[dpdk-dev] [PATCH 1/3] lib/librte_security: added get size

[dpdk-dev] [PATCH 1/3] lib/librte_security: added get size

[Radu Nicolau]

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 lib/librte_security/rte_security.c           |  7 +++++++
 lib/librte_security/rte_security.h           | 12 ++++++++++++
 lib/librte_security/rte_security_driver.h    | 14 ++++++++++++++
 lib/librte_security/rte_security_version.map |  1 +
 4 files changed, 34 insertions(+)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 1227fca..56f2345 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	return instance->ops->session_get_size(instance->device);
+}
+
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 653929b..2c5429f 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -312,6 +312,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf);
 
 /**
+ * Get the size of the security session data for a device.
+ *
+ * @param   instance	security instance.
+ *
+ * @return
+ *   - Size of the private data, if successful
+ *   - 0 if device is invalid or does not support the operation.
+ */
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
  * Free security session header and the session private data and
  * return it to its original mempool.
  *
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 997fbe7..3839d45 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
 typedef int (*security_session_update_t)(void *device,
 		struct rte_security_session *sess,
 		struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param	device		Crypto/eth device pointer
+ *
+ * @return
+ *  - On success returns the size of the session structure for device
+ *  - On failure returns 0
+ */
+typedef int (*security_session_get_size)(void *device);
+
 /**
  * Get stats from the PMD.
  *
@@ -139,6 +151,8 @@ struct rte_security_ops {
 	/**< Configure a security session. */
 	security_session_update_t session_update;
 	/**< Update a security session. */
+	security_session_get_size session_get_size;
+	/**< Return size of security session. */
 	security_session_stats_get_t session_stats_get;
 	/**< Get security session statistics. */
 	security_session_destroy_t session_destroy;
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index e12c04b..2f74568 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -6,6 +6,7 @@ EXPERIMENTAL {
 	rte_security_capability_get;
 	rte_security_session_create;
 	rte_security_session_destroy;
+	rte_security_session_get_size;
 	rte_security_session_stats_get;
 	rte_security_session_update;
 	rte_security_set_pkt_metadata;
-- 
2.7.5

[dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size

[Radu Nicolau]

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 105da11..720d6a1 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device,
 }
 
 static int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+	return sizeof(struct ixgbe_crypto_session);
+}
+
+static int
 ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
 {
@@ -717,6 +723,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 static struct rte_security_ops ixgbe_security_ops = {
 	.session_create = ixgbe_crypto_create_session,
 	.session_update = NULL,
+	.session_get_size = ixgbe_crypto_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = ixgbe_crypto_remove_session,
 	.set_pkt_metadata = ixgbe_crypto_update_mb,
-- 
2.7.5

[dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Radu Nicolau]

Also moved offloaded packets from cryptodev queues

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
 examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
 examples/ipsec-secgw/ipsec.h       |  4 ++--
 3 files changed, 58 insertions(+), 19 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index c98454a..08d5b5a 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1244,7 +1244,7 @@ cryptodevs_init(void)
 	struct rte_cryptodev_config dev_conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 	uint16_t idx, max_nb_qps, qp, i;
-	int16_t cdev_id;
+	int16_t cdev_id, port_id;
 	struct rte_hash_parameters params = { 0 };
 
 	params.entries = CDEV_MAP_ENTRIES;
@@ -1273,6 +1273,14 @@ cryptodevs_init(void)
 		if (sess_sz > max_sess_sz)
 			max_sess_sz = sess_sz;
 	}
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) == 0)
+			continue;
+		sess_sz = rte_security_session_get_size(
+				rte_eth_dev_get_sec_ctx(port_id));
+		if (sess_sz > max_sess_sz)
+			max_sess_sz = sess_sz;
+	}
 
 	idx = 0;
 	/* Start from last cdev id to give HW priority */
@@ -1343,6 +1351,38 @@ cryptodevs_init(void)
 					cdev_id);
 	}
 
