Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/64675/?format=api
http://patches.dpdk.org/api/patches/64675/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com", "date": "2020-01-14T14:27:15", "name": "[v4,4/5] examples/ipsec-secgw: get rid of maximum sa limitation", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "1581a22e6aee04ca2df7830039b3fa8cdc4cb851", "submitter": { "id": 1216, "url": "http://patches.dpdk.org/api/people/1216/?format=api", "name": "Vladimir Medvedkin", "email": "vladimir.medvedkin@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com/mbox/", "series": [ { "id": 8120, "url": "http://patches.dpdk.org/api/series/8120/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=8120", "date": "2020-01-14T14:27:11", "name": "integrate librte_ipsec SAD into ipsec-secgw", "version": 4, "mbox": "http://patches.dpdk.org/series/8120/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/64675/comments/", "check": "fail", "checks": "http://patches.dpdk.org/api/patches/64675/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 89C55A04FF;\n\tTue, 14 Jan 2020 15:27:54 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id C7F351C1D9;\n\tTue, 14 Jan 2020 15:27:32 +0100 (CET)", "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n by dpdk.org (Postfix) with ESMTP id C8C0D1C1C7\n for <dev@dpdk.org>; Tue, 14 Jan 2020 15:27:24 +0100 (CET)", "from fmsmga002.fm.intel.com ([10.253.24.26])\n by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n 14 Jan 2020 06:27:24 -0800", "from silpixa00400072.ir.intel.com ([10.237.222.213])\n by fmsmga002.fm.intel.com with ESMTP; 14 Jan 2020 06:27:23 -0800" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.69,433,1571727600\"; d=\"scan'208\";a=\"256316534\"", "From": "Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com,\n\takhil.goyal@nxp.com", "Date": "Tue, 14 Jan 2020 14:27:15 +0000", "Message-Id": "<1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": [ "<1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com>", "<1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com>" ], "References": [ "<1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com>", "<1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com>" ], "Subject": "[dpdk-dev] [PATCH v4 4/5] examples/ipsec-secgw: get rid of maximum\n\tsa limitation", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Get rid of maximum SA limitation.\nKeep parsed SA's into the sorted by SPI value array.\nUse binary search in the sorted SA array to find appropriate SA\nfor a given SPI.\n\nSigned-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>\n---\n examples/ipsec-secgw/ipsec.h | 1 -\n examples/ipsec-secgw/parser.c | 2 ++\n examples/ipsec-secgw/parser.h | 3 ++\n examples/ipsec-secgw/sa.c | 74 +++++++++++++++++++++++++++++++++----------\n 4 files changed, 62 insertions(+), 18 deletions(-)", "diff": "diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex 5988d59..3c77232 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -37,7 +37,6 @@\n \n #define DEFAULT_MAX_CATEGORIES\t1\n \n-#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */\n #define INVALID_SPI (0)\n \n #define DISCARD\tINVALID_SPI\ndiff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c\nindex fc8c238..67df170 100644\n--- a/examples/ipsec-secgw/parser.c\n+++ b/examples/ipsec-secgw/parser.c\n@@ -642,6 +642,8 @@ parse_cfg_file(const char *cfg_filename)\n \tcmdline_stdin_exit(cl);\n \tfclose(f);\n \n+\tsa_sort_arr();\n+\n \treturn 0;\n \n error_exit:\ndiff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h\nindex 6b8a100..1f8bd3e 100644\n--- a/examples/ipsec-secgw/parser.h\n+++ b/examples/ipsec-secgw/parser.h\n@@ -75,6 +75,9 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status);\n \n