* [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size
2017-12-12 12:50 [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size Radu Nicolau
@ 2017-12-12 12:50 ` Radu Nicolau
2018-01-08 10:15 ` De Lara Guarch, Pablo
2017-12-12 12:50 ` [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
` (3 subsequent siblings)
4 siblings, 1 reply; 19+ messages in thread
From: Radu Nicolau @ 2017-12-12 12:50 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, sergio.gonzalez.monroy,
pablo.de.lara.guarch, declan.doherty, akhil.goyal, Radu Nicolau
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 105da11..720d6a1 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device,
}
static int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+ return sizeof(struct ixgbe_crypto_session);
+}
+
+static int
ixgbe_crypto_remove_session(void *device,
struct rte_security_session *session)
{
@@ -717,6 +723,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
static struct rte_security_ops ixgbe_security_ops = {
.session_create = ixgbe_crypto_create_session,
.session_update = NULL,
+ .session_get_size = ixgbe_crypto_session_get_size,
.session_stats_get = NULL,
.session_destroy = ixgbe_crypto_remove_session,
.set_pkt_metadata = ixgbe_crypto_update_mb,
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size
2017-12-12 12:50 ` [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session " Radu Nicolau
@ 2018-01-08 10:15 ` De Lara Guarch, Pablo
2018-01-15 10:27 ` Radu Nicolau
0 siblings, 1 reply; 19+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-08 10:15 UTC (permalink / raw)
To: Nicolau, Radu, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Gonzalez Monroy, Sergio,
Doherty, Declan, akhil.goyal
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 2/3] net/ixgbe: implemented security session get size
Use "implement" in infinitive.
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c
> b/drivers/net/ixgbe/ixgbe_ipsec.c index 105da11..720d6a1 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> @@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device, }
>
> static int
> +ixgbe_crypto_session_get_size(__rte_unused void *device) {
Do you think passing device to the function prototype is needed?
Are you expecting other drivers to use it?
Also, move the braces to a new line (both opening and ending).
> + return sizeof(struct ixgbe_crypto_session); }
> +
Thanks,
Pablo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size
2018-01-08 10:15 ` De Lara Guarch, Pablo
@ 2018-01-15 10:27 ` Radu Nicolau
0 siblings, 0 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-15 10:27 UTC (permalink / raw)
To: De Lara Guarch, Pablo, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Gonzalez Monroy, Sergio,
Doherty, Declan, akhil.goyal
On 1/8/2018 10:15 AM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: Nicolau, Radu
>> Sent: Tuesday, December 12, 2017 12:50 PM
>> To: dev@dpdk.org
>> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
>> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
>> <radu.nicolau@intel.com>
>> Subject: [PATCH 2/3] net/ixgbe: implemented security session get size
> Use "implement" in infinitive.
>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> ---
>> drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c
>> b/drivers/net/ixgbe/ixgbe_ipsec.c index 105da11..720d6a1 100644
>> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
>> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
>> @@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device, }
>>
>> static int
>
>> +ixgbe_crypto_session_get_size(__rte_unused void *device) {
> Do you think passing device to the function prototype is needed?
> Are you expecting other drivers to use it?
I added for consistency with cryptodev.
>
> Also, move the braces to a new line (both opening and ending).
They are correctly formatted on the patch itself.