+	/* create session pools for eth devices that implement security */
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) &&
+				rte_eth_dev_get_sec_ctx(port_id)) {
+			int socket_id = rte_eth_dev_socket_id(port_id);
+
+			if (!socket_ctx[socket_id].session_pool) {
+				char mp_name[RTE_MEMPOOL_NAMESIZE];
+				struct rte_mempool *sess_mp;
+
+				snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+						"sess_mp_%u", socket_id);
+				sess_mp = rte_mempool_create(mp_name,
+						CDEV_MP_NB_OBJS,
+						max_sess_sz,
+						CDEV_MP_CACHE_SZ,
+						0, NULL, NULL, NULL,
+						NULL, socket_id,
+						0);
+				if (sess_mp == NULL)
+					rte_exit(EXIT_FAILURE,
+						"Cannot create session pool "
+						"on socket %d\n", socket_id);
+				else
+					printf("Allocated session pool "
+						"on socket %d\n", socket_id);
+				socket_ctx[socket_id].session_pool = sess_mp;
+			}
+		}
+	}
+
+
 	printf("\n");
 
 	return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 70ed227..708f29e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -266,7 +266,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 	struct ipsec_mbuf_metadata *priv;
 	struct rte_crypto_sym_op *sym_cop;
 	struct ipsec_sa *sa;
-	struct cdev_qp *cqp;
 
 	for (i = 0; i < nb_pkts; i++) {
 		if (unlikely(sas[i] == NULL)) {
@@ -345,8 +344,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 				continue;
 			}
 
-			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
-			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+			ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
 				rte_security_set_pkt_metadata(
 						sa->security_ctx,
@@ -369,6 +367,20 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 	struct ipsec_sa *sa;
 	struct rte_mbuf *pkt;
 
+	while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+		pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
+		rte_prefetch0(pkt);
+		priv = get_priv(pkt);
+		sa = priv->sa;
+		ret = xform_func(pkt, sa, &priv->cop);
+		if (unlikely(ret)) {
+			rte_pktmbuf_free(pkt);
+			continue;
+		}
+		pkts[nb_pkts++] = pkt;
+	}
+
+
 	for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
 		struct cdev_qp *cqp;
 
@@ -376,19 +388,6 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		if (ipsec_ctx->last_qp == ipsec_ctx->nb_qps)
 			ipsec_ctx->last_qp %= ipsec_ctx->nb_qps;
 
-		while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
-			pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
-			rte_prefetch0(pkt);
-			priv = get_priv(pkt);
-			sa = priv->sa;
-			ret = xform_func(pkt, sa, &priv->cop);
-			if (unlikely(ret)) {
-				rte_pktmbuf_free(pkt);
-				continue;
-			}
-			pkts[nb_pkts++] = pkt;
-		}
-
 		if (cqp->in_flight == 0)
 			continue;
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 775b316..eb7b539 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -159,8 +159,6 @@ struct cdev_qp {
 	uint16_t in_flight;
 	uint16_t len;
 	struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	uint16_t ol_pkts_cnt;
 };
 
 struct ipsec_ctx {
@@ -172,6 +170,8 @@ struct ipsec_ctx {
 	uint16_t last_qp;
 	struct cdev_qp tbl[MAX_QP_PER_LCORE];
 	struct rte_mempool *session_pool;
+	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+	uint16_t ol_pkts_cnt;
 };
 
 struct cdev_key {
-- 
2.7.5

Re: [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 1/3] lib/librte_security: added get size

Title should be "security: add get session size function", or something similar (use verb in infinitive form).

Secondly, I would add a short description of what this is doing.

Also, I have a comment inline in the code below.

Lastly, if any of the maintainers of the security library has any problems with this patch, please shout.

> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  lib/librte_security/rte_security.c           |  7 +++++++
>  lib/librte_security/rte_security.h           | 12 ++++++++++++
>  lib/librte_security/rte_security_driver.h    | 14 ++++++++++++++
>  lib/librte_security/rte_security_version.map |  1 +
>  4 files changed, 34 insertions(+)
> 
> diff --git a/lib/librte_security/rte_security.c
> b/lib/librte_security/rte_security.c
> index 1227fca..56f2345 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx
> *instance,
>  	return instance->ops->session_update(instance->device, sess, conf);
> }
> 
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance) {
> +	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> +	return instance->ops->session_get_size(instance->device);

Session get size returns an "int", but this function returns "unsigned int",
I think they should be the same type.

