From patchwork Wed Jan 11 20:56:04 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
X-Patchwork-Id: 121849
X-Patchwork-Delegate: thomas@monjalon.net
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 900CF423AF;
	Wed, 11 Jan 2023 21:57:02 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 460FF42D58;
	Wed, 11 Jan 2023 21:56:22 +0100 (CET)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mails.dpdk.org (Postfix) with ESMTP id A476142D43
 for <dev@dpdk.org>; Wed, 11 Jan 2023 21:56:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1673470578; x=1705006578;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=m8kqkXJ9ngkUmnF2mgSDGB4G10UZU0EJJwwCWsomtk0=;
 b=HcVV+z7xt2jhClUmKTaEzQxRBOTd5TSnar1h7Jg8ZnX630UQd7uBZW1t
 y8Rd8OrSbxM/cLYHhmP7Xfvk06rARbAw//MLhAwp1SUPEDJLfRuIteCUR
 eOrU6ibIM8OjtwZ3wz6qE9mTesbqNkpoa6In9tVlNHdLgeUnqUOp/0A5S
 8FCNEBC9/KjfP8rCyYE/GxJMLZDbfROO4QozBCNWT6t+xwsBbvQccO/w+
 lXe4kOrse86rhSGDG4WTDob43PQaHDnkvyFZVx9KspmElI8h8A+QUKjmq
 M/nB+xKQFATY5ctZFKdVOocJp7d2gzSjgo6CXlwTpRyKx/oaiQmG4QQk/ A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="303229788"
X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="303229788"
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 11 Jan 2023 12:56:18 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="607518881"
X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="607518881"
Received: from silpixa00400573.ir.intel.com (HELO
 silpixa00400573.ger.corp.intel.com) ([10.237.222.53])
 by orsmga003.jf.intel.com with ESMTP; 11 Jan 2023 12:56:17 -0800
From: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
To: dev@dpdk.org
Cc: Kamalakannan R <kamalakannan.r@intel.com>
Subject: [PATCH 07/11] examples/pipeline: add IPsec CLI commands
Date: Wed, 11 Jan 2023 20:56:04 +0000
Message-Id: <20230111205608.87953-8-cristian.dumitrescu@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230111205608.87953-1-cristian.dumitrescu@intel.com>
References: <20230111205608.87953-1-cristian.dumitrescu@intel.com>
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Add CLI commands for IPsec block configuration.

Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Signed-off-by: Kamalakannan R <kamalakannan.r@intel.com>
---
 examples/pipeline/cli.c | 298 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 298 insertions(+)

diff --git a/examples/pipeline/cli.c b/examples/pipeline/cli.c
index 47c1adf772..efe2ff61db 100644
--- a/examples/pipeline/cli.c
+++ b/examples/pipeline/cli.c
@@ -18,6 +18,7 @@
 #include <rte_swx_port_fd.h>
 #include <rte_swx_pipeline.h>
 #include <rte_swx_ctl.h>
+#include <rte_swx_ipsec.h>
 
 #include "cli.h"
 
