DPDK patches and discussions
 help / color / mirror / Atom feed
From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v4 4/5] examples/ipsec-secgw: get rid of maximum sa limitation
Date: Tue, 14 Jan 2020 14:27:15 +0000	[thread overview]
Message-ID: <1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com>
In-Reply-To: <1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com>

Get rid of maximum SA limitation.
Keep parsed SA's into the sorted by SPI value array.
Use binary search in the sorted SA array to find appropriate SA
for a given SPI.

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
 examples/ipsec-secgw/ipsec.h  |  1 -
 examples/ipsec-secgw/parser.c |  2 ++
 examples/ipsec-secgw/parser.h |  3 ++
 examples/ipsec-secgw/sa.c     | 74 +++++++++++++++++++++++++++++++++----------
 4 files changed, 62 insertions(+), 18 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 5988d59..3c77232 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -37,7 +37,6 @@
 
 #define DEFAULT_MAX_CATEGORIES	1
 
-#define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */
 #define INVALID_SPI (0)
 
 #define DISCARD	INVALID_SPI
diff --git a/examples/ipsec-secgw/parser.c b/examples/ipsec-secgw/parser.c
index fc8c238..67df170 100644
--- a/examples/ipsec-secgw/parser.c
+++ b/examples/ipsec-secgw/parser.c
@@ -642,6 +642,8 @@ parse_cfg_file(const char *cfg_filename)
 	cmdline_stdin_exit(cl);
 	fclose(f);
 
+	sa_sort_arr();
+
 	return 0;
 
 error_exit:
diff --git a/examples/ipsec-secgw/parser.h b/examples/ipsec-secgw/parser.h
index 6b8a100..1f8bd3e 100644
--- a/examples/ipsec-secgw/parser.h
+++ b/examples/ipsec-secgw/parser.h
@@ -75,6 +75,9 @@ parse_sp6_tokens(char **tokens, uint32_t n_tokens,
 	struct parse_status *status);
 
 void
+sa_sort_arr(void);
+
+void
 parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	struct parse_status *status);
 
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index d10a6ec..b3b83e3 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -133,11 +133,15 @@ const struct supported_aead_algo aead_algos[] = {
 	}
 };
 
-static struct ipsec_sa sa_out[IPSEC_SA_MAX_ENTRIES];
+#define SA_INIT_NB	128
+
+static struct ipsec_sa *sa_out;
+static uint32_t sa_out_sz;
 static uint32_t nb_sa_out;
 static struct ipsec_sa_cnt sa_out_cnt;
 
-static struct ipsec_sa sa_in[IPSEC_SA_MAX_ENTRIES];
+static struct ipsec_sa *sa_in;
+static uint32_t sa_in_sz;
 static uint32_t nb_sa_in;
 static struct ipsec_sa_cnt sa_in_cnt;
 
@@ -224,6 +228,31 @@ parse_key_string(const char *key_str, uint8_t *key)
 	return nb_bytes;
 }
 
+static int
+extend_sa_arr(struct ipsec_sa **sa_tbl, uint32_t cur_cnt, uint32_t *cur_sz)
+{
+	if (*sa_tbl == NULL) {
+		*sa_tbl = calloc(SA_INIT_NB, sizeof(struct ipsec_sa));
+		if (*sa_tbl == NULL)
+			return -1;
+		*cur_sz = SA_INIT_NB;
+		return 0;
+	}
+
+	if (cur_cnt >= *cur_sz) {
+		*sa_tbl = realloc(*sa_tbl,
+			*cur_sz * sizeof(struct ipsec_sa) * 2);
+		if (*sa_tbl == NULL)
+			return -1;
+		/* clean reallocated extra space */
+		memset(&(*sa_tbl)[*cur_sz], 0,
+			*cur_sz * sizeof(struct ipsec_sa));
+		*cur_sz *= 2;
+	}
+
+	return 0;
+}
+
 void
 parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	struct parse_status *status)
@@ -246,23 +275,15 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 	if (strcmp(tokens[0], "in") == 0) {
 		ri = &nb_sa_in;
 		sa_cnt = &sa_in_cnt;
-
-		APP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,
-			"too many sa rules, abort insertion\n");
-		if (status->status < 0)
+		if (extend_sa_arr(&sa_in, nb_sa_in, &sa_in_sz) < 0)
 			return;
-
 		rule = &sa_in[*ri];
 		rule->direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
 	} else {
 		ri = &nb_sa_out;
 		sa_cnt = &sa_out_cnt;
-
-		APP_CHECK(*ri <= IPSEC_SA_MAX_ENTRIES - 1, status,
-			"too many sa rules, abort insertion\n");
-		if (status->status < 0)
+		if (extend_sa_arr(&sa_out, nb_sa_out, &sa_out_sz) < 0)
 			return;
-
 		rule = &sa_out[*ri];
 		rule->direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
 	}
@@ -1311,13 +1332,24 @@ ipsec_satbl_init(struct sa_ctx *ctx, uint32_t nb_ent, int32_t socket)
 	return rc;
 }
 