>
>
>> + return sizeof(struct ixgbe_crypto_session); }
>> +
> Thanks,
> Pablo
>
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2017-12-12 12:50 [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size Radu Nicolau
2017-12-12 12:50 ` [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session " Radu Nicolau
@ 2017-12-12 12:50 ` Radu Nicolau
2018-01-08 11:03 ` De Lara Guarch, Pablo
2018-01-08 10:14 ` [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size De Lara Guarch, Pablo
` (2 subsequent siblings)
4 siblings, 1 reply; 19+ messages in thread
From: Radu Nicolau @ 2017-12-12 12:50 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, sergio.gonzalez.monroy,
pablo.de.lara.guarch, declan.doherty, akhil.goyal, Radu Nicolau
Also moved offloaded packets from cryptodev queues
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
examples/ipsec-secgw/ipsec.h | 4 ++--
3 files changed, 58 insertions(+), 19 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index c98454a..08d5b5a 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1244,7 +1244,7 @@ cryptodevs_init(void)
struct rte_cryptodev_config dev_conf;
struct rte_cryptodev_qp_conf qp_conf;
uint16_t idx, max_nb_qps, qp, i;
- int16_t cdev_id;
+ int16_t cdev_id, port_id;
struct rte_hash_parameters params = { 0 };
params.entries = CDEV_MAP_ENTRIES;
@@ -1273,6 +1273,14 @@ cryptodevs_init(void)
if (sess_sz > max_sess_sz)
max_sess_sz = sess_sz;
}
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) == 0)
+ continue;
+ sess_sz = rte_security_session_get_size(
+ rte_eth_dev_get_sec_ctx(port_id));
+ if (sess_sz > max_sess_sz)
+ max_sess_sz = sess_sz;
+ }
idx = 0;
/* Start from last cdev id to give HW priority */
@@ -1343,6 +1351,38 @@ cryptodevs_init(void)
cdev_id);
}
+ /* create session pools for eth devices that implement security */
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) &&
+ rte_eth_dev_get_sec_ctx(port_id)) {
+ int socket_id = rte_eth_dev_socket_id(port_id);
+
+ if (!socket_ctx[socket_id].session_pool) {
+ char mp_name[RTE_MEMPOOL_NAMESIZE];
+ struct rte_mempool *sess_mp;
+
+ snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+ "sess_mp_%u", socket_id);
+ sess_mp = rte_mempool_create(mp_name,
+ CDEV_MP_NB_OBJS,
+ max_sess_sz,
+ CDEV_MP_CACHE_SZ,
+ 0, NULL, NULL, NULL,
+ NULL, socket_id,
+ 0);
+ if (sess_mp == NULL)
+ rte_exit(EXIT_FAILURE,
+ "Cannot create session pool "
+ "on socket %d\n", socket_id);
+ else
+ printf("Allocated session pool "
+ "on socket %d\n", socket_id);
+ socket_ctx[socket_id].session_pool = sess_mp;
+ }
+ }
+ }
+
+
printf("\n");
return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 70ed227..708f29e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -266,7 +266,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_mbuf_metadata *priv;
struct rte_crypto_sym_op *sym_cop;
struct ipsec_sa *sa;
- struct cdev_qp *cqp;
for (i = 0; i < nb_pkts; i++) {
if (unlikely(sas[i] == NULL)) {
@@ -345,8 +344,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
continue;
}
- cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
- cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+ ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
sa->security_ctx,
@@ -369,6 +367,20 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_sa *sa;
struct rte_mbuf *pkt;
+ while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+ pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
+ rte_prefetch0(pkt);
+ priv = get_priv(pkt);
+ sa = priv->sa;
+ ret = xform_func(pkt, sa, &priv->cop);
+ if (unlikely(ret)) {
+ rte_pktmbuf_free(pkt);
+ continue;
+ }
+ pkts[nb_pkts++] = pkt;
+ }
+
+
for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
struct cdev_qp *cqp;
@@ -376,19 +388,6 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
if (ipsec_ctx->last_qp == ipsec_ctx->nb_qps)
ipsec_ctx->last_qp %= ipsec_ctx->nb_qps;
- while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
- pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
- rte_prefetch0(pkt);
- priv = get_priv(pkt);
- sa = priv->sa;
- ret = xform_func(pkt, sa, &priv->cop);
- if (unlikely(ret)) {
- rte_pktmbuf_free(pkt);
- continue;
- }
- pkts[nb_pkts++] = pkt;
- }
-
if (cqp->in_flight == 0)
continue;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 775b316..eb7b539 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -159,8 +159,6 @@ struct cdev_qp {
uint16_t in_flight;
uint16_t len;
struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- uint16_t ol_pkts_cnt;
};
struct ipsec_ctx {
@@ -172,6 +170,8 @@ struct ipsec_ctx {
uint16_t last_qp;
struct cdev_qp tbl[MAX_QP_PER_LCORE];
struct rte_mempool *session_pool;
+ struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+ uint16_t ol_pkts_cnt;
};
struct cdev_key {
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2017-12-12 12:50 ` [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
@ 2018-01-08 11:03 ` De Lara Guarch, Pablo
2018-01-15 10:41 ` Radu Nicolau
0 siblings, 1 reply; 19+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-08 11:03 UTC (permalink / raw)
To: Nicolau, Radu, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Gonzalez Monroy, Sergio,
Doherty, Declan, akhil.goyal
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 3/3] examples/ipsec_secgw: create session mempools for
> ethdevs
>
> Also moved offloaded packets from cryptodev queues
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 42
> +++++++++++++++++++++++++++++++++++++-
> examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
> examples/ipsec-secgw/ipsec.h | 4 ++--
> 3 files changed, 58 insertions(+), 19 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index c98454a..08d5b5a 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1244,7 +1244,7 @@ cryptodevs_init(void)
> struct rte_cryptodev_config dev_conf;
> struct rte_cryptodev_qp_conf qp_conf;
> uint16_t idx, max_nb_qps, qp, i;
> - int16_t cdev_id;
> + int16_t cdev_id, port_id;
These two variables should be uint16_t (port_id is actually uint8_t).
