summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d294fe7)
raw | patch | inline | side by side (parent: d294fe7)
| author | Tinku Mannan <tmannan@ti.com> | |
| Mon, 17 Nov 2014 19:30:16 +0000 (14:30 -0500) | ||
| committer | Tinku Mannan <tmannan@ti.com> | |
| Mon, 17 Nov 2014 19:30:16 +0000 (14:30 -0500) |
| ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapi_ipsecmgr.c | [changed mode: 0755->0644] | patch | blob | history |
| ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c | [changed mode: 0755->0644] | patch | blob | history |
| ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.h | [changed mode: 0755->0644] | patch | blob | history |
diff --git a/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapi_ipsecmgr.c b/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapi_ipsecmgr.c
/* snoop task */
static pthread_t snoop_run_th;
+static pthread_t stats_th;
static NETAPI_CFG_T our_netapi_default_cfg=
{
TUNE_NETAPI_PERM_MEM_SZ,
static int QUIT = 0;
+ipsecMgrShm_T* pIpsecMgrSaStats;
/* stub functions */
static void recv_cb(struct PKTIO_HANDLE_Tag * channel, Ti_Pkt* p_recv[],
int slot, error=0;;
/* delete any offloaded rx SA's and policies */
/* and delete any offloaded tx SA's */
- for (slot = 0;slot < 64;slot++)
+ for (slot = 0; slot < IPSECMGR_MAX_SA; slot++)
{
if(globalDB.rx_sa[slot].in_use)
{
return;
}
+static void stats_callback(NETAPI_T h)
+{
+ int i;
+ for (i = 0; i < IPSECMGR_MAX_SA; i++)
+ {
+ /* Statistics for RX Tunnel */
+ if(globalDB.rx_sa[i].in_use)
+ {
+ netapi_getSaStats(h,
+ globalDB.rx_sa[i].saAppId,
+ &(pIpsecMgrSaStats->netapi_sa_stats_rx[i]));
+ if (pIpsecMgrSaStats->netapi_sa_stats_rx[i].validParams & NETAPI_IPSEC_STAT_VALID)
+ {
+ memcpy(&(pIpsecMgrSaStats->info_rx[i]),
+ &(globalDB.rx_sa[i]),
+ sizeof(ipsecMgrAppId_T));
+ }
+ }
+ }
+ for (i = 0; i < IPSECMGR_MAX_SA; i++)
+ {
+ /* Statistics for TX Tunnel */
+ if (globalDB.tx_sa[i].in_use)
+ {
+ netapi_getSaStats(h,
+ globalDB.tx_sa[i].saAppId,
+ &(pIpsecMgrSaStats->netapi_sa_stats_tx[i]));
+ if (pIpsecMgrSaStats->netapi_sa_stats_tx[i].validParams & NETAPI_IPSEC_STAT_VALID)
+ {
+ memcpy(&(pIpsecMgrSaStats->info_tx[i]),
+ &(globalDB.tx_sa[i]),
+ sizeof(ipsecMgrAppId_T));
+ }
+ }
+ }
+}
+
+static void slow_path_thread(uint32_t index)
+{
+ NETAPI_T worker_nh;
+ int err, i;;
+ cpu_set_t cpu_set;
+
+ CPU_ZERO( &cpu_set);
+ CPU_SET( index, &cpu_set);
+
+ hplib_utilSetupThread(index, &cpu_set, hplib_spinLock_Type_LOL);
+ worker_nh = netapi_init(NETAPI_CORE_MASTER,NULL);
+
+ if (worker_nh == NULL)
+ {
+ exit(1);
+ }
+ while(1)
+ {
+ if (QUIT == 1)
+ {
+ break;
+ }
+ sleep(2);
+ stats_callback(worker_nh);
+ }
+
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
+ "slow_path_thread: calling netapi_shutdown\n");
+ netapi_shutdown(worker_nh);
+}
/**
* @b Description
* @n
#ifdef GDB_DEBUG
snoop_run_thread(NULL);
#else
+ if (pthread_create( &stats_th, (void*)NULL, (void*)slow_path_thread,
+ (void *) 0))
+ {
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "ERROR: stats collection thread failed to start, error code\n");
+ return -1;
+ }
/* Create the task context for snoop library */
- pthread_attr_init(&threadAttr);
- pthread_attr_setstacksize(&threadAttr, 0x10000);
if (pthread_create(&snoop_run_th, (void*) NULL, snoop_run_thread, NULL))
{
ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
"init_ipsecmgr: cannot handle SIGTERM\n");
}
