'}, /* return 'e' */ + {"tunnel", required_argument, NULL, 't'}, /* return 't' */ + {"flows", no_argument, NULL, 'f'}, /* return 'f' */ + {"queue type", required_argument, NULL, 'q'}, /* return 'q' */ + {"help", no_argument, NULL, 'h'}, /* return 'h' */ + {NULL, 0, NULL, 0} + }; + + appl_args->flows = 1; + appl_args->queue_type = ODP_SCHED_SYNC_ATOMIC; + + while (!rc) { + opt = getopt_long(argc, argv, "+c:i:h:r:p:a:e:t:s:q:f:", + longopts, &long_index); + if (opt < 0) + break; /* No more options */ + switch (opt) { + case 'f': + appl_args->flows = atoi(optarg); + if (appl_args->flows > 256) { + printf("Maximum acceptable value for -f is 256\n"); + rc = -1; + } + if (optind != 3) { + printf("-f must be the 1st argument of the command\n"); + rc = -1; + } + EXAMPLE_DBG("Bucket count = %d\n", bucket_count); + break; + case 'c': + appl_args->cpu_count = atoi(optarg); + break; + case 'i': + /* parse packet-io interface names */ + len = strlen(optarg); + if (0 == len) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + len += 1; /* add room for '\0' */ + + appl_args->if_str = malloc(len); + if (appl_args->if_str == NULL) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + + /* count the number of tokens separated by ',' */ + strcpy(appl_args->if_str, optarg); + for (token = strtok(appl_args->if_str, ","), i = 0; + token; token = strtok(NULL, ","), i++); + appl_args->if_count = i; + if (!appl_args->if_count) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + /* Allocate storage for the if names */ + appl_args->if_names = + calloc(appl_args->if_count, sizeof(char *)); + if (!appl_args->if_names) { + EXAMPLE_ABORT("Memory allocation failure\n"); + } + /* Store the if names (reset names string) */ + strcpy(appl_args->if_str, optarg); + for (token = strtok(appl_args->if_str, ","), i = 0; + token; token = strtok(NULL, ","), i++) { + appl_args->if_names[i] = token; + } + break; + case 'r': + rc = create_fwd_db_entry(optarg, appl_args->if_names, + appl_args->if_count, appl_args->flows); + break; + case 'p': + rc = create_sp_db_entry(optarg, appl_args->flows); + break; + case 'a': + rc = create_sa_db_entry(optarg, FALSE, appl_args->flows); + break; + case 'e': + rc = create_sa_db_entry(optarg, TRUE, appl_args->flows); + break; + case 't': + rc = create_tun_db_entry(optarg, appl_args->flows); + break; + case 'q': + i = atoi(optarg); + if (i > ODP_SCHED_SYNC_ORDERED || i < ODP_SCHED_SYNC_PARALLEL) { + printf("Invalid queue type: setting default to atomic"); + break; + } + appl_args->queue_type = i; + break; + case 'h': + usage(argv[0]); + exit(EXIT_SUCCESS); + break; + default: + break; + } + } + + if (rc) { + printf("ERROR: failed parsing -%c option\n", opt); + usage(argv[0]); + exit(EXIT_FAILURE); + } + + if (0 == appl_args->if_count) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + + optind = 1; /* reset 'extern optind' from the getopt lib */ +} + +/** + * Print system and application info + */ +static void print_info(char *progname, appl_args_t *appl_args) +{ + int i; + + printf("\n" + "ODP system info\n" + "---------------\n" + "ODP API version: %s\n" + "CPU model: %s\n" + "CPU freq (hz): %"PRIu64"\n" + "Cache line size: %i\n" + "CPU count: %i\n" + "\n", + odp_version_api_str(), odp_cpu_model_str(), odp_cpu_hz_max(), + odp_sys_cache_line_size(), odp_cpu_count()); + printf("Running ODP application: \"%s\"\n" + "------------------------\n" + "IF-count: %i\n" + "Using IFs: ", + progname, appl_args->if_count); + for (i = 0; i < appl_args->if_count; ++i) + printf(" %s", appl_args->if_names[i]); + printf("\n"); + dump_fwd_db(); + dump_sp_db(); + dump_sa_db(); + dump_tun_db(); + printf("\n\n"); + fflush(NULL); +} + +/** + * Prinf usage information + */ +static void usage(char *progname) +{ + printf("\n" + "Usage: %s OPTIONS\n" + " E.g. %s -i eth1,eth2,eth3 -m 0\n" + "\n" + "OpenDataPlane example application.\n" + "\n" + "Mandatory OPTIONS:\n" + " -i, --interface Eth interfaces (comma-separated, no spaces)\n" + "Routing / IPSec OPTIONS:\n" + " -r, --route SubNet:Intf:NextHopMAC\n" + " -p, --policy SrcSubNet:DstSubNet:(in|out):(ah|esp|both)\n" + " -e, --esp SrcIP:DstIP:(3des|null):SPI:Key192\n" + " -a, --ah SrcIP:DstIP:(md5|null):SPI:Key128\n" + " -t, --tun SrcIP:DstIP:TunSrcIP:TunDstIP\n" + "\n" + " Where: NextHopMAC is raw hex/dot notation, i.e. 03.BA.44.9A.CE.02\n" + " IP is decimal/dot notation, i.e. 192.168.1.1\n" + " SubNet is decimal/dot/slash notation, i.e 192.168.0.0/16\n" + " SPI is raw hex, 32 bits\n" + " KeyXXX is raw hex, XXX bits long\n" + "\n" + " Examples:\n" + " -r 192.168.222.0/24:p8p1:08.00.27.F5.8B.DB\n" + " -p 192.168.111.0/24:192.168.222.0/24:out:esp\n" + " -e 192.168.111.2:192.168.222.2:3des:201:656c8523255ccc23a66c1917aa0cf30991fce83532a4b224\n" + " -a 192.168.111.2:192.168.222.2:md5:201:a731649644c5dee92cbd9c2e7e188ee6\n" + " -t 192.168.111.2:192.168.222.2:192.168.150.1:192.168.150.2\n" + "\n" + "Optional OPTIONS\n" + " -f, --flows routes count.\n" + " -c, --count CPU count.\n" + " -q specify the queue type\n" + " 0: ODP_SCHED_SYNC_PARALLEL\n" + " 1: ODP_SCHED_SYNC_ATOMIC\n" + " 2: ODP_SCHED_SYNC_ORDERED\n" + " default is ODP_SCHED_SYNC_ATOMIC\n" + " -h, --help Display help and exit.