From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v3 4/5] examples/ipsec-secgw: get rid of maximum sa limitation
Date: Mon, 13 Jan 2020 12:55:21 +0000 [thread overview]
Message-ID: <1578920122-228017-5-git-send-email-vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com>
In-Reply-To: <cover.1576684589.git.vladimir.medvedkin@intel.com>
Get rid of maximum SA limitation.
Keep parsed SA's into the sorted by SPI value array.
Use binary search in the sorted SA array to find appropriate SA
for a given SPI.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
examples/ipsec-secgw/ipsec.h | 1 -
examples/ipsec-secgw/parser.c | 2 ++
examples/ipsec-secgw/parser.h | 3 ++
examples/ipsec-secgw/sa.c | 74 +++++++++++++++++++++++++++++++++----------
4 files changed, 62 insertions(+), 18 deletions(-)
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 8ca6c2a..0475a54 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -37,7 +37,6 @@
#define DEFAULT_MAX_CATEGORIES 1
-#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */
#define INVALID_SPI (0)
#define DISCARD INVALID_SPI
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index fc8c238..67df170 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -642,6 +642,8 @@ parse_cfg_file(const char *cfg_filename)
cmdline_stdin_exit(cl);
fclose(f);
+ sa_sort_arr();
+
return 0;
error_exit:
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index 6b8a100..1f8bd3e 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -75,6 +75,9 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
void
+sa_sort_arr(void);
+
+void
parse_sa_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status);
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 8cc7b17..7346337 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -133,11 +133,15 @@ const struct supported_aead_algo aead_algos[] = {
}
};
-static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
+#define SA_INIT_NB 128
+
+static struct ipsec_sa *sa_out;
+static uint32_t sa_out_sz;
static uint32_t nb_sa_out;
static struct ipsec_sa_cnt sa_out_cnt;
-static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
+static struct ipsec_sa *sa_in;
+static uint32_t sa_in_sz;
static uint32_t nb_sa_in;
static struct ipsec_sa_cnt sa_in_cnt;
@@ -224,6 +228,31 @@ parse_key_string(const char *key_str, uint8_t *key)
return nb_bytes;
}
+static int
+extend_sa_arr(struct ipsec_sa **sa_tbl, uint32_t cur_cnt, uint32_t *cur_sz)
+{
+ if (*sa_tbl == NULL) {
+ *sa_tbl = calloc(SA_INIT_NB, sizeof(struct ipsec_sa));
+ if (*sa_tbl == NULL)
+ return -1;
+ *cur_sz = SA_INIT_NB;
+ return 0;
+ }
+
+ if (cur_cnt >= *cur_sz) {
+ *sa_tbl = realloc(*sa_tbl,
+ *cur_sz * sizeof(struct ipsec_sa) * 2);
+ if (*sa_tbl == NULL)
+ return -1;
+ /* clean reallocated extra space */
+ memset(&(*sa_tbl)[*cur_sz], 0,
+ *cur_sz * sizeof(struct ipsec_sa));
+ *cur_sz *= 2;
+ }
+
+ return 0;
+}
+
void
parse_sa_tokens(char **tokens, uint32_t n_tokens,
struct parse_status *status)
@@ -246,23 +275,15 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
if (strcmp(tokens[0], "in") == 0) {
ri = &nb_sa_in;
sa_cnt = &sa_in_cnt;
-
- APP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,
- "too many sa rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sa_arr(&sa_in, nb_sa_in, &sa_in_sz) < 0)
return;
-
rule = &sa_in[*ri];
rule->direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
} else {
ri = &nb_sa_out;
sa_cnt = &sa_out_cnt;
-
- APP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,
- "too many sa rules, abort insertion\n");
- if (status->status < 0)
+ if (extend_sa_arr(&sa_out, nb_sa_out, &sa_out_sz) < 0)
return;
-
rule = &sa_out[*ri];
rule->direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
}
@@ -1310,13 +1331,24 @@ ipsec_satbl_init(struct sa_ctx *ctx, uint32_t nb_ent, int32_t socket)
return rc;
}
+static int
+sa_cmp(const void *p, const void *q)
+{
+ uint32_t spi1 = ((const struct ipsec_sa *)p)->spi;
