#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <stdlib.h>
#include <getopt.h>
#include <signal.h>
#include <unistd.h>
#include <inttypes.h>
#include <odp/helper/odph_api.h>
#include <stdbool.h>
#include <sys/socket.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <netpacket/packet.h>
#include <net/ethernet.h>
#include <arpa/inet.h>
#include <odp_ipsec_misc.h>
#include <odp_ipsec_sa_db.h>
#include <odp_ipsec_sp_db.h>
#include <odp_ipsec_fwd_db.h>
#include <odp_ipsec_cache.h>
#ifndef NO_OPENSSL
#include <odp_ipsec_stream.h>
#else
static void init_stream_db(void) {}
static void deinit_stream_db(void) {}
static void resolve_stream_db(void) {}
static int create_stream_db_inputs(void)
{
return 0;
}
{
return true;
}
static int create_stream_db_entry(
char *input
ODP_UNUSED)
{
return -1;
}
#endif
#define MAX_WORKERS (ODP_THREAD_COUNT_MAX - 1)
#define MAX_POLL_QUEUES 256
typedef struct {
unsigned int cpu_count;
int if_count;
char **if_names;
crypto_api_mode_e mode;
char *if_str;
} appl_args_t;
typedef struct {
appl_args_t appl;
int num_polled_queues;
} global_data_t;
static void parse_args(int argc, char *argv[], appl_args_t *appl_args);
static void print_info(char *progname, appl_args_t *appl_args);
static void usage(char *progname);
#define SHM_PKT_POOL_BUF_COUNT 1024
#define SHM_PKT_POOL_BUF_SIZE 4096
#define SHM_PKT_POOL_SIZE (SHM_PKT_POOL_BUF_COUNT * SHM_PKT_POOL_BUF_SIZE)
#define SHM_OUT_POOL_BUF_COUNT 1024
#define SHM_OUT_POOL_BUF_SIZE 4096
#define SHM_OUT_POOL_SIZE (SHM_OUT_POOL_BUF_COUNT * SHM_OUT_POOL_BUF_SIZE)
typedef enum {
PKT_STATE_INPUT_VERIFY,
PKT_STATE_IPSEC_IN_CLASSIFY,
PKT_STATE_IPSEC_IN_FINISH,
PKT_STATE_ROUTE_LOOKUP,
PKT_STATE_IPSEC_OUT_CLASSIFY,
PKT_STATE_IPSEC_OUT_SEQ,
PKT_STATE_IPSEC_OUT_FINISH,
PKT_STATE_TRANSMIT,
} pkt_state_e;
typedef enum {
PKT_CONTINUE,
PKT_POSTED,
PKT_DROP,
PKT_DONE
} pkt_disposition_e;
typedef struct {
uint8_t ip_tos;
uint16_t ip_frag_offset;
uint8_t ip_ttl;
int hdr_len;
int trl_len;
uint16_t tun_hdr_offset;
uint16_t ah_offset;
uint16_t esp_offset;
uint32_t src_ip;
uint32_t dst_ip;
uint32_t *ah_seq;
uint32_t *esp_seq;
uint16_t *tun_hdr_id;
} ipsec_ctx_t;
typedef struct {
pkt_state_e state;
ipsec_ctx_t ipsec;
} pkt_ctx_t;
#define SHM_CTX_POOL_BUF_SIZE (sizeof(pkt_ctx_t))
#define SHM_CTX_POOL_BUF_COUNT (SHM_PKT_POOL_BUF_COUNT + SHM_OUT_POOL_BUF_COUNT)
#define SHM_CTX_POOL_SIZE (SHM_CTX_POOL_BUF_COUNT * SHM_CTX_POOL_BUF_SIZE)
static global_data_t *global;
{
if (global == NULL)
return;
}
static
{
}
static
{
pkt_ctx_t *ctx;
return NULL;
memset(ctx, 0, sizeof(*ctx));
ctx->buffer = ctx_buf;
return ctx;
}
static
void free_pkt_ctx(pkt_ctx_t *ctx)
{
}
static queue_create_func_t queue_create;
static schedule_func_t schedule_fn;
static
{
if (param)
printf("%s: change %s to PLAIN\n", __func__, name);
}
global->poll_queues[global->num_polled_queues++] = my_queue;
printf("%s: adding %"PRIu64"\n", __func__,
}
return my_queue;
}
static inline
{
}
static
{
int idx = 0;
while (idx < global->num_polled_queues) {
*from = queue;
return ev;
}
}
}
static
void ipsec_init_pre(void)
{
global->completionq = queue_create("completion", &qparam);
ODPH_ERR("Error: completion queue creation failed\n");
exit(EXIT_FAILURE);
}
global->seqnumq = queue_create("seqnum", &qparam);
ODPH_ERR("Error: sequence number queue creation failed\n");
exit(EXIT_FAILURE);
}
params.
pkt.
len = SHM_OUT_POOL_BUF_SIZE;
params.
pkt.