Thanks,
Pablo

Re: [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 2/3] net/ixgbe: implemented security session get size

Use "implement" in infinitive.

> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c
> b/drivers/net/ixgbe/ixgbe_ipsec.c index 105da11..720d6a1 100644
> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
> @@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device,  }
> 
>  static int


> +ixgbe_crypto_session_get_size(__rte_unused void *device) {

Do you think passing device to the function prototype is needed?
Are you expecting other drivers to use it?

Also, move the braces to a new line (both opening and ending).


> +	return sizeof(struct ixgbe_crypto_session); }
> +

Thanks,
Pablo

Re: [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Tuesday, December 12, 2017 12:50 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH 3/3] examples/ipsec_secgw: create session mempools for
> ethdevs
> 
> Also moved offloaded packets from cryptodev queues
> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 42
> +++++++++++++++++++++++++++++++++++++-
>  examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
>  examples/ipsec-secgw/ipsec.h       |  4 ++--
>  3 files changed, 58 insertions(+), 19 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index c98454a..08d5b5a 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1244,7 +1244,7 @@ cryptodevs_init(void)
>  	struct rte_cryptodev_config dev_conf;
>  	struct rte_cryptodev_qp_conf qp_conf;
>  	uint16_t idx, max_nb_qps, qp, i;
> -	int16_t cdev_id;
> +	int16_t cdev_id, port_id;

These two variables should be uint16_t (port_id is actually uint8_t).

For the rest of the patch: Akhil, could you review it?

Thanks,
Pablo

Re: [dpdk-dev] [PATCH 1/3] lib/librte_security: added get size

[Akhil Goyal]

On 12/12/2017 6:20 PM, Radu Nicolau wrote:
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>   lib/librte_security/rte_security.c           |  7 +++++++
>   lib/librte_security/rte_security.h           | 12 ++++++++++++
>   lib/librte_security/rte_security_driver.h    | 14 ++++++++++++++
>   lib/librte_security/rte_security_version.map |  1 +
>   4 files changed, 34 insertions(+)
> 
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> index 1227fca..56f2345 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
>   	return instance->ops->session_update(instance->device, sess, conf);
>   }
>   
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance)
> +{
> +	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> +	return instance->ops->session_get_size(instance->device);
> +}
> +
>   int
>   rte_security_session_stats_get(struct rte_security_ctx *instance,
>   			       struct rte_security_session *sess,
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index 653929b..2c5429f 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -312,6 +312,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
>   			    struct rte_security_session_conf *conf);
>   
>   /**
> + * Get the size of the security session data for a device.
> + *
> + * @param   instance	security instance.
> + *
> + * @return
> + *   - Size of the private data, if successful
> + *   - 0 if device is invalid or does not support the operation.
> + */
> +unsigned int
> +rte_security_session_get_size(struct rte_security_ctx *instance);
> +
> +/**
>    * Free security session header and the session private data and
>    * return it to its original mempool.
>    *
> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
> index 997fbe7..3839d45 100644
> --- a/lib/librte_security/rte_security_driver.h
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
>   typedef int (*security_session_update_t)(void *device,
>   		struct rte_security_session *sess,
>   		struct rte_security_session_conf *conf);
> +
> +/**
> + * Get the size of a security session
> + *
> + * @param	device		Crypto/eth device pointer
> + *
> + * @return
> + *  - On success returns the size of the session structure for device
> + *  - On failure returns 0
> + */
> +typedef int (*security_session_get_size)(void *device);
I believe this should be unsigned int.

For rest of the patch Acked.

