DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] examples/ipsec-secgw: remove limitation for crypto sessions
@ 2020-04-10 19:30 Vladimir Medvedkin
  2020-04-14 14:17 ` [dpdk-dev] [PATCH v2] " Vladimir Medvedkin
  0 siblings, 1 reply; 7+ messages in thread
From: Vladimir Medvedkin @ 2020-04-10 19:30 UTC (permalink / raw)
  To: dev; +Cc: konstantin.ananyev, akhil.goyal, stable

Get rid of hardcoded limit of cryptodev sessions.

Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
Cc: stable@dpdk.org

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 12 +++++++-----
 examples/ipsec-secgw/ipsec.h       |  3 +++
 examples/ipsec-secgw/sa.c          |  9 +++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 4799bc9..0b8177b 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -58,7 +58,6 @@
 
 #define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
@@ -1916,10 +1915,11 @@ cryptodevs_init(void)
 		dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
 
 		uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
-		if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+		if (dev_max_sess != 0 &&
+				dev_max_sess < get_nb_crypto_sessions())
 			rte_exit(EXIT_FAILURE,
 				"Device does not support at least %u "
-				"sessions", CDEV_MP_NB_OBJS);
+				"sessions", get_nb_crypto_sessions());
 
 		if (rte_cryptodev_configure(cdev_id, &dev_conf))
 			rte_panic("Failed to initialize cryptodev %u\n",
@@ -2175,7 +2175,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 	sess_mp = rte_cryptodev_sym_session_pool_create(
-			mp_name, CDEV_MP_NB_OBJS,
+			mp_name, get_nb_crypto_sessions() +
+			CDEV_MP_CACHE_SZ * rte_lcore_count(),
 			sess_sz, CDEV_MP_CACHE_SZ, 0,
 			socket_id);
 	ctx->session_pool = sess_mp;
@@ -2197,7 +2198,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_priv_%u", socket_id);
 	sess_mp = rte_mempool_create(mp_name,
-			CDEV_MP_NB_OBJS,
+			get_nb_crypto_sessions() +
+			CDEV_MP_CACHE_SZ * rte_lcore_count(),
 			sess_sz,
 			CDEV_MP_CACHE_SZ,
 			0, NULL, NULL, NULL,
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4f2fd61..a5c4923 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -384,4 +384,7 @@ int
 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		struct rte_ipsec_session *ips);
 
+uint32_t
+get_nb_crypto_sessions(void);
+
 #endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 4822d6b..5c3c2a8 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
 
 #define SA_INIT_NB	128
 
+static uint32_t nb_crypto_sessions;
 static struct ipsec_sa *sa_out;
 static uint32_t sa_out_sz;
 static uint32_t nb_sa_out;
@@ -678,6 +679,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			}
 
 			rule->fallback_sessions = 1;
+			nb_crypto_sessions++;
 			fallback_p = 1;
 			continue;
 		}
@@ -722,6 +724,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		rule->portid = -1;
 	}
 
+	nb_crypto_sessions++;
 	*ri = *ri + 1;
 }
 
@@ -1553,3 +1556,9 @@ sa_sort_arr(void)
 	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
 	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
 }
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+	return nb_crypto_sessions;
+}
-- 
2.7.4


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [dpdk-dev] [PATCH v2] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-10 19:30 [dpdk-dev] [PATCH] examples/ipsec-secgw: remove limitation for crypto sessions Vladimir Medvedkin
@ 2020-04-14 14:17 ` Vladimir Medvedkin
  2020-04-15 19:19   ` Akhil Goyal
  2020-04-20 19:16   ` [dpdk-dev] [PATCH v3] " Vladimir Medvedkin
  0 siblings, 2 replies; 7+ messages in thread
From: Vladimir Medvedkin @ 2020-04-14 14:17 UTC (permalink / raw)
  To: dev; +Cc: konstantin.ananyev, akhil.goyal, vladimir.medvedkin

Get rid of hardcoded limit of cryptodev sessions.

Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
Cc: vladimir.medvedkin@intel.com

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 12 +++++++-----
 examples/ipsec-secgw/ipsec.h       |  3 +++
 examples/ipsec-secgw/sa.c          |  9 +++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 4799bc9..0b8177b 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -58,7 +58,6 @@
 
