From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Anoob Joseph <anoobj@marvell.com>,
Akhil Goyal <gakhil@marvell.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>
Cc: Jerin Jacob <jerinj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
"Hemant Agrawal" <hemant.agrawal@nxp.com>,
"Nicolau, Radu" <radu.nicolau@intel.com>,
"Power, Ciara" <ciara.power@intel.com>,
Gagandeep Singh <g.singh@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: clear soft expiry configuration
Date: Thu, 16 Sep 2021 11:11:42 +0000 [thread overview]
Message-ID: <BY5PR11MB448218EF9D1A2B337D82135F9ADC9@BY5PR11MB4482.namprd11.prod.outlook.com> (raw)
In-Reply-To: <1631032372-275-7-git-send-email-anoobj@marvell.com>
>
> Soft expiry is not a mandatory IPsec feature. It is verified separately
> with IPsec unit tests. So configuration of the same is not required.
> Also, soft expiry tracking can cause perf degradation with some PMDs.
> Since a separate UT is available and the same setting in ipsec-secgw is
> not verifying the functionality, remove the same by clearing life
> configuration.
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
> examples/ipsec-secgw/ipsec.c | 5 ++++-
> examples/ipsec-secgw/ipsec.h | 2 --
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 4868294..7f936c7 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -49,7 +49,10 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
> }
> /* TODO support for Transport */
> }
> - ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT;
> + ipsec->life.packets_soft_limit = 0;
> + ipsec->life.packets_hard_limit = 0;
> + ipsec->life.bytes_soft_limit = 0;
> + ipsec->life.bytes_hard_limit = 0;
As a nit: as I can read the code it would be already zeroed at entrance to this function,
so explicit zeroing is not really required.
> ipsec->replay_win_sz = app_sa_prm.window_size;
> ipsec->options.esn = app_sa_prm.enable_esn;
> ipsec->options.udp_encap = sa->udp_encap;
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 90c81c1..8405c48 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -23,8 +23,6 @@
>
> #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
>
> -#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00
> -
> #define IV_OFFSET (sizeof(struct rte_crypto_op) + \
> sizeof(struct rte_crypto_sym_op))
>
> --
> 2.7.4
next prev parent reply other threads:[~2021-09-16 11:11 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-17 13:42 [dpdk-dev] [PATCH 0/5] Add SA lifetime in security Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 1/5] security: add SA lifetime configuration Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 2/5] common/cnxk: support " Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 3/5] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 4/5] test/crypto: add packets soft expiry tests Anoob Joseph
2021-08-17 13:42 ` [dpdk-dev] [PATCH 5/5] test/crypto: add packets hard " Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 0/6] Add SA lifetime in security Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-16 11:06 ` Ananyev, Konstantin
2021-09-17 4:48 ` Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 2/6] common/cnxk: support " Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 4/6] test/crypto: add packets soft expiry tests Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-07 16:32 ` [dpdk-dev] [PATCH v2 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-16 11:11 ` Ananyev, Konstantin [this message]
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 0/6] Add SA lifetime in security Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 2/6] common/cnxk: support " Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 4/6] test/crypto: add packets soft expiry tests Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-28 10:07 ` [dpdk-dev] [PATCH v3 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 0/6] Add SA lifetime in security Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 1/6] security: add SA lifetime configuration Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 2/6] common/cnxk: support " Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 3/6] crypto/octeontx2: add checks for life configuration Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 4/6] test/crypto: add packets soft expiry cases Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 5/6] test/crypto: add packets hard " Anoob Joseph
2021-09-28 10:59 ` [dpdk-dev] [PATCH v4 6/6] examples/ipsec-secgw: clear soft expiry configuration Anoob Joseph
2021-09-28 14:40 ` [dpdk-dev] [PATCH v4 0/6] Add SA lifetime in security Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BY5PR11MB448218EF9D1A2B337D82135F9ADC9@BY5PR11MB4482.namprd11.prod.outlook.com \
--to=konstantin.ananyev@intel.com \
--cc=anoobj@marvell.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).