[v3] examples/ipsec-secgw: remove limitation for crypto sessions
Checks
Commit Message
Get rid of hardcoded limit of cryptodev sessions.
Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
Cc: vladimir.medvedkin@intel.com
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------
examples/ipsec-secgw/ipsec.h | 3 +++
examples/ipsec-secgw/sa.c | 9 +++++++++
3 files changed, 31 insertions(+), 6 deletions(-)
Comments
>
> Get rid of hardcoded limit of cryptodev sessions.
>
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
> Cc: vladimir.medvedkin@intel.com
>
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------
> examples/ipsec-secgw/ipsec.h | 3 +++
> examples/ipsec-secgw/sa.c | 9 +++++++++
> 3 files changed, 31 insertions(+), 6 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 5fde4f7..30fc985 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -62,7 +62,6 @@ volatile bool force_quit;
>
> #define CDEV_QUEUE_DESC 2048
> #define CDEV_MAP_ENTRIES 16384
> -#define CDEV_MP_NB_OBJS 1024
> #define CDEV_MP_CACHE_SZ 64
> #define MAX_QUEUE_PAIRS 1
>
> @@ -2003,10 +2002,11 @@ cryptodevs_init(uint16_t req_queue_num)
> dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
>
> uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
> - if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
> + if (dev_max_sess != 0 &&
> + dev_max_sess < get_nb_crypto_sessions())
> rte_exit(EXIT_FAILURE,
> "Device does not support at least %u "
> - "sessions", CDEV_MP_NB_OBJS);
> + "sessions", get_nb_crypto_sessions());
>
> if (rte_cryptodev_configure(cdev_id, &dev_conf))
> rte_panic("Failed to initialize cryptodev %u\n",
> @@ -2258,12 +2258,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
> {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
> + uint32_t nb_sess;
>
> snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> "sess_mp_%u", socket_id);
> + /*
> + * Doubled due to rte_security_session_create() uses one mempool for
> + * session and for session private data.
> + */
> + nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> + rte_lcore_count()) * 2;
> sess_mp = rte_cryptodev_sym_session_pool_create(
> - mp_name, CDEV_MP_NB_OBJS,
> - sess_sz, CDEV_MP_CACHE_SZ, 0,
> + mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
> socket_id);
> ctx->session_pool = sess_mp;
>
> @@ -2280,11 +2286,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
> {
> char mp_name[RTE_MEMPOOL_NAMESIZE];
> struct rte_mempool *sess_mp;
> + uint32_t nb_sess;
>
> snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
> "sess_mp_priv_%u", socket_id);
> + /*
> + * Doubled due to rte_security_session_create() uses one mempool for
> + * session and for session private data.
> + */
> + nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> + rte_lcore_count()) * 2;
> sess_mp = rte_mempool_create(mp_name,
> - CDEV_MP_NB_OBJS,
> + nb_sess,
> sess_sz,
> CDEV_MP_CACHE_SZ,
> 0, NULL, NULL, NULL,
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 1f264c0..8ad3082 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -409,4 +409,7 @@ int
> create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
> struct rte_ipsec_session *ips);
>
> +uint32_t
> +get_nb_crypto_sessions(void);
> +
> #endif /* __IPSEC_H__ */
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index a6bf5e8..2063db8 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
>
> #define SA_INIT_NB 128
>
> +static uint32_t nb_crypto_sessions;
> struct ipsec_sa *sa_out;
> uint32_t nb_sa_out;
> static uint32_t sa_out_sz;
> @@ -680,6 +681,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
> }
>
> rule->fallback_sessions = 1;
> + nb_crypto_sessions++;
> fallback_p = 1;
> continue;
> }
> @@ -724,6 +726,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
> rule->portid = -1;
> }
>
> + nb_crypto_sessions++;
> *ri = *ri + 1;
> }
>
> @@ -1542,3 +1545,9 @@ sa_sort_arr(void)
> qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
> qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
> }
> +
> +uint32_t
> +get_nb_crypto_sessions(void)
> +{
> + return nb_crypto_sessions;
> +}
> --
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 2.7.4
>
> >
> > Get rid of hardcoded limit of cryptodev sessions.
> >
> > Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA
> limitation")
> > Cc: vladimir.medvedkin@intel.com
> >
> > Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> > ---
> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Applied to dpdk-next-crypto
Thanks.
@@ -62,7 +62,6 @@ volatile bool force_quit;
#define CDEV_QUEUE_DESC 2048
#define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
#define CDEV_MP_CACHE_SZ 64
#define MAX_QUEUE_PAIRS 1
@@ -2003,10 +2002,11 @@ cryptodevs_init(uint16_t req_queue_num)
dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
- if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+ if (dev_max_sess != 0 &&
+ dev_max_sess < get_nb_crypto_sessions())
rte_exit(EXIT_FAILURE,
"Device does not support at least %u "
- "sessions", CDEV_MP_NB_OBJS);
+ "sessions", get_nb_crypto_sessions());
if (rte_cryptodev_configure(cdev_id, &dev_conf))
rte_panic("Failed to initialize cryptodev %u\n",
@@ -2258,12 +2258,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
{
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
+ uint32_t nb_sess;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_%u", socket_id);
+ /*
+ * Doubled due to rte_security_session_create() uses one mempool for
+ * session and for session private data.
+ */
+ nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+ rte_lcore_count()) * 2;
sess_mp = rte_cryptodev_sym_session_pool_create(
- mp_name, CDEV_MP_NB_OBJS,
- sess_sz, CDEV_MP_CACHE_SZ, 0,
+ mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
socket_id);
ctx->session_pool = sess_mp;
@@ -2280,11 +2286,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
{
char mp_name[RTE_MEMPOOL_NAMESIZE];
struct rte_mempool *sess_mp;
+ uint32_t nb_sess;
snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
"sess_mp_priv_%u", socket_id);
+ /*
+ * Doubled due to rte_security_session_create() uses one mempool for
+ * session and for session private data.
+ */
+ nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+ rte_lcore_count()) * 2;
sess_mp = rte_mempool_create(mp_name,
- CDEV_MP_NB_OBJS,
+ nb_sess,
sess_sz,
CDEV_MP_CACHE_SZ,
0, NULL, NULL, NULL,
@@ -409,4 +409,7 @@ int
create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
struct rte_ipsec_session *ips);
+uint32_t
+get_nb_crypto_sessions(void);
+
#endif /* __IPSEC_H__ */
@@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
#define SA_INIT_NB 128
+static uint32_t nb_crypto_sessions;
struct ipsec_sa *sa_out;
uint32_t nb_sa_out;
static uint32_t sa_out_sz;
@@ -680,6 +681,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
}
rule->fallback_sessions = 1;
+ nb_crypto_sessions++;
fallback_p = 1;
continue;
}
@@ -724,6 +726,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
rule->portid = -1;
}
+ nb_crypto_sessions++;
*ri = *ri + 1;
}
@@ -1542,3 +1545,9 @@ sa_sort_arr(void)
qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
}
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+ return nb_crypto_sessions;
+}