Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/64001/?format=api
{ "id": 64001, "url": "http://patches.dpdk.org/api/patches/64001/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/4c45de61634b8b9d533f09175e70efdfc6c9b647.1576684589.git.vladimir.medvedkin@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<4c45de61634b8b9d533f09175e70efdfc6c9b647.1576684589.git.vladimir.medvedkin@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/4c45de61634b8b9d533f09175e70efdfc6c9b647.1576684589.git.vladimir.medvedkin@intel.com", "date": "2019-12-18T16:00:22", "name": "[v2,4/5] examples/ipsec-secgw: get rid of maximum sa limitation", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "28828eff58c117f29f6a98a5630b02a06b8640a3", "submitter": { "id": 1216, "url": "http://patches.dpdk.org/api/people/1216/?format=api", "name": "Vladimir Medvedkin", "email": "vladimir.medvedkin@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/4c45de61634b8b9d533f09175e70efdfc6c9b647.1576684589.git.vladimir.medvedkin@intel.com/mbox/", "series": [ { "id": 7890, "url": "http://patches.dpdk.org/api/series/7890/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=7890", "date": "2019-12-18T16:00:18", "name": "integrate librte_ipsec SAD into ipsec-secgw", "version": 2, "mbox": "http://patches.dpdk.org/series/7890/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/64001/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/64001/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 336BAA0510;\n\tWed, 18 Dec 2019 17:01:21 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id A68CC1BF7E;\n\tWed, 18 Dec 2019 17:00:36 +0100 (CET)", "from mga04.intel.com (mga04.intel.com [192.55.52.120])\n by dpdk.org (Postfix) with ESMTP id 012691BE8A\n for <dev@dpdk.org>; Wed, 18 Dec 2019 17:00:31 +0100 (CET)", "from fmsmga003.fm.intel.com ([10.253.24.29])\n by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n 18 Dec 2019 08:00:31 -0800", "from silpixa00400072.ir.intel.com ([10.237.222.213])\n by FMSMGA003.fm.intel.com with ESMTP; 18 Dec 2019 08:00:30 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.69,330,1571727600\"; d=\"scan'208\";a=\"266922974\"", "From": "Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com,\n\takhil.goyal@nxp.com", "Date": "Wed, 18 Dec 2019 16:00:22 +0000", "Message-Id": "\n <4c45de61634b8b9d533f09175e70efdfc6c9b647.1576684589.git.vladimir.medvedkin@intel.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": [ "<cover.1576684589.git.vladimir.medvedkin@intel.com>", "<cover.1576684589.git.vladimir.medvedkin@intel.com>" ], "References": [ "<cover.1576684589.git.vladimir.medvedkin@intel.com>", "<cover.1576081138.git.vladimir.medvedkin@intel.com>\n <cover.1576684589.git.vladimir.medvedkin@intel.com>" ], "Subject": "[dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: get rid of maximum\n\tsa limitation", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Parse config file and save SA's into linked list\ninstead of flat array with predefined size.