void\n+sa_sort_arr(void);\n+\n+void\n parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status);\n \ndiff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c\nindex d10a6ec..b3b83e3 100644\n--- a/examples/ipsec-secgw/sa.c\n+++ b/examples/ipsec-secgw/sa.c\n@@ -133,11 +133,15 @@ const struct supported_aead_algo aead_algos[] = {\n \t}\n };\n \n-static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];\n+#define SA_INIT_NB\t128\n+\n+static struct ipsec_sa *sa_out;\n+static uint32_t sa_out_sz;\n static uint32_t nb_sa_out;\n static struct ipsec_sa_cnt sa_out_cnt;\n \n-static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];\n+static struct ipsec_sa *sa_in;\n+static uint32_t sa_in_sz;\n static uint32_t nb_sa_in;\n static struct ipsec_sa_cnt sa_in_cnt;\n \n@@ -224,6 +228,31 @@ parse_key_string(const char *key_str, uint8_t *key)\n \treturn nb_bytes;\n }\n \n+static int\n+extend_sa_arr(struct ipsec_sa **sa_tbl, uint32_t cur_cnt, uint32_t *cur_sz)\n+{\n+\tif (*sa_tbl == NULL) {\n+\t\t*sa_tbl = calloc(SA_INIT_NB, sizeof(struct ipsec_sa));\n+\t\tif (*sa_tbl == NULL)\n+\t\t\treturn -1;\n+\t\t*cur_sz = SA_INIT_NB;\n+\t\treturn 0;\n+\t}\n+\n+\tif (cur_cnt >= *cur_sz) {\n+\t\t*sa_tbl = realloc(*sa_tbl,\n+\t\t\t*cur_sz * sizeof(struct ipsec_sa) * 2);\n+\t\tif (*sa_tbl == NULL)\n+\t\t\treturn -1;\n+\t\t/* clean reallocated extra space */\n+\t\tmemset(&(*sa_tbl)[*cur_sz], 0,\n+\t\t\t*cur_sz * sizeof(struct ipsec_sa));\n+\t\t*cur_sz *= 2;\n+\t}\n+\n+\treturn 0;\n+}\n+\n void\n parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tstruct parse_status *status)\n@@ -246,23 +275,15 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,\n \tif (strcmp(tokens[0], \"in\") == 0) {\n \t\tri = &nb_sa_in;\n \t\tsa_cnt = &sa_in_cnt;\n-\n-\t\tAPP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,\n-\t\t\t\"too many sa rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n+\t\tif (extend_sa_arr(&sa_in, nb_sa_in, &sa_in_sz) < 0)\n \t\t\treturn;\n-\n \t\trule = &sa_in[*ri];\n \t\trule->direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n \t} else {\n \t\tri = &nb_sa_out;\n \t\tsa_cnt = &sa_out_cnt;\n-\n-\t\tAPP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,\n-\t\t\t\"too many sa rules, abort insertion\\n\");\n-\t\tif (status->status < 0)\n+\t\tif (extend_sa_arr(&sa_out, nb_sa_out, &sa_out_sz) < 0)\n \t\t\treturn;\n-\n \t\trule = &sa_out[*ri];\n \t\trule->direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;\n \t}\n@@ -1311,13 +1332,24 @@ ipsec_satbl_init(struct sa_ctx *ctx, uint32_t nb_ent, int32_t socket)\n \treturn rc;\n }\n \n+static int\n+sa_cmp(const void *p, const void *q)\n+{\n+\tuint32_t spi1 = ((const struct ipsec_sa *)p)->spi;\n+\tuint32_t spi2 = ((const struct ipsec_sa *)q)->spi;\n+\n+\treturn (int)(spi1 - spi2);\n+}\n+\n /*\n * Walk through all SA rules to find an SA with given SPI\n */\n int\n sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)\n {\n-\tuint32_t i, num;\n+\tuint32_t num;\n+\tstruct ipsec_sa *sa;\n+\tstruct ipsec_sa tmpl;\n \tconst struct ipsec_sa *sar;\n \n \tsar = sa_ctx->sa;\n@@ -1326,10 +1358,11 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)\n \telse\n \t\tnum = nb_sa_out;\n \n-\tfor (i = 0; i != num; i++) {\n-\t\tif (sar[i].spi == spi)\n-\t\t\treturn i;\n-\t}\n+\ttmpl.spi = spi;\n+\n+\tsa = bsearch(&tmpl, sar, num, sizeof(struct ipsec_sa), sa_cmp);\n+\tif (sa != NULL)\n+\t\treturn RTE_PTR_DIFF(sa, sar) / sizeof(struct ipsec_sa);\n \n \treturn -ENOENT;\n }\n@@ -1522,3 +1555,10 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,\n \t}\n \treturn 0;\n }\n+\n+void\n+sa_sort_arr(void)\n+{\n+\tqsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);\n+\tqsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);\n+}\n", "prefixes": [ "v4", "4/5" ] }{ "id": 64675, "url": "