num = SHM_PKT_POOL_BUF_COUNT;
ODPH_ERR("Error: message pool create failed.\n");
exit(EXIT_FAILURE);
}
init_sp_db();
init_sa_db();
init_tun_db();
init_ipsec_cache();
}
static
void ipsec_init_post(crypto_api_mode_e api_mode)
{
sp_db_entry_t *entry;
for (entry = sp_db->list; NULL != entry; entry = entry->next) {
sa_db_entry_t *cipher_sa = NULL;
sa_db_entry_t *auth_sa = NULL;
tun_db_entry_t *tun = NULL;
if (entry->esp) {
cipher_sa = find_sa_db_entry(&entry->src_subnet,
&entry->dst_subnet,
1);
tun = find_tun_db_entry(cipher_sa->src_ip,
cipher_sa->dst_ip);
}
if (entry->ah) {
auth_sa = find_sa_db_entry(&entry->src_subnet,
&entry->dst_subnet,
0);
tun = find_tun_db_entry(auth_sa->src_ip,
auth_sa->dst_ip);
}
if (cipher_sa || auth_sa) {
if (create_ipsec_cache_entry(cipher_sa,
auth_sa,
tun,
api_mode,
entry->input,
global->completionq,
global->out_pool)) {
ODPH_ERR("Error: IPSec cache entry failed.\n"
);
exit(EXIT_FAILURE);
}
} else {
printf(" WARNING: SA not found for SP\n");
dump_sp_db_entry(entry);
}
}
}
#ifndef NO_OPENSSL
static
int check_stream_db_out(const char *intf)
{
stream_db_entry_t *stream = NULL;
for (stream = stream_db->list; NULL != stream; stream = stream->next) {
if (!strcmp(stream->output.intf, intf))
return 1;
}
return 0;
}
#else
static
int check_stream_db_out(
const char *intf
ODP_UNUSED)
{
return 0;
}
#endif
static
void initialize_intf(char *intf)
{
int ret;
uint8_t src_mac[ODPH_ETHADDR_LEN];
char src_mac_str[MAX_STRING];
if (getenv("ODP_IPSEC_USE_POLL_QUEUES") ||
check_stream_db_out(intf))
else
ODPH_ERR("Error: pktio create failed for %s\n", intf);
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: pktin config failed for %s\n", intf);
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: pktout config failed for %s\n", intf);
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: failed to get input queue for %s\n", intf);
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: failed to get pktout queue for %s\n", intf);
exit(EXIT_FAILURE);
}
if (ret) {
ODPH_ERR("Error: unable to start %s\n", intf);
exit(EXIT_FAILURE);
}
if (ret <= 0) {
ODPH_ERR("Error: failed during MAC address get for %s\n", intf);
exit(EXIT_FAILURE);
}
printf("Created pktio:%02" PRIu64 ", queue mode (ATOMIC queues)\n"
" default pktio%02" PRIu64 "-INPUT queue:%" PRIu64 "\n"
" source mac address %s\n",
mac_addr_str(src_mac_str, src_mac));
resolve_fwd_db(intf, pktio, pktout, src_mac);
}
static
{
return PKT_DROP;
return PKT_DROP;
return PKT_DROP;
return PKT_CONTINUE;
}
static
pkt_disposition_e do_route_fwd_db(
odp_packet_t pkt, pkt_ctx_t *ctx)
{
fwd_db_entry_t *entry;
if (entry) {
odph_ethhdr_t *eth =
memcpy(ð->dst, entry->dst_mac, ODPH_ETHADDR_LEN);
memcpy(ð->src, entry->src_mac, ODPH_ETHADDR_LEN);
ctx->pktout = entry->pktout;
return PKT_CONTINUE;
}
return PKT_DROP;
}
static
pkt_ctx_t *ctx,
{
int hdr_len;
odph_ahhdr_t *ah = NULL;
odph_esphdr_t *esp = NULL;
ipsec_cache_entry_t *entry;
*skip = TRUE;
hdr_len = locate_ipsec_headers(ip, &ah, &esp);
if (!ah && !esp)
return PKT_CONTINUE;
ah,
esp);
if (!entry)
return PKT_CONTINUE;
hdr_len += entry->esp.iv_len;
memset(¶ms, 0, sizeof(params));
params.
session = entry->state.session;
ctx->ipsec.ip_tos = ip->tos;
ctx->ipsec.ip_ttl = ip->ttl;
ctx->ipsec.ah_offset = ah ? ((uint8_t *)ah) - buf : 0;
ctx->ipsec.esp_offset = esp ? ((uint8_t *)esp) - buf : 0;
ctx->ipsec.hdr_len = hdr_len;
ctx->ipsec.trl_len = 0;
ctx->ipsec.src_ip = entry->src_ip;
ctx->ipsec.dst_ip = entry->dst_ip;
if (ah) {
ip->chksum = 0;
ip->tos = 0;
ip->frag_offset = 0;
ip->ttl = 0;
}
if (esp) {
}
if (entry->sa_flags & BIT_MODE_CIPHER) {
}
if (entry->sa_flags & BIT_MODE_AUTH) {
}
*skip = FALSE;
ctx->state = PKT_STATE_IPSEC_IN_FINISH;
if (entry->async) {
ODPH_ERR("Error: odp_crypto_op_enq() failed\n");
exit(EXIT_FAILURE);
}
return PKT_POSTED;
}
ODPH_ERR("Error: odp_crypto_op() failed\n");
exit(EXIT_FAILURE);
}
*pkt = out_pkt;
return PKT_CONTINUE;
}
static
pkt_ctx_t *ctx)
{
odph_ipv4hdr_t *ip;
int hdr_len = ctx->ipsec.hdr_len;
int trl_len = 0;
return PKT_DROP;
if (ctx->ipsec.ah_offset) {
odph_ahhdr_t *ah;
ah = (odph_ahhdr_t *)(ctx->ipsec.ah_offset + buf);
ip->proto = ah->next_header;
}
if (ctx->ipsec.esp_offset) {
odph_esptrl_t *esp_t = (odph_esptrl_t *)(eop) - 1;
ip->proto = esp_t->next_header;
trl_len += esp_t->pad_len + sizeof(*esp_t);
}
if (ip->proto == ODPH_IPV4) {
odph_ethhdr_t *eth;
eth->type = ODPH_ETHTYPE_IPV4;
if ((ip->src_addr != ctx->ipsec.src_ip ||
ip->dst_addr != ctx->ipsec.dst_ip))
return PKT_DROP;
return PKT_CONTINUE;
}
ipv4_adjust_len(ip, -(hdr_len + trl_len));
ip->ttl = ctx->ipsec.ip_ttl;
ip->tos = ctx->ipsec.ip_tos;
ip->chksum = 0;
odph_ipv4_csum_update(pkt);
memmove(ipv4_data_p(ip),
ipv4_data_p(ip) + hdr_len,
return PKT_CONTINUE;
}
static int generate_iv(uint8_t *buf, uint32_t size)
{
uint32_t n = 0;
int32_t ret;
while (n < size) {
if (ret < 0)
return 1;
n += ret;
}
return 0;
}
static
pkt_ctx_t *ctx,
{
uint16_t ip_data_len = ipv4_data_len(ip);
uint8_t *ip_data = ipv4_data_p(ip);
ipsec_cache_entry_t *entry;
int hdr_len = 0;
int trl_len = 0;
odph_ahhdr_t *ah = NULL;
odph_esphdr_t *esp = NULL;
*skip = TRUE;
ip->proto);
if (!entry)
return PKT_CONTINUE;
ctx->ipsec.ip_tos = ip->tos;
ctx->ipsec.ip_ttl = ip->ttl;
memset(¶ms, 0, sizeof(params));
params.
