From patchwork Thu Feb 16 14:24:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 124081 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 68D7A41CB2; Thu, 16 Feb 2023 15:25:15 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E743F42D74; Thu, 16 Feb 2023 15:25:10 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 60D6342D70 for ; Thu, 16 Feb 2023 15:25:09 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31GDe2Qk007429; Thu, 16 Feb 2023 06:25:03 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=XjW9CptDGT4Hb3xE44LZCXJ7bl3IDxmrqYnyUL11nu0=; b=RqgCCuGf5l+47XONnTwzYmd/5ZqQAXSoYHvRI349WVX8V2rtBev17vM3bDfaxgmdGeGE wkM5Wwlh8rOE3JFVNyiE9e/PkC9Rk4eB7bVpRP5tnQCKPL5sGdkLU3xGHxt7dV6s3jIG sCR6n+eZ9yh/Mab1KdU1lJeJNEB7ilPVLnDAmtO4Aep4gia2wl2iZwOLnASPcqhv3HmK BezigPUQRhBhQe3C5j/XMj/f/YGXJo4oZfrdlTGDAQLTP8mXiNNh0D6vu6trzVj3zNwz 7+1IApNrusz5rZONrFnMrFjf8Auo9EjUbqYwqi3u/RkZujO/MQVJz4FFUwpIU5oqG4dz VQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3nsg888xnd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Feb 2023 06:25:02 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 16 Feb 2023 06:25:01 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 16 Feb 2023 06:25:01 -0800 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id E4C6A3F7089; Thu, 16 Feb 2023 06:24:57 -0800 (PST) From: Akhil Goyal To: CC: , , , , , , , , , Akhil Goyal Subject: [PATCH 3/3] examples/ipsec-secgw: refactor inline capability check Date: Thu, 16 Feb 2023 19:54:42 +0530 Message-ID: <20230216142442.3657742-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230216142442.3657742-1-gakhil@marvell.com> References: <20230216142442.3657742-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: mUsg4NQttmnKTeUtyXinxnm_UGcYmb7k X-Proofpoint-GUID: mUsg4NQttmnKTeUtyXinxnm_UGcYmb7k X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-16_10,2023-02-16_01,2023-02-09_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In cases of inline IPsec, the supported ol_flags are retrieved from security capability of device. Now that capability checks are added before creating the session, ol_flags can be retrieved from the same function call. Signed-off-by: Akhil Goyal Acked-by: Kai Ji --- examples/ipsec-secgw/ipsec.c | 65 ++++++------------------------------ 1 file changed, 10 insertions(+), 55 deletions(-) diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index c51f1b7eb2..a5c2b524a7 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -208,7 +208,8 @@ verify_ipsec_capabilities(struct rte_security_ipsec_xform *ipsec_xform, static inline int verify_security_capabilities(struct rte_security_ctx *ctx, - struct rte_security_session_conf *sess_conf) + struct rte_security_session_conf *sess_conf, + uint32_t *ol_flags) { struct rte_security_capability_idx sec_cap_idx; const struct rte_security_capability *sec_cap; @@ -230,6 +231,9 @@ verify_security_capabilities(struct rte_security_ctx *ctx, if (verify_ipsec_capabilities(&sess_conf->ipsec, sec_cap)) return -ENOTSUP; + if (ol_flags != NULL) + *ol_flags = sec_cap->ol_flags; + return 0; } @@ -332,7 +336,7 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[], /* Set IPsec parameters in conf */ set_ipsec_conf(sa, &(sess_conf.ipsec)); - if (verify_security_capabilities(ctx, &sess_conf)) { + if (verify_security_capabilities(ctx, &sess_conf, NULL)) { RTE_LOG(ERR, IPSEC, "Requested security session config not supported\n"); return -1; @@ -486,7 +490,6 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO) { struct rte_flow_error err; - const struct rte_security_capability *sec_cap; int ret = 0; sec_ctx = (struct rte_security_ctx *) @@ -498,7 +501,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } - if (verify_security_capabilities(sec_ctx, &sess_conf)) { + if (verify_security_capabilities(sec_ctx, &sess_conf, + &ips->security.ol_flags)) { RTE_LOG(ERR, IPSEC, "Requested security session config not supported\n"); return -1; @@ -512,27 +516,6 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } - sec_cap = rte_security_capabilities_get(sec_ctx); - - /* iterate until ESP tunnel*/ - while (sec_cap->action != RTE_SECURITY_ACTION_TYPE_NONE) { - if (sec_cap->action == ips->type && - sec_cap->protocol == - RTE_SECURITY_PROTOCOL_IPSEC && - sec_cap->ipsec.mode == - RTE_SECURITY_IPSEC_SA_MODE_TUNNEL && - sec_cap->ipsec.direction == sa->direction) - break; - sec_cap++; - } - - if (sec_cap->action == RTE_SECURITY_ACTION_TYPE_NONE) { - RTE_LOG(ERR, IPSEC, - "No suitable security capability found\n"); - return -1; - } - - ips->security.ol_flags = sec_cap->ol_flags; ips->security.ctx = sec_ctx; sa->pattern[0].type = RTE_FLOW_ITEM_TYPE_ETH; @@ -676,8 +659,6 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } } else if (ips->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) { - const struct rte_security_capability *sec_cap; - sec_ctx = (struct rte_security_ctx *) rte_eth_dev_get_sec_ctx(sa->portid); @@ -703,7 +684,8 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, sess_conf.userdata = (void *) sa; - if (verify_security_capabilities(sec_ctx, &sess_conf)) { + if (verify_security_capabilities(sec_ctx, &sess_conf, + &ips->security.ol_flags)) { RTE_LOG(ERR, IPSEC, "Requested security session config not supported\n"); return -1; @@ -717,33 +699,6 @@ create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa, return -1; } - sec_cap = rte_security_capabilities_get(sec_ctx); - if (sec_cap == NULL) { - RTE_LOG(ERR, IPSEC, - "No capabilities registered\n"); - return -1; - } - - /* iterate until ESP tunnel*/ - while (sec_cap->action != - RTE_SECURITY_ACTION_TYPE_NONE) { - if (sec_cap->action == ips->type && - sec_cap->protocol == - RTE_SECURITY_PROTOCOL_IPSEC && - sec_cap->ipsec.mode == - sess_conf.ipsec.mode && - sec_cap->ipsec.direction == sa->direction) - break; - sec_cap++; - } - - if (sec_cap->action == RTE_SECURITY_ACTION_TYPE_NONE) { - RTE_LOG(ERR, IPSEC, - "No suitable security capability found\n"); - return -1; - } - - ips->security.ol_flags = sec_cap->ol_flags; ips->security.ctx = sec_ctx; }