From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4D8B1A0032; Fri, 21 Oct 2022 18:38:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9BEEE400D6; Fri, 21 Oct 2022 18:38:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6908240042 for ; Fri, 21 Oct 2022 18:38:24 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29L8psQ0005700; Fri, 21 Oct 2022 09:38:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=DX8XneqoTe5klzJjwHTHuzxoItjnxTk+Xryrfh9PzTQ=; b=Vx/rcE0aLyJHYS+L8/WobYfOdhlaATqJqHCwimDthM9FSDWgrQVbuTveuLIoD885ioaK ilY8asBjxLW+HEpYBumIDAErqwpvrOvACNEmstNxgvHeDY0RZ18i+XWfR6XG9LawyhKm eE/NiESq77N/EhY8wzVUbK6DaTh64g8CvI3dmiS/twEAlQFuQuL5oVa/KzDzHoE6NSIK arfUfuspmADlNE+JNcf0zYdIpy5UMUlpqwjUtDDTg0ctlNvP59B86HtdFqfpGZj56WkA 6kIQE6drEe+OM1xI3FOM8e0o8pmzxivPWFq+rjlp+Wr27bwXWBTS6O0EDp1E50n83755 mA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3kb125eyfq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 21 Oct 2022 09:38:23 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 21 Oct 2022 09:38:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 21 Oct 2022 09:38:21 -0700 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.160.62]) by maili.marvell.com (Postfix) with ESMTP id 887195C68EA; Fri, 21 Oct 2022 09:38:17 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob , "Thomas Monjalon" , Hemant Agrawal , Sachin Saxena , Ciara Power CC: Aakash Sasidharan , Subject: [PATCH v2] app/test-security-perf: add security perf app Date: Fri, 21 Oct 2022 22:08:16 +0530 Message-ID: <20221021163816.175-1-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220811035933.802-1-anoobj@marvell.com> References: <20220811035933.802-1-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: wIydjYmCdpmxaFQIKg4G7sC3t3KPj5di X-Proofpoint-ORIG-GUID: wIydjYmCdpmxaFQIKg4G7sC3t3KPj5di X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-21_04,2022-10-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add performance application to test security session create & destroy rates supported by the security enabled cryptodev PMD. The application would create specified number of sessions and captures the time taken for the same before proceeding to destroy of the same. When operating on multi-core, the number of sessions would be evenly distributed across all cores. The application would test with all combinations of cipher & auth algorithms supported by the PMD. Signed-off-by: Aakash Sasidharan Signed-off-by: Anoob Joseph --- v2: * Rebased on latest code. Made changes to accommodate session rework * Fixed debug build failure MAINTAINERS | 6 + app/meson.build | 1 + app/test-security-perf/meson.build | 14 + app/test-security-perf/test_security_perf.c | 575 ++++++++++++++++++++ doc/guides/rel_notes/release_22_11.rst | 6 + doc/guides/tools/index.rst | 1 + doc/guides/tools/securityperf.rst | 47 ++ 7 files changed, 650 insertions(+) create mode 100644 app/test-security-perf/meson.build create mode 100644 app/test-security-perf/test_security_perf.c create mode 100644 doc/guides/tools/securityperf.rst diff --git a/MAINTAINERS b/MAINTAINERS index 6f56111323..14dcdd2d7f 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1735,6 +1735,12 @@ M: Reshma Pattan F: app/proc-info/ F: doc/guides/tools/proc_info.rst +Security performance tool +M: Anoob Joseph +T: git://dpdk.org/next/dpdk-next-crypto +F: app/test-security-perf/ +F: doc/guides/tools/securityperf.rst + Other Example Applications -------------------------- diff --git a/app/meson.build b/app/meson.build index 93d8c15032..ef54b90d36 100644 --- a/app/meson.build +++ b/app/meson.build @@ -18,6 +18,7 @@ apps = [ 'test-pmd', 'test-regex', 'test-sad', + 'test-security-perf', ] default_cflags = machine_args + ['-DALLOW_EXPERIMENTAL_API'] diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build new file mode 100644 index 0000000000..076999022e --- /dev/null +++ b/app/test-security-perf/meson.build @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: BSD-3-Clause +# Copyright(C) 2022 Marvell. + +if is_windows + build = false + reason = 'not supported on Windows' + subdir_done() +endif + +sources = files( + 'test_security_perf.c', + '../test/test_cryptodev_security_ipsec.c', +) +deps += ['security', 'cmdline'] diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c new file mode 100644 index 0000000000..9bb50689e3 --- /dev/null +++ b/app/test-security-perf/test_security_perf.c @@ -0,0 +1,575 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2022, Marvell + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#define NB_DESC 4096 +#define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */ + +struct lcore_conf { + struct rte_crypto_sym_xform cipher_xform; + struct rte_crypto_sym_xform auth_xform; + struct rte_crypto_sym_xform aead_xform; + uint8_t dev_id; + uint8_t qp_id; + struct test_ctx *ctx; +}; + +struct test_ctx { + struct lcore_conf lconf[RTE_MAX_LCORE]; + void *sec_ctx; + struct rte_mempool *sess_mp; + struct ipsec_test_data *td; + int nb_sess; + unsigned long td_idx; + uint8_t nb_lcores; + uint8_t nb_cryptodevs; + uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS]; + bool is_inbound; +}; + +static struct test_ctx ctx; + +static int +cryptodev_init(struct test_ctx *ctx, uint8_t nb_lcores) +{ + const char dev_names[][RTE_CRYPTODEV_NAME_MAX_LEN] = { + "crypto_cn10k", + "crypto_cn9k", + "crypto_dpaa_sec", + "crypto_dpaa2_sec", + }; + struct rte_cryptodev_qp_conf qp_conf; + struct rte_cryptodev_info dev_info; + struct rte_cryptodev_config config; + unsigned int j, nb_qp, qps_reqd; + uint8_t socket_id; + uint32_t dev_cnt; + int ret, core_id; + void *sec_ctx; + uint64_t i; + + i = 0; + do { + dev_cnt = rte_cryptodev_devices_get(dev_names[i], + ctx->enabled_cdevs, + RTE_CRYPTO_MAX_DEVS); + i++; + } while (dev_cnt == 0 && i < RTE_DIM(dev_names)); + + if (dev_cnt == 0) + return -1; + + /* Check first device for capabilities */ + rte_cryptodev_info_get(0, &dev_info); + if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SECURITY)) { + RTE_LOG(ERR, USER1, + "Security not supported by the cryptodev\n"); + return -1; + } + + sec_ctx = rte_cryptodev_get_sec_ctx(0); + ctx->sec_ctx = sec_ctx; + + socket_id = rte_socket_id(); + qps_reqd = nb_lcores; + core_id = 0; + i = 0; + + do { + rte_cryptodev_info_get(i, &dev_info); + qps_reqd = RTE_MIN(dev_info.max_nb_queue_pairs, qps_reqd); + + for (j = 0; j < qps_reqd; j++) { + ctx->lconf[core_id].dev_id = i; + ctx->lconf[core_id].qp_id = j; + ctx->lconf[core_id].ctx = ctx; + core_id++; + if (core_id == RTE_MAX_LCORE) + break; + } + + nb_qp = j; + + memset(&config, 0, sizeof(config)); + config.nb_queue_pairs = nb_qp; + config.socket_id = socket_id; + + ret = rte_cryptodev_configure(i, &config); + if (ret < 0) { + RTE_LOG(ERR, USER1, + "Could not configure cryptodev - %" PRIu64 "\n", + i); + return -1; + } + + memset(&qp_conf, 0, sizeof(qp_conf)); + qp_conf.nb_descriptors = NB_DESC; + + for (j = 0; j < nb_qp; j++) { + ret = rte_cryptodev_queue_pair_setup(i, j, &qp_conf, + socket_id); + if (ret < 0) { + RTE_LOG(ERR, USER1, + "Could not configure queue pair:" + " %" PRIu64 " - %d\n", i, j); + return -1; + } + } + + ret = rte_cryptodev_start(i); + if (ret < 0) { + RTE_LOG(ERR, USER1, "Could not start cryptodev\n"); + return -1; + } + + i++; + qps_reqd -= j; + + } while (i < dev_cnt && core_id < RTE_MAX_LCORE); + + ctx->nb_cryptodevs = i; + + return 0; +} + +static int +cryptodev_fini(struct test_ctx *ctx) +{ + int i, ret = 0; + + for (i = 0; i < ctx->nb_cryptodevs && + i < RTE_CRYPTO_MAX_DEVS; i++) { + rte_cryptodev_stop(ctx->enabled_cdevs[i]); + ret = rte_cryptodev_close(ctx->enabled_cdevs[i]); + if (ret) + RTE_LOG(ERR, USER1, + "Crypto device close error %d\n", ret); + } + + return ret; +} + +static int +mempool_init(struct test_ctx *ctx, uint8_t nb_lcores) +{ + struct rte_mempool *sess_mpool; + unsigned int sec_sess_sz; + int nb_sess_total; + + nb_sess_total = ctx->nb_sess + RTE_MEMPOOL_CACHE_MAX_SIZE * nb_lcores; + + sec_sess_sz = rte_security_session_get_size(ctx->sec_ctx); + + sess_mpool = rte_cryptodev_sym_session_pool_create("test_sess_mp", + nb_sess_total, sec_sess_sz, RTE_MEMPOOL_CACHE_MAX_SIZE, + 0, SOCKET_ID_ANY); + if (sess_mpool == NULL) { + RTE_LOG(ERR, USER1, "Could not create mempool\n"); + return -1; + } + + ctx->sess_mp = sess_mpool; + + return 0; +} + +static int +mempool_fini(struct test_ctx *ctx) +{ + rte_mempool_free(ctx->sess_mp); + + return 0; +} + +static int +sec_conf_init(struct lcore_conf *conf, + struct rte_security_session_conf *sess_conf, + struct rte_security_ipsec_xform *ipsec_xform, + const struct ipsec_test_data *td) +{ + uint16_t v6_src[8] = {0x2607, 0xf8b0, 0x400c, 0x0c03, 0x0000, 0x0000, + 0x0000, 0x001a}; + uint16_t v6_dst[8] = {0x2001, 0x0470, 0xe5bf, 0xdead, 0x4957, 0x2174, + 0xe82c, 0x4887}; + const struct rte_ipv4_hdr *ipv4 = + (const struct rte_ipv4_hdr *)td->output_text.data; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; + enum rte_security_ipsec_sa_direction dir; + uint32_t src, dst; + int salt_len; + + /* Copy IPsec xform */ + memcpy(ipsec_xform, &td->ipsec_xform, sizeof(*ipsec_xform)); + + dir = ipsec_xform->direction; + + memcpy(&src, &ipv4->src_addr, sizeof(ipv4->src_addr)); + memcpy(&dst, &ipv4->dst_addr, sizeof(ipv4->dst_addr)); + + if (td->ipsec_xform.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (td->ipsec_xform.tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + memcpy(&ipsec_xform->tunnel.ipv4.src_ip, &src, + sizeof(src)); + memcpy(&ipsec_xform->tunnel.ipv4.dst_ip, &dst, + sizeof(dst)); + + } else { + memcpy(&ipsec_xform->tunnel.ipv6.src_addr, &v6_src, + sizeof(v6_src)); + memcpy(&ipsec_xform->tunnel.ipv6.dst_addr, &v6_dst, + sizeof(v6_dst)); + } + } + + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_IPSEC; + sec_cap_idx.ipsec.proto = ipsec_xform->proto; + sec_cap_idx.ipsec.mode = ipsec_xform->mode; + sec_cap_idx.ipsec.direction = ipsec_xform->direction; + + sec_cap = rte_security_capability_get(conf->ctx->sec_ctx, &sec_cap_idx); + if (sec_cap == NULL) { + RTE_LOG(ERR, USER1, "Could not get capabilities\n"); + return -1; + } + + /* Copy cipher session parameters */ + if (td[0].aead) { + memcpy(&conf->aead_xform, &td[0].xform.aead, + sizeof(conf->aead_xform)); + conf->aead_xform.aead.key.data = td[0].key.data; + conf->aead_xform.aead.iv.offset = IV_OFFSET; + + /* Verify crypto capabilities */ + if (test_ipsec_crypto_caps_aead_verify( + sec_cap, + &conf->aead_xform) != 0) { + RTE_LOG(ERR, USER1, + "Crypto capabilities not supported\n"); + return -1; + } + } else if (td[0].auth_only) { + memcpy(&conf->auth_xform, &td[0].xform.chain.auth, + sizeof(conf->auth_xform)); + conf->auth_xform.auth.key.data = td[0].auth_key.data; + + if (test_ipsec_crypto_caps_auth_verify( + sec_cap, + &conf->auth_xform) != 0) { + RTE_LOG(INFO, USER1, + "Auth crypto capabilities not supported\n"); + return -1; + } + } else { + memcpy(&conf->cipher_xform, &td[0].xform.chain.cipher, + sizeof(conf->cipher_xform)); + memcpy(&conf->auth_xform, &td[0].xform.chain.auth, + sizeof(conf->auth_xform)); + conf->cipher_xform.cipher.key.data = td[0].key.data; + conf->cipher_xform.cipher.iv.offset = IV_OFFSET; + conf->auth_xform.auth.key.data = td[0].auth_key.data; + + /* Verify crypto capabilities */ + + if (test_ipsec_crypto_caps_cipher_verify( + sec_cap, + &conf->cipher_xform) != 0) { + RTE_LOG(ERR, USER1, + "Cipher crypto capabilities not supported\n"); + return -1; + } + + if (test_ipsec_crypto_caps_auth_verify( + sec_cap, + &conf->auth_xform) != 0) { + RTE_LOG(ERR, USER1, + "Auth crypto capabilities not supported\n"); + return -1; + } + } + + if (test_ipsec_sec_caps_verify(ipsec_xform, sec_cap, 0) != 0) + return -1; + + sess_conf->action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL; + sess_conf->protocol = RTE_SECURITY_PROTOCOL_IPSEC; + + if (td[0].aead || td[0].aes_gmac) { + salt_len = RTE_MIN(sizeof(ipsec_xform->salt), td[0].salt.len); + memcpy(&ipsec_xform->salt, td[0].salt.data, salt_len); + } + + if (td[0].aead) { + sess_conf->ipsec = *ipsec_xform; + sess_conf->crypto_xform = &conf->aead_xform; + } else if (td[0].auth_only) { + sess_conf->ipsec = *ipsec_xform; + sess_conf->crypto_xform = &conf->auth_xform; + } else { + sess_conf->ipsec = *ipsec_xform; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + sess_conf->crypto_xform = &conf->cipher_xform; + conf->cipher_xform.next = &conf->auth_xform; + } else { + sess_conf->crypto_xform = &conf->auth_xform; + conf->auth_xform.next = &conf->cipher_xform; + } + } + + return 0; +} + +static int +test_security_session_perf(void *arg) +{ + uint64_t tsc_start, tsc_mid, tsc_end, tsc_setup_dur, tsc_destroy_dur; + struct rte_security_ipsec_xform ipsec_xform; + struct rte_security_session_conf sess_conf; + int i, ret, nb_sessions, nb_sess_total; + struct rte_security_session **sess; + struct rte_security_ctx *sec_ctx; + double setup_rate, destroy_rate; + uint64_t setup_ms, destroy_ms; + struct lcore_conf *conf = arg; + struct rte_mempool *sess_mp; + uint8_t nb_lcores; + + nb_lcores = conf->ctx->nb_lcores; + nb_sess_total = conf->ctx->nb_sess; + sec_ctx = conf->ctx->sec_ctx; + sess_mp = conf->ctx->sess_mp; + + nb_sessions = nb_sess_total / nb_lcores; + + if (conf->qp_id == 0) + nb_sessions += (nb_sess_total - nb_sessions * nb_lcores); + + ret = sec_conf_init(conf, &sess_conf, &ipsec_xform, + &ctx.td[ctx.td_idx]); + if (ret) { + RTE_LOG(ERR, USER1, "Could not initialize session conf\n"); + return EXIT_FAILURE; + } + + sess = rte_zmalloc(NULL, sizeof(void *) * nb_sessions, 0); + + tsc_start = rte_rdtsc_precise(); + + for (i = 0; i < nb_sessions; i++) { + sess[i] = rte_security_session_create(sec_ctx, + &sess_conf, + sess_mp); + if (unlikely(sess[i] == NULL)) { + RTE_LOG(ERR, USER1, "Could not create session\n"); + return EXIT_FAILURE; + } + } + + tsc_mid = rte_rdtsc_precise(); + + for (i = 0; i < nb_sessions; i++) { + ret = rte_security_session_destroy(sec_ctx, sess[i]); + if (unlikely(ret < 0)) { + RTE_LOG(ERR, USER1, "Could not destroy session\n"); + return EXIT_FAILURE; + } + } + + tsc_end = rte_rdtsc_precise(); + + tsc_setup_dur = tsc_mid - tsc_start; + tsc_destroy_dur = tsc_end - tsc_mid; + + setup_ms = tsc_setup_dur * 1000 / rte_get_tsc_hz(); + destroy_ms = tsc_destroy_dur * 1000 / rte_get_tsc_hz(); + + setup_rate = (double)nb_sessions * rte_get_tsc_hz() / tsc_setup_dur; + destroy_rate = (double)nb_sessions * rte_get_tsc_hz() / tsc_destroy_dur; + + printf("%20u%20u%20"PRIu64"%20"PRIu64"%20.2f%20.2f\n", + rte_lcore_id(), + nb_sessions, + setup_ms, + destroy_ms, + setup_rate, + destroy_rate); + + return EXIT_SUCCESS; +} + +static void +usage(char *progname) +{ + printf("\nusage: %s\n", progname); + printf(" --help : display this message and exit\n" + " --inbound : test for inbound direction\n" + " default outbound direction is tested\n" + " --nb-sess=N: to set the number of sessions\n" + " to be created, default is %d\n", DEF_NB_SESSIONS); +} + +static void +args_parse(int argc, char **argv) +{ + char **argvopt; + int n, opt; + int opt_idx; + + static const struct option lgopts[] = { + /* Control */ + { "help", 0, 0, 0 }, + { "inbound", 0, 0, 0 }, + { "nb-sess", 1, 0, 0 }, + { NULL, 0, 0, 0 } + }; + + argvopt = argv; + + while ((opt = getopt_long(argc, argvopt, "", + lgopts, &opt_idx)) != EOF) { + switch (opt) { + case 0: + if (strcmp(lgopts[opt_idx].name, "help") == 0) { + usage(argv[0]); + exit(EXIT_SUCCESS); + } + + if (strcmp(lgopts[opt_idx].name, "nb-sess") == 0) { + n = atoi(optarg); + if (n >= 0) + ctx.nb_sess = n; + else + rte_exit(EXIT_FAILURE, + "nb-sess should be >= 0\n"); + printf("nb-sess %d / ", ctx.nb_sess); + } else if (strcmp(lgopts[opt_idx].name, "inbound") == + 0) { + ctx.is_inbound = true; + printf("inbound / "); + } + + break; + + default: + usage(argv[0]); + rte_exit(EXIT_FAILURE, "Invalid option: %s\n", + argv[opt_idx - 1]); + break; + } + } + + printf("\n\n"); +} + +int +main(int argc, char **argv) +{ + struct ipsec_test_data td_outb[RTE_DIM(alg_list)]; + struct ipsec_test_data td_inb[RTE_DIM(alg_list)]; + struct ipsec_test_flags flags; + uint32_t lcore_id; + uint8_t nb_lcores; + unsigned long i; + int ret; + + memset(&ctx, 0, sizeof(struct test_ctx)); + memset(&flags, 0, sizeof(flags)); + + ret = rte_eal_init(argc, argv); + if (ret < 0) + rte_exit(EXIT_FAILURE, "Invalid EAL arguments!\n"); + argc -= ret; + argv += ret; + + nb_lcores = rte_lcore_count() - 1; + if (nb_lcores < 1) { + RTE_LOG(ERR, USER1, + "Number of worker cores need to be higher than 1\n"); + return -EINVAL; + } + + ctx.nb_sess = DEF_NB_SESSIONS + RTE_MEMPOOL_CACHE_MAX_SIZE * nb_lcores; + + if (argc > 1) + args_parse(argc, argv); + + ctx.nb_lcores = nb_lcores; + + ret = cryptodev_init(&ctx, nb_lcores); + if (ret) + goto exit; + + ret = mempool_init(&ctx, nb_lcores); + if (ret) + goto cryptodev_fini; + + test_ipsec_alg_list_populate(); + + for (i = 0; i < RTE_DIM(alg_list); i++) { + test_ipsec_td_prepare(alg_list[i].param1, + alg_list[i].param2, + &flags, + &td_outb[i], + 