\n\nSigned-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>\n---\n examples/ipsec-secgw/sa.c | 78 +++++++++++++++++++++++++++++------------------\n 1 file changed, 48 insertions(+), 30 deletions(-)", "diff": "diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c\nindex 8cc7b17..32919fe 100644\n--- a/examples/ipsec-secgw/sa.c\n+++ b/examples/ipsec-secgw/sa.c\n@@ -20,6 +20,7 @@\n #include <rte_random.h>\n #include <rte_ethdev.h>\n #include <rte_malloc.h>\n+#include <sys/queue.h>\n \n #include \"ipsec.h\"\n #include \"esp.h\"\n@@ -133,11 +134,17 @@ const struct supported_aead_algo aead_algos[] = {\n \t}\n };\n \n-static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];\n+struct ipsec_sa_mgmt {\n+\tSTAILQ_ENTRY(ipsec_sa_mgmt) next;\n+\tstruct ipsec_sa sa;\n+};\n+STAILQ_HEAD(sa_head, ipsec_sa_mgmt);\n+\n+static struct sa_head sa_out_head = STAILQ_HEAD_INITIALIZER(sa_out_head);\n static uint32_t nb_sa_out;\n static struct ipsec_sa_cnt sa_out_cnt;\n \n-static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];\n+static struct sa_head sa_in_head = STAILQ_HEAD_INITIALIZER(sa_in_head);\n static uint32_t nb_sa_in;\n static struct ipsec_sa_cnt sa_in_cnt;\n \n@@ -228,6 +235,8 @@ void\n parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status)\n {\n+\tstruct ipsec_sa_mgmt *sa_mgmt;\n+\tstruct sa_head *head;\n \tstruct ipsec_sa *rule = NULL;\n \tstruct rte_ipsec_session *ips;\n \tuint32_t ti; /*token index*/\n@@ -243,27 +252,21 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tuint32_t portid_p = 0;\n \tuint32_t fallback_p = 0;\n \n+\tsa_mgmt = calloc(1, sizeof(struct ipsec_sa_mgmt));\n+\tif (sa_mgmt == NULL)\n+\t\treturn;\n+\n+\trule = &sa_mgmt->sa;\n+\n \tif (strcmp(tokens[0], \"in\") == 0) {\n \t\tri = &nb_sa_in;\n \t\tsa_cnt = &sa_in_cnt;\n-\n-\t\tAPP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,\n-\t\t\t\"too many sa rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule = &sa_in[*ri];\n+\t\thead = &sa_in_head;\n \t\trule->direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n \t} else {\n \t\tri = &nb_sa_out;\n \t\tsa_cnt = &sa_out_cnt;\n-\n-\t\tAPP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,\n-\t\t\t\"too many sa rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n-\t\t\treturn;\n-\n-\t\trule = &sa_out[*ri];\n+\t\thead = &sa_out_head;\n \t\trule->direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;\n \t}\n \n@@ -687,6 +690,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \t\trule->portid = -1;\n \t}\n \n+\tSTAILQ_INSERT_TAIL(head, sa_mgmt, next);\n \t*ri = *ri + 1;\n }\n \n@@ -956,12 +960,13 @@ sa_add_address_inline_crypto(struct ipsec_sa *sa)\n }\n \n static int\n-sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n+sa_add_rules(struct sa_ctx *sa_ctx, struct sa_head *entries,\n \t\tuint32_t nb_entries, uint32_t inbound,\n \t\tstruct socket_ctx *skt_ctx)\n {\n+\tstruct ipsec_sa_mgmt *sa_mgmt;\n \tstruct ipsec_sa *sa;\n-\tuint32_t i, idx;\n+\tuint32_t idx;\n \tuint16_t iv_length, aad_length;\n \tint inline_status;\n \tint32_t rc;\n@@ -970,15 +975,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \t/* for ESN upper 32 bits of SQN also need to be part of AAD */\n \taad_length = (app_sa_prm.enable_esn != 0) ? sizeof(uint32_t) : 0;\n \n-\tfor (i = 0; i < nb_entries; i++) {\n-\t\tidx = i;\n+\tsa_mgmt = STAILQ_FIRST(entries);\n+\tfor (idx = 0; idx < nb_entries; idx++) {\n+\t\tif (sa_mgmt == NULL)\n+\t\t\trte_exit(EXIT_FAILURE, \"SA mgmt queue is broken\\n\");\n+\n \t\tsa = &sa_ctx->sa[idx];\n \t\tif (sa->spi != 0) {\n \t\t\tprintf(\"Index %u already in use by SPI %u\\n\",\n \t\t\t\t\tidx, sa->spi);\n \t\t\treturn -EINVAL;\n \t\t}\n-\t\t*sa = entries[i];\n+\t\t*sa = sa_mgmt->sa;\n \n \t\tif (inbound) {\n \t\t\trc = ipsec_sad_add(&sa_ctx->sad, sa);\n@@ -1114,20 +1122,29 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \n \t\t\tprint_one_sa_rule(sa, inbound);\n \t\t}\n+\t\tsa_mgmt = STAILQ_NEXT(sa_mgmt, next);\n \t}\n \n+\tfor (sa_mgmt = STAILQ_FIRST(entries); sa_mgmt != NULL;\n+\t\t\tsa_mgmt = STAILQ_FIRST(entries)) {\n+\t\tSTAILQ_REMOVE_HEAD(entries, next);\n+\t\tfree(sa_mgmt);\n+\t}\n+\n+\tSTAILQ_INIT(entries);\n+\n \treturn 0;\n }\n \n static inline int\n-sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n+sa_out_add_rules(struct sa_ctx *sa_ctx, struct sa_head *entries,\n \t\tuint32_t nb_entries, struct socket_ctx *skt_ctx)\n {\n \treturn sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx);\n }\n \n static inline int\n-sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n+sa_in_add_rules(struct sa_ctx *sa_ctx, struct sa_head *entries,\n \t\tuint32_t nb_entries, struct socket_ctx *skt_ctx)\n {\n \treturn sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx);\n@@ -1363,7 +1380,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)\n \t\tif (rc != 0)\n \t\t\trte_exit(EXIT_FAILURE, \"failed to init SAD\\n\");\n \n-\t\tsa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx);\n+\t\tsa_in_add_rules(ctx->sa_in, &sa_in_head, nb_sa_in, ctx);\n \n \t\tif (app_sa_prm.enable != 0) {\n \t\t\trc = ipsec_satbl_init(ctx->sa_in, nb_sa_in,\n@@ -1383,7 +1400,7 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)\n \t\t\t\t\"context %s in socket %d\\n\", rte_errno,\n \t\t\t\tname, socket_id);\n \n-\t\tsa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx);\n+\t\tsa_out_add_rules(ctx->sa_out, &sa_out_head, nb_sa_out, ctx);\n \n \t\tif (app_sa_prm.enable != 0) {\n \t\t\trc = ipsec_satbl_init(ctx->sa_out, nb_sa_out,\n@@ -1451,21 +1468,22 @@ outbound_sa_lookup(struct sa_ctx *sa_ctx, uint32_t sa_idx[],\n \n /*\n * Select HW offloads to be used.\n+ * Called before sa_init, so working with mgmt queue\n */\n int\n sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,\n \t\tuint64_t *tx_offloads)\n {\n+\tstruct ipsec_sa_mgmt *sa_mgmt;\n \tstruct ipsec_sa *rule;\n-\tuint32_t idx_sa;\n \tenum rte_security_session_action_type rule_type;\n \n \t*rx_offloads = 0;\n \t*tx_offloads = 0;\n \n \t/* Check for inbound rules that use offloads and use this port */\n-\tfor (idx_sa = 0; idx_sa < nb_sa_in; idx_sa++) {\n-\t\trule = &sa_in[idx_sa];\n+\tSTAILQ_FOREACH(sa_mgmt, &sa_in_head, next) {\n+\t\trule = &sa_mgmt->sa;\n \t\trule_type = ipsec_get_action_type(rule);\n \t\tif ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||\n \t\t\t\trule_type ==\n@@ -1475,8 +1493,8 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,\n \t}\n \n \t/* Check for outbound rules that use offloads and use this port */\n-\tfor (idx_sa = 0; idx_sa < nb_sa_out; idx_sa++) {\n-\t\trule = &sa_out[idx_sa];\n+\tSTAILQ_FOREACH(sa_mgmt, &sa_out_head, next) {\n+\t\trule = &sa_mgmt->sa;\n \t\trule_type = ipsec_get_action_type(rule);\n \t\tif ((rule_type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||\n \t\t\t\trule_type ==\n", "prefixes": [ "v2", "4/5" ] }