diff mbox series

[v2,6/6] examples/ipsec-secgw: clear soft expiry configuration

Message ID 1631032372-275-7-git-send-email-anoobj@marvell.com (mailing list archive)
State Changes Requested, archived
Delegated to: akhil goyal
Headers show
Series Add SA lifetime in security | expand

Checks

Context Check Description
ci/Intel-compilation warning apply issues
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Sept. 7, 2021, 4:32 p.m. UTC
Soft expiry is not a mandatory IPsec feature. It is verified separately
with IPsec unit tests. So configuration of the same is not required.
Also, soft expiry tracking can cause perf degradation with some PMDs.
Since a separate UT is available and the same setting in ipsec-secgw is
not verifying the functionality, remove the same by clearing life
configuration.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 examples/ipsec-secgw/ipsec.c | 5 ++++-
 examples/ipsec-secgw/ipsec.h | 2 --
 2 files changed, 4 insertions(+), 3 deletions(-)

Comments

Ananyev, Konstantin Sept. 16, 2021, 11:11 a.m. UTC | #1
> 
> Soft expiry is not a mandatory IPsec feature. It is verified separately
> with IPsec unit tests. So configuration of the same is not required.
> Also, soft expiry tracking can cause perf degradation with some PMDs.
> Since a separate UT is available and the same setting in ipsec-secgw is
> not verifying the functionality, remove the same by clearing life
> configuration.
> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
>  examples/ipsec-secgw/ipsec.c | 5 ++++-
>  examples/ipsec-secgw/ipsec.h | 2 --
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4868294..7f936c7 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -49,7 +49,10 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
>  		}
>  		/* TODO support for Transport */
>  	}
> -	ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;
> +	ipsec->life.packets_soft_limit = 0;
> +	ipsec->life.packets_hard_limit = 0;
> +	ipsec->life.bytes_soft_limit = 0;
> +	ipsec->life.bytes_hard_limit = 0;

As a nit: as I can read the code it would be already zeroed at entrance to this function,
so explicit zeroing is not really required.

>  	ipsec->replay_win_sz = app_sa_prm.window_size;
>  	ipsec->options.esn = app_sa_prm.enable_esn;
>  	ipsec->options.udp_encap = sa->udp_encap;
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 90c81c1..8405c48 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -23,8 +23,6 @@
> 
>  #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
> 
> -#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00
> -
>  #define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
>  				sizeof(struct rte_crypto_sym_op))
> 
> --
> 2.7.4
diff mbox series

Patch

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 4868294..7f936c7 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -49,7 +49,10 @@  set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
 		}
 		/* TODO support for Transport */
 	}
-	ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;
+	ipsec->life.packets_soft_limit = 0;
+	ipsec->life.packets_hard_limit = 0;
+	ipsec->life.bytes_soft_limit = 0;
+	ipsec->life.bytes_hard_limit = 0;
 	ipsec->replay_win_sz = app_sa_prm.window_size;
 	ipsec->options.esn = app_sa_prm.enable_esn;
 	ipsec->options.udp_encap = sa->udp_encap;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 90c81c1..8405c48 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -23,8 +23,6 @@ 
 
 #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
 
-#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00
-
 #define IV_OFFSET		(sizeof(struct rte_crypto_op) + \
 				sizeof(struct rte_crypto_sym_op))