For the rest of the patch: Akhil, could you review it?
Thanks,
Pablo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-08 11:03 ` De Lara Guarch, Pablo
@ 2018-01-15 10:41 ` Radu Nicolau
0 siblings, 0 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-15 10:41 UTC (permalink / raw)
To: De Lara Guarch, Pablo, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Gonzalez Monroy, Sergio,
Doherty, Declan, akhil.goyal
On 1/8/2018 11:03 AM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: Nicolau, Radu
>> Sent: Tuesday, December 12, 2017 12:50 PM
>> To: dev@dpdk.org
>> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
>> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
>> <radu.nicolau@intel.com>
>> Subject: [PATCH 3/3] examples/ipsec_secgw: create session mempools for
>> ethdevs
>>
>> Also moved offloaded packets from cryptodev queues
>>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> ---
>> examples/ipsec-secgw/ipsec-secgw.c | 42
>> +++++++++++++++++++++++++++++++++++++-
>> examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
>> examples/ipsec-secgw/ipsec.h | 4 ++--
>> 3 files changed, 58 insertions(+), 19 deletions(-)
>>
>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
>> secgw/ipsec-secgw.c
>> index c98454a..08d5b5a 100644
>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>> @@ -1244,7 +1244,7 @@ cryptodevs_init(void)
>> struct rte_cryptodev_config dev_conf;
>> struct rte_cryptodev_qp_conf qp_conf;
>> uint16_t idx, max_nb_qps, qp, i;
>> - int16_t cdev_id;
>> + int16_t cdev_id, port_id;
> These two variables should be uint16_t (port_id is actually uint8_t).
If unsigned then line <for (cdev_id = rte_cryptodev_count() - 1; cdev_id
>= 0; cdev_id--)> will not work correctly.
>
> For the rest of the patch: Akhil, could you review it?
>
> Thanks,
> Pablo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size
2017-12-12 12:50 [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size Radu Nicolau
2017-12-12 12:50 ` [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session " Radu Nicolau
2017-12-12 12:50 ` [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
@ 2018-01-08 10:14 ` De Lara Guarch, Pablo
2018-01-08 11:28 ` Akhil Goyal
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 1/3] security: add get session size function Radu Nicolau
4 siblings, 0 replies; 19+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-08 10:14 UTC (permalink / raw)
To: Nicolau, Radu, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Gonzalez Monroy, Sergio,
Doherty, Declan, akhil.goyal
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 1/3] lib/librte_security: added get size
Title should be "security: add get session size function", or something similar (use verb in infinitive form).
Secondly, I would add a short description of what this is doing.
Also, I have a comment inline in the code below.
Lastly, if any of the maintainers of the security library has any problems with this patch, please shout.
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> lib/librte_security/rte_security.c | 7 +++++++
> lib/librte_security/rte_security.h | 12 ++++++++++++
> lib/librte_security/rte_security_driver.h | 14 ++++++++++++++
> lib/librte_security/rte_security_version.map | 1 +
> 4 files changed, 34 insertions(+)
>
> diff --git a/lib/librte_security/rte_security.c
> b/lib/librte_security/rte_security.c
> index 1227fca..56f2345 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx
> *instance,
> return instance->ops->session_update(instance->device, sess, conf);
> }
>
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance) {
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> + return instance->ops->session_get_size(instance->device);
Session get size returns an "int", but this function returns "unsigned int",
I think they should be the same type.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size
2017-12-12 12:50 [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size Radu Nicolau
` (2 preceding siblings ...)