session = entry->state.session;
if (entry->mode == IPSEC_SA_MODE_TUNNEL) {
hdr_len += sizeof(odph_ipv4hdr_t);
ip_data = (uint8_t *)ip;
ip_data_len += sizeof(odph_ipv4hdr_t);
}
if (entry->ah.alg) {
ah = (odph_ahhdr_t *)(ip_data + hdr_len);
hdr_len += sizeof(odph_ahhdr_t);
hdr_len += entry->ah.icv_len;
}
if (entry->esp.alg) {
esp = (odph_esphdr_t *)(ip_data + hdr_len);
hdr_len += sizeof(odph_esphdr_t);
hdr_len += entry->esp.iv_len;
}
memmove(ip_data + hdr_len, ip_data, ip_data_len);
ip_data += hdr_len;
if (entry->mode == IPSEC_SA_MODE_TUNNEL) {
}
if (esp) {
uint32_t encrypt_len;
odph_esptrl_t *esp_t;
encrypt_len = ESP_ENCODE_LEN(ip_data_len +
sizeof(*esp_t),
entry->esp.block_len);
trl_len = encrypt_len - ip_data_len;
if (generate_iv(esp->iv, entry->esp.iv_len))
return PKT_DROP;
esp_t = (odph_esptrl_t *)(ip_data + encrypt_len) - 1;
esp_t->pad_len = trl_len - sizeof(*esp_t);
if (entry->mode == IPSEC_SA_MODE_TUNNEL)
esp_t->next_header = ODPH_IPV4;
else
esp_t->next_header = ip->proto;
ip->proto = ODPH_IPPROTO_ESP;
}
if (ah) {
memset(ah, 0, sizeof(*ah) + entry->ah.icv_len);
ah->ah_len = 1 + (entry->ah.icv_len / 4);
if (entry->mode == IPSEC_SA_MODE_TUNNEL && !esp)
ah->next_header = ODPH_IPV4;
else
ah->next_header = ip->proto;
ip->proto = ODPH_IPPROTO_AH;
ip->chksum = 0;
ip->tos = 0;
ip->frag_offset = 0;
ip->ttl = 0;
}
ipv4_adjust_len(ip, hdr_len + trl_len);
return PKT_DROP;
ctx->ipsec.hdr_len = hdr_len;
ctx->ipsec.trl_len = trl_len;
ctx->ipsec.ah_offset = ah ? ((uint8_t *)ah) - buf : 0;
ctx->ipsec.esp_offset = esp ? ((uint8_t *)esp) - buf : 0;
ctx->ipsec.tun_hdr_offset = (entry->mode == IPSEC_SA_MODE_TUNNEL) ?
((uint8_t *)ip - buf) : 0;
ctx->ipsec.ah_seq = &entry->state.ah_seq;
ctx->ipsec.esp_seq = &entry->state.esp_seq;
ctx->ipsec.tun_hdr_id = &entry->state.tun_hdr_id;
memcpy(&ctx->ipsec.params, ¶ms, sizeof(params));
*skip = FALSE;
return PKT_POSTED;
}
static
pkt_ctx_t *ctx)
{
ipsec_cache_entry_t *entry;
ip->proto);
if (!entry)
return PKT_DROP;
if (ctx->ipsec.ah_offset) {
odph_ahhdr_t *ah;
ah = (odph_ahhdr_t *)(ctx->ipsec.ah_offset + buf);
}
if (ctx->ipsec.esp_offset) {
odph_esphdr_t *esp;
esp = (odph_esphdr_t *)(ctx->ipsec.esp_offset + buf);
}
if (ctx->ipsec.tun_hdr_offset) {
odph_ipv4hdr_t *ip_tun;
ip_tun = (odph_ipv4hdr_t *)(ctx->ipsec.tun_hdr_offset + buf);
}
if (entry->async) {
&ctx->ipsec.params, 1) != 1) {
ODPH_ERR("Error: odp_crypto_op_enq() failed\n");
exit(EXIT_FAILURE);
}
return PKT_POSTED;
}
ODPH_ERR("Error: odp_crypto_op() failed\n");
exit(EXIT_FAILURE);
}
*pkt = out_pkt;
return PKT_CONTINUE;
}
static
pkt_ctx_t *ctx)
{
odph_ipv4hdr_t *ip;
return PKT_DROP;
ip->ttl = ctx->ipsec.ip_ttl;
ip->tos = ctx->ipsec.ip_tos;
ip->chksum = 0;
odph_ipv4_csum_update(pkt);
return PKT_CONTINUE;
}
static
{
int thr;
unsigned long pkt_cnt = 0;
printf("Pktio thread [%02i] starts\n", thr);
pkt_disposition_e rc;
pkt_ctx_t *ctx;
ev = schedule_fn(&dispatchq);
continue;
if (global->seqnumq == dispatchq ||
global->completionq == dispatchq) {
ctx = get_pkt_ctx_from_pkt(pkt);
} else {
ctx = alloc_pkt_ctx(pkt);
if (!ctx) {
continue;
}
ctx->state = PKT_STATE_INPUT_VERIFY;
}
} else {
ODPH_ERR("Error: Bad event type\n");
exit(EXIT_FAILURE);
}
do {
