DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library
Date: Wed, 2 Jan 2019 15:11:06 +0000	[thread overview]
Message-ID: <2601191342CEEE43887BDE71AB977258010D8C04C2@IRSMSX106.ger.corp.intel.com> (raw)
In-Reply-To: <57cdcb2f-3a5c-fc50-cce2-14b919ccc23d@nxp.com>



> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Wednesday, January 2, 2019 2:29 PM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library
> 
> 
> 
> On 1/2/2019 6:31 PM, Ananyev, Konstantin wrote:
> > Hi Akhil,
> >
> >> Hi Konstantin,
> >>
> >> I just got results on running the ipsec-secgw on NXP hardware.
> > Thanks for doing that.
> > We don't have NXP HW, so would need more help from you.
> >
> >> with -l option, I got a seg fault while running traffic. gdb suggest
> >> that pkt_func is not filled up and is NULL.
> >> #1  0x00000000004689bc in rte_ipsec_pkt_crypto_prepare (ss=0x17ad82d80,
> >> mb=0xffffffffe498, cop=0xffffffffdfc0, num=1)
> >>       at
> >> /home/akhil/netperf/dpdk_up/dpdk-next-crypto/arm64-dpaa-linuxapp-gcc/include/rte_ipsec.h:115
> >> (gdb)  p /x *ss
> >> $1 = {sa = 0x17ad7ea40, type = 0x3, {crypto = {ses = 0x165a4e900},
> >> security = {ses = 0x165a4e900, ctx = 0x0, ol_flags = 0x0}}, pkt_func = {
> >>       prepare = 0x0, process = 0x0}}
> >>
> > I guess I understand the reason:
> > right now rte_ipsec_session_prepare() expects that
> > for all modes except RTE_SECURITY_ACTION_TYPE_NONE
> > security.ctx to be not NULL.
> > Which as I understand is not necessary for lookaside-proto.
> > Could you try the fix below?
> > If it would work as expected, I'll include these changes into v6?
> It did not crash this time with the below fix but the performance is
> very very poor(~95% drop) if I use -l option with lookaside mode.
> I have not analyzed the issue yet. Will be doing it on Friday.

Did you run it with your previous change applied?
With drain_crypto_queues() moved under 'if (unlikely(diff_tsc > drain_tsc))'
condition?
If so, that could be the reason for such slowdown, see my other mail
regarding it.
Can you try to revert it (yes it would mean 5% drop for legacy mode)
and  try again ((yes it would mean 5% drop for legacy mode,
but we can deal with it later)?

Konstantin

> >
> > ---
> >   examples/ipsec-secgw/ipsec_process.c | 24 ++++++++++++++++++++----
> >   lib/librte_ipsec/ses.c               | 11 +++++++++--
> >   2 files changed, 29 insertions(+), 6 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/ipsec_process.c b/examples/ipsec-secgw/ipsec_process.c
> > index 7ab378f6a..e403c461a 100644
> > --- a/examples/ipsec-secgw/ipsec_process.c
> > +++ b/examples/ipsec-secgw/ipsec_process.c
> > @@ -87,19 +87,36 @@ enqueue_cop_bulk(struct cdev_qp *cqp, struct rte_crypto_op *cop[], uint32_t num)
> >   }
> >
> >   static inline int
> > -fill_ipsec_session(struct rte_ipsec_session *ss, const struct ipsec_sa *sa)
> > +fill_ipsec_session(struct rte_ipsec_session *ss, struct ipsec_ctx *ctx,
> > +	struct ipsec_sa *sa)
> >   {
> > +	int32_t rc;
> > +
> >   	/* setup crypto section */
> >   	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE) {
> > +		if (sa->crypto_session == NULL) {
> > +			rc = create_session(ctx, sa);
> > +			if (rc != 0)
> > +				return rc;
> > +		}
> >   		ss->crypto.ses = sa->crypto_session;
> >   	/* setup session action type */
> >   	} else {
> > +		if (sa->sec_session == NULL) {
> > +			rc = create_session(ctx, sa);
> > +			if (rc != 0)
> > +				return rc;
> > +		}
> >   		ss->security.ses = sa->sec_session;
> >   		ss->security.ctx = sa->security_ctx;
> >   		ss->security.ol_flags = sa->ol_flags;
> >   	}
> >
> > -	return rte_ipsec_session_prepare(ss);
> > +	rc = rte_ipsec_session_prepare(ss);
> > +	if (rc != 0)
> > +		memset(ss, 0, sizeof(*ss));
> > +
> > +	return rc;
> >   }
> >
> >   /*
> > @@ -209,8 +226,7 @@ ipsec_process(struct ipsec_ctx *ctx, struct ipsec_traffic *trf)
> >
> >   		/* no valid HW session for that SA, try to create one */
> >   		if (ips->crypto.ses == NULL &&
> > -				(create_session(ctx, sa) != 0 ||
> > -				fill_ipsec_session(ips, sa) != 0))
> > +				fill_ipsec_session(ips, ctx, sa) != 0)
> >   			k = 0;
> >
> >   		/* process packets inline */
> > diff --git a/lib/librte_ipsec/ses.c b/lib/librte_ipsec/ses.c
> > index 562c1423e..11580970e 100644
> > --- a/lib/librte_ipsec/ses.c
> > +++ b/lib/librte_ipsec/ses.c
> > @@ -14,8 +14,15 @@ session_check(struct rte_ipsec_session *ss)
> >   	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE) {
> >   		if (ss->crypto.ses == NULL)
> >   			return -EINVAL;
> > -	} else if (ss->security.ses == NULL || ss->security.ctx == NULL)
> > -		return -EINVAL;
> > +	} else {
> > +		if (ss->security.ses == NULL)
> > +			return -EINVAL;
> > +		if ((ss->type == RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO ||
> > +				ss->type ==
> > +				RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL) &&
> > +				ss->security.ctx == NULL)
> > +			return -EINVAL;
> > +	}
> >
> >   	return 0;
> >   }


  reply	other threads:[~2019-01-02 15:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-02 13:01 Ananyev, Konstantin
2019-01-02 14:29 ` Akhil Goyal
2019-01-02 15:11   ` Ananyev, Konstantin [this message]
  -- strict thread matches above, loose matches on Subject: below --
2018-12-14 16:40 [dpdk-dev] [PATCH v4 1/9] examples/ipsec-secgw: avoid to request unused TX offloads Konstantin Ananyev
2018-12-28 15:33 ` [dpdk-dev] [PATCH v5 00/10] examples/ipsec-secgw: make app to use ipsec library Konstantin Ananyev
2019-01-02  8:48   ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2601191342CEEE43887BDE71AB977258010D8C04C2@IRSMSX106.ger.corp.intel.com \
    --to=konstantin.ananyev@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).