Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/110325/?format=api
{ "id": 110325, "url": "http://patchwork.dpdk.org/api/patches/110325/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20220427092020.2506177-1-vfialko@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20220427092020.2506177-1-vfialko@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20220427092020.2506177-1-vfialko@marvell.com", "date": "2022-04-27T09:20:20", "name": "[1/1] examples/ipsec-secgw: create lookaside sessions at init", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "666e9d0b38b7bd37e6026e6e4583e59206068860", "submitter": { "id": 2390, "url": "http://patchwork.dpdk.org/api/people/2390/?format=api", "name": "Volodymyr Fialko", "email": "vfialko@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20220427092020.2506177-1-vfialko@marvell.com/mbox/", "series": [ { "id": 22687, "url": "http://patchwork.dpdk.org/api/series/22687/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=22687", "date": "2022-04-27T09:20:20", "name": "[1/1] examples/ipsec-secgw: create lookaside sessions at init", "version": 1, "mbox": "http://patchwork.dpdk.org/series/22687/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/110325/comments/", "check": "warning", "checks": "http://patchwork.dpdk.org/api/patches/110325/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id CD227A0507;\n\tWed, 27 Apr 2022 11:20:32 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id BD2E7410DC;\n\tWed, 27 Apr 2022 11:20:32 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 11B7B40691\n for <dev@dpdk.org>; Wed, 27 Apr 2022 11:20:30 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id\n 23R80ajW014848;\n Wed, 27 Apr 2022 02:20:30 -0700", "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3fprt4j2x6-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Wed, 27 Apr 2022 02:20:30 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Wed, 27 Apr 2022 02:20:27 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Wed, 27 Apr 2022 02:20:28 -0700", "from localhost.localdomain (unknown [10.28.34.39])\n by maili.marvell.com (Postfix) with ESMTP id AF6973F707B;\n Wed, 27 Apr 2022 02:20:25 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : mime-version : content-transfer-encoding :\n content-type; s=pfpt0220; bh=1bYzGq63gsMAieLILumFpwgp63cJ2NJJZ6xuFliOvuA=;\n b=BI1fpXJotnBDdrLovdAQPL2IP8j7VnoZUO4Xmgc0Zus2SUJLEbWMSbthvOhZtK2sXAiq\n OUg5wmjPTCzX8CFavz8oOStKLQayQZQlpN2ZmITcn4o25LGWGYZqx7087XTnWIISK3Vi\n edFarGly0efSLvNGDvIHTA2kuWWjIRk5XLvKUKhsBw0R4xiKLOV0YgDs5eh01zpwBPcj\n mxY0p7Vy/PJEJfrFCfQGyKnfxG+kMA3D1NeV1/Z7yU2SyPUgf9bO0ydmTWPPFdroLNft\n iTakem6DvZX8+SHo4Wp352LKIo2LUPbYlQz7CakNJd3VztM2y0ntXAgqhJ92B863v468 Lg==", "From": "Volodymyr Fialko <vfialko@marvell.com>", "To": "<dev@dpdk.org>, Radu Nicolau <radu.nicolau@intel.com>, Akhil Goyal\n <gakhil@marvell.com>", "CC": "<jerinj@marvell.com>, <anoobj@marvell.com>,\n <konstantin.ananyev@intel.com>,\n Volodymyr Fialko <vfialko@marvell.com>", "Subject": "[PATCH 1/1] examples/ipsec-secgw: create lookaside sessions at init", "Date": "Wed, 27 Apr 2022 11:20:20 +0200", "Message-ID": "<20220427092020.2506177-1-vfialko@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "xjDI0rTunLgplDPyszeq7o5PB8CEoYTZ", "X-Proofpoint-GUID": "xjDI0rTunLgplDPyszeq7o5PB8CEoYTZ", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514\n definitions=2022-04-27_03,2022-04-26_02,2022-02-23_01", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "In event lookaside mode same session could be handled with multiple\ncores, and session creation in datapath will cause situation where\nmultiple cores will try to create same session simultaneously.