2018-01-08 10:14 ` [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size De Lara Guarch, Pablo
@ 2018-01-08 11:28 ` Akhil Goyal
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 1/3] security: add get session size function Radu Nicolau
4 siblings, 0 replies; 19+ messages in thread
From: Akhil Goyal @ 2018-01-08 11:28 UTC (permalink / raw)
To: Radu Nicolau, dev
Cc: konstantin.ananyev, ferruh.yigit, sergio.gonzalez.monroy,
pablo.de.lara.guarch, declan.doherty
On 12/12/2017 6:20 PM, Radu Nicolau wrote:
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> lib/librte_security/rte_security.c | 7 +++++++
> lib/librte_security/rte_security.h | 12 ++++++++++++
> lib/librte_security/rte_security_driver.h | 14 ++++++++++++++
> lib/librte_security/rte_security_version.map | 1 +
> 4 files changed, 34 insertions(+)
>
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> index 1227fca..56f2345 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
> return instance->ops->session_update(instance->device, sess, conf);
> }
>
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance)
> +{
> + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> + return instance->ops->session_get_size(instance->device);
> +}
> +
> int
> rte_security_session_stats_get(struct rte_security_ctx *instance,
> struct rte_security_session *sess,
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index 653929b..2c5429f 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -312,6 +312,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
> struct rte_security_session_conf *conf);
>
> /**
> + * Get the size of the security session data for a device.
> + *
> + * @param instance security instance.
> + *
> + * @return
> + * - Size of the private data, if successful
> + * - 0 if device is invalid or does not support the operation.
> + */
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance);
> +
> +/**
> * Free security session header and the session private data and
> * return it to its original mempool.
> *
> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
> index 997fbe7..3839d45 100644
> --- a/lib/librte_security/rte_security_driver.h
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
> typedef int (*security_session_update_t)(void *device,
> struct rte_security_session *sess,
> struct rte_security_session_conf *conf);
> +
> +/**
> + * Get the size of a security session
> + *
> + * @param device Crypto/eth device pointer
> + *
> + * @return
> + * - On success returns the size of the session structure for device
> + * - On failure returns 0
> + */
> +typedef int (*security_session_get_size)(void *device);
I believe this should be unsigned int.
For rest of the patch Acked.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v2 1/3] security: add get session size function
2017-12-12 12:50 [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size Radu Nicolau
` (3 preceding siblings ...)
2018-01-08 11:28 ` Akhil Goyal
@ 2018-01-15 10:39 ` Radu Nicolau
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 2/3] net/ixgbe: implement security session get size Radu Nicolau
` (2 more replies)
4 siblings, 3 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-15 10:39 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Add function to get security session size.
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
lib/librte_security/rte_security.c | 7 +++++++
lib/librte_security/rte_security.h | 12 ++++++++++++
lib/librte_security/rte_security_driver.h | 14 ++++++++++++++
lib/librte_security/rte_security_version.map | 1 +
4 files changed, 34 insertions(+)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 1227fca..56f2345 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
return instance->ops->session_update(instance->device, sess, conf);
}
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+ return instance->ops->session_get_size(instance->device);
+}
+
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 653929b..2c5429f 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -312,6 +312,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf);
/**
+ * Get the size of the security session data for a device.
+ *
+ * @param instance security instance.
+ *
+ * @return
+ * - Size of the private data, if successful
+ * - 0 if device is invalid or does not support the operation.
+ */
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
* Free security session header and the session private data and
* return it to its original mempool.
*
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 997fbe7..e54c114 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
typedef int (*security_session_update_t)(void *device,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param device Crypto/eth device pointer
+ *
+ * @return
+ * - On success returns the size of the session structure for device
+ * - On failure returns 0
+ */
+typedef unsigned int (*security_session_get_size)(void *device);
+
/**
* Get stats from the PMD.
