以下是一个示例,展示如何配置 AES-CBC 加密算法:
服务端:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <rte_eal.h>
#include <rte_ethdev.h>
#include <rte_mbuf.h>
#include <rte_ether.h>
#include <rte_ip.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
#include <rte_malloc.h>
#define MAX_PKT_BURST 32
#define MEMPOOL_CACHE_SIZE 256
#define CRYPTODEV_NAME "crypto_aesni_mb_pmd"
struct rte_crypto_sym_xform cipher_xform = {
.next = NULL,
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.cipher = {
.op = RTE_CRYPTO_CIPHER_OP_DECRYPT,
.algo = RTE_CRYPTO_CIPHER_AES_CBC,
.key = {
.data = (uint8_t *)"0123456789abcdef", // 示例密钥
.length = 16,
},
.iv = {
.offset = 0,
},
},
};
struct rte_mempool *mbuf_pool;
struct rte_mempool *crypto_pool;
uint8_t cryptodev_id;
void decrypt_data(struct rte_mbuf *m, uint8_t *iv) {
struct rte_crypto_op *crypto_op;
if (rte_crypto_op_alloc(crypto_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, &crypto_op) == NULL) {
rte_exit(EXIT_FAILURE, "Cannot allocate crypto op\n");
}
crypto_op->sym->m_src = m;
crypto_op->sym->m_dst = m;
crypto_op->sym->cipher.data.offset = 0;
crypto_op->sym->cipher.data.length = rte_pktmbuf_pkt_len(m);
crypto_op->sym->cipher.iv.data = iv;
if (rte_cryptodev_enqueue_burst(cryptodev_id, 0, &crypto_op, 1) != 1) {
rte_pktmbuf_free(m);
rte_crypto_op_free(crypto_op);
rte_exit(EXIT_FAILURE, "Cannot enqueue crypto op\n");
}
if (rte_cryptodev_dequeue_burst(cryptodev_id, 0, &crypto_op, 1) != 1) {
rte_pktmbuf_free(m);
rte_crypto_op_free(crypto_op);
rte_exit(EXIT_FAILURE, "Cannot dequeue crypto op\n");
}
rte_crypto_op_free(crypto_op);
}
static void l2fwd_crypto_main_loop(void) {
uint16_t port;
struct rte_mbuf *bufs[MAX_PKT_BURST];
unsigned lcore_id = rte_lcore_id();
uint8_t iv[16] = "0123456789abcdef"; // 示例 IV
while (1) {
for (port = 0; port < rte_eth_dev_count_avail(); port++) {
const uint16_t nb_rx = rte_eth_rx_burst(port, 0, bufs, MAX_PKT_BURST);
if (nb_rx == 0)
continue;
for (uint16_t i = 0; i < nb_rx; i++) {
struct rte_mbuf *m = bufs[i];
struct rte_ether_hdr *eth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);
// 解密数据包
decrypt_data(m, iv);
uint16_t dst_port = (eth_hdr->d_addr.addr_bytes[5] % rte_eth_dev_count_avail());
const uint16_t nb_tx = rte_eth_tx_burst(dst_port, 0, &m, 1);
if (nb_tx < 1) {
rte_pktmbuf_free(m);
}
}
}
}
}
int main(int argc, char **argv) {
unsigned nb_ports;
uint16_t portid;
int ret = rte_eal_init(argc, argv);
if (ret < 0)
rte_exit(EXIT_FAILURE, "Error with EAL initialization\n");
argc -= ret;
argv += ret;
nb_ports = rte_eth_dev_count_avail();
if (nb_ports < 2)
rte_exit(EXIT_FAILURE, "Error: number of ports must be >= 2\n");
mbuf_pool = rte_pktmbuf_pool_create("MBUF_POOL", 8192 * nb_ports,
MEMPOOL_CACHE_SIZE, 0, RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
if (mbuf_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot create mbuf pool\n");
crypto_pool = rte_crypto_op_pool_create("CRYPTO_OP_POOL", RTE_CRYPTO_OP_POOL_CACHE_SIZE,
8192, 0, sizeof(struct rte_crypto_op), rte_socket_id());
if (crypto_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
struct rte_cryptodev_config config = {
.nb_queue_pairs = 1,
.socket_id = rte_socket_id(),
};
struct rte_cryptodev_qp_conf qp_conf = {
.nb_descriptors = 1024,
};
cryptodev_id = rte_cryptodev_get_dev_id(CRYPTODEV_NAME);
if (cryptodev_id < 0)
rte_exit(EXIT_FAILURE, "Cannot find crypto device\n");
if (rte_cryptodev_configure(cryptodev_id, &config) < 0)
rte_exit(EXIT_FAILURE, "Cannot configure crypto device\n");
if (rte_cryptodev_queue_pair_setup(cryptodev_id, 0, &qp_conf, rte_socket_id(), crypto_pool) < 0)
rte_exit(EXIT_FAILURE, "Cannot setup crypto queue pair\n");
if (rte_cryptodev_start(cryptodev_id) < 0)
rte_exit(EXIT_FAILURE, "Cannot start crypto device\n");
RTE_ETH_FOREACH_DEV(portid) {
if (port_init(portid, mbuf_pool) != 0)
rte_exit(EXIT_FAILURE, "Cannot init port %" PRIu16 "\n", portid);
}
l2fwd_crypto_main_loop();
return 0;
}