Re: [dpdk-dev] [PATCH 2/3] net/ixgbe: implemented security session get size

[Radu Nicolau]

On 1/8/2018 10:15 AM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: Nicolau, Radu
>> Sent: Tuesday, December 12, 2017 12:50 PM
>> To: dev@dpdk.org
>> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
>> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
>> <radu.nicolau@intel.com>
>> Subject: [PATCH 2/3] net/ixgbe: implemented security session get size
> Use "implement" in infinitive.
>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> ---
>>   drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
>>   1 file changed, 7 insertions(+)
>>
>> diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c
>> b/drivers/net/ixgbe/ixgbe_ipsec.c index 105da11..720d6a1 100644
>> --- a/drivers/net/ixgbe/ixgbe_ipsec.c
>> +++ b/drivers/net/ixgbe/ixgbe_ipsec.c
>> @@ -446,6 +446,12 @@ ixgbe_crypto_create_session(void *device,  }
>>
>>   static int
>
>> +ixgbe_crypto_session_get_size(__rte_unused void *device) {
> Do you think passing device to the function prototype is needed?
> Are you expecting other drivers to use it?
I added for consistency with cryptodev.
>
> Also, move the braces to a new line (both opening and ending).
They are correctly formatted on the patch itself.
>
>
>> +	return sizeof(struct ixgbe_crypto_session); }
>> +
> Thanks,
> Pablo
>

[dpdk-dev] [PATCH v2 1/3] security: add get session size function

[Radu Nicolau]

Add function to get security session size.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 lib/librte_security/rte_security.c           |  7 +++++++
 lib/librte_security/rte_security.h           | 12 ++++++++++++
 lib/librte_security/rte_security_driver.h    | 14 ++++++++++++++
 lib/librte_security/rte_security_version.map |  1 +
 4 files changed, 34 insertions(+)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 1227fca..56f2345 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	return instance->ops->session_get_size(instance->device);
+}
+
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 653929b..2c5429f 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -312,6 +312,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf);
 
 /**
+ * Get the size of the security session data for a device.
+ *
+ * @param   instance	security instance.
+ *
+ * @return
+ *   - Size of the private data, if successful
+ *   - 0 if device is invalid or does not support the operation.
+ */
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
  * Free security session header and the session private data and
  * return it to its original mempool.
  *
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 997fbe7..e54c114 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
 typedef int (*security_session_update_t)(void *device,
 		struct rte_security_session *sess,
 		struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param	device		Crypto/eth device pointer
+ *
+ * @return
+ *  - On success returns the size of the session structure for device
+ *  - On failure returns 0
+ */
+typedef unsigned int (*security_session_get_size)(void *device);
+
 /**
  * Get stats from the PMD.
  *
@@ -139,6 +151,8 @@ struct rte_security_ops {
 	/**< Configure a security session. */
 	security_session_update_t session_update;
 	/**< Update a security session. */
+	security_session_get_size session_get_size;
+	/**< Return size of security session. */
 	security_session_stats_get_t session_stats_get;
 	/**< Get security session statistics. */
 	security_session_destroy_t session_destroy;
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index e12c04b..2f74568 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -6,6 +6,7 @@ EXPERIMENTAL {
 	rte_security_capability_get;
 	rte_security_session_create;
 	rte_security_session_destroy;
+	rte_security_session_get_size;
 	rte_security_session_stats_get;
 	rte_security_session_update;
 	rte_security_set_pkt_metadata;
-- 
2.7.5

[dpdk-dev] [PATCH v2 2/3] net/ixgbe: implement security session get size

[Radu Nicolau]

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 85305c6..6619c56 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -402,6 +402,12 @@ ixgbe_crypto_create_session(void *device,
 	return 0;
 }
 
+static unsigned int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+	return sizeof(struct ixgbe_crypto_session);
+}
+
 static int
 ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
@@ -674,6 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 static struct rte_security_ops ixgbe_security_ops = {
 	.session_create = ixgbe_crypto_create_session,
 	.session_update = NULL,
+	.session_get_size = ixgbe_crypto_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = ixgbe_crypto_remove_session,
 	.set_pkt_metadata = ixgbe_crypto_update_mb,
-- 
2.7.5

[dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Radu Nicolau]