*
@@ -139,6 +151,8 @@ struct rte_security_ops {
/**< Configure a security session. */
security_session_update_t session_update;
/**< Update a security session. */
+ security_session_get_size session_get_size;
+ /**< Return size of security session. */
security_session_stats_get_t session_stats_get;
/**< Get security session statistics. */
security_session_destroy_t session_destroy;
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index e12c04b..2f74568 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -6,6 +6,7 @@ EXPERIMENTAL {
rte_security_capability_get;
rte_security_session_create;
rte_security_session_destroy;
+ rte_security_session_get_size;
rte_security_session_stats_get;
rte_security_session_update;
rte_security_set_pkt_metadata;
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v2 2/3] net/ixgbe: implement security session get size
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 1/3] security: add get session size function Radu Nicolau
@ 2018-01-15 10:39 ` Radu Nicolau
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function Radu Nicolau
2 siblings, 0 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-15 10:39 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 85305c6..6619c56 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -402,6 +402,12 @@ ixgbe_crypto_create_session(void *device,
return 0;
}
+static unsigned int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+ return sizeof(struct ixgbe_crypto_session);
+}
+
static int
ixgbe_crypto_remove_session(void *device,
struct rte_security_session *session)
@@ -674,6 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
static struct rte_security_ops ixgbe_security_ops = {
.session_create = ixgbe_crypto_create_session,
.session_update = NULL,
+ .session_get_size = ixgbe_crypto_session_get_size,
.session_stats_get = NULL,
.session_destroy = ixgbe_crypto_remove_session,
.set_pkt_metadata = ixgbe_crypto_update_mb,
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 1/3] security: add get session size function Radu Nicolau
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 2/3] net/ixgbe: implement security session get size Radu Nicolau
@ 2018-01-15 10:39 ` Radu Nicolau
2018-01-18 9:58 ` Akhil Goyal
2018-01-18 15:11 ` De Lara Guarch, Pablo
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function Radu Nicolau
2 siblings, 2 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-15 10:39 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Also moved offloaded packets from cryptodev queues
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
examples/ipsec-secgw/ipsec.h | 4 ++--
3 files changed, 58 insertions(+), 19 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 83d7e32..7a1fd6b 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1215,7 +1215,7 @@ cryptodevs_init(void)
struct rte_cryptodev_config dev_conf;
struct rte_cryptodev_qp_conf qp_conf;
uint16_t idx, max_nb_qps, qp, i;
- int16_t cdev_id;
+ int16_t cdev_id, port_id;
struct rte_hash_parameters params = { 0 };
params.entries = CDEV_MAP_ENTRIES;
@@ -1244,6 +1244,14 @@ cryptodevs_init(void)
if (sess_sz > max_sess_sz)
max_sess_sz = sess_sz;
}
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) == 0)
+ continue;
+ sess_sz = rte_security_session_get_size(
+ rte_eth_dev_get_sec_ctx(port_id));
+ if (sess_sz > max_sess_sz)
+ max_sess_sz = sess_sz;
+ }
idx = 0;
/* Start from last cdev id to give HW priority */
@@ -1314,6 +1322,38 @@ cryptodevs_init(void)
cdev_id);
}
+ /* create session pools for eth devices that implement security */
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) &&
+ rte_eth_dev_get_sec_ctx(port_id)) {
+ int socket_id = rte_eth_dev_socket_id(port_id);
+
+ if (!socket_ctx[socket_id].session_pool) {
+ char mp_name[RTE_MEMPOOL_NAMESIZE];
+ struct rte_mempool *sess_mp;
+
+ snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+ "sess_mp_%u", socket_id);
+ sess_mp = rte_mempool_create(mp_name,
+ CDEV_MP_NB_OBJS,
+ max_sess_sz,
+ CDEV_MP_CACHE_SZ,
+ 0, NULL, NULL, NULL,
+ NULL, socket_id,
+ 0);
+ if (sess_mp == NULL)
+ rte_exit(EXIT_FAILURE,
+ "Cannot create session pool "
+ "on socket %d\n", socket_id);
+ else
+ printf("Allocated session pool "
+ "on socket %d\n", socket_id);
+ socket_ctx[socket_id].session_pool = sess_mp;
+ }
+ }
+ }
+
+
printf("\n");
return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 53c43db..da9ec6e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -237,7 +237,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_mbuf_metadata *priv;
struct rte_crypto_sym_op *sym_cop;
struct ipsec_sa *sa;
- struct cdev_qp *cqp;
for (i = 0; i < nb_pkts; i++) {
if (unlikely(sas[i] == NULL)) {
@@ -316,8 +315,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
continue;
}
- cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
- cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+ ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
sa->security_ctx,
@@ -340,6 +338,20 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_sa *sa;
struct rte_mbuf *pkt;
+ while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+ pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
+ rte_prefetch0(pkt);
+ priv = get_priv(pkt);
+ sa = priv->sa;
+ ret = xform_func(pkt, sa, &priv->cop);