\n" + "\n", NO_PATH(progname), NO_PATH(progname) + ); +} diff --git a/example/ipsec_offload/odp_ipsec_offload_cache.c b/example/ipsec_offload/odp_ipsec_offload_cache.c new file mode 100644 index 0000000..5b6a036 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_cache.c @@ -0,0 +1,148 @@ +/* + * Copyright (c) 2017 NXP. All rights reserved. + */ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include + +#include + +#include + +#include +#include + +#include + +/** Global pointer to ipsec_cache db */ +ipsec_cache_t *ipsec_cache; + +#define IPDEFTTL 64 + +void init_ipsec_cache(void) +{ + odp_shm_t shm; + + shm = odp_shm_reserve("shm_ipsec_cache", + sizeof(ipsec_cache_t), + ODP_CACHE_LINE_SIZE, + 0); + + ipsec_cache = odp_shm_addr(shm); + + if (ipsec_cache == NULL) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(ipsec_cache, 0, sizeof(*ipsec_cache)); +} + +int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, + sa_db_entry_t *auth_sa, + tun_db_entry_t *tun, + odp_bool_t in, + odp_queue_t completionq) +{ + odp_ipsec_sa_param_t sa_params; + ipsec_cache_entry_t *entry; + odp_ipsec_sa_t sa; + uint32_t src_ip, dst_ip; + + odp_ipsec_sa_param_init(&sa_params); + + /* Verify we have a good entry */ + entry = &ipsec_cache->array[ipsec_cache->index]; + if (MAX_DB <= ipsec_cache->index) + return -1; + + /* Verify SA mode match in case of cipher&auth */ + if (!tun) { + printf("\n TRANSPORT MODE not supported"); + return -1; + } + + /* Setup parameters and call ipsec library to create sa */ + if (in) { + sa_params.dir = ODP_IPSEC_DIR_INBOUND; + sa_params.lookup_mode = ODP_IPSEC_LOOKUP_IN_UNIQUE_SA; + } else { + sa_params.dir = ODP_IPSEC_DIR_OUTBOUND; + sa_params.lookup_mode = ODP_IPSEC_LOOKUP_DISABLED; + } + + sa_params.dest_queue = completionq; + sa_params.mode = ODP_IPSEC_MODE_TUNNEL; + + /* Cipher */ + if (cipher_sa) { + sa_params.crypto.cipher_alg = cipher_sa->alg.u.cipher; + sa_params.crypto.cipher_key.data = cipher_sa->key.data; + sa_params.crypto.cipher_key.length = cipher_sa->key.length; + sa_params.spi = cipher_sa->spi; + } else { + sa_params.crypto.cipher_alg = ODP_CIPHER_ALG_NULL; + } + + /* Auth */ + if (auth_sa) { + sa_params.crypto.auth_alg = auth_sa->alg.u.auth; + sa_params.crypto.auth_key.data = auth_sa->key.data; + sa_params.crypto.auth_key.length = auth_sa->key.length; + } else { + sa_params.crypto.auth_alg = ODP_AUTH_ALG_NULL; + } + + src_ip = odp_cpu_to_be_32(tun->tun_src_ip); + dst_ip = odp_cpu_to_be_32(tun->tun_dst_ip); + sa_params.tunnel.type = ODP_IPSEC_TUNNEL_IPV4; + sa_params.tunnel.ipv4.src_addr = &src_ip; + sa_params.tunnel.ipv4.dst_addr = &dst_ip; + sa_params.tunnel.ipv4.ttl = IPDEFTTL; + sa_params.tunnel.ipv4.dscp = 0; + sa_params.tunnel.ipv4.df = 1; + + sa = odp_ipsec_sa_create(&sa_params); + if (sa == ODP_IPSEC_SA_INVALID) + return -1; + + /* Copy selector IPs in cache entry*/ + if (cipher_sa) { + entry->src_ip = cipher_sa->src_ip; + entry->dst_ip = cipher_sa->dst_ip; + } else if (auth_sa) { + entry->src_ip = auth_sa->src_ip; + entry->dst_ip = auth_sa->dst_ip; + } + + /* Initialize state */ + entry->sa = sa; + + /* Add entry to the appropriate list */ + ipsec_cache->index++; + if (in) { + entry->next = ipsec_cache->in_list; + ipsec_cache->in_list = entry; + } else { + entry->next = ipsec_cache->out_list; + ipsec_cache->out_list = entry; + } + + return 0; +} + +ipsec_cache_entry_t *find_ipsec_cache_entry_out(uint32_t src_ip, + uint32_t dst_ip) +{ + ipsec_cache_entry_t *entry = ipsec_cache->out_list; + + /* Look for a hit */ + for (; NULL != entry; entry = entry->next) { + if ((entry->src_ip == src_ip) && (entry->dst_ip == dst_ip)) + break; + } + return entry; +} diff --git a/example/ipsec_offload/odp_ipsec_offload_cache.h b/example/ipsec_offload/odp_ipsec_offload_cache.h new file mode 100644 index 0000000..65f4dda --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_cache.h @@ -0,0 +1,78 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_CACHE_H_ +#define ODP_IPSEC_CACHE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include +#include + +/** + * IPsec cache data base entry + */ +typedef struct ipsec_cache_entry_s { + struct ipsec_cache_entry_s *next; /**< Next entry on list */ + uint32_t src_ip; /**< Source v4 address */ + uint32_t dst_ip; /**< Destination v4 address */ + odp_ipsec_sa_t sa; /**< IPSec sa handle */ +} ipsec_cache_entry_t; + +/** + * IPsec cache data base global structure + */ +typedef struct ipsec_cache_s { + uint32_t index; /**< Index of next available entry */ + ipsec_cache_entry_t *in_list; /**< List of active input entries */ + ipsec_cache_entry_t *out_list; /**< List of active output entries */ + ipsec_cache_entry_t array[MAX_DB]; /**< Entry storage */ +} ipsec_cache_t; + +/** Global pointer to ipsec_cache db */ +extern ipsec_cache_t *ipsec_cache; + +/** Initialize IPsec cache */ +void init_ipsec_cache(void); + +/** + * Create an entry in the IPsec cache + * + * @param cipher_sa Cipher SA DB entry pointer + * @param auth_sa Auth SA DB entry pointer + * @param tun Tunnel DB entry pointer + * @param in Direction (input versus output) + * @param completionq Completion queue + * + * @return 0 if successful else -1 + */ +int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa, + sa_db_entry_t *auth_sa, + tun_db_entry_t *tun, + odp_bool_t in, + odp_queue_t completionq); + +/** + * Find a matching IPsec cache entry for output packet + * + * @param src_ip Source IPv4 address + * @param dst_ip Destination IPv4 address + * + * @return pointer to IPsec cache entry else NULL + */ +ipsec_cache_entry_t *find_ipsec_cache_entry_out(uint32_t src_ip, + uint32_t dst_ip); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/example/ipsec_offload/odp_ipsec_offload_fwd_db.c b/example/ipsec_offload/odp_ipsec_offload_fwd_db.c new file mode 100644 index 0000000..32ee104 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_fwd_db.c @@ -0,0 +1,223 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/* enable strtok */ +#define _POSIX_C_SOURCE 200112L + +#include +#include + +#include +#include + +#include + +/** + * Pointer to Flow cache table + */ +flow_bucket_t *flow_table; + +/** + * bucket count. It will be updated with user argument if provided + */ +uint32_t bucket_count = DEFAULT_BUCKET_COUNT; + +/** Global pointer to fwd db */ +fwd_db_t *fwd_db; + +void odp_init_routing_table(void) +{ + odp_shm_t hash_shm; + uint32_t i; + flow_bucket_t *bucket; + + /*Reserve memory for Routing hash table*/ + hash_shm = odp_shm_reserve("route_table", + sizeof(flow_bucket_t) * bucket_count, + ODP_CACHE_LINE_SIZE, 0); + flow_table = odp_shm_addr(hash_shm); + if (!flow_table) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + /*Inialize Locks*/ + for (i = 0; i < bucket_count; i++) { + bucket = &flow_table[i]; + LOCK_INIT(&bucket->lock); + } + + memset(flow_table, 0, bucket_count * sizeof(flow_bucket_t)); +} + +void init_fwd_db(void) +{ + odp_shm_t shm; + + shm = odp_shm_reserve("shm_fwd_db", + sizeof(fwd_db_t), + ODP_CACHE_LINE_SIZE, + 