switch (ctx->state) {
case PKT_STATE_INPUT_VERIFY:
rc = do_input_verify(pkt, ctx);
ctx->state = PKT_STATE_IPSEC_IN_CLASSIFY;
break;
case PKT_STATE_IPSEC_IN_CLASSIFY:
ctx->state = PKT_STATE_ROUTE_LOOKUP;
rc = do_ipsec_in_classify(&pkt,
ctx,
&skip);
break;
case PKT_STATE_IPSEC_IN_FINISH:
rc = do_ipsec_in_finish(pkt, ctx);
ctx->state = PKT_STATE_ROUTE_LOOKUP;
break;
case PKT_STATE_ROUTE_LOOKUP:
rc = do_route_fwd_db(pkt, ctx);
ctx->state = PKT_STATE_IPSEC_OUT_CLASSIFY;
break;
case PKT_STATE_IPSEC_OUT_CLASSIFY:
rc = do_ipsec_out_classify(pkt,
ctx,
&skip);
ctx->state = PKT_STATE_TRANSMIT;
} else {
ctx->state = PKT_STATE_IPSEC_OUT_SEQ;
rc = PKT_DROP;
}
break;
case PKT_STATE_IPSEC_OUT_SEQ:
ctx->state = PKT_STATE_IPSEC_OUT_FINISH;
rc = do_ipsec_out_seq(&pkt, ctx);
break;
case PKT_STATE_IPSEC_OUT_FINISH:
rc = do_ipsec_out_finish(pkt, ctx);
ctx->state = PKT_STATE_TRANSMIT;
break;
case PKT_STATE_TRANSMIT:
rc = PKT_DROP;
} else {
rc = PKT_DONE;
}
break;
default:
rc = PKT_DROP;
break;
}
} while (PKT_CONTINUE == rc);
if ((PKT_DROP == rc) || (PKT_DONE == rc))
free_pkt_ctx(ctx);
if (PKT_DROP == rc)
if (PKT_DONE == rc) {
printf(" [%02i] pkt_cnt:%lu\n", thr, pkt_cnt);
fflush(NULL);
}
}
}
return 0;
}
int
main(int argc, char *argv[])
{
odph_helper_options_t helper_options;
odph_thread_t thread_tbl[MAX_WORKERS];
odph_thread_common_param_t thr_common;
odph_thread_param_t thr_param;
int num_workers;
int i;
int stream_count;
schedule_fn = odp_schedule_cb;
if (getenv("ODP_IPSEC_USE_POLL_QUEUES")) {
queue_create = polled_odp_queue_create;
schedule_fn = polled_odp_schedule_cb;
}
argc = odph_parse_options(argc, argv);
if (odph_options(&helper_options)) {
ODPH_ERR("Error: reading ODP helper options failed.\n");
exit(EXIT_FAILURE);
}
signal(SIGINT, sig_handler);
init_param.
mem_model = helper_options.mem_model;
ODPH_ERR("Error: ODP global init failed.\n");
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: ODP local init failed.\n");
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: Crypto capability request failed.\n");
exit(EXIT_FAILURE);
}
if ((NULL == getenv("ODP_IPSEC_USE_POLL_QUEUES")) &&
ODPH_ERR("Error: scheduled type compl queue not supported.\n");
exit(EXIT_FAILURE);
} else if ((NULL != getenv("ODP_IPSEC_USE_POLL_QUEUES")) &&
ODPH_ERR("Error: Plain type compl queue not supported.\n");
exit(EXIT_FAILURE);
}
ODP_CACHE_LINE_SIZE, 0);
ODPH_ERR("Error: shared mem reserve failed.\n");
exit(EXIT_FAILURE);
}
if (NULL == global) {
ODPH_ERR("Error: shared mem alloc failed.\n");
exit(EXIT_FAILURE);
}
memset(global, 0, sizeof(global_data_t));
global->shm = shm;
global->crypto_capa = crypto_capa;
ipsec_init_pre();
init_fwd_db();
init_stream_db();
parse_args(argc, argv, &global->appl);
print_info(NO_PATH(argv[0]), &global->appl);
num_workers = MAX_WORKERS;
if (global->appl.cpu_count && global->appl.cpu_count < MAX_WORKERS)
num_workers = global->appl.cpu_count;
printf("num worker threads: %i\n", num_workers);
printf("cpu mask: %s\n", cpumaskstr);
params.
pkt.
len = SHM_PKT_POOL_BUF_SIZE;
params.
pkt.
num = SHM_PKT_POOL_BUF_COUNT;
ODPH_ERR("Error: packet pool create failed.\n");
exit(EXIT_FAILURE);
}
params.
buf.
size = SHM_CTX_POOL_BUF_SIZE;
params.
buf.