\nTo avoid such case and enable event lookaside mode in future, lookaside\nsessions are now created at initialization in sa_add_rules().\n\nAll sessions(inline and lookaside) now created during init process, so\nsession pool information was removed from ipsec context. Core id was\nadded to obtain correct crypto device queue pair for the current core.\n\nSigned-off-by: Volodymyr Fialko <vfialko@marvell.com>\n---\nDepends-on: series-22265 (\"examples/ipsec-secgw: examples/ipsec-secgw: destroy lookaside sessions\")\nDepends-on: series-22593 (\"examples/ipsec-secgw: move fast path helper functions\")\n\n examples/ipsec-secgw/ipsec-secgw.c | 27 +++----\n examples/ipsec-secgw/ipsec.c | 101 +++++++++++++++++----------\n examples/ipsec-secgw/ipsec.h | 13 ++--\n examples/ipsec-secgw/ipsec_process.c | 33 +++------\n examples/ipsec-secgw/ipsec_worker.c | 8 +--\n examples/ipsec-secgw/sa.c | 45 +++++++-----\n 6 files changed, 121 insertions(+), 106 deletions(-)", "diff": "diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c\nindex 57acc01e3b..05b57ce3f5 100644\n--- a/examples/ipsec-secgw/ipsec-secgw.c\n+++ b/examples/ipsec-secgw/ipsec-secgw.c\n@@ -684,16 +684,12 @@ ipsec_poll_mode_worker(void)\n \tqconf->inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;\n \tqconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;\n \tqconf->inbound.cdev_map = cdev_map_in;\n-\tqconf->inbound.session_pool = socket_ctx[socket_id].session_pool;\n-\tqconf->inbound.session_priv_pool =\n-\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\tqconf->inbound.lcore_id = lcore_id;\n \tqconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;\n \tqconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;\n \tqconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;\n \tqconf->outbound.cdev_map = cdev_map_out;\n-\tqconf->outbound.session_pool = socket_ctx[socket_id].session_pool;\n-\tqconf->outbound.session_priv_pool =\n-\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\tqconf->outbound.lcore_id = lcore_id;\n \tqconf->frag.pool_indir = socket_ctx[socket_id].mbuf_pool_indir;\n \n \trc = ipsec_sad_lcore_cache_init(app_sa_prm.cache_sz);\n@@ -1458,7 +1454,7 @@ check_all_ports_link_status(uint32_t port_mask)\n }\n \n static int32_t\n-add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,\n+add_mapping(const char *str, uint16_t cdev_id,\n \t\tuint16_t qp, struct lcore_params *params,\n \t\tstruct ipsec_ctx *ipsec_ctx,\n \t\tconst struct rte_cryptodev_capabilities *cipher,\n@@ -1477,7 +1473,7 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,\n \tif (aead)\n \t\tkey.aead_algo = aead->sym.aead.algo;\n \n-\tret = rte_hash_lookup(map, &key);\n+\tret = rte_hash_lookup(ipsec_ctx->cdev_map, &key);\n \tif (ret != -ENOENT)\n \t\treturn 0;\n \n@@ -1499,7 +1495,7 @@ add_mapping(struct rte_hash *map, const char *str, uint16_t cdev_id,\n \t\t\t\tcdev_id, qp, i);\n \t}\n \n-\tret = rte_hash_add_key_data(map, &key, (void *)i);\n+\tret = rte_hash_add_key_data(ipsec_ctx->cdev_map, &key, (void *)i);\n \tif (ret < 0) {\n \t\tprintf(\"Faled to insert cdev mapping for (lcore %u, \"\n \t\t\t\t\"cdev %u, qp %u), errno %d\\n\",\n@@ -1517,20 +1513,19 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,\n {\n \tint32_t ret = 0;\n \tconst struct rte_cryptodev_capabilities *i, *j;\n-\tstruct rte_hash *map;\n \tstruct lcore_conf *qconf;\n \tstruct ipsec_ctx *ipsec_ctx;\n \tconst char *str;\n \n \tqconf = &lcore_conf[params->lcore_id];\n \n-\tif ((unprotected_port_mask & (1 << params->port_id)) == 0) {\n-\t\tmap = cdev_map_out;\n+\tif (!is_unprotected_port(params->port_id)) {\n \t\tipsec_ctx = &qconf->outbound;\n+\t\tipsec_ctx->cdev_map = cdev_map_out;\n \t\tstr = \"Outbound\";\n \t} else {\n-\t\tmap = cdev_map_in;\n \t\tipsec_ctx = &qconf->inbound;\n+\t\tipsec_ctx->cdev_map = cdev_map_in;\n \t\tstr = \"Inbound\";\n \t}\n \n@@ -1545,7 +1540,7 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,\n \t\t\tcontinue;\n \n \t\tif (i->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n-\t\t\tret |= add_mapping(map, str, cdev_id, qp, params,\n+\t\t\tret |= add_mapping(str, cdev_id, qp, params,\n \t\t\t\t\tipsec_ctx, NULL, NULL, i);\n \t\t\tcontinue;\n \t\t}\n@@ -1561,7 +1556,7 @@ add_cdev_mapping(struct rte_cryptodev_info *dev_info, uint16_t cdev_id,\n \t\t\tif (j->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)\n \t\t\t\tcontinue;\n \n-\t\t\tret |= add_mapping(map, str, cdev_id, qp, params,\n+\t\t\tret |= add_mapping(str, cdev_id, qp, params,\n \t\t\t\t\t\tipsec_ctx, i, j, NULL);\n \t\t}\n \t}\n@@ -3074,7 +3069,7 @@ main(int32_t argc, char **argv)\n \t\tif ((socket_ctx[socket_id].mbuf_pool != NULL) &&\n \t\t\t(socket_ctx[socket_id].sa_in == NULL) &&\n \t\t\t(socket_ctx[socket_id].sa_out == NULL)) {\n-\t\t\tsa_init(&socket_ctx[socket_id], socket_id);\n+\t\t\tsa_init(&socket_ctx[socket_id], socket_id, lcore_conf);\n \t\t\tsp4_init(&socket_ctx[socket_id], socket_id);\n \t\t\tsp6_init(&socket_ctx[socket_id], socket_id);\n \t\t\trt_init(&socket_ctx[socket_id], socket_id);\ndiff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c\nindex 3027fbc45f..7b7bfff696 100644\n--- a/examples/ipsec-secgw/ipsec.c\n+++ b/examples/ipsec-secgw/ipsec.c\n@@ -55,37 +55,71 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)\n }\n \n int\n-create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,\n-\t\tstruct rte_ipsec_session *ips)\n+create_lookaside_session(struct ipsec_ctx *ipsec_ctx_lcore[],\n+\tstruct socket_ctx *skt_ctx, struct ipsec_sa *sa,\n+\tstruct rte_ipsec_session *ips)\n {\n+\tuint16_t cdev_id = RTE_CRYPTO_MAX_DEVS;\n \tstruct rte_cryptodev_info cdev_info;\n \tunsigned long cdev_id_qp = 0;\n-\tint32_t ret = 0;\n \tstruct cdev_key key = { 0 };\n+\tstruct ipsec_ctx *ipsec_ctx;\n+\tuint32_t lcore_id;\n+\tint32_t ret = 0;\n \n-\tkey.lcore_id = (uint8_t)rte_lcore_id();\n+\tRTE_LCORE_FOREACH(lcore_id) {\n+\t\tipsec_ctx = ipsec_ctx_lcore[lcore_id];\n \n-\tkey.cipher_algo = (uint8_t)sa->cipher_algo;\n-\tkey.auth_algo = (uint8_t)sa->auth_algo;\n-\tkey.aead_algo = (uint8_t)sa->aead_algo;\n+\t\t/* Core is not bound to any cryptodev, skip it */\n+\t\tif (ipsec_ctx->cdev_map == NULL)\n+\t\t\tcontinue;\n \n-\tret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,\n-\t\t\t(void **)&cdev_id_qp);\n-\tif (ret < 0) {\n-\t\tRTE_LOG(ERR, IPSEC,\n-\t\t\t\t\"No cryptodev: core %u, cipher_algo %u, \"\n-\t\t\t\t\"auth_algo %u, aead_algo %u\\n\",\n-\t\t\t\tkey.lcore_id,\n-\t\t\t\tkey.cipher_algo,\n-\t\t\t\tkey.auth_algo,\n-\t\t\t\tkey.aead_algo);\n-\t\treturn -1;\n+\t\t/* Looking for cryptodev, which can handle this SA */\n+\t\tkey.lcore_id = (uint8_t)lcore_id;\n+\t\tkey.cipher_algo = (uint8_t)sa->cipher_algo;\n+\t\tkey.auth_algo = (uint8_t)sa->auth_algo;\n+\t\tkey.aead_algo = (uint8_t)sa->aead_algo;\n+\n+\t\tret = rte_hash_lookup_data(ipsec_ctx->cdev_map, &key,\n+\t\t\t\t(void **)&cdev_id_qp);\n+\t\tif (ret == -ENOENT)\n+\t\t\tcontinue;\n+\t\tif (ret < 0) {\n+\t\t\tRTE_LOG(ERR, IPSEC,\n+\t\t\t\t\t\"No cryptodev: core %u, cipher_algo %u, \"\n+\t\t\t\t\t\"auth_algo %u, aead_algo %u\\n\",\n+\t\t\t\t\tkey.lcore_id,\n+\t\t\t\t\tkey.cipher_algo,\n+\t\t\t\t\tkey.auth_algo,\n+\t\t\t\t\tkey.aead_algo);\n+\t\t\treturn ret;\n+\t\t}\n+\n+\t\t/* Verify that all cores are using same cryptodev for current\n+\t\t * algorithm combination, required by SA.\n+\t\t * Current cryptodev mapping process will map SA to the first\n+\t\t * cryptodev that matches requirements, so it's a double check,\n+\t\t * not an additional restriction.\n+\t\t */\n+\t\tif (cdev_id == RTE_CRYPTO_MAX_DEVS)\n+\t\t\tcdev_id = ipsec_ctx->tbl[cdev_id_qp].id;\n+\t\telse if (cdev_id != ipsec_ctx->tbl[cdev_id_qp].id) {\n+\t\t\tRTE_LOG(ERR, IPSEC,\n+\t\t\t\t\t\"SA mapping to multiple cryptodevs is \"\n+\t\t\t\t\t\"not supported!\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\t/* Store per core queue pair information */\n+\t\tsa->cqp[lcore_id] = &ipsec_ctx->tbl[cdev_id_qp];\n+\t}\n+\tif (cdev_id == RTE_CRYPTO_MAX_DEVS) {\n+\t\tRTE_LOG(WARNING, IPSEC, \"No cores found to handle SA\\n\");\n+\t\treturn 0;\n \t}\n \n-\tRTE_LOG_DP(DEBUG, IPSEC, \"Create session for SA spi %u on cryptodev \"\n-\t\t\t\"%u qp %u\\n\", sa->spi,\n-\t\t\tipsec_ctx->tbl[cdev_id_qp].id,\n-\t\t\tipsec_ctx->tbl[cdev_id_qp].qp);\n+\tRTE_LOG(DEBUG, IPSEC, \"Create session for SA spi %u on cryptodev \"\n+\t\t\t\"%u\\n\", sa->spi, cdev_id);\n \n \tif (ips->type != RTE_SECURITY_ACTION_TYPE_NONE &&\n \t\tips->type != RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {\n@@ -111,14 +145,14 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,\n \t\tif (ips->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {\n \t\t\tstruct rte_security_ctx *ctx = (struct rte_security_ctx *)\n \t\t\t\t\t\t\trte_cryptodev_get_sec_ctx(\n-\t\t\t\t\t\t\tipsec_ctx->tbl[cdev_id_qp].id);\n+\t\t\t\t\t\t\tcdev_id);\n \n \t\t\t/* Set IPsec parameters in conf */\n \t\t\tset_ipsec_conf(sa, &(sess_conf.ipsec));\n \n \t\t\tips->security.ses = rte_security_session_create(ctx,\n-\t\t\t\t\t&sess_conf, ipsec_ctx->session_pool,\n-\t\t\t\t\tipsec_ctx->session_priv_pool);\n+\t\t\t\t\t&sess_conf, skt_ctx->session_pool,\n+\t\t\t\t\tskt_ctx->session_priv_pool);\n \t\t\tif (ips->security.ses == NULL) {\n \t\t\t\tRTE_LOG(ERR, IPSEC,\n \t\t\t\t\"SEC Session init failed: err: %d\\n\", ret);\n@@ -130,8 +164,6 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,\n \t\t\treturn -1;\n \t\t}\n \t} else {\n-\t\tuint16_t cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;\n-\n \t\tif (ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {\n \t\t\tstruct rte_cryptodev_info info;\n \n@@ -143,16 +175,14 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,\n \t\t}\n \t\tips->crypto.dev_id = cdev_id;\n \t\tips->crypto.ses = rte_cryptodev_sym_session_create(\n-\t\t\t\tipsec_ctx->session_pool);\n+\t\t\t\tskt_ctx->session_pool);\n \t\trte_cryptodev_sym_session_init(cdev_id,\n \t\t\t\tips->crypto.ses, sa->xforms,\n-\t\t\t\tipsec_ctx->session_priv_pool);\n+\t\t\t\tskt_ctx->session_priv_pool);\n \n \t\trte_cryptodev_info_get(cdev_id, &cdev_info);\n \t}\n \n-\tsa->cdev_id_qp = cdev_id_qp;\n-\n \treturn 0;\n }\n \n@@ -621,8 +651,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,\n \n \t\t\trte_prefetch0(&priv->sym_cop);\n \n-\t\t\tif ((unlikely(ips->security.ses == NULL)) &&\n-\t\t\t\tcreate_lookaside_session(ipsec_ctx, sa, ips)) {\n+\t\t\tif (unlikely(ips->security.ses == NULL)) {\n \t\t\t\tfree_pkts(&pkts[i], 1);\n \t\t\t\tcontinue;\n \t\t\t}\n@@ -656,8 +685,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,\n \n \t\t\trte_prefetch0(&priv->sym_cop);\n \n-\t\t\tif ((unlikely(ips->crypto.ses == NULL)) &&\n-\t\t\t\tcreate_lookaside_session(ipsec_ctx, sa, ips)) {\n+\t\t\tif (unlikely(ips->crypto.ses == NULL)) {\n \t\t\t\tfree_pkts(&pkts[i], 1);\n \t\t\t\tcontinue;\n \t\t\t}\n@@ -704,8 +732,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,\n \t\t\tcontinue;\n \t\t}\n \n-\t\tRTE_ASSERT(sa->cdev_id_qp < ipsec_ctx->nb_qps);\n-\t\tenqueue_cop(&ipsec_ctx->tbl[sa->cdev_id_qp], &priv->cop);\n+\t\tenqueue_cop(sa->cqp[ipsec_ctx->lcore_id], &priv->cop);\n \t}\n }\n \ndiff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h\nindex ecad262fcd..2005ae8fec 100644\n--- a/examples/ipsec-secgw/ipsec.h\n+++ b/examples/ipsec-secgw/ipsec.h\n@@ -112,7 +112,7 @@ ipsec_mask_saptr(void *ptr)\n struct ipsec_sa {\n \tstruct rte_ipsec_session sessions[IPSEC_SESSION_MAX];\n \tuint32_t spi;\n-\tuint32_t cdev_id_qp;\n+\tstruct cdev_qp *cqp[RTE_MAX_LCORE];\n \tuint64_t seq;\n \tuint32_t salt;\n \tuint32_t fallback_sessions;\n@@ -230,12 +230,11 @@ struct ipsec_ctx {\n \tuint16_t nb_qps;\n \tuint16_t last_qp;\n \tstruct cdev_qp tbl[MAX_QP_PER_LCORE];\n-\tstruct rte_mempool *session_pool;\n-\tstruct rte_mempool *session_priv_pool;\n \tstruct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));\n \tuint16_t ol_pkts_cnt;\n \tuint64_t ipv4_offloads;\n \tuint64_t ipv6_offloads;\n+\tuint32_t lcore_id;\n };\n \n struct cdev_key {\n@@ -424,7 +423,8 @@ int\n sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound);\n \n void\n-sa_init(struct socket_ctx *ctx, int32_t socket_id);\n+sa_init(struct socket_ctx *ctx, int32_t socket_id,\n+\t\tstruct lcore_conf *lcore_conf);\n \n void\n rt_init(struct socket_ctx *ctx, int32_t socket_id);\n@@ -440,8 +440,9 @@ void\n enqueue_cop_burst(struct cdev_qp *cqp);\n \n int\n-create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,\n-\t\tstruct rte_ipsec_session *ips);\n+create_lookaside_session(struct ipsec_ctx *ipsec_ctx[],\n+\tstruct socket_ctx *skt_ctx, struct ipsec_sa *sa,\n+\tstruct rte_ipsec_session *ips);\n \n int\n create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,\ndiff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c\nindex 089d89f904..b0cece3ad1 100644\n--- a/examples/ipsec-secgw/ipsec_process.c\n+++ b/examples/ipsec-secgw/ipsec_process.c\n@@ -73,32 +73,18 @@ enqueue_cop_bulk(struct cdev_qp *cqp, struct rte_crypto_op *cop[], uint32_t num)\n }\n \n static inline int\n-fill_ipsec_session(struct rte_ipsec_session *ss, struct ipsec_ctx *ctx,\n-\tstruct ipsec_sa *sa)\n+check_ipsec_session(const struct rte_ipsec_session *ss)\n {\n-\tint32_t rc;\n-\n-\t/* setup crypto section */\n \tif (ss->type == RTE_SECURITY_ACTION_TYPE_NONE ||\n \t\t\tss->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {\n-\t\tRTE_ASSERT(ss->crypto.ses == NULL);\n-\t\trc = create_lookaside_session(ctx, sa, ss);\n-\t\tif (rc != 0)\n-\t\t\treturn rc;\n-\t/* setup session action type */\n+\t\tif (ss->crypto.ses == NULL)\n+\t\t\treturn -ENOENT;\n \t} else if (ss->type == RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) {\n-\t\tRTE_ASSERT(ss->security.ses == NULL);\n-\t\trc = create_lookaside_session(ctx, sa, ss);\n-\t\tif (rc != 0)\n-\t\t\treturn rc;\n+\t\tif (ss->security.ses == NULL)\n+\t\t\treturn -ENOENT;\n \t} else\n \t\tRTE_ASSERT(0);\n-\n-\trc = rte_ipsec_session_prepare(ss);\n-\tif (rc != 0)\n-\t\tmemset(ss, 0, sizeof(*ss));\n-\n-\treturn rc;\n+\treturn 0;\n }\n \n /*\n@@ -183,7 +169,7 @@ ipsec_prepare_crypto_group(struct ipsec_ctx *ctx, struct ipsec_sa *sa,\n \tuint32_t j, k;\n \tstruct ipsec_mbuf_metadata *priv;\n \n-\tcqp = &ctx->tbl[sa->cdev_id_qp];\n+\tcqp = sa->cqp[ctx->lcore_id];\n \n \t/* for that app each mbuf has it's own crypto op */\n \tfor (j = 0; j != cnt; j++) {\n@@ -274,9 +260,8 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)\n \t\t\t\tipsec_get_fallback_session(sa) :\n \t\t\t\tipsec_get_primary_session(sa);\n \n-\t\t/* no valid HW session for that SA, try to create one */\n-\t\tif (sa == NULL || (ips->crypto.ses == NULL &&\n-\t\t\t\tfill_ipsec_session(ips, ctx, sa) != 0))\n+\t\t/* no valid HW session for that SA */\n+\t\tif (sa == NULL || unlikely(check_ipsec_session(ips) != 0))\n \t\t\tk = 0;\n \n \t\t/* process packets inline */\ndiff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c\nindex 2b96951259..6d9c1cbb37 100644\n--- a/examples/ipsec-secgw/ipsec_worker.c\n+++ b/examples/ipsec-secgw/ipsec_worker.c\n@@ -892,15 +892,11 @@ ipsec_wrkr_non_burst_int_port_app_mode(struct eh_event_link_info *links,\n \tlconf.inbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_in;\n \tlconf.inbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_in;\n \tlconf.inbound.sa_ctx = socket_ctx[socket_id].sa_in;\n-\tlconf.inbound.session_pool = socket_ctx[socket_id].session_pool;\n-\tlconf.inbound.session_priv_pool =\n-\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\tlconf.inbound.lcore_id = lcore_id;\n \tlconf.outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;\n \tlconf.outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;\n \tlconf.outbound.sa_ctx = socket_ctx[socket_id].sa_out;\n-\tlconf.outbound.session_pool = socket_ctx[socket_id].session_pool;\n-\tlconf.outbound.session_priv_pool =\n-\t\t\tsocket_ctx[socket_id].session_priv_pool;\n+\tlconf.outbound.lcore_id = lcore_id;\n \n \tRTE_LOG(INFO, IPSEC,\n \t\t\"Launching event mode worker (non-burst - Tx internal port - \"\ndiff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c\nindex f7ecd33d94..4fe24eeba8 100644\n--- a/examples/ipsec-secgw/sa.c\n+++ b/examples/ipsec-secgw/sa.c\n@@ -1227,7 +1227,8 @@ sa_add_address_inline_crypto(struct ipsec_sa *sa)\n static int\n sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \t\tuint32_t nb_entries, uint32_t inbound,\n-\t\tstruct socket_ctx *skt_ctx)\n+\t\tstruct socket_ctx *skt_ctx,\n+\t\tstruct ipsec_ctx *ips_ctx[])\n {\n \tstruct ipsec_sa *sa;\n \tuint32_t i, idx;\n@@ -1398,6 +1399,13 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \t\t\t\t\t\"create_inline_session() failed\\n\");\n \t\t\t\treturn -EINVAL;\n \t\t\t}\n+\t\t} else {\n+\t\t\trc = create_lookaside_session(ips_ctx, skt_ctx, sa, ips);\n+\t\t\tif (rc != 0) {\n+\t\t\t\tRTE_LOG(ERR, IPSEC_ESP,\n+\t\t\t\t\t\"create_lookaside_session() failed\\n\");\n+\t\t\t\treturn -EINVAL;\n+\t\t\t}\n \t\t}\n \n \t\tif (sa->fdir_flag && inbound) {\n@@ -1414,16 +1422,18 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n \n static inline int\n sa_out_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n-\t\tuint32_t nb_entries, struct socket_ctx *skt_ctx)\n+\t\tuint32_t nb_entries, struct socket_ctx *skt_ctx,\n+\t\tstruct ipsec_ctx *ips_ctx[])\n {\n-\treturn sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx);\n+\treturn sa_add_rules(sa_ctx, entries, nb_entries, 0, skt_ctx, ips_ctx);\n }\n \n static inline int\n sa_in_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],\n-\t\tuint32_t nb_entries, struct socket_ctx *skt_ctx)\n+\t\tuint32_t nb_entries, struct socket_ctx *skt_ctx,\n+\t\tstruct ipsec_ctx *ips_ctx[])\n {\n-\treturn sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx);\n+\treturn sa_add_rules(sa_ctx, entries, nb_entries, 1, skt_ctx, ips_ctx);\n }\n \n /*\n@@ -1497,14 +1507,9 @@ fill_ipsec_session(struct rte_ipsec_session *ss, struct rte_ipsec_sa *sa)\n \n \tss->sa = sa;\n \n-\tif (ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||\n-\t\tss->type == RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) {\n-\t\tif (ss->security.ses != NULL) {\n-\t\t\trc = rte_ipsec_session_prepare(ss);\n-\t\t\tif (rc != 0)\n-\t\t\t\tmemset(ss, 0, sizeof(*ss));\n-\t\t}\n-\t}\n+\trc = rte_ipsec_session_prepare(ss);\n+\tif (rc != 0)\n+\t\tmemset(ss, 0, sizeof(*ss));\n \n \treturn rc;\n }\n@@ -1643,10 +1648,13 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)\n }\n \n void\n-sa_init(struct socket_ctx *ctx, int32_t socket_id)\n+sa_init(struct socket_ctx *ctx, int32_t socket_id,\n+\t\tstruct lcore_conf *lcore_conf)\n {\n \tint32_t rc;\n \tconst char *name;\n+\tuint32_t lcore_id;\n+\tstruct ipsec_ctx *ipsec_ctx[RTE_MAX_LCORE];\n \n \tif (ctx == NULL)\n \t\trte_exit(EXIT_FAILURE, \"NULL context.\\n\");\n@@ -1671,8 +1679,9 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)\n \t\t\t\t&sa_in_cnt);\n \t\tif (rc != 0)\n \t\t\trte_exit(EXIT_FAILURE, \"failed to init SAD\\n\");\n-\n-\t\tsa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx);\n+\t\tRTE_LCORE_FOREACH(lcore_id)\n+\t\t\tipsec_ctx[lcore_id] = &lcore_conf[lcore_id].inbound;\n+\t\tsa_in_add_rules(ctx->sa_in, sa_in, nb_sa_in, ctx, ipsec_ctx);\n \n \t\tif (app_sa_prm.enable != 0) {\n \t\t\trc = ipsec_satbl_init(ctx->sa_in, nb_sa_in,\n@@ -1692,7 +1701,9 @@ sa_init(struct socket_ctx *ctx, int32_t socket_id)\n \t\t\t\t\"context %s in socket %d\\n\", rte_errno,\n \t\t\t\tname, socket_id);\n \n-\t\tsa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx);\n+\t\tRTE_LCORE_FOREACH(lcore_id)\n+\t\t\tipsec_ctx[lcore_id] = &lcore_conf[lcore_id].outbound;\n+\t\tsa_out_add_rules(ctx->sa_out, sa_out, nb_sa_out, ctx, ipsec_ctx);\n \n \t\tif (app_sa_prm.enable != 0) {\n \t\t\trc = ipsec_satbl_init(ctx->sa_out, nb_sa_out,\n", "prefixes": [ "1/1" ] }