Also moved offloaded packets from cryptodev queues

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
 examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
 examples/ipsec-secgw/ipsec.h       |  4 ++--
 3 files changed, 58 insertions(+), 19 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 83d7e32..7a1fd6b 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1215,7 +1215,7 @@ cryptodevs_init(void)
 	struct rte_cryptodev_config dev_conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 	uint16_t idx, max_nb_qps, qp, i;
-	int16_t cdev_id;
+	int16_t cdev_id, port_id;
 	struct rte_hash_parameters params = { 0 };
 
 	params.entries = CDEV_MAP_ENTRIES;
@@ -1244,6 +1244,14 @@ cryptodevs_init(void)
 		if (sess_sz > max_sess_sz)
 			max_sess_sz = sess_sz;
 	}
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) == 0)
+			continue;
+		sess_sz = rte_security_session_get_size(
+				rte_eth_dev_get_sec_ctx(port_id));
+		if (sess_sz > max_sess_sz)
+			max_sess_sz = sess_sz;
+	}
 
 	idx = 0;
 	/* Start from last cdev id to give HW priority */
@@ -1314,6 +1322,38 @@ cryptodevs_init(void)
 					cdev_id);
 	}
 
+	/* create session pools for eth devices that implement security */
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) &&
+				rte_eth_dev_get_sec_ctx(port_id)) {
+			int socket_id = rte_eth_dev_socket_id(port_id);
+
+			if (!socket_ctx[socket_id].session_pool) {
+				char mp_name[RTE_MEMPOOL_NAMESIZE];
+				struct rte_mempool *sess_mp;
+
+				snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+						"sess_mp_%u", socket_id);
+				sess_mp = rte_mempool_create(mp_name,
+						CDEV_MP_NB_OBJS,
+						max_sess_sz,
+						CDEV_MP_CACHE_SZ,
+						0, NULL, NULL, NULL,
+						NULL, socket_id,
+						0);
+				if (sess_mp == NULL)
+					rte_exit(EXIT_FAILURE,
+						"Cannot create session pool "
+						"on socket %d\n", socket_id);
+				else
+					printf("Allocated session pool "
+						"on socket %d\n", socket_id);
+				socket_ctx[socket_id].session_pool = sess_mp;
+			}
+		}
+	}
+
+
 	printf("\n");
 
 	return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 53c43db..da9ec6e 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -237,7 +237,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 	struct ipsec_mbuf_metadata *priv;
 	struct rte_crypto_sym_op *sym_cop;
 	struct ipsec_sa *sa;
-	struct cdev_qp *cqp;
 
 	for (i = 0; i < nb_pkts; i++) {
 		if (unlikely(sas[i] == NULL)) {
@@ -316,8 +315,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 				continue;
 			}
 
-			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
-			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+			ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
 				rte_security_set_pkt_metadata(
 						sa->security_ctx,
@@ -340,6 +338,20 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 	struct ipsec_sa *sa;
 	struct rte_mbuf *pkt;
 
+	while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+		pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
+		rte_prefetch0(pkt);
+		priv = get_priv(pkt);
+		sa = priv->sa;
+		ret = xform_func(pkt, sa, &priv->cop);
+		if (unlikely(ret)) {
+			rte_pktmbuf_free(pkt);
+			continue;
+		}
+		pkts[nb_pkts++] = pkt;
+	}
+
+
 	for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts; i++) {
 		struct cdev_qp *cqp;
 
@@ -347,19 +359,6 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 		if (ipsec_ctx->last_qp == ipsec_ctx->nb_qps)
 			ipsec_ctx->last_qp %= ipsec_ctx->nb_qps;
 
-		while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
-			pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
-			rte_prefetch0(pkt);
-			priv = get_priv(pkt);
-			sa = priv->sa;
-			ret = xform_func(pkt, sa, &priv->cop);
-			if (unlikely(ret)) {
-				rte_pktmbuf_free(pkt);
-				continue;
-			}
-			pkts[nb_pkts++] = pkt;
-		}
-
 		if (cqp->in_flight == 0)
 			continue;
 
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 14109af..500b1f0 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -130,8 +130,6 @@ struct cdev_qp {
 	uint16_t in_flight;
 	uint16_t len;
 	struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	uint16_t ol_pkts_cnt;
 };
 
 struct ipsec_ctx {
@@ -143,6 +141,8 @@ struct ipsec_ctx {
 	uint16_t last_qp;
 	struct cdev_qp tbl[MAX_QP_PER_LCORE];
 	struct rte_mempool *session_pool;
+	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+	uint16_t ol_pkts_cnt;
 };
 
 struct cdev_key {
-- 
2.7.5

Re: [dpdk-dev] [PATCH 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Radu Nicolau]

