From: Volodymyr Fialko <vfialko@marvell.com>
To: <dev@dpdk.org>, Radu Nicolau <radu.nicolau@intel.com>,
Akhil Goyal <gakhil@marvell.com>
Cc: <jerinj@marvell.com>, <anoobj@marvell.com>,
Volodymyr Fialko <vfialko@marvell.com>
Subject: [PATCH] examples/ipsec-secgw: destroy lookaside sessions
Date: Mon, 28 Mar 2022 12:50:47 +0200 [thread overview]
Message-ID: <20220328105047.2293528-1-vfialko@marvell.com> (raw)
Lookaside mode also creates security and crypto sessions that needs to
be destroyed after they are no longer used.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 48 +++++++++++++++++++++---------
examples/ipsec-secgw/ipsec.c | 12 ++++----
2 files changed, 40 insertions(+), 20 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a7cdc273f9..f55344093c 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2896,8 +2896,37 @@ check_event_mode_params(struct eh_conf *eh_conf)
return 0;
}
+static int
+one_session_free(struct rte_ipsec_session *ips)
+{
+ int32_t ret = 0;
+
+ if (ips->type == RTE_SECURITY_ACTION_TYPE_NONE ||
+ ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
+ /* Session has not been created */
+ if (ips->crypto.ses == NULL)
+ return 0;
+
+ ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
+ ips->crypto.ses);
+ if (ret)
+ return ret;
+
+ ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+ } else {
+ /* Session has not been created */
+ if (ips->security.ctx == NULL || ips->security.ses == NULL)
+ return 0;
+
+ ret = rte_security_session_destroy(ips->security.ctx,
+ ips->security.ses);
+ }
+
+ return ret;
+}
+
static void
-inline_sessions_free(struct sa_ctx *sa_ctx)
+sessions_free(struct sa_ctx *sa_ctx)
{
struct rte_ipsec_session *ips;
struct ipsec_sa *sa;
@@ -2914,16 +2943,7 @@ inline_sessions_free(struct sa_ctx *sa_ctx)
continue;
ips = ipsec_get_primary_session(sa);
- if (ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL &&
- ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
- continue;
-
- if (!rte_eth_dev_is_valid_port(sa->portid))
- continue;
-
- ret = rte_security_session_destroy(
- rte_eth_dev_get_sec_ctx(sa->portid),
- ips->security.ses);
+ ret = one_session_free(ips);
if (ret)
RTE_LOG(ERR, IPSEC, "Failed to destroy security "
"session type %d, spi %d\n",
@@ -3498,11 +3518,11 @@ main(int32_t argc, char **argv)
/* Free eventmode configuration memory */
eh_conf_uninit(eh_conf);
- /* Destroy inline inbound and outbound sessions */
+ /* Destroy inbound and outbound sessions */
for (i = 0; i < NB_SOCKETS && i < rte_socket_count(); i++) {
socket_id = rte_socket_id_by_idx(i);
- inline_sessions_free(socket_ctx[socket_id].sa_in);
- inline_sessions_free(socket_ctx[socket_id].sa_out);
+ sessions_free(socket_ctx[socket_id].sa_in);
+ sessions_free(socket_ctx[socket_id].sa_out);
}
for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index b66ff2b650..3027fbc45f 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,31 +124,31 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
"SEC Session init failed: err: %d\n", ret);
return -1;
}
+ ips->security.ctx = ctx;
} else {
RTE_LOG(ERR, IPSEC, "Inline not supported\n");
return -1;
}
} else {
+ uint16_t cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
+
if (ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
struct rte_cryptodev_info info;
- uint16_t cdev_id;
- cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
rte_cryptodev_info_get(cdev_id, &info);
if (!(info.feature_flags &
RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO))
return -ENOTSUP;
- ips->crypto.dev_id = cdev_id;
}
+ ips->crypto.dev_id = cdev_id;
ips->crypto.ses = rte_cryptodev_sym_session_create(
ipsec_ctx->session_pool);
- rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
+ rte_cryptodev_sym_session_init(cdev_id,
ips->crypto.ses, sa->xforms,
ipsec_ctx->session_priv_pool);
- rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
- &cdev_info);
+ rte_cryptodev_info_get(cdev_id, &cdev_info);
}
sa->cdev_id_qp = cdev_id_qp;
--
2.25.1
next reply other threads:[~2022-03-28 10:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 10:50 Volodymyr Fialko [this message]
2022-04-28 4:45 ` Anoob Joseph
2022-05-11 19:37 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328105047.2293528-1-vfialko@marvell.com \
--to=vfialko@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).