+ if (unlikely(ret)) {
+ rte_pktmbuf_free(pkt);
+ continue;
+ }
+ pkts[nb_pkts++] = pkt;
+ }
+
+
for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
struct cdev_qp *cqp;
@@ -347,19 +359,6 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
if (ipsec_ctx->last_qp == ipsec_ctx->nb_qps)
ipsec_ctx->last_qp %= ipsec_ctx->nb_qps;
- while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
- pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
- rte_prefetch0(pkt);
- priv = get_priv(pkt);
- sa = priv->sa;
- ret = xform_func(pkt, sa, &priv->cop);
- if (unlikely(ret)) {
- rte_pktmbuf_free(pkt);
- continue;
- }
- pkts[nb_pkts++] = pkt;
- }
-
if (cqp->in_flight == 0)
continue;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 14109af..500b1f0 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -130,8 +130,6 @@ struct cdev_qp {
uint16_t in_flight;
uint16_t len;
struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- uint16_t ol_pkts_cnt;
};
struct ipsec_ctx {
@@ -143,6 +141,8 @@ struct ipsec_ctx {
uint16_t last_qp;
struct cdev_qp tbl[MAX_QP_PER_LCORE];
struct rte_mempool *session_pool;
+ struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+ uint16_t ol_pkts_cnt;
};
struct cdev_key {
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
@ 2018-01-18 9:58 ` Akhil Goyal
2018-01-18 15:11 ` De Lara Guarch, Pablo
1 sibling, 0 replies; 19+ messages in thread
From: Akhil Goyal @ 2018-01-18 9:58 UTC (permalink / raw)
To: Radu Nicolau, dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch, declan.doherty
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
2018-01-18 9:58 ` Akhil Goyal
@ 2018-01-18 15:11 ` De Lara Guarch, Pablo
2018-01-18 15:18 ` Nicolau, Radu
1 sibling, 1 reply; 19+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-18 15:11 UTC (permalink / raw)
To: Nicolau, Radu, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Doherty, Declan, akhil.goyal
Hi Radu,
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Monday, January 15, 2018 10:40 AM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH v2 3/3] examples/ipsec_secgw: create session mempools
> for ethdevs
>
> Also moved offloaded packets from cryptodev queues
>
Could you rebase this patchset? After applying other changes,
I had conflicts and when I resolve them, I am getting a compilation error.
I would appreciate if you could send another revision.
Also, I have a small comment below.
Thanks,
Pablo
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 42
> +++++++++++++++++++++++++++++++++++++-
> examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
> examples/ipsec-secgw/ipsec.h | 4 ++--
> 3 files changed, 58 insertions(+), 19 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index 83d7e32..7a1fd6b 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1215,7 +1215,7 @@ cryptodevs_init(void)
> struct rte_cryptodev_config dev_conf;
> struct rte_cryptodev_qp_conf qp_conf;
> uint16_t idx, max_nb_qps, qp, i;
> - int16_t cdev_id;
> + int16_t cdev_id, port_id;
This should be uint8_t.
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-18 15:11 ` De Lara Guarch, Pablo
@ 2018-01-18 15:18 ` Nicolau, Radu
0 siblings, 0 replies; 19+ messages in thread
From: Nicolau, Radu @ 2018-01-18 15:18 UTC (permalink / raw)
To: De Lara Guarch, Pablo, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Doherty, Declan, akhil.goyal
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, January 18, 2018 3:11 PM
> To: Nicolau, Radu <radu.nicolau@intel.com>; dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> akhil.goyal@nxp.com
> Subject: RE: [PATCH v2 3/3] examples/ipsec_secgw: create session
> mempools for ethdevs
>
> Hi Radu,
>
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Monday, January 15, 2018 10:40 AM
> > To: dev@dpdk.org
> > Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> > <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> > <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> > <radu.nicolau@intel.com>
> > Subject: [PATCH v2 3/3] examples/ipsec_secgw: create session mempools
> > for ethdevs
> >
> > Also moved offloaded packets from cryptodev queues
> >
>
> Could you rebase this patchset? After applying other changes, I had conflicts
> and when I resolve them, I am getting a compilation error.
> I would appreciate if you could send another revision.
Sure
>
> Also, I have a small comment below.
Already replied to that comment - if those variables are unsigned then the code will need extra changes, which I would rather not do today, but if you insist... :)
>
> Thanks,
> Pablo
>
> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > ---
> > examples/ipsec-secgw/ipsec-secgw.c | 42
> > +++++++++++++++++++++++++++++++++++++-
> > examples/ipsec-secgw/ipsec.c | 31 ++++++++++++++--------------
> > examples/ipsec-secgw/ipsec.h | 4 ++--
> > 3 files changed, 58 insertions(+), 19 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> > secgw/ipsec-secgw.c index 83d7e32..7a1fd6b 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -1215,7 +1215,7 @@ cryptodevs_init(void)
> > struct rte_cryptodev_config dev_conf;
> > struct rte_cryptodev_qp_conf qp_conf;
> > uint16_t idx, max_nb_qps, qp, i;
> > - int16_t cdev_id;
> > + int16_t cdev_id, port_id;
>
> This should be uint8_t.