num = SHM_CTX_POOL_BUF_COUNT;
ODPH_ERR("Error: context pool create failed.\n");
exit(EXIT_FAILURE);
}
printf("Using %s mode for crypto API\n\n",
(CRYPTO_API_SYNC == global->appl.mode) ? "SYNC" : "ASYNC");
ipsec_init_post(global->appl.mode);
for (i = 0; i < global->appl.if_count; i++)
initialize_intf(global->appl.if_names[i]);
resolve_stream_db();
stream_count = create_stream_db_inputs();
if (stream_count < 0) {
ODPH_ERR("Error: creating input packets failed\n");
exit(EXIT_FAILURE);
}
odph_thread_common_param_init(&thr_common);
thr_common.instance = instance;
thr_common.cpumask = &cpumask;
thr_common.share_param = 1;
odph_thread_param_init(&thr_param);
thr_param.start = pktio_thread;
thr_param.arg = NULL;
memset(thread_tbl, 0, sizeof(thread_tbl));
odph_thread_create(thread_tbl, &thr_common, &thr_param, num_workers);
if (stream_count) {
do {
done = verify_stream_db_outputs();
usleep(100000);
} while (!done);
printf("All received\n");
}
odph_thread_join(thread_tbl, num_workers);
for (i = 0; i < global->appl.if_count; i++) {
continue;
ODPH_ERR("Error: failed to close pktio %s\n",
global->appl.if_names[i]);
exit(EXIT_FAILURE);
}
}
free(global->appl.if_names);
free(global->appl.if_str);
if (destroy_ipsec_cache())
ODPH_ERR("Error: crypto session destroy failed\n");
ODPH_ERR("Error: queue destroy failed\n");
ODPH_ERR("Error: queue destroy failed\n");
ODPH_ERR("Error: pool destroy failed\n");
ODPH_ERR("Error: pool destroy failed\n");
ODPH_ERR("Error: pool destroy failed\n");
ODPH_ERR("Error: shm free shm_ipsec_cache failed\n");
ODPH_ERR("Error: shm free shm_fwd_db failed\n");
ODPH_ERR("Error: shm free shm_sa_db failed\n");
ODPH_ERR("Error: shm free shm_tun_db failed\n");
ODPH_ERR("Error: shm free shm_sp_db failed\n");
deinit_stream_db();
ODPH_ERR("Error: shm free global data failed\n");
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: term local failed\n");
exit(EXIT_FAILURE);
}
ODPH_ERR("Error: term global failed\n");
exit(EXIT_FAILURE);
}
printf("Exit\n\n");
return 0;
}
static void parse_args(int argc, char *argv[], appl_args_t *appl_args)
{
int opt;
int long_index;
char *token;
size_t len;
int rc = 0;
int i;
static const struct option longopts[] = {
{"count", required_argument, NULL, 'c'},
{"interface", required_argument, NULL, 'i'},
{"mode", required_argument, NULL, 'm'},
{"route", required_argument, NULL, 'r'},
{"policy", required_argument, NULL, 'p'},
{"ah", required_argument, NULL, 'a'},
{"esp", required_argument, NULL, 'e'},
{"tunnel", required_argument, NULL, 't'},
{"stream", required_argument, NULL, 's'},
{"help", no_argument, NULL, 'h'},
{NULL, 0, NULL, 0}
};
static const char *shortopts = "+c:i:m:r:p:a:e:t:s:h";
printf("\nParsing command line options\n");
appl_args->cpu_count = 1;
appl_args->mode = 0;
while (!rc) {
opt = getopt_long(argc, argv, shortopts, longopts, &long_index);
if (-1 == opt)
break;
switch (opt) {
case 'c':
appl_args->cpu_count = atoi(optarg);
break;
case 'i':
len = strlen(optarg);
if (0 == len) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
len += 1;
appl_args->if_str = malloc(len);
if (appl_args->if_str == NULL) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
strcpy(appl_args->if_str, optarg);
for (token = strtok(appl_args->if_str, ","), i = 0;
token != NULL;
token = strtok(NULL, ","), i++)
;
appl_args->if_count = i;
if (0 == appl_args->if_count) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
appl_args->if_names =
calloc(appl_args->if_count, sizeof(char *));
strcpy(appl_args->if_str, optarg);
for (token = strtok(appl_args->if_str, ","), i = 0;
token != NULL; token = strtok(NULL, ","), i++) {
appl_args->if_names[i] = token;
}
break;
case 'm':
appl_args->mode = atoi(optarg);
break;
case 'r':
rc = create_fwd_db_entry(optarg, appl_args->if_names,
appl_args->if_count);
break;
case 'p':
rc = create_sp_db_entry(optarg, TRUE);
break;
case 'a':
rc = create_sa_db_entry(optarg, FALSE);
break;
case 'e':
rc = create_sa_db_entry(optarg, TRUE);
break;
case 't':
rc = create_tun_db_entry(optarg);
break;
case 's':
rc = create_stream_db_entry(optarg);
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
break;
default:
break;
}
}
if (rc) {
printf("ERROR: failed parsing -%c option\n", opt);
usage(argv[0]);
exit(EXIT_FAILURE);
}
if (0 == appl_args->if_count) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
optind = 1;
}
static void print_info(char *progname, appl_args_t *appl_args)
{
int i;
printf("Running ODP appl: \"%s\"\n"
"-----------------\n"
"IF-count: %i\n"
"Using IFs: ",