/* Wait for the NETAPI Proxy task to finish its processing and exit. */
+ pthread_join (stats_th, NULL);
pthread_join (snoop_run_th, NULL);
#endif
return 0;
return 0;
}
+void print_ipsec_stats(Sa_IpsecStats_t* p_saIpsecStats,
+ nwal_saAALG auth,
+ nwal_saEALG cipher,
+ uint32_t spi)
+{
+ printf("\nspi: 0x%x, Autentication mode: %d, Encryption Mode: %d\n",
+ spi, auth, cipher);
+ printf("IPSec replayOld:0x%x,replayDup:0x%x,authFail:0x%x \n",
+ p_saIpsecStats->replayOld,p_saIpsecStats->replayDup,p_saIpsecStats->authFail);
+ printf("IPSec txESN:0x%x,rxESN:0x%x,pktEncHi:0x%x,pktEncLo:0x%x,pktDecHi:0x%x,pktDecLo:0x%x \n",
+ p_saIpsecStats->txESN,p_saIpsecStats->rxESN,p_saIpsecStats->pktEncHi,
+ p_saIpsecStats->pktEncLo,p_saIpsecStats->pktDecHi,p_saIpsecStats->pktDecLo);
+}
/**
* @b Description
* @n
struct sockaddr_in6 ipv6_addr;
cpu_set_t cpu_set;
int c;
+ int statsQueryRequest = 0;
+ void* pShmBase;
+ void* pTemp;
+ void* pShmEntry;
+ int offloaded_sa = 0;
static char usage[] = "usage: %s -s <outbound sequence number>\n \
-f <SA transmit flow Id>\n \
-i<daemon id>\n \
+ -t <stats collection mode\n \
-m <master Type ,sysMaster or procMaster >\n";
- ipsecmgr_syslog_init();
memset(&globalDB, 0, sizeof(globalDB));
globalDB.sa_tx_flow = -1;
globalDB.masterType = NETAPI_SYS_MASTER;
int temp;
- while ((c = getopt (argc, argv, "s:f:i:m:")) != -1)
+ while ((c = getopt (argc, argv, "s:f:i:m:t:")) != -1)
{
switch (c)
{
exit(EXIT_FAILURE);
}
break;
+ case 't':
+ if(strcmp("stats", optarg) == 0)
+ /* running in stats collection mode only */
+ statsQueryRequest = 1;
+ else
+ {
+ printf(usage, argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ break;
case '?':
printf(usage, argv[0]);
exit(EXIT_FAILURE);
break;
}
}
+ if(statsQueryRequest)
+ {
+ pShmBase = hplib_shmOpen();
+ if (pShmBase)
+ {
+ if (globalDB.masterType == NETAPI_SYS_MASTER)
+ pTemp = hplib_shmGetEntry(pShmBase, APP_ENTRY_1);
+ else
+ pTemp = hplib_shmGetEntry(pShmBase, APP_ENTRY_2);
+
+ pIpsecMgrSaStats = (ipsecMgrShm_T*) pTemp;
+
+ for (i = 0; i < IPSECMGR_MAX_SA; i ++)
+ {
+ if(pIpsecMgrSaStats->info_rx[i].in_use)
+ {
+ offloaded_sa++;
+ print_ipsec_stats(&(pIpsecMgrSaStats->netapi_sa_stats_rx[i].saIpsecStats),
+ pIpsecMgrSaStats->info_rx[i].authMode,
+ pIpsecMgrSaStats->info_rx[i].cipherMode,
+ pIpsecMgrSaStats->info_rx[i].spi);
+ }
+ }
+ for (i = 0; i < IPSECMGR_MAX_SA; i ++)
+ {
+ if(pIpsecMgrSaStats->info_tx[i].in_use)
+ {
+ offloaded_sa++;
+ print_ipsec_stats(&(pIpsecMgrSaStats->netapi_sa_stats_tx[i].saIpsecStats),
+ pIpsecMgrSaStats->info_tx[i].authMode,
+ pIpsecMgrSaStats->info_tx[i].cipherMode,
+ pIpsecMgrSaStats->info_tx[i].spi);
+ }
+ }
+ }
+ if(!offloaded_sa)
+ printf("NO Offloaded SA's\n");
+ exit(EXIT_SUCCESS);
+ }
+ ipsecmgr_syslog_init();
ipsecmgr_syslog_msg (SYSLOG_LEVEL_INFO,
"main: oseq_offset: %d, sa_tx_flow: %d\n",
globalDB.oseq_offset, globalDB.sa_tx_flow);
if (initRm())
{
- printf("main: initRm() returned error\n");
+ ipsecmgr_syslog_msg (SYSLOG_LEVEL_ERROR,
+ "main: initRm() returned error\n");
exit(1);
}
our_netapi_default_cfg.rmHandle = rmClientServiceHandle;
"ERROR: netapi_init failed\n");
return -1;
}
+ pShmBase = hplib_shmOpen();
+ if (pShmBase)
+ {
+ if (globalDB.masterType == NETAPI_SYS_MASTER)
+ {
+ if (hplib_shmAddEntry(pShmBase,
+ sizeof(ipsecMgrShm_T),
+ APP_ENTRY_1) != hplib_OK)
+ {
+ return -1;
+ }
+ else
+ {
+ pShmEntry = hplib_shmGetEntry(pShmBase, APP_ENTRY_1);
