quic: avoid lazy crypto engine init

Init the engines when the plugins start.

Type: improvement

Change-Id: I8191be86ccb719d314d075d4bbb2571df9041027
Signed-off-by: Florin Coras <fcoras@cisco.com>

Author: florincoras

src/plugins/quic/quic.h

@@ -263,11 +263,9 @@ typedef struct quic_main_
   vlib_node_registration_t *quic_input_node;
   u32 app_index;
   quic_worker_ctx_t *wrk_ctx;
-  u8 vnet_crypto_init;
-  u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE
-			       (0) */
-  u64 max_packets_per_key;  /**< number of packets that can be sent without a
-			       key update */
+  u8 enable_vnet_crypto;
+  u8 default_crypto_engine; /**< Used if you do connect with CRYPTO_ENGINE_NONE (0) */
+  u64 max_packets_per_key;  /**< number of packets that can be sent without a key update */
   u8 default_quic_cc;
   u8 enable_tx_pacing; /**< enable tx pacing for connections */
 

src/plugins/quic/quic_cli.c

@@ -255,29 +255,23 @@ quic_plugin_crypto_command_fn (vlib_main_t *vm, unformat_input_t *input,
     {
       if (unformat (line_input, "vpp"))
 	{
+	  if (!qm->enable_vnet_crypto)
+	    {
+	      e = clib_error_return (0, "vnet crypto was not enabled");
+	      goto done;
+	    }
 	  qm->default_crypto_engine = CRYPTO_ENGINE_VPP;
-	  qm->vnet_crypto_init = 0;
 	}
       else if (unformat (line_input, "engine-lib"))
 	{
 	  qm->default_crypto_engine =
 	    (qm->engine_type == QUIC_ENGINE_QUICLY) ?
 	      CRYPTO_ENGINE_PICOTLS :
-	      ((qm->engine_type == QUIC_ENGINE_OPENSSL) ?
-		 CRYPTO_ENGINE_OPENSSL :
-		 CRYPTO_ENGINE_NONE);
-	  if (qm->default_crypto_engine != CRYPTO_ENGINE_NONE)
-	    {
-	      qm->vnet_crypto_init = 0;
-	    }
-	  else
+	      ((qm->engine_type == QUIC_ENGINE_OPENSSL) ? CRYPTO_ENGINE_OPENSSL :
+							  CRYPTO_ENGINE_NONE);
+	  if (qm->default_crypto_engine == CRYPTO_ENGINE_NONE)
 	    {
-	      e = clib_error_return (0,
-				     "No quic engine available, using default "
-				     "crypto engine '%U' (%u)",
-				     format_crypto_engine,
-				     qm->default_crypto_engine,
-				     qm->default_crypto_engine);
+	      e = clib_error_return (0, "No quic engine available");
 	      goto done;
 	    }
 	}
@@ -543,6 +537,8 @@ quic_config_fn (vlib_main_t *vm, unformat_input_t *input)
 	qm->udp_fifo_prealloc = i;
       else if (unformat (line_input, "no-tx-pacing"))
 	qm->enable_tx_pacing = 0;
+      else if (unformat (line_input, "enable-vnet-crypto"))
+	qm->enable_vnet_crypto = 1;
       /* TODO: add cli selection of quic_eng_<types> */
       else
 	{

src/plugins/quic_quicly/quic_quicly_crypto.c

@@ -51,9 +51,11 @@ void
 quic_quicly_crypto_init (quic_quicly_main_t *qqm)
 {
   quic_quicly_crypto_main_t *qqcm = &quic_quicly_crypto_main;
+  quic_main_t *qm = qqm->qm;
   u8 seed[32];
 