progname, appl_args->if_count);
for (i = 0; i < appl_args->if_count; ++i)
printf(" %s", appl_args->if_names[i]);
printf("\n");
dump_fwd_db();
dump_sp_db();
dump_sa_db();
dump_tun_db();
printf("\n\n");
fflush(NULL);
}
static void usage(char *progname)
{
printf("\n"
"Usage: %s OPTIONS\n"
" E.g. %s -i eth1,eth2,eth3 -m 0\n"
"\n"
"OpenDataPlane example application.\n"
"\n"
"Mandatory OPTIONS:\n"
" -i, --interface Eth interfaces (comma-separated, no spaces)\n"
" -m, --mode 0: SYNC\n"
" 1: ASYNC\n"
" Default: 0: SYNC api mode\n"
"\n"
"Routing / IPSec OPTIONS:\n"
" -r, --route SubNet,Intf,NextHopMAC\n"
" -p, --policy SrcSubNet,DstSubNet,(in|out),(ah|esp|both)\n"
" -e, --esp SrcIP,DstIP,(3des|null),SPI,Key192\n"
" -a, --ah SrcIP,DstIP,(sha256|sha1|md5|null),SPI,Key(256|160|128)\n"
"\n"
" Where: NextHopMAC is raw hex/colon notation, i.e. 03:BA;44:9A:CE:02\n"
" IP is decimal/dot notation, i.e. 192.168.1.1\n"
" SubNet is decimal/dot/slash notation, i.e 192.168.0.0/16\n"
" SPI is raw hex, 32 bits\n"
" KeyXXX is raw hex, XXX bits long\n"
"\n"
" Examples:\n"
" -r 192.168.222.0/24,p8p1,08:00:27:F5:8B:DB\n"
" -p 192.168.111.0/24,192.168.222.0/24,out,esp\n"
" -e 192.168.111.2,192.168.222.2,3des,201,656c8523255ccc23a66c1917aa0cf30991fce83532a4b224\n"
" -a 192.168.111.2,192.168.222.2,md5,201,a731649644c5dee92cbd9c2e7e188ee6\n"
"\n"
"Optional OPTIONS\n"
" -c, --count <number> CPU count, 0=all available, default=1\n"
" -s, --stream SrcIP,DstIP,InIntf,OutIntf,Count,Length\n"
" -h, --help Display help and exit.\n"
" environment variables: ODP_IPSEC_USE_POLL_QUEUES\n"
" to enable use of poll queues instead of scheduled (default)\n"
" ODP_IPSEC_STREAM_VERIFY_MDEQ\n"
" to enable use of multiple dequeue for queue draining during\n"
" stream verification instead of single dequeue (default)\n"
"\n", NO_PATH(progname), NO_PATH(progname)
);
}
{
int num;
switch (alg) {
alg_ok = false;
break;
alg_ok = false;
break;
default:
alg_ok = false;
break;
}
if (!alg_ok) {
printf("ERROR: cipher algorithm not supported\n");
return false;
}
if (num < 0) {
printf("ERROR: odp_crypto_cipher_capability() failed\n");
return false;
}
for (int n = 0; n < num; n++) {
if (capa->
key_len == sa->key.length &&
*sa_flags |= BIT_MODE_CIPHER;
return true;
}
}
printf("ERROR: cipher key length or IV length not supported\n");
return false;
}
{
int num;
switch (alg) {
alg_ok = false;
break;
alg_ok = false;
break;
alg_ok = false;
break;
alg_ok = false;
break;
default:
alg_ok = false;
break;
}
if (!alg_ok) {
printf("ERROR: auth algorithm not supported\n");
return false;
}
if (num < 0) {
printf("ERROR: odp_crypto_auth_capability() failed\n");
return false;
}
for (int n = 0; n < num; n++) {
*sa_flags |= BIT_MODE_AUTH;
return true;
}
}
printf("ERROR: auth ICV length or key length not supported\n");
return false;
}
odp_bool_t sa_config_supported(
const sa_db_entry_t *sa,
int *sa_flags);
odp_bool_t sa_config_supported(
const sa_db_entry_t *sa,
int *sa_flags)
{
return sa->alg.cipher ? cipher_supported(sa->alg.u.cipher, sa, sa_flags)
: auth_supported(sa->alg.u.auth, sa, sa_flags);
}
void odp_atomic_init_u32(odp_atomic_u32_t *atom, uint32_t val)
Initialize atomic uint32 variable.
uint32_t odp_atomic_load_u32(odp_atomic_u32_t *atom)
Load value of atomic uint32 variable.
void odp_atomic_store_u32(odp_atomic_u32_t *atom, uint32_t val)
Store value to atomic uint32 variable.
void odp_barrier_init(odp_barrier_t *barr, int count)
Initialize barrier with thread count.
void odp_barrier_wait(odp_barrier_t *barr)
Synchronize thread execution on barrier.
odp_buffer_t odp_buffer_alloc(odp_pool_t pool)
Buffer alloc.
void odp_buffer_free(odp_buffer_t buf)
Buffer free.
void * odp_buffer_addr(odp_buffer_t buf)
Buffer start address.
#define ODP_BUFFER_INVALID
Invalid buffer.
#define odp_unlikely(x)
Branch unlikely taken.
odp_u16be_t odp_cpu_to_be_16(uint16_t cpu16)
Convert cpu native uint16_t to 16bit big endian.
#define ODP_UNUSED
Intentionally unused variables of functions.
uint16_t odp_be_to_cpu_16(odp_u16be_t be16)
Convert 16bit big endian to cpu native uint16_t.
odp_u32be_t odp_cpu_to_be_32(uint32_t cpu32)
Convert cpu native uint32_t to 32bit big endian.
uint32_t odp_be_to_cpu_32(odp_u32be_t be32)
Convert 32bit big endian to cpu native uint32_t.
int odp_cpumask_default_worker(odp_cpumask_t *mask, int num)
Default CPU mask for worker threads.
int odp_cpumask_first(const odp_cpumask_t *mask)
Find first set CPU in mask.
int32_t odp_cpumask_to_str(const odp_cpumask_t *mask, char *str, int32_t size)
Format a string from CPU mask.