+ pIpsecMgrSaStats = (ipsecMgrShm_T*)pShmEntry;
+ memset(pIpsecMgrSaStats,
+ 0,
+ sizeof(ipsecMgrShm_T));
+ }
+ }
+ else
+ {
+ if (hplib_shmAddEntry(pShmBase,
+ sizeof(ipsecMgrShm_T),
+ APP_ENTRY_2) != hplib_OK)
+ {
+ return -1;
+ }
+ else
+ {
+ pShmEntry = hplib_shmGetEntry(pShmBase, APP_ENTRY_2);
+ pIpsecMgrSaStats = (ipsecMgrShm_T*)pShmEntry;
+ memset(pIpsecMgrSaStats,
+ 0,
+ sizeof(ipsecMgrShm_T));
+ }
+ }
+ }
else
- netapi_netcpCfgExceptions(netapi_handle,
- NETCP_CFG_ALL_EXCEPTIONS,
- NETCP_CFG_ACTION_DISCARD,
- (NETCP_CFG_ROUTE_HANDLE_T) NULL);
+ {
+ exit(1);
+ }
if (get_kernel_config())
{
diff --git a/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c b/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.c
extern ipsecMgrMcb_t globalDB;
extern NETAPI_T netapi_handle;
+extern ipsecMgrShm_T* pIpsecMgrSaStats;
/**************************************************************************
* FUNCTION PURPOSE: Internal function to find a free slot to store APPID
int findFreeAppIdSlot(ipsecMgrAppId_T *pList)
{
int i;
- for(i=0;i<64;i++)
+ for(i=0;i < IPSECMGR_MAX_SA; i++)
{
if (!pList[i].in_use)
{
int findAppIdSlot(ipsecMgrAppId_T *pList, uint32_t saAppId, int freeSlot)
{
int i;
- for(i=0;i<64;i++)
+ for(i=0; i< IPSECMGR_MAX_SA; i++)
{
if ((pList[i].in_use) && (pList[i].saAppId == saAppId))
{
if (error == NETAPI_ERR_OK)
{
*sa_handle = globalDB.rx_sa[slot].saAppId;
+ globalDB.rx_sa[slot].authMode = saInfo.authMode;
+ globalDB.rx_sa[slot].cipherMode = saInfo.cipherMode;
+ globalDB.rx_sa[slot].spi = saInfo.spi;
}
else
{
if (error == NETAPI_ERR_OK)
{
*sa_handle = globalDB.tx_sa[slot].saAppId;
+ globalDB.tx_sa[slot].authMode = saInfo.authMode;
+ globalDB.tx_sa[slot].cipherMode = saInfo.cipherMode;
+ globalDB.tx_sa[slot].spi = saInfo.spi;
}
else
{
/* Determine if rx_sa or tx_sa is being deleted */
if (slot != -1)
{
+ pIpsecMgrSaStats->info_rx[slot].in_use = 0;
/* found rx SA, see if there is policy assoicated with rx SA
if so, then delete it first*/
if (globalDB.rx_sa[slot].spAppId)
if (slot != -1)
{
+ pIpsecMgrSaStats->info_tx[slot].in_use = 0;
/* found tx SA, delete it now */
netapi_secDelSA(netapi_handle,
NETCP_CFG_NO_INTERFACE,
diff --git a/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.h b/ti/runtime/netapi/applications/ipsec_offload/ipsecmgr/src/netapilib_interface.h
#include <netdb.h>
+#define IPSECMGR_MAX_SA 64
/* Container for applicaion ID's for offloaded SA's */
typedef struct {
int in_use;
uint32_t saAppId;
uint32_t spAppId;
+ uint32_t spi;
+ nwal_saAALG authMode; /**< Authentication Algorithm */
+ nwal_saEALG cipherMode; /**< Encryption Algorithm */
} ipsecMgrAppId_T;
+typedef struct {
+ ipsecMgrAppId_T info_rx[IPSECMGR_MAX_SA];
+ ipsecMgrAppId_T info_tx[IPSECMGR_MAX_SA];
+ NETAPI_SA_STATS_T netapi_sa_stats_rx[IPSECMGR_MAX_SA];
+ NETAPI_SA_STATS_T netapi_sa_stats_tx[IPSECMGR_MAX_SA];
+} ipsecMgrShm_T;
typedef struct {
int flowId;
int qNum;
PKTIO_HANDLE_T* pktio_channel;
/* list to store offloaded RX SA appIds and RX Policies */
- ipsecMgrAppId_T rx_sa[64];
+ ipsecMgrAppId_T rx_sa[IPSECMGR_MAX_SA];
/* list to store offloaded TX SA appIds */
- ipsecMgrAppId_T tx_sa[64];
+ ipsecMgrAppId_T tx_sa[IPSECMGR_MAX_SA];
uint32_t oseq_offset; /* offset to outbound/egress sequence number */
int sa_tx_flow; /* flow SA to use to transmit packet */
int ipc_id; /* ipc_id to give name uniqueness to socket