From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v5 5/6] examples/ipsec-secgw: get rid of maximum sp limitation
Date: Wed, 29 Jan 2020 14:06:07 +0000 [thread overview]
Message-ID: <1580306768-110555-6-git-send-email-vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com>
In-Reply-To: <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com>
Get rid of maximum SP limitation.
Keep parsed SP's into the sorted by SPI value array.
Use binary search in the sorted SP array to find appropriate SP
for a given SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
examples/ipsec-secgw/parser.c | 2 +
examples/ipsec-secgw/parser.h | 6 +++
examples/ipsec-secgw/sp4.c | 90 +++++++++++++++++++++++++++++++++----------
examples/ipsec-secgw/sp6.c | 88 ++++++++++++++++++++++++++++++++----------
4 files changed, 144 insertions(+), 42 deletions(-)
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index 67df170..65eb7e9 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -643,6 +643,8 @@ parse_cfg_file(const char *cfg_filename)
fclose(f);
sa_sort_arr();
+ sp4_sort_arr();
+ sp6_sort_arr();
return 0;
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index 1f8bd3e..6e764fe 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -67,10 +67,16 @@ int
parse_range(const char *token, uint16_t *low, uint16_t *high);
void
+sp4_sort_arr(void);
+
+void
parse_sp4_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
void
+sp6_sort_arr(void);
+
+void
parse_sp6_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
diff --git a/examples/ipsec-secgw/sp4.c b/examples/ipsec-secgw/sp4.c
index 1dcec52..beddd7b 100644
--- a/examples/ipsec-secgw/sp4.c
+++ b/examples/ipsec-secgw/sp4.c
@@ -15,7 +15,7 @@
#include "ipsec.h"
#include "parser.h"
-#define MAX_ACL_RULE_NUM 1024
+#define INIT_ACL_RULE_NUM 128
#define IPV4_DST_FROM_SP(acr) \
(rte_cpu_to_be_32((acr).field[DST_FIELD_IPV4].value.u32))
@@ -97,11 +97,39 @@ static struct rte_acl_field_def ip4_defs[NUM_FIELDS_IPV4] = {
RTE_ACL_RULE_DEF(acl4_rules, RTE_DIM(ip4_defs));
-static struct acl4_rules acl4_rules_out[MAX_ACL_RULE_NUM];
+static struct acl4_rules *acl4_rules_out;
static uint32_t nb_acl4_rules_out;
+static uint32_t sp_out_sz;
-static struct acl4_rules acl4_rules_in[MAX_ACL_RULE_NUM];
+static struct acl4_rules *acl4_rules_in;
static uint32_t nb_acl4_rules_in;
+static uint32_t sp_in_sz;
+
+static int
+extend_sp_arr(struct acl4_rules **sp_tbl, uint32_t cur_cnt, uint32_t *cur_sz)
+{
+ if (*sp_tbl == NULL) {
+ *sp_tbl = calloc(INIT_ACL_RULE_NUM, sizeof(struct acl4_rules));
+ if (*sp_tbl == NULL)
+ return -1;
+ *cur_sz = INIT_ACL_RULE_NUM;
+ return 0;
+ }
+
+ if (cur_cnt >= *cur_sz) {
+ *sp_tbl = realloc(*sp_tbl,
+ *cur_sz * sizeof(struct acl4_rules) * 2);
+ if (*sp_tbl == NULL)
+ return -1;
+ /* clean reallocated extra space */
+ memset(&(*sp_tbl)[*cur_sz], 0,
+ *cur_sz * sizeof(struct acl4_rules));
+ *cur_sz *= 2;
+ }
+
+ return 0;
+}
+
void
parse_sp4_tokens(char **tokens, uint32_t n_tokens,
@@ -127,9 +155,8 @@ parse_sp4_tokens(char **tokens, uint32_t n_tokens,
if (strcmp(tokens[1], "in") == 0) {