@@ -2909,6 +2910,263 @@ cmd_pipeline_mirror_session(char **tokens,
 	}
 }
 
+static const char cmd_ipsec_create_help[] =
+"ipsec <ipsec_instance_name> create "
+"in <ring_in_name> out <ring_out_name> "
+"cryptodev <crypto_dev_name> cryptoq <crypto_dev_queue_pair_id> "
+"bsz <ring_rd_bsz> <ring_wr_bsz> <crypto_wr_bsz> <crypto_rd_bsz> "
+"samax <n_sa_max> "
+"numa <numa_node>\n";
+
+static void
+cmd_ipsec_create(char **tokens,
+		 uint32_t n_tokens,
+		 char *out,
+		 size_t out_size,
+		 void *obj __rte_unused)
+{
+	struct rte_swx_ipsec_params p;
+	struct rte_swx_ipsec *ipsec;
+	char *ipsec_instance_name;
+	uint32_t numa_node;
+	int status;
+
+	if (n_tokens != 20) {
+		snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);
+		return;
+	}
+
+	ipsec_instance_name = tokens[1];
+
+	if (strcmp(tokens[2], "create")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "create");
+		return;
+	}
+
+	if (strcmp(tokens[3], "in")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "in");
+		return;
+	}
+
+	p.ring_in_name = tokens[4];
+
+	if (strcmp(tokens[5], "out")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "out");
+		return;
+	}
+
+	p.ring_out_name = tokens[6];
+
+	if (strcmp(tokens[7], "cryptodev")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "cryptodev");
+		return;
+	}
+
+	p.crypto_dev_name = tokens[8];
+
+	if (strcmp(tokens[9], "cryptoq")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "cryptoq");
+		return;
+	}
+
+	if (parser_read_uint32(&p.crypto_dev_queue_pair_id, tokens[10])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "crypto_dev_queue_pair_id");
+		return;
+	}
+
+	if (strcmp(tokens[11], "bsz")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "bsz");
+		return;
+	}
+
+	if (parser_read_uint32(&p.bsz.ring_rd, tokens[12])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "ring_rd_bsz");
+		return;
+	}
+
+	if (parser_read_uint32(&p.bsz.ring_wr, tokens[13])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "ring_wr_bsz");
+		return;
+	}
+
+	if (parser_read_uint32(&p.bsz.crypto_wr, tokens[14])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "crypto_wr_bsz");
+		return;
+	}
+
+	if (parser_read_uint32(&p.bsz.crypto_rd, tokens[15])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "crypto_rd_bsz");
+		return;
+	}
+
+	if (strcmp(tokens[16], "samax")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "samax");
+		return;
+	}
+
+	if (parser_read_uint32(&p.n_sa_max, tokens[17])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "n_sa_max");
+		return;
+	}
+
+	if (strcmp(tokens[18], "numa")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "numa");
+		return;
+	}
+
+	if (parser_read_uint32(&numa_node, tokens[19])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "numa_node");
+		return;
+	}
+
+	status = rte_swx_ipsec_create(&ipsec,
+				      ipsec_instance_name,
+				      &p,
+				      (int)numa_node);
+	if (status)
+		snprintf(out, out_size, "IPsec instance creation failed (%d).\n", status);
+}
+
+static const char cmd_ipsec_sa_add_help[] =
+"ipsec <ipsec_instance_name> sa add <file_name>\n";
+
+static void
+cmd_ipsec_sa_add(char **tokens,
+		 uint32_t n_tokens,
+		 char *out,
+		 size_t out_size,
+		 void *obj __rte_unused)
+{
+	struct rte_swx_ipsec *ipsec;
+	char *ipsec_instance_name, *file_name, *line = NULL;
+	FILE *file = NULL;
+	uint32_t line_id = 0;
+
+	if (n_tokens != 5) {
+		snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);
+		return;
+	}
+
+	ipsec_instance_name = tokens[1];
+	ipsec = rte_swx_ipsec_find(ipsec_instance_name);
+	if (!ipsec) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "ipsec_instance_name");
+		goto free;
+	}
+
+	if (strcmp(tokens[2], "sa")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "sa");
+		goto free;
+	}
+
+	if (strcmp(tokens[3], "add")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "add");
+		goto free;
+	}
+
+	file_name = tokens[4];
+	file = fopen(file_name, "r");
+	if (!file) {
+		snprintf(out, out_size, "Cannot open file %s.\n", file_name);
+		goto free;
+	}
+
+	/* Buffer allocation. */
+	line = malloc(MAX_LINE_SIZE);
+	if (!line) {
+		snprintf(out, out_size, MSG_OUT_OF_MEMORY);
+		goto free;
+	}
+
+	/* File read. */
+	for (line_id = 1; ; line_id++) {
+		struct rte_swx_ipsec_sa_params *sa;
+		const char *err_msg;
+		uint32_t sa_id = 0;
+		int is_blank_or_comment, status = 0;
+
+		if (fgets(line, MAX_LINE_SIZE, file) == NULL)
+			break;
+
+		/* Read SA from file. */
+		sa = rte_swx_ipsec_sa_read(ipsec, line, &is_blank_or_comment, &err_msg);
+		if (!sa) {
+			if (is_blank_or_comment)
+				continue;
+
+			snprintf(out, out_size, "Invalid SA in file \"%s\" at line %u: \"%s\"\n",
+				file_name, line_id, err_msg);
+			goto free;
+		}
+
+		snprintf(out, out_size, "%s", line);
+		out_size -= strlen(out);
+		out += strlen(out);
+
+		/* Add the SA to the IPsec instance. Free the SA. */
+		status = rte_swx_ipsec_sa_add(ipsec, sa, &sa_id);
+		if (status)
+			snprintf(out, out_size, "\t: Error (%d)\n", status);
+		else
+			snprintf(out, out_size, "\t: OK (SA ID = %u)\n", sa_id);
+		out_size -= strlen(out);
+		out += strlen(out);
+
+		free(sa);
+		if (status)
+			goto free;
+	}
+
+free:
+	if (file)
+		fclose(file);
+	free(line);
+}
+
+static const char cmd_ipsec_sa_delete_help[] =
+"ipsec <ipsec_instance_name> sa delete <sa_id>\n";
+
+static void
+cmd_ipsec_sa_delete(char **tokens,
+		    uint32_t n_tokens,
+		    char *out,
+		    size_t out_size,
+		    void *obj __rte_unused)
+{
+	struct rte_swx_ipsec *ipsec;
+	char *ipsec_instance_name;
+	uint32_t sa_id;
+
+	if (n_tokens != 5) {
+		snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);
+		return;
+	}
+
+	ipsec_instance_name = tokens[1];
+	ipsec = rte_swx_ipsec_find(ipsec_instance_name);
+	if (!ipsec) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "ipsec_instance_name");
+		return;
+	}
+
+	if (strcmp(tokens[2], "sa")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "sa");
+		return;
+	}
+
+	if (strcmp(tokens[3], "delete")) {
+		snprintf(out, out_size, MSG_ARG_NOT_FOUND, "delete");
+		return;
+	}
+
+	if (parser_read_uint32(&sa_id, tokens[4])) {
+		snprintf(out, out_size, MSG_ARG_INVALID, "sa_id");
+		return;
+	}
+
+	rte_swx_ipsec_sa_delete(ipsec, sa_id);
+}
+
 static const char cmd_thread_pipeline_enable_help[] =
 "thread <thread_id> pipeline <pipeline_name> enable [ period <timer_period_ms> ]\n";
 
