[v2] examples/ipsec-secgw: remove limitation for crypto sessions
Checks
Commit Message
Get rid of hardcoded limit of cryptodev sessions.
Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
Cc: vladimir.medvedkin@intel.com
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 12 +++++++-----
examples/ipsec-secgw/ipsec.h | 3 +++
examples/ipsec-secgw/sa.c | 9 +++++++++
3 files changed, 19 insertions(+), 5 deletions(-)
Comments
Hi Vladimir,
>
> Get rid of hardcoded limit of cryptodev sessions.
>
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
> Cc: vladimir.medvedkin@intel.com
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
This will create an issue in case of rte_security sessions.
Rte_security session create APIs were not updated when the provision for having
Separate mempools for session and session private data was introduced.
As a result the number of entries in session_priv_pool should be double the number of
Supported sessions - one for session and one for session priv data.
This should be fixed in rte_security API but this would mean an API breakage which cannot
Be done before 20.11. So this patch need to be deferred till it is not fixed in rte_security.
Or we can have double the number of required entries in mempool.
Regards,
Akhil
Hi Akhil,
-----Original Message-----
From: Akhil Goyal <akhil.goyal@nxp.com>
Sent: Wednesday, April 15, 2020 8:20 PM
To: Medvedkin, Vladimir <vladimir.medvedkin@intel.com>; dev@dpdk.org
Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>
Subject: RE: [PATCH v2] examples/ipsec-secgw: remove limitation for crypto sessions
Hi Vladimir,
>
> Get rid of hardcoded limit of cryptodev sessions.
>
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA
> limitation")
> Cc: vladimir.medvedkin@intel.com
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
This will create an issue in case of rte_security sessions.
Rte_security session create APIs were not updated when the provision for having Separate mempools for session and session private data was introduced.
As a result the number of entries in session_priv_pool should be double the number of Supported sessions - one for session and one for session priv data.
This should be fixed in rte_security API but this would mean an API breakage which cannot Be done before 20.11. So this patch need to be deferred till it is not fixed in rte_security.
Or we can have double the number of required entries in mempool.
I will double the number entries in mempool. Thanks!
Regards,
Akhil
@@ -58,7 +58,6 @@
#define CDEV_QUEUE_DESC 2048
#define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
#define CDEV_MP_CACHE_SZ 64
#define MAX_QUEUE_PAIRS 1
@@ -1916,10 +1915,11 @@ cryptodevs_init(void)
dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
- if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+ if (dev_max_sess != 0 &&
+ dev_max_sess < get_nb_crypto_sessions())
rte_exit(EXIT_FAILURE,
"Device does not support at least %u "
- "sessions", CDEV_MP_NB_OBJS);
+ "sessions", get_nb_crypto_sessions());
if (rte_cryptodev_configure(cdev_id, &dev_conf))
rte_panic("Failed to initialize cryptodev %u\n",
@@ -2175,7 +2175,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
sess_mp = rte_cryptodev_sym_session_pool_create(
- mp_name, CDEV_MP_NB_OBJS,
+ mp_name, get_nb_crypto_sessions() +
+ CDEV_MP_CACHE_SZ * rte_lcore_count(),
sess_sz, CDEV_MP_CACHE_SZ, 0,
socket_id);
ctx->session_pool = sess_mp;
@@ -2197,7 +2198,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_priv_%u", socket_id);
sess_mp = rte_mempool_create(mp_name,
- CDEV_MP_NB_OBJS,
+ get_nb_crypto_sessions() +
+ CDEV_MP_CACHE_SZ * rte_lcore_count(),
sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
@@ -384,4 +384,7 @@ int
create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_ipsec_session *ips);
+uint32_t
+get_nb_crypto_sessions(void);
+
#endif /* __IPSEC_H__ */
@@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
#define SA_INIT_NB 128
+static uint32_t nb_crypto_sessions;
static struct ipsec_sa *sa_out;
static uint32_t sa_out_sz;
static uint32_t nb_sa_out;
@@ -678,6 +679,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
}
rule->fallback_sessions = 1;
+ nb_crypto_sessions++;
fallback_p = 1;
continue;
}
@@ -722,6 +724,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->portid = -1;
}
+ nb_crypto_sessions++;
*ri = *ri + 1;
}
@@ -1553,3 +1556,9 @@ sa_sort_arr(void)
qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
}
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+ return nb_crypto_sessions;
+}