#define ODP_CPUMASK_STR_SIZE
The maximum number of characters needed to record any CPU mask as a string (output of odp_cpumask_to_...
int odp_crypto_cipher_capability(odp_cipher_alg_t cipher, odp_crypto_cipher_capability_t capa[], int num)
Query supported cipher algorithm capabilities.
odp_cipher_alg_t
Crypto API cipher algorithm.
int odp_crypto_capability(odp_crypto_capability_t *capa)
Query crypto capabilities.
int odp_crypto_result(odp_crypto_packet_result_t *result, odp_packet_t packet)
Get crypto operation results from a crypto processed packet.
int odp_crypto_op(const odp_packet_t pkt_in[], odp_packet_t pkt_out[], const odp_crypto_packet_op_param_t param[], int num_pkt)
Crypto packet operation.
odp_auth_alg_t
Crypto API authentication algorithm.
int odp_crypto_op_enq(const odp_packet_t pkt_in[], const odp_packet_t pkt_out[], const odp_crypto_packet_op_param_t param[], int num_pkt)
Crypto packet operation.
int odp_crypto_auth_capability(odp_auth_alg_t auth, odp_crypto_auth_capability_t capa[], int num)
Query supported authentication algorithm capabilities.
@ ODP_CIPHER_ALG_3DES_CBC
Triple DES with cipher block chaining.
@ ODP_CIPHER_ALG_NULL
No cipher algorithm specified.
@ ODP_AUTH_ALG_NULL
No authentication algorithm specified.
@ ODP_AUTH_ALG_MD5_HMAC
HMAC-MD5.
@ ODP_AUTH_ALG_SHA1_HMAC
HMAC-SHA-1.
@ ODP_AUTH_ALG_SHA256_HMAC
HMAC-SHA-256.
_odp_abi_event_t * odp_event_t
ODP event.
odp_event_subtype_t
Event subtype.
odp_event_type_t odp_event_types(odp_event_t event, odp_event_subtype_t *subtype)
Event type and subtype of an event.
#define ODP_EVENT_INVALID
Invalid event.
void odp_init_param_init(odp_init_t *param)
Initialize the odp_init_t to default values for all fields.
int odp_init_local(odp_instance_t instance, odp_thread_type_t thr_type)
Thread local ODP initialization.
int odp_init_global(odp_instance_t *instance, const odp_init_t *params, const odp_platform_init_t *platform_params)
Global ODP initialization.
int odp_term_local(void)
Thread local ODP termination.
int odp_term_global(odp_instance_t instance)
Global ODP termination.
uint64_t odp_instance_t
ODP instance ID.
int odp_pktio_mac_addr(odp_pktio_t pktio, void *mac_addr, int size)
Get the default MAC address of a packet IO interface.
void odp_pktin_queue_param_init(odp_pktin_queue_param_t *param)
Initialize packet input queue parameters.
void odp_pktio_param_init(odp_pktio_param_t *param)
Initialize pktio params.
int odp_pktio_close(odp_pktio_t pktio)
Close a packet IO interface.
odp_pktio_t odp_pktio_lookup(const char *name)
Return a packet IO handle for an already open device.
int odp_pktout_queue(odp_pktio_t pktio, odp_pktout_queue_t queues[], int num)
Direct packet output queues.
int odp_pktin_event_queue(odp_pktio_t pktio, odp_queue_t queues[], int num)
Event queues for packet input.
odp_pktio_t odp_pktio_open(const char *name, odp_pool_t pool, const odp_pktio_param_t *param)
Open a packet IO interface.
int odp_pktio_start(odp_pktio_t pktio)
Start packet receive and transmit.
#define ODP_PKTIO_INVALID
Invalid packet IO handle.
int odp_pktio_stop(odp_pktio_t pktio)
Stop packet receive and transmit.
int odp_pktout_send(odp_pktout_queue_t queue, const odp_packet_t packets[], int num)
Send packets directly to an interface output queue.
uint64_t odp_pktio_to_u64(odp_pktio_t pktio)
Get printable value for an odp_pktio_t.
int odp_pktin_queue_config(odp_pktio_t pktio, const odp_pktin_queue_param_t *param)
Configure packet input queues.
int odp_pktout_queue_config(odp_pktio_t pktio, const odp_pktout_queue_param_t *param)
Configure packet output queues.
@ ODP_PKTIN_MODE_QUEUE
Packet input through plain event queues.
@ ODP_PKTIN_MODE_SCHED
Packet input through scheduler and scheduled event queues.
void * odp_packet_pull_head(odp_packet_t pkt, uint32_t len)
Pull in packet head.
void * odp_packet_user_ptr(odp_packet_t pkt)
User context pointer.
int odp_packet_has_ipv4(odp_packet_t pkt)
Check for IPv4.
void * odp_packet_data(odp_packet_t pkt)
Packet data pointer.
int odp_packet_has_eth(odp_packet_t pkt)
Check for Ethernet header.
void * odp_packet_push_tail(odp_packet_t pkt, uint32_t len)
Push out packet tail.
int odp_packet_has_error(odp_packet_t pkt)
Check for all parse errors in packet.
odp_packet_t odp_packet_from_event(odp_event_t ev)
Get packet handle from event.
void odp_packet_free(odp_packet_t pkt)
Free packet.
void * odp_packet_l2_ptr(odp_packet_t pkt, uint32_t *len)
Layer 2 start pointer.
void odp_packet_user_ptr_set(odp_packet_t pkt, const void *user_ptr)
Set user context pointer.
void * odp_packet_l3_ptr(odp_packet_t pkt, uint32_t *len)
Layer 3 start pointer.
void * odp_packet_pull_tail(odp_packet_t pkt, uint32_t len)
Pull in packet tail.
odp_pool_t odp_pool_create(const char *name, const odp_pool_param_t *param)
Create a pool.
void odp_pool_param_init(odp_pool_param_t *param)
Initialize pool params.
int odp_pool_destroy(odp_pool_t pool)
Destroy a pool previously created by odp_pool_create()
#define ODP_POOL_INVALID
Invalid pool.