 #define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
@@ -1916,10 +1915,11 @@ cryptodevs_init(void)
 		dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
 
 		uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
-		if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+		if (dev_max_sess != 0 &&
+				dev_max_sess < get_nb_crypto_sessions())
 			rte_exit(EXIT_FAILURE,
 				"Device does not support at least %u "
-				"sessions", CDEV_MP_NB_OBJS);
+				"sessions", get_nb_crypto_sessions());
 
 		if (rte_cryptodev_configure(cdev_id, &dev_conf))
 			rte_panic("Failed to initialize cryptodev %u\n",
@@ -2175,7 +2175,8 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
 	sess_mp = rte_cryptodev_sym_session_pool_create(
-			mp_name, CDEV_MP_NB_OBJS,
+			mp_name, get_nb_crypto_sessions() +
+			CDEV_MP_CACHE_SZ * rte_lcore_count(),
 			sess_sz, CDEV_MP_CACHE_SZ, 0,
 			socket_id);
 	ctx->session_pool = sess_mp;
@@ -2197,7 +2198,8 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_priv_%u", socket_id);
 	sess_mp = rte_mempool_create(mp_name,
-			CDEV_MP_NB_OBJS,
+			get_nb_crypto_sessions() +
+			CDEV_MP_CACHE_SZ * rte_lcore_count(),
 			sess_sz,
 			CDEV_MP_CACHE_SZ,
 			0, NULL, NULL, NULL,
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 4f2fd61..a5c4923 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -384,4 +384,7 @@ int
 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		struct rte_ipsec_session *ips);
 
+uint32_t
+get_nb_crypto_sessions(void);
+
 #endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 4822d6b..5c3c2a8 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
 
 #define SA_INIT_NB	128
 
+static uint32_t nb_crypto_sessions;
 static struct ipsec_sa *sa_out;
 static uint32_t sa_out_sz;
 static uint32_t nb_sa_out;
@@ -678,6 +679,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			}
 
 			rule->fallback_sessions = 1;
+			nb_crypto_sessions++;
 			fallback_p = 1;
 			continue;
 		}
@@ -722,6 +724,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		rule->portid = -1;
 	}
 
+	nb_crypto_sessions++;
 	*ri = *ri + 1;
 }
 
@@ -1553,3 +1556,9 @@ sa_sort_arr(void)
 	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
 	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
 }
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+	return nb_crypto_sessions;
+}
-- 
2.7.4


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-14 14:17 ` [dpdk-dev] [PATCH v2] " Vladimir Medvedkin
@ 2020-04-15 19:19   ` Akhil Goyal
  2020-04-16 10:26     ` Medvedkin, Vladimir
  2020-04-20 19:16   ` [dpdk-dev] [PATCH v3] " Vladimir Medvedkin
  1 sibling, 1 reply; 7+ messages in thread
From: Akhil Goyal @ 2020-04-15 19:19 UTC (permalink / raw)
  To: Vladimir Medvedkin, dev; +Cc: konstantin.ananyev

Hi Vladimir,
> 
> Get rid of hardcoded limit of cryptodev sessions.
> 
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
> Cc: vladimir.medvedkin@intel.com
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
This will create an issue in case of rte_security sessions.

Rte_security session create APIs were not updated when the provision for having
Separate mempools for session and session private data was introduced.
As a result the number of entries in session_priv_pool should be double the number of
Supported sessions - one for session and one for session priv data.

This should be fixed in rte_security API but this would mean an API breakage which cannot
Be done before 20.11. So this patch need to be deferred till it is not fixed in rte_security.
Or we can have double the number of required entries in mempool.

Regards,
Akhil


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] [PATCH v2] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-15 19:19   ` Akhil Goyal
@ 2020-04-16 10:26     ` Medvedkin, Vladimir
  0 siblings, 0 replies; 7+ messages in thread
From: Medvedkin, Vladimir @ 2020-04-16 10:26 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: Ananyev, Konstantin

Hi Akhil,

-----Original Message-----
From: Akhil Goyal <akhil.goyal@nxp.com> 
Sent: Wednesday, April 15, 2020 8:20 PM
To: Medvedkin, Vladimir <vladimir.medvedkin@intel.com>; dev@dpdk.org
Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>
Subject: RE: [PATCH v2] examples/ipsec-secgw: remove limitation for crypto sessions

Hi Vladimir,
> 
> Get rid of hardcoded limit of cryptodev sessions.
> 
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA 
> limitation")
> Cc: vladimir.medvedkin@intel.com
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
This will create an issue in case of rte_security sessions.

Rte_security session create APIs were not updated when the provision for having Separate mempools for session and session private data was introduced.
As a result the number of entries in session_priv_pool should be double the number of Supported sessions - one for session and one for session priv data.

This should be fixed in rte_security API but this would mean an API breakage which cannot Be done before 20.11. So this patch need to be deferred till it is not fixed in rte_security.
Or we can have double the number of required entries in mempool.

I will double the number entries in mempool. Thanks!

Regards,
Akhil


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-14 14:17 ` [dpdk-dev] [PATCH v2] " Vladimir Medvedkin
  2020-04-15 19:19   ` Akhil Goyal
@ 2020-04-20 19:16   ` Vladimir Medvedkin
  2020-04-23  0:12     ` Ananyev, Konstantin
  1 sibling, 1 reply; 7+ messages in thread
From: Vladimir Medvedkin @ 2020-04-20 19:16 UTC (permalink / raw)
  To: dev; +Cc: konstantin.ananyev, akhil.goyal, vladimir.medvedkin

Get rid of hardcoded limit of cryptodev sessions.

Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
Cc: vladimir.medvedkin@intel.com

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------
 examples/ipsec-secgw/ipsec.h       |  3 +++
 examples/ipsec-secgw/sa.c          |  9 +++++++++
 3 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 5fde4f7..30fc985 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -62,7 +62,6 @@ volatile bool force_quit;
 
 #define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
@@ -2003,10 +2002,11 @@ cryptodevs_init(uint16_t req_queue_num)
 		dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
 
 		uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
-		if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+		if (dev_max_sess != 0 &&
+				dev_max_sess < get_nb_crypto_sessions())
 			rte_exit(EXIT_FAILURE,
 				"Device does not support at least %u "
-				"sessions", CDEV_MP_NB_OBJS);
+				"sessions", get_nb_crypto_sessions());
 
 		if (rte_cryptodev_configure(cdev_id, &dev_conf))
 			rte_panic("Failed to initialize cryptodev %u\n",
@@ -2258,12 +2258,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 {
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
+	uint32_t nb_sess;
 
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_%u", socket_id);
+	/*
+	 * Doubled due to rte_security_session_create() uses one mempool for
+	 * session and for session private data.
+	 */
+	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+		rte_lcore_count()) * 2;
 	sess_mp = rte_cryptodev_sym_session_pool_create(
-			mp_name, CDEV_MP_NB_OBJS,
-			sess_sz, CDEV_MP_CACHE_SZ, 0,
+			mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
 			socket_id);
 	ctx->session_pool = sess_mp;
 
@@ -2280,11 +2286,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
 {
 	char mp_name[RTE_MEMPOOL_NAMESIZE];
 	struct rte_mempool *sess_mp;
+	uint32_t nb_sess;
 
 	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
 			"sess_mp_priv_%u", socket_id);
+	/*
+	 * Doubled due to rte_security_session_create() uses one mempool for
+	 * session and for session private data.
+	 */
+	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+		rte_lcore_count()) * 2;
 	sess_mp = rte_mempool_create(mp_name,
-			CDEV_MP_NB_OBJS,
+			nb_sess,
 			sess_sz,
 			CDEV_MP_CACHE_SZ,
 			0, NULL, NULL, NULL,
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 1f264c0..8ad3082 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -409,4 +409,7 @@ int
 create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
 		struct rte_ipsec_session *ips);
 
+uint32_t
+get_nb_crypto_sessions(void);
+
 #endif /* __IPSEC_H__ */
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index a6bf5e8..2063db8 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
 
 #define SA_INIT_NB	128
 
+static uint32_t nb_crypto_sessions;
 struct ipsec_sa *sa_out;
 uint32_t nb_sa_out;
 static uint32_t sa_out_sz;
@@ -680,6 +681,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 			}
 
 			rule->fallback_sessions = 1;
+			nb_crypto_sessions++;
 			fallback_p = 1;
 			continue;
 		}
@@ -724,6 +726,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
 		rule->portid = -1;
 	}
 
+	nb_crypto_sessions++;
 	*ri = *ri + 1;
 }
 
@@ -1542,3 +1545,9 @@ sa_sort_arr(void)
 	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
 	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
 }
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+	return nb_crypto_sessions;
+}
-- 
2.7.4


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-20 19:16   ` [dpdk-dev] [PATCH v3] " Vladimir Medvedkin
@ 2020-04-23  0:12     ` Ananyev, Konstantin
  2020-05-11 11:06       ` Akhil Goyal
  0 siblings, 1 reply; 7+ messages in thread
From: Ananyev, Konstantin @ 2020-04-23  0:12 UTC (permalink / raw)
  To: Medvedkin, Vladimir, dev; +Cc: akhil.goyal