ri = &nb_acl4_rules_in;
- APP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status,
- "too many sp rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sp_arr(&acl4_rules_in, nb_acl4_rules_in,
+ &sp_in_sz) < 0)
return;
rule_ipv4 = &acl4_rules_in[*ri];
@@ -137,9 +164,8 @@ parse_sp4_tokens(char **tokens, uint32_t n_tokens,
} else if (strcmp(tokens[1], "out") == 0) {
ri = &nb_acl4_rules_out;
- APP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status,
- "too many sp rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sp_arr(&acl4_rules_out, nb_acl4_rules_out,
+ &sp_out_sz) < 0)
return;
rule_ipv4 = &acl4_rules_out[*ri];
@@ -451,7 +477,7 @@ acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,
struct rte_acl_config acl_build_param;
struct rte_acl_ctx *ctx;
- printf("Creating SP context with %u max rules\n", MAX_ACL_RULE_NUM);
+ printf("Creating SP context with %u rules\n", rules_nb);
memset(&acl_param, 0, sizeof(acl_param));
@@ -464,7 +490,7 @@ acl4_init(const char *name, int32_t socketid, const struct acl4_rules *rules,
acl_param.name = s;
acl_param.socket_id = socketid;
acl_param.rule_size = RTE_ACL_RULE_SZ(RTE_DIM(ip4_defs));
- acl_param.max_rule_num = MAX_ACL_RULE_NUM;
+ acl_param.max_rule_num = rules_nb;
ctx = rte_acl_create(&acl_param);
if (ctx == NULL)
@@ -566,6 +592,16 @@ sp4_init(struct socket_ctx *ctx, int32_t socket_id)
"specified\n");
}
+static int
+sp_cmp(const void *p, const void *q)
+{
+ uint32_t spi1 = ((const struct acl4_rules *)p)->data.userdata;
+ uint32_t spi2 = ((const struct acl4_rules *)q)->data.userdata;
+
+ return (int)(spi1 - spi2);
+}
+
+
/*
* Search though SP rules for given SPI.
*/
@@ -573,8 +609,10 @@ int
sp4_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
uint32_t mask[2])
{
- uint32_t i, num;
+ uint32_t num;
+ struct acl4_rules *rule;
const struct acl4_rules *acr;
+ struct acl4_rules tmpl;
if (inbound != 0) {
acr = acl4_rules_in;
@@ -584,17 +622,27 @@ sp4_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
num = nb_acl4_rules_out;
}
- for (i = 0; i != num; i++) {
- if (acr[i].data.userdata == spi) {
- if (NULL != ip_addr && NULL != mask) {
- ip_addr[0].ip.ip4 = IPV4_SRC_FROM_SP(acr[i]);
- ip_addr[1].ip.ip4 = IPV4_DST_FROM_SP(acr[i]);
- mask[0] = IPV4_SRC_MASK_FROM_SP(acr[i]);
- mask[1] = IPV4_DST_MASK_FROM_SP(acr[i]);
- }
- return i;
+ tmpl.data.userdata = spi;
+
+ rule = bsearch(&tmpl, acr, num, sizeof(struct acl4_rules), sp_cmp);
+ if (rule != NULL) {
+ if (NULL != ip_addr && NULL != mask) {
+ ip_addr[0].ip.ip4 = IPV4_SRC_FROM_SP(*rule);
+ ip_addr[1].ip.ip4 = IPV4_DST_FROM_SP(*rule);
+ mask[0] = IPV4_SRC_MASK_FROM_SP(*rule);
+ mask[1] = IPV4_DST_MASK_FROM_SP(*rule);
}
+ return RTE_PTR_DIFF(rule, acr) / sizeof(struct acl4_rules);
}
return -ENOENT;
}
+
+void
+sp4_sort_arr(void)
+{
+ qsort(acl4_rules_in, nb_acl4_rules_in, sizeof(struct acl4_rules),
+ sp_cmp);
+ qsort(acl4_rules_out, nb_acl4_rules_out, sizeof(struct acl4_rules),
+ sp_cmp);
+}
diff --git a/examples/ipsec-secgw/sp6.c b/examples/ipsec-secgw/sp6.c
index b489e15..328e085 100644
--- a/examples/ipsec-secgw/sp6.c
