[v2,6/6] examples/ipsec-secgw: clear soft expiry configuration
Checks
Commit Message
Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Also, soft expiry tracking can cause perf degradation with some PMDs.
Since a separate UT is available and the same setting in ipsec-secgw is
not verifying the functionality, remove the same by clearing life
configuration.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
examples/ipsec-secgw/ipsec.c | 5 ++++-
examples/ipsec-secgw/ipsec.h | 2 --
2 files changed, 4 insertions(+), 3 deletions(-)
Comments
>
> Soft expiry is not a mandatory IPsec feature. It is verified separately
> with IPsec unit tests. So configuration of the same is not required.
> Also, soft expiry tracking can cause perf degradation with some PMDs.
> Since a separate UT is available and the same setting in ipsec-secgw is
> not verifying the functionality, remove the same by clearing life
> configuration.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
> examples/ipsec-secgw/ipsec.c | 5 ++++-
> examples/ipsec-secgw/ipsec.h | 2 --
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4868294..7f936c7 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -49,7 +49,10 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
> }
> /* TODO support for Transport */
> }
> - ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;
> + ipsec->life.packets_soft_limit = 0;
> + ipsec->life.packets_hard_limit = 0;
> + ipsec->life.bytes_soft_limit = 0;
> + ipsec->life.bytes_hard_limit = 0;
As a nit: as I can read the code it would be already zeroed at entrance to this function,
so explicit zeroing is not really required.
> ipsec->replay_win_sz = app_sa_prm.window_size;
> ipsec->options.esn = app_sa_prm.enable_esn;
> ipsec->options.udp_encap = sa->udp_encap;
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 90c81c1..8405c48 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -23,8 +23,6 @@
>
> #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
>
> -#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00
> -
> #define IV_OFFSET (sizeof(struct rte_crypto_op) + \
> sizeof(struct rte_crypto_sym_op))
>
> --
> 2.7.4
@@ -49,7 +49,10 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
}
/* TODO support for Transport */
}
- ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;
+ ipsec->life.packets_soft_limit = 0;
+ ipsec->life.packets_hard_limit = 0;
+ ipsec->life.bytes_soft_limit = 0;
+ ipsec->life.bytes_hard_limit = 0;
ipsec->replay_win_sz = app_sa_prm.window_size;
ipsec->options.esn = app_sa_prm.enable_esn;
ipsec->options.udp_encap = sa->udp_encap;
@@ -23,8 +23,6 @@
#define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
-#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00
-
#define IV_OFFSET (sizeof(struct rte_crypto_op) + \
sizeof(struct rte_crypto_sym_op))