+static int
+sa_cmp(const void *p, const void *q)
+{
+	uint32_t spi1 = ((const struct ipsec_sa *)p)->spi;
+	uint32_t spi2 = ((const struct ipsec_sa *)q)->spi;
+
+	return (int)(spi1 - spi2);
+}
+
 /*
  * Walk through all SA rules to find an SA with given SPI
  */
 int
 sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)
 {
-	uint32_t i, num;
+	uint32_t num;
+	struct ipsec_sa *sa;
+	struct ipsec_sa tmpl;
 	const struct ipsec_sa *sar;
 
 	sar = sa_ctx->sa;
@@ -1326,10 +1358,11 @@ sa_spi_present(struct sa_ctx *sa_ctx, uint32_t spi, int inbound)
 	else
 		num = nb_sa_out;
 
-	for (i = 0; i != num; i++) {
-		if (sar[i].spi == spi)
-			return i;
-	}
+	tmpl.spi = spi;
+
+	sa = bsearch(&tmpl, sar, num, sizeof(struct ipsec_sa), sa_cmp);
+	if (sa != NULL)
+		return RTE_PTR_DIFF(sa, sar) / sizeof(struct ipsec_sa);
 
 	return -ENOENT;
 }
@@ -1522,3 +1555,10 @@ sa_check_offloads(uint16_t port_id, uint64_t *rx_offloads,
 	}
 	return 0;
 }
+
+void
+sa_sort_arr(void)
+{
+	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
+	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
+}
-- 
2.7.4


  parent reply	other threads:[~2020-01-14 14:27 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-11 16:45 [dpdk-dev] [PATCH 0/4] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 1/4] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 2/4] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 3/4] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-11 16:45 ` [dpdk-dev] [PATCH 4/4] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 0/5] integrate librte_ipsec SAD into ipsec-secgw Vladimir Medvedkin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2020-01-14 14:27     ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2020-01-15 15:45       ` Akhil Goyal
2020-01-17 12:26         ` Akhil Goyal
2020-01-17 17:05         ` Medvedkin, Vladimir
2020-01-20  6:44           ` Akhil Goyal
2020-01-20 12:44             ` Anoob Joseph
     [not found]             ` <SN6PR11MB25581C7C8F969AA18EE8C1949A320@SN6PR11MB2558.namprd11.prod.outlook.com>
     [not found]               ` <SN6PR11MB25588E3DD326CFC90DD1E3989A320@SN6PR11MB2558.namprd11.prod.outlook.com>
2020-01-20 14:45                 ` [dpdk-dev] FW: " Ananyev, Konstantin
2020-01-21 14:47                   ` [dpdk-dev] " Akhil Goyal
2020-01-23 11:11                     ` Akhil Goyal
2020-01-23 12:52                       ` Ananyev, Konstantin
2020-01-23 12:56                         ` Akhil Goyal
2020-01-23 13:33                           ` Thomas Monjalon
2020-01-23 15:46                             ` Ananyev, Konstantin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 0/6] " Vladimir Medvedkin
2020-01-31 12:53         ` Akhil Goyal
2020-02-04  4:11           ` Anoob Joseph
2020-02-04 15:22             ` Akhil Goyal
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 0/8] " Vladimir Medvedkin
2020-02-04 15:25           ` Akhil Goyal
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 1/8] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 2/8] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 3/8] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 4/8] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 5/8] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 6/8] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 7/8] examples/ipsec-secgw: set/use mbuf ptype Vladimir Medvedkin
2020-01-31 17:39         ` [dpdk-dev] [PATCH v6 8/8] doc: update ipsec-secgw guide Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 1/6] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 2/6] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 3/6] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 4/6] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 5/6] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-29 14:06       ` [dpdk-dev] [PATCH v5 6/6] examples/ipsec-secgw: add SAD cache Vladimir Medvedkin
2020-01-14 14:27     ` [dpdk-dev] [PATCH v4 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-14 15:51       ` Ananyev, Konstantin
2020-01-14 14:27     ` [dpdk-dev] [PATCH v4 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-14 15:53       ` Ananyev, Konstantin
2020-01-14 14:27     ` [dpdk-dev] [PATCH v4 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-14 15:54       ` Ananyev, Konstantin
2020-01-14 14:27     ` Vladimir Medvedkin [this message]
2020-01-14 15:56       ` [dpdk-dev] [PATCH v4 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Ananyev, Konstantin
2020-01-14 14:27     ` [dpdk-dev] [PATCH v4 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2020-01-14 15:57       ` Ananyev, Konstantin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2020-01-13 12:55   ` [dpdk-dev] [PATCH v3 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 1/5] ipsec: move ipsec sad name length into .h Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 2/5] examples/ipsec-secgw: implement inbound SAD Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 3/5] examples/ipsec-secgw: integrate " Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: get rid of maximum sa limitation Vladimir Medvedkin
2019-12-18 16:00 ` [dpdk-dev] [PATCH v2 5/5] examples/ipsec-secgw: get rid of maximum sp limitation Vladimir Medvedkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1579012036-326214-5-git-send-email-vladimir.medvedkin@intel.com \
    --to=vladimir.medvedkin@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=konstantin.ananyev@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).