From: Yongseok Koh <yskoh@mellanox.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
Cc: "Nicolau, Radu" <radu.nicolau@intel.com>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
"dev@dpdk.org" <dev@dpdk.org>,
Aviad Yehezkel <aviadye@mellanox.com>,
"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix coherency of ESP sequence number
Date: Mon, 8 Apr 2019 19:36:17 +0000 [thread overview]
Message-ID: <20190408193608.GA18021@yongseok-MBP.local> (raw)
Message-ID: <20190408193617.AfauteZH3urkMrYkc_hJQxxS6oUVnC6PeFojHh8mOtM@z> (raw)
In-Reply-To: <2601191342CEEE43887BDE71AB9772580148A943CB@irsmsx105.ger.corp.intel.com>
On Mon, Apr 08, 2019 at 10:41:29AM +0000, Ananyev, Konstantin wrote:
>
> Hi Yongseok,
>
> > Outbound ESP sequence number should be incremented atomically and refeenced
> > indirectly. Otherwise, concurrent access by multiple threads will break
> > coherency.
>
> I think MT mode per SA is not supported right now by ipsec-secgw.
> From https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc.dpdk.org%2Fguides%2Fsample_app_ug%2Fipsec_secgw.html&data=02%7C01%7Cyskoh%40mellanox.com%7C92fcdccccff446f9f93708d6bc0ec532%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C636903168953772804&sdata=8l1b79cFf7Jodlk%2Bup3b8uRUUSU2IyglmFxhmXqsbCI%3D&reserved=0:
> 49.2. Constraints
> ...
> Each SA must be handle by a unique lcore (1 RX queue per port).
I wasn't aware of this limitation. If it is already documented, I'll take back
my patch. Actually, I have done some performance testing with this example and
it worked fine with single SA in each direction. That's why I thought it was
supported.
> Also the changes you proposed wouldn't handle inbound case.
No seq number check for inbound direction in this example code..
> Anyway, if you still like to have atomic sqn updates for outbound,
> then probably better to make it configurable
> (otherwise it would introduce unnecessary slowdown).
> There is '-a' (atomic) command-line option.
> Right now it works for librte_ipsec mode only, but I suppose it wouldn't
> be big deal to make legacy mode to take it into account too.
>
[...]
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> > index a7298a30c2..adf6ac3f9a 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > @@ -795,7 +795,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
> > return -EINVAL;
> > }
> > *sa = entries[i];
> > - sa->seq = 0;
> > + rte_atomic64_set(&sa->seq, -1);
>
> I think initial value should remain zero.
The reason was because there's no rte_atomic64_return_add() but
rte_atomic64_add_return(). Would be better to have it with
__sync_fetch_and_add() later. Anyway, I'm taking back this patch like I
mentioned.
Thanks,
Yongseok
next prev parent reply other threads:[~2019-04-08 19:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-06 0:35 Yongseok Koh
2019-04-06 0:35 ` Yongseok Koh
2019-04-08 10:41 ` Ananyev, Konstantin
2019-04-08 10:41 ` Ananyev, Konstantin
2019-04-08 19:36 ` Yongseok Koh [this message]
2019-04-08 19:36 ` Yongseok Koh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190408193608.GA18021@yongseok-MBP.local \
--to=yskoh@mellanox.com \
--cc=akhil.goyal@nxp.com \
--cc=aviadye@mellanox.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
--cc=radu.nicolau@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).