1); + if (ctx.is_inbound) + test_ipsec_td_in_from_out(&td_outb[i], &td_inb[i]); + } + + ctx.td = td_outb; + if (ctx.is_inbound) + ctx.td = td_inb; + + for (ctx.td_idx = 0; ctx.td_idx < RTE_DIM(alg_list); ctx.td_idx++) { + + printf("\n\n Algorithm combination:"); + test_ipsec_display_alg(alg_list[ctx.td_idx].param1, + alg_list[ctx.td_idx].param2); + printf(" ----------------------"); + + printf("\n%20s%20s%20s%20s%20s%20s\n\n", + "lcore id", "nb_sessions", + "Setup time(ms)", "Destroy time(ms)", + "Setup rate(sess/s)", + "Destroy rate(sess/sec)"); + + i = 0; + RTE_LCORE_FOREACH_WORKER(lcore_id) { + rte_eal_remote_launch(test_security_session_perf, + &ctx.lconf[i], + lcore_id); + i++; + } + + RTE_LCORE_FOREACH_WORKER(lcore_id) { + ret |= rte_eal_wait_lcore(lcore_id); + } + + } + + cryptodev_fini(&ctx); + mempool_fini(&ctx); + + return EXIT_SUCCESS; +cryptodev_fini: + cryptodev_fini(&ctx); +exit: + return EXIT_FAILURE; + +} diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst index 281ba2fc7f..326890a615 100644 --- a/doc/guides/rel_notes/release_22_11.rst +++ b/doc/guides/rel_notes/release_22_11.rst @@ -254,6 +254,12 @@ New Features Added support for asymmetric crypto algorithms. See the :doc:`../sample_app_ug/fips_validation` for more details. +* **Added security performance test application.** + + Added new application to test ``rte_security`` session create/destroy + performance. + See the :doc:`../tools/securityperf` for more details. + Removed Items ------------- diff --git a/doc/guides/tools/index.rst b/doc/guides/tools/index.rst index 0e5041a3f0..cee07a71b0 100644 --- a/doc/guides/tools/index.rst +++ b/doc/guides/tools/index.rst @@ -18,5 +18,6 @@ DPDK Tools User Guides testbbdev cryptoperf comp_perf + securityperf testeventdev testregex diff --git a/doc/guides/tools/securityperf.rst b/doc/guides/tools/securityperf.rst new file mode 100644 index 0000000000..06e0cf76b7 --- /dev/null +++ b/doc/guides/tools/securityperf.rst @@ -0,0 +1,47 @@ +.. SPDX-License-Identifier: BSD-3-Clause + Copyright(c) 2022 Marvell. + +Security Performance Tool +========================= + +The ``dpdk-test-security-perf`` tool is a Data Plane Development Kit (DPDK) +utility to test rte_security session create/destroy rates. Test covers supported +combinations of cipher and auth algorithms. + +Limitations +~~~~~~~~~~~ + +* Tests only ESP tunnel mode with IPv4. + +Running the Application +----------------------- + +EAL Command-line Options +~~~~~~~~~~~~~~~~~~~~~~~~ + +Please refer to :doc:`EAL parameters (Linux) <../linux_gsg/linux_eal_parameters>` +or :doc:`EAL parameters (FreeBSD) <../freebsd_gsg/freebsd_eal_parameters>` for +a list of available EAL command-line options. + +Security Performance Options +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following are the command-line options for the security performance +application. They must be separated from the EAL options, shown in the previous section, +with a ``--`` separator: + +.. code-block:: console + + sudo ./dpdk-test-security-perf -- --nb-sess=163840 --inbound + +The command-line options are: + +* ``--help`` + Display a help message and quit. + +* ``--nb-sess`` + Set the number of sessions to be created, default value is 163840. + +* ``--inbound`` + IPsec SA direction to be tested with. By default if this option is not + provided, outbound direction will be tested. -- 2.25.1