[dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions

Ananyev, Konstantin konstantin.ananyev at intel.com
Thu Apr 23 02:12:51 CEST 2020

Previous message: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions
Next message: [dpdk-dev] [dpdk-dev v3 0/4] add RSS configuration for iavf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> 
> Get rid of hardcoded limit of cryptodev sessions.
> 
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
> Cc: vladimir.medvedkin at intel.com
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin at intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------
>  examples/ipsec-secgw/ipsec.h       |  3 +++
>  examples/ipsec-secgw/sa.c          |  9 +++++++++
>  3 files changed, 31 insertions(+), 6 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 5fde4f7..30fc985 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -62,7 +62,6 @@ volatile bool force_quit;
> 
>  #define CDEV_QUEUE_DESC 2048
>  #define CDEV_MAP_ENTRIES 16384
> -#define CDEV_MP_NB_OBJS 1024
>  #define CDEV_MP_CACHE_SZ 64
>  #define MAX_QUEUE_PAIRS 1
> 
> @@ -2003,10 +2002,11 @@ cryptodevs_init(uint16_t req_queue_num)
>  		dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
> 
>  		uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
> -		if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
> +		if (dev_max_sess != 0 &&
> +				dev_max_sess < get_nb_crypto_sessions())
>  			rte_exit(EXIT_FAILURE,
>  				"Device does not support at least %u "
> -				"sessions", CDEV_MP_NB_OBJS);
> +				"sessions", get_nb_crypto_sessions());
> 
>  		if (rte_cryptodev_configure(cdev_id, &dev_conf))
>  			rte_panic("Failed to initialize cryptodev %u\n",
> @@ -2258,12 +2258,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
>  {
>  	char mp_name[RTE_MEMPOOL_NAMESIZE];
>  	struct rte_mempool *sess_mp;
> +	uint32_t nb_sess;
> 
>  	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
>  			"sess_mp_%u", socket_id);
> +	/*
> +	 * Doubled due to rte_security_session_create() uses one mempool for
> +	 * session and for session private data.
> +	 */
> +	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> +		rte_lcore_count()) * 2;
>  	sess_mp = rte_cryptodev_sym_session_pool_create(
> -			mp_name, CDEV_MP_NB_OBJS,
> -			sess_sz, CDEV_MP_CACHE_SZ, 0,
> +			mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
>  			socket_id);
>  	ctx->session_pool = sess_mp;
> 
> @@ -2280,11 +2286,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
>  {
>  	char mp_name[RTE_MEMPOOL_NAMESIZE];
>  	struct rte_mempool *sess_mp;
> +	uint32_t nb_sess;
> 
>  	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
>  			"sess_mp_priv_%u", socket_id);
> +	/*
> +	 * Doubled due to rte_security_session_create() uses one mempool for
> +	 * session and for session private data.
> +	 */
> +	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> +		rte_lcore_count()) * 2;
>  	sess_mp = rte_mempool_create(mp_name,
> -			CDEV_MP_NB_OBJS,
> +			nb_sess,
>  			sess_sz,
>  			CDEV_MP_CACHE_SZ,
>  			0, NULL, NULL, NULL,
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 1f264c0..8ad3082 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -409,4 +409,7 @@ int
>  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
>  		struct rte_ipsec_session *ips);
> 
> +uint32_t
> +get_nb_crypto_sessions(void);
> +
>  #endif /* __IPSEC_H__ */
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index a6bf5e8..2063db8 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
> 
>  #define SA_INIT_NB	128
> 
> +static uint32_t nb_crypto_sessions;
>  struct ipsec_sa *sa_out;
>  uint32_t nb_sa_out;
>  static uint32_t sa_out_sz;
> @@ -680,6 +681,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  			}
> 
>  			rule->fallback_sessions = 1;
> +			nb_crypto_sessions++;
>  			fallback_p = 1;
>  			continue;
>  		}
> @@ -724,6 +726,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  		rule->portid = -1;
>  	}
> 
> +	nb_crypto_sessions++;
>  	*ri = *ri + 1;
>  }
> 
> @@ -1542,3 +1545,9 @@ sa_sort_arr(void)
>  	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
>  	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
>  }
> +
> +uint32_t
> +get_nb_crypto_sessions(void)
> +{
> +	return nb_crypto_sessions;
> +}
> --

Tested-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>

> 2.7.4

Previous message: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions
Next message: [dpdk-dev] [dpdk-dev v3 0/4] add RSS configuration for iavf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list