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v3 1/3] security: add get session size function
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 1/3] security: add get session size function Radu Nicolau
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 2/3] net/ixgbe: implement security session get size Radu Nicolau
2018-01-15 10:39 ` [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
@ 2018-01-18 15:41 ` Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 2/3] net/ixgbe: implement security session get size Radu Nicolau
` (2 more replies)
2 siblings, 3 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-18 15:41 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Add function to get security session size.
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
lib/librte_security/rte_security.c | 7 +++++++
lib/librte_security/rte_security.h | 12 ++++++++++++
lib/librte_security/rte_security_driver.h | 14 ++++++++++++++
lib/librte_security/rte_security_version.map | 1 +
4 files changed, 34 insertions(+)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 5805051..6461dba 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
return instance->ops->session_update(instance->device, sess, conf);
}
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+ return instance->ops->session_get_size(instance->device);
+}
+
int
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 004a0eb..d7362f3 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -315,6 +315,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf);
/**
+ * Get the size of the security session data for a device.
+ *
+ * @param instance security instance.
+ *
+ * @return
+ * - Size of the private data, if successful
+ * - 0 if device is invalid or does not support the operation.
+ */
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
* Free security session header and the session private data and
* return it to its original mempool.
*
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index bf0170e..4623904 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
typedef int (*security_session_update_t)(void *device,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param device Crypto/eth device pointer
+ *
+ * @return
+ * - On success returns the size of the session structure for device
+ * - On failure returns 0
+ */
+typedef unsigned int (*security_session_get_size)(void *device);
+
/**
* Get stats from the PMD.
*
@@ -155,6 +167,8 @@ struct rte_security_ops {
/**< Configure a security session. */
security_session_update_t session_update;
/**< Update a security session. */
+ security_session_get_size session_get_size;
+ /**< Return size of security session. */
security_session_stats_get_t session_stats_get;
/**< Get security session statistics. */
security_session_destroy_t session_destroy;
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index bff5039..5a1c8ae 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -7,6 +7,7 @@ EXPERIMENTAL {
rte_security_get_userdata;
rte_security_session_create;
rte_security_session_destroy;
+ rte_security_session_get_size;
rte_security_session_stats_get;
rte_security_session_update;
rte_security_set_pkt_metadata;
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v3 2/3] net/ixgbe: implement security session get size
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function Radu Nicolau
@ 2018-01-18 15:41 ` Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
2018-01-19 8:55 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function De Lara Guarch, Pablo
2 siblings, 0 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-18 15:41 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 85305c6..6619c56 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -402,6 +402,12 @@ ixgbe_crypto_create_session(void *device,
return 0;
}
+static unsigned int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+ return sizeof(struct ixgbe_crypto_session);
+}
+
static int
ixgbe_crypto_remove_session(void *device,
struct rte_security_session *session)
@@ -674,6 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
static struct rte_security_ops ixgbe_security_ops = {
.session_create = ixgbe_crypto_create_session,
.session_update = NULL,
+ .session_get_size = ixgbe_crypto_session_get_size,
.session_stats_get = NULL,
.session_destroy = ixgbe_crypto_remove_session,
.set_pkt_metadata = ixgbe_crypto_update_mb,
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* [dpdk-dev] [PATCH v3 3/3] examples/ipsec_secgw: create session mempools for ethdevs
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 2/3] net/ixgbe: implement security session get size Radu Nicolau
@ 2018-01-18 15:41 ` Radu Nicolau
2018-01-19 8:55 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function De Lara Guarch, Pablo
2 siblings, 0 replies; 19+ messages in thread
From: Radu Nicolau @ 2018-01-18 15:41 UTC (permalink / raw)
To: dev
Cc: konstantin.ananyev, ferruh.yigit, pablo.de.lara.guarch,