0); + + fwd_db = odp_shm_addr(shm); + + if (fwd_db == NULL) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(fwd_db, 0, sizeof(*fwd_db)); +} + +int create_fwd_db_entry(char *input, char **if_names, int if_count, int entries) +{ + int pos = 0, i, match = 0, count = 0; + char *local; + char *str; + char *save; + char *token; + fwd_db_entry_t *entry = &fwd_db->array[fwd_db->index]; + + /* Verify we haven't run out of space */ + if (MAX_DB <= fwd_db->index) + return -1; + + /* Make a local copy */ + local = malloc(strlen(input) + 1); + if (NULL == local) + return -1; + strcpy(local, input); + + /* Setup for using "strtok_r" to search input string */ + str = local; + save = NULL; + + /* Parse tokens separated by ':' */ + while (NULL != (token = strtok_r(str, ":", &save))) { + str = NULL; /* reset str for subsequent strtok_r calls */ + + /* Parse token based on its position */ + switch (pos) { + case 0: + parse_ipv4_string(token, + &entry->subnet.addr, + &entry->subnet.mask); + break; + case 1: + strncpy(entry->oif, token, OIF_LEN - 1); + entry->oif[OIF_LEN - 1] = 0; + for (i = 0; i < if_count; i++) { + if (!strcmp(if_names[i], entry->oif)) { + match = 1; + break; + } + } + if (!match) { + printf("ERROR: interface name not correct for route\n"); + free(local); + return -1; + } + break; + case 2: + parse_mac_string(token, entry->dst_mac); + break; + default: + printf("ERROR: extra token \"%s\" at position %d\n", + token, pos); + break; + } + + /* Advance to next position */ + pos++; + } + + /* Verify we parsed exactly the number of tokens we expected */ + if (3 != pos) { + printf("ERROR: \"%s\" contains %d tokens, expected 3\n", + input, + pos); + free(local); + return -1; + } + + /* Add route to the list */ + fwd_db->index++; + entry->next = fwd_db->list; + fwd_db->list = entry; + + count++; + + while (count < entries) { + fwd_db_entry_t *new_entry = &fwd_db->array[fwd_db->index]; + + /* Verify we haven't run out of space */ + if (MAX_DB <= fwd_db->index) + return -1; + + new_entry->subnet.addr = entry->subnet.addr + count; + new_entry->subnet.mask = entry->subnet.mask; + strncpy(new_entry->oif, entry->oif, OIF_LEN - 1); + new_entry->oif[OIF_LEN - 1] = 0; + new_entry->dst_mac[0] = entry->dst_mac[0]; + new_entry->dst_mac[1] = entry->dst_mac[1]; + new_entry->dst_mac[2] = entry->dst_mac[2]; + new_entry->dst_mac[3] = entry->dst_mac[3]; + new_entry->dst_mac[4] = entry->dst_mac[4]; + new_entry->dst_mac[5] = entry->dst_mac[5]; + + /* Add route to the list */ + fwd_db->index++; + new_entry->next = fwd_db->list; + fwd_db->list = new_entry; + count++; + } + + free(local); + return 0; +} + +void resolve_fwd_db(char *intf, odp_pktout_queue_t pktout, uint8_t *mac) +{ + fwd_db_entry_t *entry; + + /* Walk the list and attempt to set output queue and MAC */ + for (entry = fwd_db->list; NULL != entry; entry = entry->next) { + if (strcmp(intf, entry->oif)) + continue; + + entry->pktout = pktout; + memcpy(entry->src_mac, mac, ODPH_ETHADDR_LEN); + } +} + +void dump_fwd_db_entry(fwd_db_entry_t *entry) +{ + char subnet_str[MAX_STRING]; + char mac_str[MAX_STRING]; + + printf(" %s %s %s\n", + ipv4_subnet_str(subnet_str, &entry->subnet), + entry->oif, + mac_addr_str(mac_str, entry->dst_mac)); +} + +void dump_fwd_db(void) +{ + fwd_db_entry_t *entry; + + printf("\n" + "Routing table\n" + "-------------\n"); + + for (entry = fwd_db->list; NULL != entry; entry = entry->next) + dump_fwd_db_entry(entry); +} + +fwd_db_entry_t *find_fwd_db_entry(uint32_t dst_ip) +{ + fwd_db_entry_t *entry; + + for (entry = fwd_db->list; NULL != entry; entry = entry->next) + if (entry->subnet.addr == (dst_ip & entry->subnet.mask)) + break; + return entry; +} diff --git a/example/ipsec_offload/odp_ipsec_offload_fwd_db.h b/example/ipsec_offload/odp_ipsec_offload_fwd_db.h new file mode 100644 index 0000000..2f42596 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_fwd_db.h @@ -0,0 +1,198 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_FWD_DB_H_ +#define ODP_IPSEC_FWD_DB_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include + +#define OIF_LEN 32 + +/** + * Forwarding data base entry + */ + +typedef struct fwd_db_entry_s { + struct fwd_db_entry_s *next; /**< Next entry on list */ + char oif[OIF_LEN]; /**< Output interface name */ + odp_pktout_queue_t pktout; /**< Output transmit queue */ + uint8_t src_mac[ODPH_ETHADDR_LEN]; /**< Output source MAC */ + uint8_t dst_mac[ODPH_ETHADDR_LEN]; /**< Output destination MAC */ + ip_addr_range_t subnet; /**< Subnet for this router */ +} fwd_db_entry_t; + +/** + * Forwarding data base global structure + */ +typedef struct fwd_db_s { + uint32_t index; /**< Next available entry */ + fwd_db_entry_t *list; /**< List of active routes */ + fwd_db_entry_t array[MAX_DB]; /**< Entry storage */ +} fwd_db_t; + +/** Global pointer to fwd db */ +extern fwd_db_t *fwd_db; + +/** + * Flow cache table entry + */ +typedef struct { + void *next; /**< Pointer to next flow in list*/ + uint32_t l3_src; /**< Source IP Address*/ + uint32_t l3_dst; /**< Destination IP Address*/ + odp_out_entry_t out_port; /**< Out interface of matching flow*/ +} odp_flow_entry_t; + +/** + * Flow cache table bucket + */ +typedef struct { + odp_spinlock_t lock; /**< Bucket lock*/ + odp_flow_entry_t *next; /**< Pointer to first flow entry in bucket*/ +} flow_bucket_t; + +/** +* Pointers to Flow cache tables +*/ +extern flow_bucket_t *flow_table; + +extern flow_bucket_t *ipsec_out_flow_table; + +extern flow_bucket_t *ipsec_in_flow_table; + +/** + * Number of buckets in hash table + */ +extern uint32_t bucket_count; + +/* + * Allocate and Initialize routing table with default Route entries. + * + */ +void odp_init_routing_table(void); + +/* + * Searches flow entry in given hash bucket according to given 5-tuple information + * + * @param sip Source IP Address + * @param dip Destination IP Address + * @param sport Source Port Number + * @param dport Destination Port Number + * @param proto IP protocol + * @param bucket Hash Bucket + * + * @return Matching flow entry + */ +static inline odp_flow_entry_t *odp_route_flow_lookup_in_bucket(uint32_t sip, + uint32_t dip, void *bucket) +{ + odp_flow_entry_t *flow, *head; + + head = ((flow_bucket_t *)bucket)->next; + for (flow = head; flow != NULL; flow = flow->next) { + if ((flow->l3_src == sip) && (flow->l3_dst == dip)) + return flow; + } + return NULL; +} + +/** + * Insert the flow into given hash bucket + * + * @param flow Which is to be inserted + * @param bucket Target Hash Bucket + * + */ +static inline void odp_route_flow_insert_in_bucket(odp_flow_entry_t *flow, + void *bucket) +{ + odp_flow_entry_t *temp; + flow_bucket_t *bkt = (flow_bucket_t *)bucket; + + if (!flow) { + EXAMPLE_ERR("Invalid flow entry passed\n"); + return; + } + + LOCK(&bkt->lock); + /*Check that entry already exist or not*/ + temp = odp_route_flow_lookup_in_bucket(flow->l3_src, flow->l3_dst, bkt); + if (temp) { + UNLOCK(&bkt->lock); + return; + } + + if (!bkt->next) { + bkt->next = flow; + } else { + temp = bkt->next; + flow->next = temp; + bkt->next = flow; + } + UNLOCK(&bkt->lock); +} + +/** Initialize FWD DB */ +void init_fwd_db(void); + +/** + * Create a forwarding database entry + * + * String is of the format "SubNet:Intf:NextHopMAC" + * + * @param input Pointer to string describing route + * + * @param if_names Array of Name of the interfaces available + * + * @param if_count number of interfaces in if_names array + * + * @param entries number of entries + * + * @return 0 if successful else -1 + */ +int create_fwd_db_entry(char *input, char **if_names, int if_count, int entries); + +/** + * Scan FWD DB entries and resolve output queue and source MAC address + * + * @param intf Interface name string + * @param outq Output queue for packet transmit + * @param mac MAC address of this interface + */ +void resolve_fwd_db(char *intf, odp_pktout_queue_t pktout, uint8_t *mac); + +/** + * Display one fowarding database entry + * + * @param entry Pointer to entry to display + */ +void dump_fwd_db_entry(fwd_db_entry_t *entry); + +/** + * Display the forwarding database + */ +void dump_fwd_db(void); + +/** + * Find a matching forwarding database entry + * + * @param dst_ip Destination IPv4 address + * + * @return pointer to forwarding DB entry else NULL + */ +fwd_db_entry_t *find_fwd_db_entry(uint32_t dst_ip); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/example/ipsec_offload/odp_ipsec_offload_misc.h b/example/ipsec_offload/odp_ipsec_offload_misc.h new file mode 100644 index 0000000..9a55df0 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_misc.h @@ -0,0 +1,384 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_MISC_H_ +#define ODP_IPSEC_MISC_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include + +#ifndef TRUE +#define TRUE 1 +#endif +#ifndef FALSE +#define FALSE 0 +#endif + +#define MAX_DB 1024 /**< maximum number of data base entries */ +#define MAX_STRING 32 /**< maximum string length */ +#define KEY_BITS_3DES 192 /**< 3DES cipher key length in bits */ +#define KEY_BITS_MD5_96 128 /**< MD5_96 auth key length in bits */ +#define KEY_BITS_AES 128 /**< AES cipher key length in bits */ +#define KEY_BITS_SHA1_96 160 /**< SHA1_96 auth key length in bits */ +#define KEY_BITS_SHA2_256 256 /**< SHA2_256 auth key length in bits */ + +/** + * Number of buckets in hash table + */ +extern uint32_t bucket_count; + +#define LOCK(a) odp_spinlock_lock(a) +#define UNLOCK(a) odp_spinlock_unlock(a) +#define LOCK_INIT(a) odp_spinlock_init(a) + +/** + * Hash calculation utility + */ +#define JHASH_GOLDEN_RATIO 0x9e3779b9 +#define rot(x, k) (((x) << (k)) | ((x) >> (32 - (k)))) +#define BJ3_MIX(a, b, c) \ +{ \ + a -= c; a ^= rot(c, 4); c += b; \ + b -= a; b ^= rot(a, 6); a += c; \ + c -= b; c ^= rot(b, 8); b += a; \ + a -= c; a ^= rot(c, 16); c += b; \ + b -= a; b ^= rot(a, 19); a += c; \ + c -= b; c ^= rot(b, 4); b += a; \ +} + +/** + * Default Hash bucket number + */ +#define DEFAULT_BUCKET_COUNT 1024 + +/**< Number of bits represnted by a string of hexadecimal characters */ +#define KEY_STR_BITS(str) (4 * strlen(str)) + +/** IPv4 helpers for data length and uint8t pointer */ +#define ipv4_data_p(ip) ((uint8_t *)((odph_ipv4hdr_t *)ip + 1)) + +/** Get rid of path in filename - only for unix-type paths using '/' */ +#define NO_PATH(file_name) (strrchr((file_name), '/') ? \ + strrchr((file_name), '/') + 1 : (file_name)) + +/** + * Actual entries + */ +typedef struct { + odp_pktout_queue_t pktout; /**< queue handle*/ + odph_ethaddr_t addr; /**< pktio MAC Address*/ + odph_ethaddr_t next_hop_addr; /**< Next Hop MAC Address*/ + odp_ipsec_sa_t sa; /**< IPSec sa handle*/ +} odp_out_entry_t; + +/** + * IPsec key + */ +typedef struct { + uint8_t data[32]; /**< Key data */ + uint8_t length; /**< Key length */ +} ipsec_key_t; + +/** + * IPsec algorithm + */ +typedef struct { + odp_bool_t cipher; + union { + odp_cipher_alg_t cipher; + odp_auth_alg_t auth; + } u; +} ipsec_alg_t; + +/** + * IP address range (subnet) + */ +typedef struct ip_addr_range_s { + uint32_t addr; /**< IP address */ + uint32_t mask; /**< mask, 1 indicates bits are valid */ +} ip_addr_range_t; + +/** + * Parse text string representing a key into ODP key structure + * + * @param keystring Pointer to key string to convert + * @param key Pointer to ODP key structure to populate + * @param alg Cipher/authentication algorithm associated with the key + * + * @return 0 if successful else -1 + */ +static inline +int parse_key_string(char *keystring, + ipsec_key_t *key, + ipsec_alg_t *alg) +{ + int idx; + int key_bits_in = KEY_STR_BITS(keystring); + char temp[3]; + + key->length = 0; + + /* Algorithm is either cipher or authentication */ + if (alg->cipher) { + if ((alg->u.cipher == ODP_CIPHER_ALG_3DES_CBC) && + (KEY_BITS_3DES == key_bits_in)) + key->length = key_bits_in / 8; + if ((alg->u.cipher == ODP_CIPHER_ALG_AES_CBC) && + (KEY_BITS_AES == key_bits_in)) + key->length = key_bits_in / 8; + } else { + if ((alg->u.auth == ODP_AUTH_ALG_MD5_HMAC) && + (KEY_BITS_MD5_96 == key_bits_in)) + key->length = key_bits_in / 8; + if ((alg->u.auth == ODP_AUTH_ALG_SHA1_HMAC) && + (KEY_BITS_SHA1_96 == key_bits_in)) + key->length = key_bits_in / 8; + if ((alg->u.auth == ODP_AUTH_ALG_SHA256_HMAC) && + (KEY_BITS_SHA2_256 == key_bits_in)) + key->length = key_bits_in / 8; + } + + for (idx = 0; idx < key->length; idx++) { + temp[0] = *keystring++; + temp[1] = *keystring++; + temp[2] = 0; + key->data[idx] = strtol(temp, NULL, 16); + } + + return key->length ? 