+ uint32_t spi2 = ((const struct ipsec_sa *)q)->spi;
+
+ return (int)(spi1 - spi2);
+}
+
/*
* Walk through all SA rules to find an SA with given SPI
*/
int
sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)
{
- uint32_t i, num;
+ uint32_t num;
+ struct ipsec_sa *sa;
+ struct ipsec_sa tmpl;
const struct ipsec_sa *sar;
sar = sa_ctx->sa;
@@ -1325,10 +1357,11 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)
else
num = nb_sa_out;
- for (i = 0; i != num; i++) {
- if (sar[i].spi == spi)
- return i;
- }
+ tmpl.spi = spi;
+
+ sa = bsearch(&tmpl, sar, num, sizeof(struct ipsec_sa), sa_cmp);
+ if (sa != NULL)
+ return RTE_PTR_DIFF(sa, sar) / sizeof(struct ipsec_sa);
return -ENOENT;
}
@@ -1486,3 +1519,10 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
}
return 0;
}
+
+void
+sa_sort_arr(void)
+{
+ qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
+ qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
+}
--
2.7.4
next prev parent reply other threads:[~2020-01-13 12:56 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 16:45 [dpdk-dev] [PATCH 0/4] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 1/4] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 2/4] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 3/4] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 4/4] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 0/5] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2020-01-15 15:45 ` Akhil Goyal
2020-01-17 12:26 ` Akhil Goyal
2020-01-17 17:05 ` Medvedkin, Vladimir
2020-01-20 6:44 ` Akhil Goyal
2020-01-20 12:44 ` Anoob Joseph
[not found] ` <SN6PR11MB25581C7C8F969AA18EE8C1949A320@SN6PR11MB2558.namprd11.prod.outlook.com>
[not found] ` <SN6PR11MB25588E3DD326CFC90DD1E3989A320@SN6PR11MB2558.namprd11.prod.outlook.com>
2020-01-20 14:45 ` [dpdk-dev] FW: " Ananyev, Konstantin
2020-01-21 14:47 ` [dpdk-dev] " Akhil Goyal
2020-01-23 11:11 ` Akhil Goyal
2020-01-23 12:52 ` Ananyev, Konstantin
2020-01-23 12:56 ` Akhil Goyal
2020-01-23 13:33 ` Thomas Monjalon
2020-01-23 15:46 ` Ananyev, Konstantin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 0/6] " Vladimir Medvedkin
2020-01-31 12:53 ` Akhil Goyal
2020-02-04 4:11 ` Anoob Joseph
2020-02-04 15:22 ` Akhil Goyal
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 0/8] " Vladimir Medvedkin
2020-02-04 15:25 ` Akhil Goyal
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 1/8] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 2/8] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 3/8] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 4/8] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 5/8] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 6/8] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 7/8] examples/ipsec-secgw: set/use mbuf ptype Vladimir Medvedkin
2020-01-31 17:39 ` [dpdk-dev] [PATCH v6 8/8] doc: update ipsec-secgw guide Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 1/6] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 2/6] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 3/6] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 4/6] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 5/6] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-29 14:06 ` [dpdk-dev] [PATCH v5 6/6] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-14 15:51 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-14 15:53 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-14 15:54 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-14 15:56 ` Ananyev, Konstantin
2020-01-14 14:27 ` [dpdk-dev] [PATCH v4 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-14 15:57 ` Ananyev, Konstantin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-13 12:55 ` Vladimir Medvedkin [this message]
2020-01-13 12:55 ` [dpdk-dev] [PATCH v3 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1578920122-228017-5-git-send-email-vladimir.medvedkin@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).