1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright (C) 2020 Marvell International Ltd. 3 */ 4 #ifndef _IPSEC_SECGW_H_ 5 #define _IPSEC_SECGW_H_ 6 7 #include <stdbool.h> 8 9 10 #define NB_SOCKETS 4 11 12 #define MAX_PKT_BURST 32 13 14 #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1 15 16 #if RTE_BYTE_ORDER != RTE_LITTLE_ENDIAN 17 #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ 18 (((uint64_t)((a) & 0xff) << 56) | \ 19 ((uint64_t)((b) & 0xff) << 48) | \ 20 ((uint64_t)((c) & 0xff) << 40) | \ 21 ((uint64_t)((d) & 0xff) << 32) | \ 22 ((uint64_t)((e) & 0xff) << 24) | \ 23 ((uint64_t)((f) & 0xff) << 16) | \ 24 ((uint64_t)((g) & 0xff) << 8) | \ 25 ((uint64_t)(h) & 0xff)) 26 #else 27 #define __BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ 28 (((uint64_t)((h) & 0xff) << 56) | \ 29 ((uint64_t)((g) & 0xff) << 48) | \ 30 ((uint64_t)((f) & 0xff) << 40) | \ 31 ((uint64_t)((e) & 0xff) << 32) | \ 32 ((uint64_t)((d) & 0xff) << 24) | \ 33 ((uint64_t)((c) & 0xff) << 16) | \ 34 ((uint64_t)((b) & 0xff) << 8) | \ 35 ((uint64_t)(a) & 0xff)) 36 #endif 37 38 #define uint32_t_to_char(ip, a, b, c, d) do {\ 39 *a = (uint8_t)(ip >> 24 & 0xff);\ 40 *b = (uint8_t)(ip >> 16 & 0xff);\ 41 *c = (uint8_t)(ip >> 8 & 0xff);\ 42 *d = (uint8_t)(ip & 0xff);\ 43 } while (0) 44 45 #define ETHADDR(a, b, c, d, e, f) (__BYTES_TO_UINT64(a, b, c, d, e, f, 0, 0)) 46 47 #define IPSEC_NAT_T_PORT 4500 48 #define MBUF_PTYPE_TUNNEL_ESP_IN_UDP (RTE_PTYPE_TUNNEL_ESP | RTE_PTYPE_L4_UDP) 49 50 struct traffic_type { 51 const uint8_t *data[MAX_PKT_BURST * 2]; 52 struct rte_mbuf *pkts[MAX_PKT_BURST * 2]; 53 void *saptr[MAX_PKT_BURST * 2]; 54 uint32_t res[MAX_PKT_BURST * 2]; 55 uint32_t num; 56 }; 57 58 struct ipsec_traffic { 59 struct traffic_type ipsec; 60 struct traffic_type ip4; 61 struct traffic_type ip6; 62 }; 63 64 /* Fields optimized for devices without burst */ 65 struct traffic_type_nb { 66 const uint8_t *data; 67 struct rte_mbuf *pkt; 68 uint32_t res; 69 uint32_t num; 70 }; 71 72 struct ipsec_traffic_nb { 73 struct traffic_type_nb ipsec; 74 struct traffic_type_nb ip4; 75 struct traffic_type_nb ip6; 76 }; 77 78 /* port/source ethernet addr and destination ethernet addr */ 79 struct ethaddr_info { 80 uint64_t src, dst; 81 }; 82 83 struct ipsec_spd_stats { 84 uint64_t protect; 85 uint64_t bypass; 86 uint64_t discard; 87 }; 88 89 struct ipsec_sa_stats { 90 uint64_t hit; 91 uint64_t miss; 92 }; 93 94 struct ipsec_core_statistics { 95 uint64_t tx; 96 uint64_t rx; 97 uint64_t rx_call; 98 uint64_t tx_call; 99 uint64_t dropped; 100 uint64_t burst_rx; 101 102 struct { 103 struct ipsec_spd_stats spd4; 104 struct ipsec_spd_stats spd6; 105 struct ipsec_sa_stats sad; 106 } outbound; 107 108 struct { 109 struct ipsec_spd_stats spd4; 110 struct ipsec_spd_stats spd6; 111 struct ipsec_sa_stats sad; 112 } inbound; 113 114 struct { 115 uint64_t miss; 116 } lpm4; 117 118 struct { 119 uint64_t miss; 120 } lpm6; 121 } __rte_cache_aligned; 122 123 extern struct ipsec_core_statistics core_statistics[RTE_MAX_LCORE]; 124 125 extern struct ethaddr_info ethaddr_tbl[RTE_MAX_ETHPORTS]; 126 127 /* Port mask to identify the unprotected ports */ 128 extern uint32_t unprotected_port_mask; 129 130 /* Index of SA in single mode */ 131 extern uint32_t single_sa_idx; 132 133 extern volatile bool force_quit; 134 135 extern uint32_t nb_bufs_in_pool; 136 137 extern bool per_port_pool; 138 139 static inline uint8_t 140 is_unprotected_port(uint16_t port_id) 141 { 142 return unprotected_port_mask & (1 << port_id); 143 } 144 145 static inline void 146 core_stats_update_rx(int n) 147 { 148 int lcore_id = rte_lcore_id(); 149 core_statistics[lcore_id].rx += n; 150 core_statistics[lcore_id].rx_call++; 151 if (n == MAX_PKT_BURST) 152 core_statistics[lcore_id].burst_rx += n; 153 } 154 155 static inline void 156 core_stats_update_tx(int n) 157 { 158 int lcore_id = rte_lcore_id(); 159 core_statistics[lcore_id].tx += n; 160 core_statistics[lcore_id].tx_call++; 161 } 162 163 static inline void 164 core_stats_update_drop(int n) 165 { 166 int lcore_id = rte_lcore_id(); 167 core_statistics[lcore_id].dropped += n; 168 } 169 170 /* helper routine to free bulk of packets */ 171 static inline void 172 free_pkts(struct rte_mbuf *mb[], uint32_t n) 173 { 174 uint32_t i; 175 176 for (i = 0; i != n; i++) 177 rte_pktmbuf_free(mb[i]); 178 179 core_stats_update_drop(n); 180 } 181 182 #endif /* _IPSEC_SECGW_H_ */ 183