psp_gw_svc_impl.h

Go to the documentation of this file.

/*
 * Copyright (c) 2024 NVIDIA CORPORATION AND AFFILIATES.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification, are permitted
 * provided that the following conditions are met:
 *     * Redistributions of source code must retain the above copyright notice, this list of
 *       conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright notice, this list of
 *       conditions and the following disclaimer in the documentation and/or other materials
 *       provided with the distribution.
 *     * Neither the name of the NVIDIA CORPORATION nor the names of its contributors may be used
 *       to endorse or promote products derived from this software without specific prior written
 *       permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
 * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NVIDIA CORPORATION BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TOR (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 
#ifndef _PSP_GW_SVC_H
#define _PSP_GW_SVC_H
 
#include <memory>
#include <map>
 
#include <doca_flow.h>
 
#include <psp_gateway.pb.h>
#include <psp_gateway.grpc.pb.h>
#include "psp_gw_config.h"
#include "psp_gw_flows.h"
 
struct psp_pf_dev;
struct doca_flow_crypto_psp_spi_key_bulk;
 
using psp_session_and_key_t = std::pair<psp_session_t *, void *>;
 
class PSP_GatewayImpl : public psp_gateway::PSP_Gateway::Service {
public:
    static constexpr uint16_t DEFAULT_HTTP_PORT_NUM = 3000;
 
    PSP_GatewayImpl(psp_gw_app_config *config, PSP_GatewayFlows *psp_flows);
 
    ::grpc::Status RequestMultipleTunnelParams(::grpc::ServerContext *context,
                           const ::psp_gateway::MultiTunnelRequest *request,
                           ::psp_gateway::MultiTunnelResponse *response) override;
 
    ::grpc::Status RequestKeyRotation(::grpc::ServerContext *context,
                      const ::psp_gateway::KeyRotationRequest *request,
                      ::psp_gateway::KeyRotationResponse *response) override;
 
    doca_error_t handle_miss_packet(struct rte_mbuf *packet);
 
    doca_error_t show_flow_counts(void);
 
    size_t try_connect(std::vector<psp_gw_peer> &peers);
 
private:
    static uint32_t psp_version_to_key_length_bits(uint32_t psp_proto_ver)
    {
        return (psp_proto_ver == 0 || psp_proto_ver == 2) ? 128 : 256;
    }
 
    doca_error_t request_tunnel_to_host(struct psp_gw_peer *peer,
                        ip_pair *vip_pair,
                        bool supply_reverse_params,
                        bool suppress_failure_msg,
                        bool has_remote);
 
    ::psp_gateway::PSP_Gateway::Stub *get_stub(const std::string &peer_ip);
 
    psp_gw_peer *lookup_vip_pair(ip_pair &vip_pair);
 
    int select_psp_version(const ::psp_gateway::MultiTunnelRequest *request) const;
 
    bool is_psp_ver_supported(uint32_t psp_ver) const
    {
        return SUPPORTED_PSP_VERSIONS.count(psp_ver) > 0;
    }
 
    void fill_tunnel_params(int psp_ver, uint32_t *key, uint32_t spi, psp_gateway::TunnelParameters *params);
 
    doca_error_t generate_keys_spis(uint32_t key_len_bits, uint32_t nr_keys_spis, uint32_t *keys, uint32_t *spis);
 
    doca_error_t add_encrypt_entries(std::vector<psp_session_and_key_t> &new_sessions_keys,
                     std::string peer_svc_addr);
    doca_error_t prepare_session(std::string peer_svc_addr,
                     ip_pair &vip_pair,
                     const psp_gateway::TunnelParameters &params,
                     std::vector<psp_session_and_key_t> &sessions_keys_prepared);
 
    void debug_key(const char *msg_prefix, const void *key, size_t key_size_bytes) const;
 
    uint32_t next_crypto_id(void);
 
    // Application state data:
 
    psp_gw_app_config *config{};
 
    PSP_GatewayFlows *psp_flows{};
 
    psp_pf_dev *pf{};
 
    // Used to uniquely populate the request ID in each NewTunnelRequest message.
    uint64_t next_request_id{};
 
    // This flag will cause encryption keys to be logged to stderr, etc.
    const bool DEBUG_KEYS{false};
 
    // map each svc_addr to an RPC object
    std::map<std::string, std::unique_ptr<::psp_gateway::PSP_Gateway::Stub>> stubs;
 
    // map tuple of (src vip, dst vip) to an active session object
    std::map<session_key, psp_session_t> sessions;
 
    // Used to assign a unique shared-resource ID to each encryption flow.
    uint32_t next_crypto_id_ = 1;
};
 
#endif // _PSP_GW_SVC_H