@@ -3067,6 +3325,9 @@ cmd_help(char **tokens,
 			"\tpipeline meter stats\n"
 			"\tpipeline stats\n"
 			"\tpipeline mirror session\n"
+			"\tipsec create\n"
+			"\tipsec sa add\n"
+			"\tipsec sa delete\n"
 			"\tthread pipeline enable\n"
 			"\tthread pipeline disable\n\n");
 		return;
@@ -3291,6 +3552,26 @@ cmd_help(char **tokens,
 		return;
 	}
 
+	if (!strcmp(tokens[0], "ipsec") &&
+		(n_tokens == 2) && !strcmp(tokens[1], "create")) {
+		snprintf(out, out_size, "\n%s\n", cmd_ipsec_create_help);
+		return;
+	}
+
+	if (!strcmp(tokens[0], "ipsec") &&
+		(n_tokens == 3) && !strcmp(tokens[1], "sa")
+		&& !strcmp(tokens[2], "add")) {
+		snprintf(out, out_size, "\n%s\n", cmd_ipsec_sa_add_help);
+		return;
+	}
+
+	if (!strcmp(tokens[0], "ipsec") &&
+		(n_tokens == 3) && !strcmp(tokens[1], "sa")
+		&& !strcmp(tokens[2], "delete")) {
+		snprintf(out, out_size, "\n%s\n", cmd_ipsec_sa_delete_help);
+		return;
+	}
+
 	if ((n_tokens == 3) &&
 		(strcmp(tokens[0], "thread") == 0) &&
 		(strcmp(tokens[1], "pipeline") == 0)) {
@@ -3539,6 +3820,23 @@ cli_process(char *in, char *out, size_t out_size, void *obj)
 		}
 	}
 
+	if (!strcmp(tokens[0], "ipsec")) {
+		if (n_tokens >= 3 && !strcmp(tokens[2], "create")) {
+			cmd_ipsec_create(tokens, n_tokens, out, out_size, obj);
+			return;
+		}
+
+		if (n_tokens >= 4 && !strcmp(tokens[2], "sa") && !strcmp(tokens[3], "add")) {
+			cmd_ipsec_sa_add(tokens, n_tokens, out, out_size, obj);
+			return;
+		}
+
+		if (n_tokens >= 4 && !strcmp(tokens[2], "sa") && !strcmp(tokens[3], "delete")) {
+			cmd_ipsec_sa_delete(tokens, n_tokens, out, out_size, obj);
+			return;
+		}
+	}
+
 	if (strcmp(tokens[0], "thread") == 0) {
 		if ((n_tokens >= 5) &&
 			(strcmp(tokens[4], "enable") == 0)) {