+++ b/examples/ipsec-secgw/sp6.c
@@ -15,7 +15,7 @@
#include "ipsec.h"
#include "parser.h"
-#define MAX_ACL_RULE_NUM 1024
+#define INIT_ACL_RULE_NUM 128
#define IPV6_FROM_SP(acr, fidx_low, fidx_high) \
(((uint64_t)(acr).field[(fidx_high)].value.u32 << 32) | \
@@ -146,11 +146,38 @@ static struct rte_acl_field_def ip6_defs[IP6_NUM] = {
RTE_ACL_RULE_DEF(acl6_rules, RTE_DIM(ip6_defs));
-static struct acl6_rules acl6_rules_out[MAX_ACL_RULE_NUM];
+static struct acl6_rules *acl6_rules_out;
static uint32_t nb_acl6_rules_out;
+static uint32_t sp_out_sz;
-static struct acl6_rules acl6_rules_in[MAX_ACL_RULE_NUM];
+static struct acl6_rules *acl6_rules_in;
static uint32_t nb_acl6_rules_in;
+static uint32_t sp_in_sz;
+
+static int
+extend_sp_arr(struct acl6_rules **sp_tbl, uint32_t cur_cnt, uint32_t *cur_sz)
+{
+ if (*sp_tbl == NULL) {
+ *sp_tbl = calloc(INIT_ACL_RULE_NUM, sizeof(struct acl6_rules));
+ if (*sp_tbl == NULL)
+ return -1;
+ *cur_sz = INIT_ACL_RULE_NUM;
+ return 0;
+ }
+
+ if (cur_cnt >= *cur_sz) {
+ *sp_tbl = realloc(*sp_tbl,
+ *cur_sz * sizeof(struct acl6_rules) * 2);
+ if (*sp_tbl == NULL)
+ return -1;
+ /* clean reallocated extra space */
+ memset(&(*sp_tbl)[*cur_sz], 0,
+ *cur_sz * sizeof(struct acl6_rules));
+ *cur_sz *= 2;
+ }
+
+ return 0;
+}
void
parse_sp6_tokens(char **tokens, uint32_t n_tokens,
@@ -176,9 +203,8 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
if (strcmp(tokens[1], "in") == 0) {
ri = &nb_acl6_rules_in;
- APP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status, "too "
- "many sp rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sp_arr(&acl6_rules_in, nb_acl6_rules_in,
+ &sp_in_sz) < 0)
return;
rule_ipv6 = &acl6_rules_in[*ri];
@@ -186,9 +212,8 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
} else if (strcmp(tokens[1], "out") == 0) {
ri = &nb_acl6_rules_out;
- APP_CHECK(*ri <= MAX_ACL_RULE_NUM - 1, status, "too "
- "many sp rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sp_arr(&acl6_rules_out, nb_acl6_rules_out,
+ &sp_out_sz) < 0)
return;
rule_ipv6 = &acl6_rules_out[*ri];
@@ -583,7 +608,7 @@ acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,
struct rte_acl_config acl_build_param;
struct rte_acl_ctx *ctx;
- printf("Creating SP context with %u max rules\n", MAX_ACL_RULE_NUM);
+ printf("Creating SP context with %u rules\n", rules_nb);
memset(&acl_param, 0, sizeof(acl_param));
@@ -596,7 +621,7 @@ acl6_init(const char *name, int32_t socketid, const struct acl6_rules *rules,
acl_param.name = s;
acl_param.socket_id = socketid;
acl_param.rule_size = RTE_ACL_RULE_SZ(RTE_DIM(ip6_defs));
- acl_param.max_rule_num = MAX_ACL_RULE_NUM;
+ acl_param.max_rule_num = rules_nb;
ctx = rte_acl_create(&acl_param);
if (ctx == NULL)
@@ -698,6 +723,15 @@ sp6_init(struct socket_ctx *ctx, int32_t socket_id)
"specified\n");
}
+static int
+sp_cmp(const void *p, const void *q)
+{
+ uint32_t spi1 = ((const struct acl6_rules *)p)->data.userdata;
+ uint32_t spi2 = ((const struct acl6_rules *)q)->data.userdata;
+
+ return (int)(spi1 - spi2);
+}
+
/*
* Search though SP rules for given SPI.