   QUIC_DBG (2, "quic_quicly_crypto init");
+
   qqcm->qqm = qqm;
 
   if (syscall (SYS_getrandom, &seed, sizeof (seed), 0) != sizeof (seed))
@@ -62,6 +64,30 @@ quic_quicly_crypto_init (quic_quicly_main_t *qqm)
 
   clib_bihash_init_24_8 (&qqcm->crypto_ctx_hash, "quic (quicly engine) crypto ctx", 64, 128 << 10);
   quic_quicly_register_cipher_suite (CRYPTO_ENGINE_PICOTLS, ptls_openssl_cipher_suites);
+
+  if (qm->enable_vnet_crypto)
+    {
+      if (vec_len (cm->engines) == 0)
+	{
+	  clib_warning ("No crypto engines available");
+	  return;
+	}
+      if (quic_quicly_register_cipher_suite (CRYPTO_ENGINE_VPP, quic_quicly_crypto_cipher_suites))
+	{
+	  u8 empty_key[32] = {};
+	  u32 i;
+	  vec_validate (qqcm->per_thread_crypto_ctxs, qm->num_threads);
+	  for (i = 0; i < qm->num_threads; i++)
+	    {
+	      qqcm->per_thread_crypto_ctxs[i] =
+		vnet_crypto_ctx_create (VNET_CRYPTO_ALG_AES_256_CTR);
+	      if (qqcm->per_thread_crypto_ctxs[i])
+		vnet_crypto_ctx_set_cipher_key (qqcm->per_thread_crypto_ctxs[i], empty_key, 32);
+	    }
+
+	  qqcm->vnet_crypto_enabled = 1;
+	}
+    }
 }
 
 void
@@ -293,38 +319,6 @@ quic_quicly_crypto_context_init_data (quic_quicly_crypto_ctx_t *crctx, quic_ctx_
 
   QUIC_DBG (2, "Init crctx: crctx_ndx 0x%08lx", crctx->ctx.ctx_index);
 
-  if (PREDICT_FALSE (!qm->vnet_crypto_init))
-    {
-      qm->vnet_crypto_init = 1;
-      if ((vec_len (cm->engines) == 0) ||
-	  (qm->default_crypto_engine == CRYPTO_ENGINE_PICOTLS))
-	{
-	  qqcm->vnet_crypto_enabled = 0;
-	  (void) quic_quicly_register_cipher_suite (
-	    CRYPTO_ENGINE_PICOTLS, ptls_openssl_cipher_suites);
-	}
-      else
-	{
-	  qqcm->vnet_crypto_enabled = 1;
-	  if (quic_quicly_register_cipher_suite (
-		CRYPTO_ENGINE_VPP, quic_quicly_crypto_cipher_suites))
-	    {
-	      u8 empty_key[32] = {};
-	      u32 i;
-	      qm->default_crypto_engine = ctx->crypto_engine =
-		CRYPTO_ENGINE_VPP;
-	      vec_validate (qqcm->per_thread_crypto_ctxs, qm->num_threads);
-	      for (i = 0; i < qm->num_threads; i++)
-		{
-		  qqcm->per_thread_crypto_ctxs[i] =
-		    vnet_crypto_ctx_create (VNET_CRYPTO_ALG_AES_256_CTR);
-		  if (qqcm->per_thread_crypto_ctxs[i])
-		    vnet_crypto_ctx_set_cipher_key (qqcm->per_thread_crypto_ctxs[i], empty_key, 32);
-		}
-	    }
-	}
-    }
-
   quicly_ctx = &crctx->quicly_ctx;
   ptls_ctx = &crctx->ptls_ctx;
 

src/plugins/quic_quicly/quic_quicly_crypto.h

@@ -98,7 +98,7 @@ quic_quicly_crypto_context_reserve_data (quic_quicly_crypto_ctx_t *crctx)
 
 #define quic_quicly_crypto_engine_is_vpp()                                                         \
   (quic_quicly_crypto_main.vnet_crypto_enabled &&                                                  \
-   quic_quicly_crypto_main.qqm->qm->default_crypto_engine)
+   quic_quicly_crypto_main.qqm->qm->default_crypto_engine == CRYPTO_ENGINE_VPP)
 
 extern quicly_crypto_engine_t quic_quicly_crypto_engine;
 extern ptls_cipher_suite_t *quic_quicly_crypto_cipher_suites[];