summaryrefslogtreecommitdiff
path: root/src/conf_mode/intel_qat.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-11-11 20:13:46 +0100
committerChristian Poessinger <christian@poessinger.com>2019-11-11 20:13:46 +0100
commit80375d2be96c53f2fa4a827f93105dc32931401f (patch)
tree0b805551a0d65cbec00857501e11e721fe0429ac /src/conf_mode/intel_qat.py
parent8abde544455dd158d080eb6ea7b7ed226b27965a (diff)
parentc9c8cd50f4165c7f86e71a6723f0ebb3a2cbdaf5 (diff)
downloadvyos-1x-80375d2be96c53f2fa4a827f93105dc32931401f.tar.gz
vyos-1x-80375d2be96c53f2fa4a827f93105dc32931401f.zip
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x: ifconfig: T1793: extend set_speed_duplex() delta check [OpenVPN]: T1704: Added uppercase entries of ncp-ciphers, since there seems to be a bug in OpenVPN client when comparing pushed cipher with local ncp cipher list [OpenVPN]: T1704: Moved ncp-ciphers out of encryption block in config template [OpenVPN]: T1704: Changed the description of ncp-ciphers in config [OpenVPN]: T1704: Added function for ncp-ciphers, and ability to disable it. [OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers. [OpenVPN]: T1704: Added migration scripts for interface 2-to-3 Intel QAT: T1788: Intel QAT implementation ifconfig: T1793: add delta check on set_speed_duplex() ifconfig: T1793: add delta check on set_flow_control() Python/ifconfig: wireguard: remove trailing whitespaces l2tp: T1747: automatically calculate gw-ip-address QAT: T1788: Intel QAT implementation
Diffstat (limited to 'src/conf_mode/intel_qat.py')
-rwxr-xr-xsrc/conf_mode/intel_qat.py108
1 files changed, 108 insertions, 0 deletions
diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py
new file mode 100755
index 000000000..a1abd5e81
--- /dev/null
+++ b/src/conf_mode/intel_qat.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import re
+import subprocess
+
+from vyos.config import Config
+from vyos import ConfigError
+
+# Define for recovering
+gl_ipsec_conf = None
+
+def get_config():
+ c = Config()
+ config_data = {
+ 'qat_conf' : None,
+ 'ipsec_conf' : None,
+ 'openvpn_conf' : None,
+ }
+
+ if c.exists('system acceleration qat'):
+ config_data['qat_conf'] = True
+
+ if c.exists('vpn ipsec '):
+ gl_ipsec_conf = True
+ config_data['ipsec_conf'] = True
+
+ if c.exists('interfaces openvpn'):
+ config_data['openvpn_conf'] = True
+
+ return config_data
+
+# Control configured VPN service which can use QAT
+def vpn_control(action):
+ if action == 'restore' and gl_ipsec_conf:
+ ret = subprocess.Popen(['sudo', 'ipsec', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ (output, err) = ret.communicate()
+ return
+
+ ret = subprocess.Popen(['sudo', 'ipsec', action], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ (output, err) = ret.communicate()
+
+def verify(c):
+ # Check if QAT service installed
+ if not os.path.exists('/etc/init.d/vyos-qat-utilities'):
+ raise ConfigError("Warning: QAT init file not found")
+
+ if c['qat_conf'] == None:
+ return
+
+ # Check if QAT device exist
+ ret = subprocess.Popen(['sudo', 'lspci', '-nn'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ (output, err) = ret.communicate()
+ if not err:
+ data = re.findall('(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)', output.decode("utf-8"))
+ #If QAT devices found
+ if not data:
+ print("\t No QAT acceleration device found")
+ sys.exit(1)
+
+def apply(c):
+ if c['ipsec_conf']:
+ # Shutdown VPN service which can use QAT
+ vpn_control('stop')
+
+ # Disable QAT service
+ if c['qat_conf'] == None:
+ ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'stop'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ (output, err) = ret.communicate()
+ if c['ipsec_conf']:
+ vpn_control('start')
+
+ return
+
+ # Run qat init.d script
+ ret = subprocess.Popen(['sudo', '/etc/init.d/vyos-qat-utilities', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ (output, err) = ret.communicate()
+
+ if c['ipsec_conf']:
+ # Recovery VPN service
+ vpn_control('start')
+
+if __name__ == '__main__':
+ try:
+ c = get_config()
+ verify(c)
+ apply(c)
+ except ConfigError as e:
+ print(e)
+ vpn_control('restore')
+ sys.exit(1)