0 : -1; +} + +/** + * Check IPv4 address against a range/subnet + * + * @param addr IPv4 address to check + * @param range Pointer to address range to check against + * + * @return 1 if match else 0 + */ +static inline +int match_ip_range(uint32_t addr, ip_addr_range_t *range) +{ + return (range->addr == (addr & range->mask)); +} + +/** + * Generate text string representing IPv4 address + * + * @param b Pointer to buffer to store string + * @param addr IPv4 address + * + * @return Pointer to supplied buffer + */ +static inline +char *ipv4_addr_str(char *b, uint32_t addr) +{ + sprintf(b, "%03d.%03d.%03d.%03d", + 0xFF & ((addr) >> 24), + 0xFF & ((addr) >> 16), + 0xFF & ((addr) >> 8), + 0xFF & ((addr) >> 0)); + return b; +} + +/** + * Parse text string representing an IPv4 address or subnet + * + * String is of the format "XXX.XXX.XXX.XXX(/W)" where + * "XXX" is decimal value and "/W" is optional subnet length + * + * @param ipaddress Pointer to IP address/subnet string to convert + * @param addr Pointer to return IPv4 address + * @param mask Pointer (optional) to return IPv4 mask + * + * @return 0 if successful else -1 + */ +static inline +int parse_ipv4_string(char *ipaddress, uint32_t *addr, uint32_t *mask) +{ + int b[4]; + int qualifier = 32; + int converted; + + if (strchr(ipaddress, '/')) { + converted = sscanf(ipaddress, "%d.%d.%d.%d/%d", + &b[3], &b[2], &b[1], &b[0], + &qualifier); + if (5 != converted) + return -1; + } else { + converted = sscanf(ipaddress, "%d.%d.%d.%d", + &b[3], &b[2], &b[1], &b[0]); + if (4 != converted) + return -1; + } + + if ((b[0] > 255) || (b[1] > 255) || (b[2] > 255) || (b[3] > 255)) + return -1; + if (!qualifier || (qualifier > 32)) + return -1; + + *addr = b[0] | b[1] << 8 | b[2] << 16 | b[3] << 24; + if (mask) + *mask = ~(0xFFFFFFFF & ((1ULL << (32 - qualifier)) - 1)); + + return 0; +} + +/** + * Generate text string representing IPv4 range/subnet, output + * in "XXX.XXX.XXX.XXX/W" format + * + * @param b Pointer to buffer to store string + * @param range Pointer to IPv4 address range + * + * @return Pointer to supplied buffer + */ +static inline +char *ipv4_subnet_str(char *b, ip_addr_range_t *range) +{ + int idx; + int len; + + for (idx = 0; idx < 32; idx++) + if (range->mask & (1 << idx)) + break; + len = 32 - idx; + + sprintf(b, "%03d.%03d.%03d.%03d/%d", + 0xFF & ((range->addr) >> 24), + 0xFF & ((range->addr) >> 16), + 0xFF & ((range->addr) >> 8), + 0xFF & ((range->addr) >> 0), + len); + return b; +} + +/** + * Generate text string representing MAC address + * + * @param b Pointer to buffer to store string + * @param mac Pointer to MAC address + * + * @return Pointer to supplied buffer + */ +static inline +char *mac_addr_str(char *b, uint8_t *mac) +{ + sprintf(b, "%02X.%02X.%02X.%02X.%02X.%02X", + mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); + return b; +} + +/** + * Parse text string representing a MAC address into byte araray + * + * String is of the format "XX.XX.XX.XX.XX.XX" where XX is hexadecimal + * + * @param macaddress Pointer to MAC address string to convert + * @param mac Pointer to MAC address byte array to populate + * + * @return 0 if successful else -1 + */ +static inline +int parse_mac_string(char *macaddress, uint8_t *mac) +{ + int macwords[ODPH_ETHADDR_LEN]; + int converted; + + converted = sscanf(macaddress, + "%x.%x.%x.%x.%x.%x", + &macwords[0], &macwords[1], &macwords[2], + &macwords[3], &macwords[4], &macwords[5]); + if (6 != converted) + return -1; + + mac[0] = macwords[0]; + mac[1] = macwords[1]; + mac[2] = macwords[2]; + mac[3] = macwords[3]; + mac[4] = macwords[4]; + mac[5] = macwords[5]; + + return 0; +} + +/** + * Locate IPsec headers (AH and/or ESP) in packet + * + * @param ip Pointer to packets IPv4 header + * @param ah_p Pointer to location to return AH header pointer + * @param esp_p Pointer to location to return ESP header pointer + * + * @return length of IPsec headers found + */ +static inline +int locate_ipsec_headers(odph_ipv4hdr_t *ip, + odph_ahhdr_t **ah_p, + odph_esphdr_t **esp_p) +{ + uint8_t *in = ipv4_data_p(ip); + odph_ahhdr_t *ah = NULL; + odph_esphdr_t *esp = NULL; + + if (ODPH_IPPROTO_AH == ip->proto) { + ah = (odph_ahhdr_t *)in; + in += ((ah)->ah_len + 2) * 4; + if (ODPH_IPPROTO_ESP == ah->next_header) { + esp = (odph_esphdr_t *)in; + in += sizeof(odph_esphdr_t); + } + } else if (ODPH_IPPROTO_ESP == ip->proto) { + esp = (odph_esphdr_t *)in; + in += sizeof(odph_esphdr_t); + } + + *ah_p = ah; + *esp_p = esp; + return in - (ipv4_data_p(ip)); +} + +/** + * Adjust IPv4 length + * + * @param ip Pointer to IPv4 header + * @param adj Signed adjustment value + */ +static inline +void ipv4_adjust_len(odph_ipv4hdr_t *ip, int adj) +{ + ip->tot_len = odp_cpu_to_be_16(odp_be_to_cpu_16(ip->tot_len) + adj); +} + +/** + * Verify crypto operation completed successfully + * + * @param status Pointer to cryto completion structure + * + * @return TRUE if all OK else FALSE + */ +static inline +odp_bool_t is_crypto_compl_status_ok(odp_crypto_compl_status_t *status) +{ + if (status->alg_err != ODP_CRYPTO_ALG_ERR_NONE) + return FALSE; + if (status->hw_err != ODP_CRYPTO_HW_ERR_NONE) + return FALSE; + return TRUE; +} + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/example/ipsec_offload/odp_ipsec_offload_sa_db.c b/example/ipsec_offload/odp_ipsec_offload_sa_db.c new file mode 100644 index 0000000..f2e2214 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_sa_db.c @@ -0,0 +1,361 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/* enable strtok */ +#define _POSIX_C_SOURCE 200112L + +#include +#include + +#include + +#include + +#include + +/** Global pointer to sa db */ +static sa_db_t *sa_db; + +/** Global pointer to tun db */ +static tun_db_t *tun_db; + +void init_sa_db(void) +{ + odp_shm_t shm; + + shm = odp_shm_reserve("shm_sa_db", + sizeof(sa_db_t), + ODP_CACHE_LINE_SIZE, + 0); + + sa_db = odp_shm_addr(shm); + + if (sa_db == NULL) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(sa_db, 0, sizeof(*sa_db)); +} + +void init_tun_db(void) +{ + odp_shm_t shm; + + shm = odp_shm_reserve("shm_tun_db", + sizeof(tun_db_t), + ODP_CACHE_LINE_SIZE, + 0); + tun_db = odp_shm_addr(shm); + + if (!tun_db) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(tun_db, 0, sizeof(*tun_db)); +} + +int create_sa_db_entry(char *input, odp_bool_t cipher, int entries) +{ + int pos = 0, count = 0; + char *local; + char *str; + char *save; + char *token; + sa_db_entry_t *entry = &sa_db->array[sa_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= sa_db->index) + return -1; + + /* Make a local copy */ + local = malloc(strlen(input) + 1); + if (NULL == local) + return -1; + strcpy(local, input); + + /* Set cipher versus auth */ + entry->alg.cipher = cipher; + + /* Setup for using "strtok_r" to search input string */ + str = local; + save = NULL; + + /* Parse tokens separated by ':' */ + while (NULL != (token = strtok_r(str, ":", &save))) { + str = NULL; /* reset str for subsequent strtok_r calls */ + + /* Parse token based on its position */ + switch (pos) { + case 0: + parse_ipv4_string(token, &entry->src_ip, NULL); + break; + case 1: + parse_ipv4_string(token, &entry->dst_ip, NULL); + break; + case 2: + if (cipher) { + if (0 == strcmp(token, "3des")) { + entry->alg.u.cipher = + ODP_CIPHER_ALG_3DES_CBC; + } else if (0 == strcmp(token, "aes")) { + entry->alg.u.cipher = + ODP_CIPHER_ALG_AES_CBC; + } else { + entry->alg.u.cipher = + ODP_CIPHER_ALG_NULL; + } + } else { + if (0 == strcmp(token, "md5")) { + entry->alg.u.auth = + ODP_AUTH_ALG_MD5_HMAC; + } else if (0 == strcmp(token, "sha1")) { + entry->alg.u.auth = + ODP_AUTH_ALG_SHA1_HMAC; + } else if (0 == strcmp(token, "sha256")) { + entry->alg.u.auth = + ODP_AUTH_ALG_SHA256_HMAC; + } else { + entry->alg.u.auth = ODP_AUTH_ALG_NULL; + } + } + break; + case 3: + entry->spi = strtol(token, NULL, 16); + break; + case 4: + parse_key_string(token, + &entry->key, + &entry->alg); + break; + default: + printf("ERROR: extra token \"%s\" at position %d\n", + token, pos); + break; + } + + /* Advance to next position */ + pos++; + } + + /* Verify we parsed exactly the number of tokens we expected */ + if (5 != pos) { + printf("ERROR: \"%s\" contains %d tokens, expected 5\n", + input, + pos); + free(local); + return -1; + } + + /* Add route to the list */ + sa_db->index++; + entry->next = sa_db->list; + sa_db->list = entry; + count++; + + while (count < entries) { + sa_db_entry_t *new_entry = &sa_db->array[sa_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= sa_db->index) + return -1; + + new_entry->alg.cipher = entry->alg.cipher; + new_entry->src_ip = entry->src_ip + count; + new_entry->dst_ip = entry->dst_ip + count; + new_entry->alg.u.cipher = entry->alg.u.cipher; + new_entry->alg.u.auth = entry->alg.u.auth; + new_entry->spi = entry->spi + count; + new_entry->key = entry->key; + new_entry->alg = entry->alg; + /* Add route to the list */ + sa_db->index++; + new_entry->next = sa_db->list; + sa_db->list = new_entry; + count++; + } + + free(local); + return 0; +} + +int create_tun_db_entry(char *input, int entries) +{ + int pos = 0, count = 0; + char *local; + char *str; + char *save; + char *token; + tun_db_entry_t *entry = &tun_db->array[tun_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= tun_db->index) + return -1; + + /* Make a local copy */ + local = malloc(strlen(input) + 1); + if (NULL == local) + return -1; + strcpy(local, input); + + /* Setup for using "strtok_r" to search input string */ + str = local; + save = NULL; + + /* Parse tokens separated by ':' */ + while (NULL != (token = strtok_r(str, ":", &save))) { + str = NULL; /* reset str for subsequent strtok_r calls */ + + /* Parse token based on its position */ + switch (pos) { + case 0: + parse_ipv4_string(token, &entry->src_ip, NULL); + break; + case 1: + parse_ipv4_string(token, &entry->dst_ip, NULL); + break; + case 2: + parse_ipv4_string(token, &entry->tun_src_ip, NULL); + break; + case 3: + parse_ipv4_string(token, &entry->tun_dst_ip, NULL); + break; + default: + printf("ERROR: extra token \"%s\" at position %d\n", + token, pos); + break; + } + pos++; + } + + /* Verify we parsed exactly the number of tokens we expected */ + if (4 != pos) { + printf("ERROR: \"%s\" contains %d tokens, expected 4\n", + input, + pos); + free(local); + return -1; + } + + /* Add route to the list */ + tun_db->index++; + entry->next = tun_db->list; + tun_db->list = entry; + count++; + + while (count < entries) { + tun_db_entry_t *new_entry = &tun_db->array[tun_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= tun_db->index) + return -1; + + new_entry->src_ip = entry->src_ip + count; + new_entry->dst_ip = entry->dst_ip + count; + new_entry->tun_src_ip = entry->tun_src_ip + count; + new_entry->tun_dst_ip = entry->tun_dst_ip + count; + /* Add route to the list */ + tun_db->index++; + new_entry->next = tun_db->list; + tun_db->list = new_entry; + count++; + } + + free(local); + return 0; +} + +tun_db_entry_t *find_tun_db_entry(uint32_t ip_src, + uint32_t ip_dst) +{ + tun_db_entry_t *entry = NULL; + + /* Scan all entries and return first match */ + for (entry = tun_db->list; NULL != entry; entry = entry->next) { + if (entry->src_ip != ip_src) + continue; + if (entry->dst_ip != ip_dst) + continue; + break; + } + return entry; +} + +void dump_sa_db(void) +{ + sa_db_entry_t *entry; + + printf("\n" + "Security association table (ESP Only)\n" + "--------------------------\n"); + + for (entry = sa_db->list; NULL != entry; entry = entry->next) { + uint32_t idx; + char src_ip_str[MAX_STRING]; + char dst_ip_str[MAX_STRING]; + uint8_t *p = entry->key.data; + + if (entry->alg.cipher) { + printf(" %s %s %s %X %d ", + "cipher", + ipv4_addr_str(src_ip_str, entry->src_ip), + ipv4_addr_str(dst_ip_str, entry->dst_ip), + entry->spi, + (int)entry->alg.u.cipher); + } else { + printf(" %s \t\t\t\t\t %X %d ", + "auth", + entry->spi, + (int)entry->alg.u.auth); + } + /* Brute force key display */ + for (idx = 0; idx < entry->key.length; idx++) + printf("%02X", *p++); + + printf("\n"); + } +} + +sa_db_entry_t *find_sa_db_entry(ip_addr_range_t *src, + ip_addr_range_t *dst, + odp_bool_t cipher) +{ + sa_db_entry_t *entry = NULL; + + /* Scan all entries and return first match */ + for (entry = sa_db->list; NULL != entry; entry = entry->next) { + if (cipher != entry->alg.cipher) + continue; + if (!match_ip_range(entry->src_ip, src)) + continue; + if (!match_ip_range(entry->dst_ip, dst)) + continue; + break; + } + return entry; +} + +void dump_tun_db(void) +{ + tun_db_entry_t *entry; + + printf("\n" + "Tunnel table\n" + "--------------------------\n"); + + for (entry = tun_db->list; NULL != entry; entry = entry->next) { + char src_ip_str[MAX_STRING]; + char dst_ip_str[MAX_STRING]; + char tun_src_ip_str[MAX_STRING]; + char tun_dst_ip_str[MAX_STRING]; + + printf(" %s:%s %s:%s ", + ipv4_addr_str(src_ip_str, entry->src_ip), + ipv4_addr_str(dst_ip_str, entry->dst_ip), + ipv4_addr_str(tun_src_ip_str, entry->tun_src_ip), + ipv4_addr_str(tun_dst_ip_str, entry->tun_dst_ip) + ); + + printf("\n"); + } +} diff --git a/example/ipsec_offload/odp_ipsec_offload_sa_db.h b/example/ipsec_offload/odp_ipsec_offload_sa_db.h new file mode 100644 index 0000000..02b49d4 --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_sa_db.h @@ -0,0 +1,126 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_SA_DB_H_ +#define ODP_IPSEC_SA_DB_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/** + * Security Association (SA) data base entry + */ +typedef struct sa_db_entry_s { + struct sa_db_entry_s *next; /**< Next entry on list */ + uint32_t src_ip; /**< Source IPv4 address */ + uint32_t dst_ip; /**< Desitnation IPv4 address */ + uint32_t spi; /**< Security Parameter Index */ + ipsec_alg_t alg; /**< Cipher/auth algorithm */ + ipsec_key_t key; /**< Cipher/auth key */ + odp_ipsec_mode_t mode; /**< SA mode - transport/tun */ +} sa_db_entry_t; + +/** + * Security Association (SA) data base global structure + */ +typedef struct sa_db_s { + uint32_t index; /**< Index of next available entry */ + sa_db_entry_t *list; /**< List of active entries */ + sa_db_entry_t array[MAX_DB]; /**< Entry storage */ +} sa_db_t; + +/** Initialize SA database global control structure */ +void init_sa_db(void); + +/** + * Create an SA DB entry + * + * String is of the format "SrcIP:DstIP:Alg:SPI:Key" + * + * @param input Pointer to string describing SA + * @param cipher TRUE if cipher else FALSE for auth + * @param entries number of entries + * + * @return 0 if successful else -1 + */ +int create_sa_db_entry(char *input, odp_bool_t cipher, int entries); +/** + * Display the SA DB + */ +void dump_sa_db(void); + +/** + * Find a matching SA DB entry + * + * @param src Pointer to source subnet/range + * @param dst Pointer to destination subnet/range + * @param cipher TRUE if cipher else FALSE for auth + * + * @return pointer to SA DB entry else NULL + */ +sa_db_entry_t *find_sa_db_entry(ip_addr_range_t *src, + ip_addr_range_t *dst, + odp_bool_t cipher); + +/** + * Tunnel entry + */ +typedef struct tun_db_entry_s { + struct tun_db_entry_s *next; + uint32_t src_ip; /**< Inner Source IPv4 address */ + uint32_t dst_ip; /**< Inner Destination IPv4 address */ + uint32_t tun_src_ip; /**< Tunnel Source IPv4 address */ + uint32_t tun_dst_ip; /**< Tunnel Source IPv4 address */ +} tun_db_entry_t; + +/** + * Tunnel database + */ +typedef struct tun_db_s { + uint32_t index; /**< Index of next available entry */ + tun_db_entry_t *list; /**< List of active entries */ + tun_db_entry_t array[MAX_DB]; /**< Entry storage */ +} tun_db_t; + +/** Initialize tun database global control structure */ +void init_tun_db(void); + +/** + * Create an tunnel DB entry + * + * String is of the format "SrcIP:DstIP:TunSrcIp:TunDstIp" + * + * @param input Pointer to string describing tun + * @param entries number of entries + * + * @return 0 if successful else -1 + */ +int create_tun_db_entry(char *input, int entries); + +/** + * Display the tun DB + */ +void dump_tun_db(void); + +/** + * Find a matching tun DB entry + * + * @param ip_src Inner source IP address + * @param ip_dst Inner destination IP address + * + * @return pointer to tun DB entry else NULL + */ +tun_db_entry_t *find_tun_db_entry(uint32_t ip_src, + uint32_t ip_dst); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/example/ipsec_offload/odp_ipsec_offload_sp_db.c b/example/ipsec_offload/odp_ipsec_offload_sp_db.c new file mode 100644 index 0000000..9fcaaaa --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_sp_db.c @@ -0,0 +1,166 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/* enable strtok */ +#define _POSIX_C_SOURCE 200112L + +#include +#include + +#include + +#include + +#include + +/** Global pointer to sp db */ +sp_db_t *sp_db; + +void init_sp_db(void) +{ + odp_shm_t shm; + + shm = odp_shm_reserve("shm_sp_db", + sizeof(sp_db_t), + ODP_CACHE_LINE_SIZE, + 0); + + sp_db = odp_shm_addr(shm); + + if (sp_db == NULL) { + EXAMPLE_ABORT("Error: shared mem alloc failed.