客户端:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <rte_eal.h>
#include <rte_ethdev.h>
#include <rte_mbuf.h>
#include <rte_ether.h>
#include <rte_ip.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
#include <rte_malloc.h>
#define MAX_PKT_BURST 32
#define MEMPOOL_CACHE_SIZE 256
#define CRYPTODEV_NAME "crypto_aesni_mb_pmd"
struct rte_crypto_sym_xform cipher_xform = {
.next = NULL,
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,
.cipher = {
.op = RTE_CRYPTO_CIPHER_OP_DECRYPT,
.algo = RTE_CRYPTO_CIPHER_AES_CBC,
.key = {
.data = (uint8_t *)"0123456789abcdef", // 示例密钥
.length = 16,
},
.iv = {
.offset = 0,
},
},
};
struct rte_mempool *mbuf_pool;
struct rte_mempool *crypto_pool;
uint8_t cryptodev_id;
void decrypt_data(struct rte_mbuf *m, uint8_t *iv) {
struct rte_crypto_op *crypto_op;
if (rte_crypto_op_alloc(crypto_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, &crypto_op) == NULL) {
rte_exit(EXIT_FAILURE, "Cannot allocate crypto op\n");
}
crypto_op->sym->m_src = m;
crypto_op->sym->m_dst = m;
crypto_op->sym->cipher.data.offset = 0;
crypto_op->sym->cipher.data.length = rte_pktmbuf_pkt_len(m);
crypto_op->sym->cipher.iv.data = iv;
if (rte_cryptodev_enqueue_burst(cryptodev_id, 0, &crypto_op, 1) != 1) {
rte_pktmbuf_free(m);
rte_crypto_op_free(crypto_op);
rte_exit(EXIT_FAILURE, "Cannot enqueue crypto op\n");
}
if (rte_cryptodev_dequeue_burst(cryptodev_id, 0, &crypto_op, 1) != 1) {
rte_pktmbuf_free(m);
rte_crypto_op_free(crypto_op);
rte_exit(EXIT_FAILURE, "Cannot dequeue crypto op\n");
}
rte_crypto_op_free(crypto_op);
}
static void l2fwd_crypto_main_loop(void) {
uint16_t port;
struct rte_mbuf *bufs[MAX_PKT_BURST];
unsigned lcore_id = rte_lcore_id();
uint8_t iv[16] = "0123456789abcdef"; // 示例 IV
while (1) {
for (port = 0; port < rte_eth_dev_count_avail(); port++) {
const uint16_t nb_rx = rte_eth_rx_burst(port, 0, bufs, MAX_PKT_BURST);
if (nb_rx == 0)
continue;
for (uint16_t i = 0; i < nb_rx; i++) {
struct rte_mbuf *m = bufs[i];
struct rte_ether_hdr *eth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);
// 解密数据包
decrypt_data(m, iv);
uint16_t dst_port = (eth_hdr->d_addr.addr_bytes[5] % rte_eth_dev_count_avail());
const uint16_t nb_tx = rte_eth_tx_burst(dst_port, 0, &m, 1);
if (nb_tx < 1) {
rte_pktmbuf_free(m);
}
}
}
}
}
int main(int argc, char **argv) {
unsigned nb_ports;
uint16_t portid;
int ret = rte_eal_init(argc, argv);
if (ret < 0)
rte_exit(EXIT_FAILURE, "Error with EAL initialization\n");
argc -= ret;
argv += ret;
nb_ports = rte_eth_dev_count_avail();
if (nb_ports < 2)
rte_exit(EXIT_FAILURE, "Error: number of ports must be >= 2\n");
mbuf_pool = rte_pktmbuf_pool_create("MBUF_POOL", 8192 * nb_ports,
MEMPOOL_CACHE_SIZE, 0, RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
if (mbuf_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot create mbuf pool\n");
crypto_pool = rte_crypto_op_pool_create("CRYPTO_OP_POOL", RTE_CRYPTO_OP_POOL_CACHE_SIZE,
8192, 0, sizeof(struct rte_crypto_op), rte_socket_id());
if (crypto_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");
struct rte_cryptodev_config config = {
.nb_queue_pairs = 1,
.socket_id = rte_socket_id(),
};
struct rte_cryptodev_qp_conf qp_conf = {
.nb_descriptors = 1024,
};
cryptodev_id = rte_cryptodev_get_dev_id(CRYPTODEV_NAME);
if (cryptodev_id < 0)
rte_exit(EXIT_FAILURE, "Cannot find crypto device\n");
if (rte_cryptodev_configure(cryptodev_id, &config) < 0)
rte_exit(EXIT_FAILURE, "Cannot configure crypto device\n");
if (rte_cryptodev_queue_pair_setup(cryptodev_id, 0, &qp_conf, rte_socket_id(), crypto_pool) < 0)
rte_exit(EXIT_FAILURE, "Cannot setup crypto queue pair\n");
if (rte_cryptodev_start(cryptodev_id) < 0)
rte_exit(EXIT_FAILURE, "Cannot start crypto device\n");
RTE_ETH_FOREACH_DEV(portid) {
if (port_init(portid, mbuf_pool) != 0)
rte_exit(EXIT_FAILURE, "Cannot init port %" PRIu16 "\n", portid);
}
l2fwd_crypto_main_loop();
return 0;
}
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。