declan.doherty, akhil.goyal, Radu Nicolau
Also moved offloaded packets from cryptodev queues
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
examples/ipsec-secgw/ipsec.c | 12 ++++-------
examples/ipsec-secgw/ipsec.h | 4 ++--
3 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 192d8ec..3a28fcc 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1354,7 +1354,7 @@ cryptodevs_init(void)
struct rte_cryptodev_config dev_conf;
struct rte_cryptodev_qp_conf qp_conf;
uint16_t idx, max_nb_qps, qp, i;
- int16_t cdev_id;
+ int16_t cdev_id, port_id;
struct rte_hash_parameters params = { 0 };
params.entries = CDEV_MAP_ENTRIES;
@@ -1383,6 +1383,14 @@ cryptodevs_init(void)
if (sess_sz > max_sess_sz)
max_sess_sz = sess_sz;
}
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) == 0)
+ continue;
+ sess_sz = rte_security_session_get_size(
+ rte_eth_dev_get_sec_ctx(port_id));
+ if (sess_sz > max_sess_sz)
+ max_sess_sz = sess_sz;
+ }
idx = 0;
for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
@@ -1455,6 +1463,38 @@ cryptodevs_init(void)
cdev_id);
}
+ /* create session pools for eth devices that implement security */
+ for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+ if ((enabled_port_mask & (1 << port_id)) &&
+ rte_eth_dev_get_sec_ctx(port_id)) {
+ int socket_id = rte_eth_dev_socket_id(port_id);
+
+ if (!socket_ctx[socket_id].session_pool) {
+ char mp_name[RTE_MEMPOOL_NAMESIZE];
+ struct rte_mempool *sess_mp;
+
+ snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+ "sess_mp_%u", socket_id);
+ sess_mp = rte_mempool_create(mp_name,
+ CDEV_MP_NB_OBJS,
+ max_sess_sz,
+ CDEV_MP_CACHE_SZ,
+ 0, NULL, NULL, NULL,
+ NULL, socket_id,
+ 0);
+ if (sess_mp == NULL)
+ rte_exit(EXIT_FAILURE,
+ "Cannot create session pool "
+ "on socket %d\n", socket_id);
+ else
+ printf("Allocated session pool "
+ "on socket %d\n", socket_id);
+ socket_ctx[socket_id].session_pool = sess_mp;
+ }
+ }
+ }
+
+
printf("\n");
return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 05e89a1..4ef446d 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -368,7 +368,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
struct ipsec_mbuf_metadata *priv;
struct rte_crypto_sym_op *sym_cop;
struct ipsec_sa *sa;
- struct cdev_qp *cqp;
for (i = 0; i < nb_pkts; i++) {
if (unlikely(sas[i] == NULL)) {
@@ -431,8 +430,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
continue;
}
- cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
- cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+ ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
sa->security_ctx,
@@ -459,8 +457,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
continue;
}
- cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
- cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+ ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
rte_security_set_pkt_metadata(
sa->security_ctx,
@@ -485,11 +482,10 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts;) {
struct cdev_qp *cqp;
-
cqp = &ipsec_ctx->tbl[ipsec_ctx->last_qp];
- while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
- pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
+ while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+ pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
rte_prefetch0(pkt);
priv = get_priv(pkt);
sa = priv->sa;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index ac77064..6059f6c 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -130,8 +130,6 @@ struct cdev_qp {
uint16_t in_flight;
uint16_t len;
struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
- uint16_t ol_pkts_cnt;
};
struct ipsec_ctx {
@@ -143,6 +141,8 @@ struct ipsec_ctx {
uint16_t last_qp;
struct cdev_qp tbl[MAX_QP_PER_LCORE];
struct rte_mempool *session_pool;
+ struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+ uint16_t ol_pkts_cnt;
};
struct cdev_key {
--
2.7.5
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [dpdk-dev] [PATCH v3 1/3] security: add get session size function
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 1/3] security: add get session size function Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 2/3] net/ixgbe: implement security session get size Radu Nicolau
2018-01-18 15:41 ` [dpdk-dev] [PATCH v3 3/3] examples/ipsec_secgw: create session mempools for ethdevs Radu Nicolau
@ 2018-01-19 8:55 ` De Lara Guarch, Pablo
2 siblings, 0 replies; 19+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-19 8:55 UTC (permalink / raw)
To: Nicolau, Radu, dev
Cc: Ananyev, Konstantin, Yigit, Ferruh, Doherty, Declan, akhil.goyal
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 18, 2018 3:42 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH v3 1/3] security: add get session size function
>
> Add function to get security session size.
>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Series applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 19+ messages in thread