@ ODP_POOL_BUFFER
Buffer pool.
@ ODP_POOL_PACKET
Packet pool.
_odp_abi_queue_t * odp_queue_t
ODP queue.
void odp_queue_param_init(odp_queue_param_t *param)
Initialize queue params.
#define ODP_QUEUE_INVALID
Invalid queue.
odp_event_t odp_queue_deq(odp_queue_t queue)
Dequeue an event from a queue.
odp_queue_type_t
Queue type.
int odp_queue_enq(odp_queue_t queue, odp_event_t ev)
Enqueue an event to a queue.
odp_queue_t odp_queue_create(const char *name, const odp_queue_param_t *param)
Queue create.
int odp_queue_destroy(odp_queue_t queue)
Destroy ODP queue.
uint64_t odp_queue_to_u64(odp_queue_t hdl)
Get printable value for an odp_queue_t.
@ ODP_QUEUE_TYPE_SCHED
Scheduled queue.
@ ODP_QUEUE_TYPE_PLAIN
Plain queue.
int32_t odp_random_data(uint8_t *buf, uint32_t len, odp_random_kind_t kind)
Generate random byte data.
@ ODP_RANDOM_CRYPTO
Cryptographic quality random.
#define ODP_SCHED_SYNC_ATOMIC
Atomic queue synchronization.
#define ODP_SCHED_NO_WAIT
Do not wait.
int odp_schedule_max_prio(void)
Maximum scheduling priority level.
int odp_schedule_config(const odp_schedule_config_t *config)
Global schedule configuration.
odp_event_t odp_schedule(odp_queue_t *from, uint64_t wait)
Schedule an event.
#define ODP_SCHED_GROUP_ALL
Group of all threads.
odp_shm_t odp_shm_lookup(const char *name)
Lookup for a block of shared memory.
int odp_shm_free(odp_shm_t shm)
Free a contiguous block of shared memory.
#define ODP_SHM_INVALID
Invalid shared memory block.
void * odp_shm_addr(odp_shm_t shm)
Shared memory block address.
odp_shm_t odp_shm_reserve(const char *name, uint64_t size, uint64_t align, uint32_t flags)
Reserve a contiguous block of shared memory.
bool odp_bool_t
Boolean type.
void odp_sys_info_print(void)
Print system info.
int odp_thread_id(void)
Get thread identifier.
@ ODP_THREAD_WORKER
Worker thread.
@ ODP_THREAD_CONTROL
Control thread.
Authentication algorithm capabilities.
odp_bool_t bit_mode
Auth algorithm supports bit mode.
uint32_t digest_len
Digest length in bytes.
uint32_t key_len
Key length in bytes.
uint32_t iv_len
IV length in bytes.
odp_bool_t queue_type_sched
Scheduled crypto completion queue support.
odp_bool_t queue_type_plain
Plain crypto completion queue support.
Cipher algorithm capabilities.
odp_bool_t bit_mode
Cipher supports bit mode.
uint32_t key_len
Key length in bytes.
uint32_t iv_len
IV length in bytes.
Crypto packet API per packet operation parameters.
uint32_t hash_result_offset
Offset from start of packet for hash result.
const uint8_t * cipher_iv_ptr
IV pointer for cipher.
odp_packet_data_range_t cipher_range
Data range to be ciphered.
odp_crypto_session_t session
Session handle from creation.
odp_packet_data_range_t auth_range
Data range to be authenticated.
Global initialization parameters.
odp_mem_model_t mem_model
Application memory model.
uint32_t offset
Offset from beginning of packet.
uint32_t length
Length of data to operate on.
Packet input queue parameters.
odp_queue_param_t queue_param
Queue parameters.
odp_pktin_mode_t in_mode
Packet input mode.
uint32_t num
Number of buffers in the pool.
struct odp_pool_param_t::@122 buf
Parameters for buffer pools.
uint32_t align
Minimum buffer alignment in bytes.
uint32_t size
Minimum buffer size in bytes.
odp_pool_type_t type
Pool type.
struct odp_pool_param_t::@123 pkt
Parameters for packet pools.
uint32_t len
Minimum length of 'num' packets.
uint32_t seg_len
Minimum number of packet data bytes that can be stored in the first segment of a newly allocated pack...
odp_schedule_param_t sched
Scheduler parameters.
odp_queue_type_t type
Queue type.
odp_schedule_group_t group
Thread group.
odp_schedule_prio_t prio
Priority level.
odp_schedule_sync_t sync
Synchronization method.
Authentication algorithms in a bit field structure.
uint32_t null
ODP_AUTH_ALG_NULL.
uint32_t sha1_hmac
ODP_AUTH_ALG_SHA1_HMAC.
uint32_t md5_hmac
ODP_AUTH_ALG_MD5_HMAC.
struct odp_crypto_auth_algos_t::@28 bit
Authentication algorithms.
uint32_t sha256_hmac
ODP_AUTH_ALG_SHA256_HMAC.
Cipher algorithms in a bit field structure.
uint32_t trides_cbc
ODP_CIPHER_ALG_3DES_CBC.
struct odp_crypto_cipher_algos_t::@27 bit
Cipher algorithms.
uint32_t null
ODP_CIPHER_ALG_NULL.
1.9.1