*/
@@ -705,8 +739,10 @@ int
sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
uint32_t mask[2])
{
- uint32_t i, num;
+ uint32_t num;
+ struct acl6_rules *rule;
const struct acl6_rules *acr;
+ struct acl6_rules tmpl;
if (inbound != 0) {
acr = acl6_rules_in;
@@ -716,17 +752,27 @@ sp6_spi_present(uint32_t spi, int inbound, struct ip_addr ip_addr[2],
num = nb_acl6_rules_out;
}
- for (i = 0; i != num; i++) {
- if (acr[i].data.userdata == spi) {
- if (NULL != ip_addr && NULL != mask) {
- IPV6_SRC_FROM_SP(ip_addr[0], acr[i]);
- IPV6_DST_FROM_SP(ip_addr[1], acr[i]);
- IPV6_SRC_MASK_FROM_SP(mask[0], acr[i]);
- IPV6_DST_MASK_FROM_SP(mask[1], acr[i]);
- }
- return i;
+ tmpl.data.userdata = spi;
+
+ rule = bsearch(&tmpl, acr, num, sizeof(struct acl6_rules), sp_cmp);
+ if (rule != NULL) {
+ if (NULL != ip_addr && NULL != mask) {
+ IPV6_SRC_FROM_SP(ip_addr[0], *rule);
+ IPV6_DST_FROM_SP(ip_addr[1], *rule);
+ IPV6_SRC_MASK_FROM_SP(mask[0], *rule);
+ IPV6_DST_MASK_FROM_SP(mask[1], *rule);
}
+ return RTE_PTR_DIFF(rule, acr) / sizeof(struct acl6_rules);
}
return -ENOENT;
}
+
+void
+sp6_sort_arr(void)
+{
+ qsort(acl6_rules_in, nb_acl6_rules_in, sizeof(struct acl6_rules),
+ sp_cmp);
+ qsort(acl6_rules_out, nb_acl6_rules_out, sizeof(struct acl6_rules),
+ sp_cmp);
+}
--
2.7.4
next prev parent reply other threads:[~2020-01-29 14:07 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 16:45 [dpdk-dev] [PATCH 0/4] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 1/4] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 2/4] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 3/4] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 4/4] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 0/5] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2020-01-15 15:45 ` Akhil Goyal
2020-01-17 12:26 ` Akhil Goyal
2020-01-17 17:05 ` Medvedkin, Vladimir
2020-01-20 6:44 ` Akhil Goyal
2020-01-20 12:44 ` Anoob Joseph
[not found] ` <SN6PR11MB25581C7C8F969AA18EE8C1949A320@SN6PR11MB2558.namprd11.prod.outlook.com>
[not found] ` <SN6PR11MB25588E3DD326CFC90DD1E3989A320@SN6PR11MB2558.namprd11.prod.outlook.com>
2020-01-20 14:45 ` [dpdk-dev] FW: " Ananyev, Konstantin
2020-01-21 14:47 ` [dpdk-dev] " Akhil Goyal
2020-01-23 11:11 ` Akhil Goyal
2020-01-23 12:52 ` Ananyev, Konstantin
2020-01-23 12:56 ` Akhil Goyal
2020-01-23 13:33 ` Thomas Monjalon
2020-01-23 15:46 ` Ananyev, Konstantin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 0/6] " Vladimir Medvedkin
2020-01-31 12:53 ` Akhil Goyal
2020-02-04 4:11 ` Anoob Joseph
2020-02-04 15:22 ` Akhil Goyal
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 0/8] " Vladimir Medvedkin
2020-02-04 15:25 ` Akhil Goyal
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 1/8] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 2/8] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 3/8] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 4/8] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 5/8] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 6/8] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 7/8] examples/ipsec-secgw: set/use mbuf ptype Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 8/8] doc: update ipsec-secgw guide Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 1/6] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 2/6] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 3/6] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 4/6] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-29 14:06 ` Vladimir Medvedkin [this message]
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 6/6] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-14 15:51 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-14 15:53 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-14 15:54 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-14 15:56 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-14 15:57 ` Ananyev, Konstantin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1580306768-110555-6-git-send-email-vladimir.medvedkin@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).