\n"); + } + memset(sp_db, 0, sizeof(*sp_db)); +} + +int create_sp_db_entry(char *input, int entries) +{ + int pos = 0, count = 0; + char *local; + char *str; + char *save; + char *token; + sp_db_entry_t *entry = &sp_db->array[sp_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= sp_db->index) + return -1; + + /* Make a local copy */ + local = malloc(strlen(input) + 1); + if (NULL == local) + return -1; + strcpy(local, input); + + /* Setup for using "strtok_r" to search input string */ + str = local; + save = NULL; + + /* Parse tokens separated by ':' */ + while (NULL != (token = strtok_r(str, ":", &save))) { + str = NULL; /* reset str for subsequent strtok_r calls */ + + /* Parse token based on its position */ + switch (pos) { + case 0: + parse_ipv4_string(token, + &entry->src_subnet.addr, + &entry->src_subnet.mask); + break; + case 1: + parse_ipv4_string(token, + &entry->dst_subnet.addr, + &entry->dst_subnet.mask); + break; + case 2: + if (0 == strcmp(token, "in")) + entry->input = TRUE; + else + entry->input = FALSE; + break; + case 3: + if (0 == strcmp(token, "esp")) { + entry->esp = TRUE; + } else if (0 == strcmp(token, "ah")) { + entry->ah = TRUE; + } else if (0 == strcmp(token, "both")) { + entry->esp = TRUE; + entry->ah = TRUE; + } + break; + default: + printf("ERROR: extra token \"%s\" at position %d\n", + token, pos); + break; + } + + /* Advance to next position */ + pos++; + } + + /* Verify we parsed exactly the number of tokens we expected */ + if (4 != pos) { + printf("ERROR: \"%s\" contains %d tokens, expected 4\n", + input, + pos); + free(local); + return -1; + } + + /* Add route to the list */ + sp_db->index++; + entry->next = sp_db->list; + sp_db->list = entry; + count++; + while (count < entries) { + sp_db_entry_t *new_entry = &sp_db->array[sp_db->index]; + + /* Verify we have a good entry */ + if (MAX_DB <= sp_db->index) + return -1; + + new_entry->src_subnet.addr = entry->src_subnet.addr + count; + new_entry->src_subnet.mask = entry->src_subnet.mask; + new_entry->dst_subnet.addr = entry->dst_subnet.addr + count; + new_entry->dst_subnet.mask = entry->dst_subnet.mask; + new_entry->input = entry->input; + new_entry->esp = entry->esp; + new_entry->ah = entry->ah; + /* Add route to the list */ + sp_db->index++; + new_entry->next = sp_db->list; + sp_db->list = new_entry; + count++; + } + + free(local); + return 0; +} + +void dump_sp_db_entry(sp_db_entry_t *entry) +{ + char src_subnet_str[MAX_STRING]; + char dst_subnet_str[MAX_STRING]; + + printf(" %s %s %s %s:%s\n", + ipv4_subnet_str(src_subnet_str, &entry->src_subnet), + ipv4_subnet_str(dst_subnet_str, &entry->dst_subnet), + entry->input ? "in" : "out", + entry->esp ? "esp" : "none", + entry->ah ? "ah" : "none"); +} + +void dump_sp_db(void) +{ + sp_db_entry_t *entry; + + printf("\n" + "Security policy table\n" + "---------------------\n"); + + for (entry = sp_db->list; NULL != entry; entry = entry->next) + dump_sp_db_entry(entry); +} diff --git a/example/ipsec_offload/odp_ipsec_offload_sp_db.h b/example/ipsec_offload/odp_ipsec_offload_sp_db.h new file mode 100644 index 0000000..bc6ba1a --- /dev/null +++ b/example/ipsec_offload/odp_ipsec_offload_sp_db.h @@ -0,0 +1,72 @@ +/* Copyright (c) 2017, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_IPSEC_SP_DB_H_ +#define ODP_IPSEC_SP_DB_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/** + * Security Policy (SP) data base entry + */ +typedef struct sp_db_entry_s { + struct sp_db_entry_s *next; /**< Next entry on list */ + ip_addr_range_t src_subnet; /**< Source IPv4 subnet/range */ + ip_addr_range_t dst_subnet; /**< Destination IPv4 subnet/range */ + odp_bool_t input; /**< Direction when applied */ + odp_bool_t esp; /**< Enable cipher (ESP) */ + odp_bool_t ah; /**< Enable authentication (AH) */ +} sp_db_entry_t; + +/** + * Security Policy (SP) data base global structure + */ +typedef struct sp_db_s { + uint32_t index; /**< Index of next available entry */ + sp_db_entry_t *list; /**< List of active entries */ + sp_db_entry_t array[MAX_DB]; /**< Entry storage */ +} sp_db_t; + +/** Global pointer to sp db */ +extern sp_db_t *sp_db; + +/** Initialize SP database global control structure */ +void init_sp_db(void); + +/** + * Create an SP DB entry + * + * String is of the format "SrcSubNet:DstSubNet:(in|out):(ah|esp|both)" + * + * @param input Pointer to string describing SP + * + * @param entries number of entries + * + * @return 0 if successful else -1 + */ +int create_sp_db_entry(char *input, int entries); + +/** + * Display one SP DB entry + * + * @param entry Pointer to entry to display + */ +void dump_sp_db_entry(sp_db_entry_t *entry); + +/** + * Display the SP DB + */ +void dump_sp_db(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/example/ipsec_offload/run_left b/example/ipsec_offload/run_left new file mode 100644 index 0000000..58986a2 --- /dev/null +++ b/example/ipsec_offload/run_left @@ -0,0 +1,14 @@ +#!/bin/bash +# + +./odp_ipsec_offload -f 64 -i dpni.1,dpni.2 \ +-r 192.168.111.2/32:dpni.1:00.10.94.00.00.02 \ +-r 192.168.222.2/32:dpni.2:00.00.00.00.00.1 \ +-p 192.168.111.2:192.168.222.2:out:both \ +-e 192.168.111.2:192.168.222.2:aes:201:656c8523255ccc23a66c1917aa0cf309 \ +-a 192.168.111.2:192.168.222.2:sha256:201:a731649644c5dee92cbd9c2e7e188ee6aa0cf309a731649644c5dee92cbd9c2e \ +-t 192.168.111.2:192.168.222.2:192.168.100.1:192.168.200.1 \ +-p 192.168.222.2:192.168.111.2:in:both \ +-e 192.168.222.2:192.168.111.2:aes:201:656c8523255ccc23a66c1917aa0cf309 \ +-a 192.168.222.2:192.168.111.2:sha256:201:a731649644c5dee92cbd9c2e7e188ee6aa0cf309a731649644c5dee92cbd9c2e \ +-t 192.168.222.2:192.168.111.2:192.168.200.1:192.168.100.1 & diff --git a/example/ipsec_offload/run_right b/example/ipsec_offload/run_right new file mode 100644 index 0000000..d49aa19 --- /dev/null +++ b/example/ipsec_offload/run_right @@ -0,0 +1,14 @@ +#!/bin/bash +# + +./odp_ipsec_offload -f 64 -i dpni.1,dpni.2 \ +-r 192.168.111.2/32:dpni.1:00.00.00.00.00.2 \ +-r 192.168.222.2/32:dpni.2:00.10.94.00.00.03 \ +-p 192.168.111.2:192.168.222.2:in:both \ +-e 192.168.111.2:192.168.222.2:aes:201:656c8523255ccc23a66c1917aa0cf309 \ +-a 192.168.111.2:192.168.222.2:sha256:201:a731649644c5dee92cbd9c2e7e188ee6aa0cf309a731649644c5dee92cbd9c2e \ +-t 192.168.111.2:192.168.222.2:192.168.100.1:192.168.200.1 \ +-p 192.168.222.2:192.168.111.2:out:both \ +-e 192.168.222.2:192.168.111.2:aes:201:656c8523255ccc23a66c1917aa0cf309 \ +-a 192.168.222.2:192.168.111.2:sha256:201:a731649644c5dee92cbd9c2e7e188ee6aa0cf309a731649644c5dee92cbd9c2e \ +-t 192.168.222.2:192.168.111.2:192.168.200.1:192.168.100.1 & diff --git a/example/m4/configure.m4 b/example/m4/configure.m4 index 620db04..03c006a 100644 --- a/example/m4/configure.m4 +++ b/example/m4/configure.m4 @@ -14,6 +14,7 @@ AC_CONFIG_FILES([example/classifier/Makefile example/generator/Makefile example/hello/Makefile example/ipsec/Makefile + example/ipsec_offload/Makefile example/l2fwd_simple/Makefile example/l3fwd/Makefile example/packet/Makefile