> 
> Get rid of hardcoded limit of cryptodev sessions.
> 
> Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA limitation")
> Cc: vladimir.medvedkin@intel.com
> 
> Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------
>  examples/ipsec-secgw/ipsec.h       |  3 +++
>  examples/ipsec-secgw/sa.c          |  9 +++++++++
>  3 files changed, 31 insertions(+), 6 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 5fde4f7..30fc985 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -62,7 +62,6 @@ volatile bool force_quit;
> 
>  #define CDEV_QUEUE_DESC 2048
>  #define CDEV_MAP_ENTRIES 16384
> -#define CDEV_MP_NB_OBJS 1024
>  #define CDEV_MP_CACHE_SZ 64
>  #define MAX_QUEUE_PAIRS 1
> 
> @@ -2003,10 +2002,11 @@ cryptodevs_init(uint16_t req_queue_num)
>  		dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
> 
>  		uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
> -		if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
> +		if (dev_max_sess != 0 &&
> +				dev_max_sess < get_nb_crypto_sessions())
>  			rte_exit(EXIT_FAILURE,
>  				"Device does not support at least %u "
> -				"sessions", CDEV_MP_NB_OBJS);
> +				"sessions", get_nb_crypto_sessions());
> 
>  		if (rte_cryptodev_configure(cdev_id, &dev_conf))
>  			rte_panic("Failed to initialize cryptodev %u\n",
> @@ -2258,12 +2258,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
>  {
>  	char mp_name[RTE_MEMPOOL_NAMESIZE];
>  	struct rte_mempool *sess_mp;
> +	uint32_t nb_sess;
> 
>  	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
>  			"sess_mp_%u", socket_id);
> +	/*
> +	 * Doubled due to rte_security_session_create() uses one mempool for
> +	 * session and for session private data.
> +	 */
> +	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> +		rte_lcore_count()) * 2;
>  	sess_mp = rte_cryptodev_sym_session_pool_create(
> -			mp_name, CDEV_MP_NB_OBJS,
> -			sess_sz, CDEV_MP_CACHE_SZ, 0,
> +			mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
>  			socket_id);
>  	ctx->session_pool = sess_mp;
> 
> @@ -2280,11 +2286,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
>  {
>  	char mp_name[RTE_MEMPOOL_NAMESIZE];
>  	struct rte_mempool *sess_mp;
> +	uint32_t nb_sess;
> 
>  	snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
>  			"sess_mp_priv_%u", socket_id);
> +	/*
> +	 * Doubled due to rte_security_session_create() uses one mempool for
> +	 * session and for session private data.
> +	 */
> +	nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
> +		rte_lcore_count()) * 2;
>  	sess_mp = rte_mempool_create(mp_name,
> -			CDEV_MP_NB_OBJS,
> +			nb_sess,
>  			sess_sz,
>  			CDEV_MP_CACHE_SZ,
>  			0, NULL, NULL, NULL,
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 1f264c0..8ad3082 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -409,4 +409,7 @@ int
>  create_inline_session(struct socket_ctx *skt_ctx, struct ipsec_sa *sa,
>  		struct rte_ipsec_session *ips);
> 
> +uint32_t
> +get_nb_crypto_sessions(void);
> +
>  #endif /* __IPSEC_H__ */
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index a6bf5e8..2063db8 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -135,6 +135,7 @@ const struct supported_aead_algo aead_algos[] = {
> 
>  #define SA_INIT_NB	128
> 
> +static uint32_t nb_crypto_sessions;
>  struct ipsec_sa *sa_out;
>  uint32_t nb_sa_out;
>  static uint32_t sa_out_sz;
> @@ -680,6 +681,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  			}
> 
>  			rule->fallback_sessions = 1;
> +			nb_crypto_sessions++;
>  			fallback_p = 1;
>  			continue;
>  		}
> @@ -724,6 +726,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
>  		rule->portid = -1;
>  	}
> 
> +	nb_crypto_sessions++;
>  	*ri = *ri + 1;
>  }
> 
> @@ -1542,3 +1545,9 @@ sa_sort_arr(void)
>  	qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
>  	qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
>  }
> +
> +uint32_t
> +get_nb_crypto_sessions(void)
> +{
> +	return nb_crypto_sessions;
> +}
> --

Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.7.4


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] [PATCH v3] examples/ipsec-secgw: remove limitation for crypto sessions
  2020-04-23  0:12     ` Ananyev, Konstantin
@ 2020-05-11 11:06       ` Akhil Goyal
  0 siblings, 0 replies; 7+ messages in thread
From: Akhil Goyal @ 2020-05-11 11:06 UTC (permalink / raw)
  To: Ananyev, Konstantin, Medvedkin, Vladimir, dev

> 
> >
> > Get rid of hardcoded limit of cryptodev sessions.
> >
> > Fixes: e1143d7dbbf4 ("examples/ipsec-secgw: get rid of maximum SA
> limitation")
> > Cc: vladimir.medvedkin@intel.com
> >
> > Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> > ---


> Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Applied to dpdk-next-crypto

Thanks.


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-05-11 11:06 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-10 19:30 [dpdk-dev] [PATCH] examples/ipsec-secgw: remove limitation for crypto sessions Vladimir Medvedkin
2020-04-14 14:17 ` [dpdk-dev] [PATCH v2] " Vladimir Medvedkin
2020-04-15 19:19   ` Akhil Goyal
2020-04-16 10:26     ` Medvedkin, Vladimir
2020-04-20 19:16   ` [dpdk-dev] [PATCH v3] " Vladimir Medvedkin
2020-04-23  0:12     ` Ananyev, Konstantin
2020-05-11 11:06       ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).