On 1/8/2018 11:03 AM, De Lara Guarch, Pablo wrote:
>
>> -----Original Message-----
>> From: Nicolau, Radu
>> Sent: Tuesday, December 12, 2017 12:50 PM
>> To: dev@dpdk.org
>> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Gonzalez Monroy, Sergio
>> <sergio.gonzalez.monroy@intel.com>; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
>> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
>> <radu.nicolau@intel.com>
>> Subject: [PATCH 3/3] examples/ipsec_secgw: create session mempools for
>> ethdevs
>>
>> Also moved offloaded packets from cryptodev queues
>>
>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>> ---
>>   examples/ipsec-secgw/ipsec-secgw.c | 42
>> +++++++++++++++++++++++++++++++++++++-
>>   examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
>>   examples/ipsec-secgw/ipsec.h       |  4 ++--
>>   3 files changed, 58 insertions(+), 19 deletions(-)
>>
>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
>> secgw/ipsec-secgw.c
>> index c98454a..08d5b5a 100644
>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>> @@ -1244,7 +1244,7 @@ cryptodevs_init(void)
>>   	struct rte_cryptodev_config dev_conf;
>>   	struct rte_cryptodev_qp_conf qp_conf;
>>   	uint16_t idx, max_nb_qps, qp, i;
>> -	int16_t cdev_id;
>> +	int16_t cdev_id, port_id;
> These two variables should be uint16_t (port_id is actually uint8_t).
If unsigned then line <for (cdev_id = rte_cryptodev_count() - 1; cdev_id 
 >= 0; cdev_id--)> will not work correctly.
>
> For the rest of the patch: Akhil, could you review it?
>
> Thanks,
> Pablo

Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Akhil Goyal]

Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>

Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[De Lara Guarch, Pablo]

Hi Radu,

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Monday, January 15, 2018 10:40 AM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH v2 3/3] examples/ipsec_secgw: create session mempools
> for ethdevs
> 
> Also moved offloaded packets from cryptodev queues
> 

Could you rebase this patchset? After applying other changes,
I had conflicts and when I resolve them, I am getting a compilation error.
I would appreciate if you could send another revision.

Also, I have a small comment below.

Thanks,
Pablo

> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  examples/ipsec-secgw/ipsec-secgw.c | 42
> +++++++++++++++++++++++++++++++++++++-
>  examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
>  examples/ipsec-secgw/ipsec.h       |  4 ++--
>  3 files changed, 58 insertions(+), 19 deletions(-)
> 
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> secgw/ipsec-secgw.c
> index 83d7e32..7a1fd6b 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -1215,7 +1215,7 @@ cryptodevs_init(void)
>  	struct rte_cryptodev_config dev_conf;
>  	struct rte_cryptodev_qp_conf qp_conf;
>  	uint16_t idx, max_nb_qps, qp, i;
> -	int16_t cdev_id;
> +	int16_t cdev_id, port_id;

This should be uint8_t.

Re: [dpdk-dev] [PATCH v2 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Nicolau, Radu]

> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, January 18, 2018 3:11 PM
> To: Nicolau, Radu <radu.nicolau@intel.com>; dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> akhil.goyal@nxp.com
> Subject: RE: [PATCH v2 3/3] examples/ipsec_secgw: create session
> mempools for ethdevs
> 
> Hi Radu,
> 
> > -----Original Message-----
> > From: Nicolau, Radu
> > Sent: Monday, January 15, 2018 10:40 AM
> > To: dev@dpdk.org
> > Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> > <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> > <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> > <radu.nicolau@intel.com>
> > Subject: [PATCH v2 3/3] examples/ipsec_secgw: create session mempools
> > for ethdevs
> >
> > Also moved offloaded packets from cryptodev queues
> >
> 
> Could you rebase this patchset? After applying other changes, I had conflicts
> and when I resolve them, I am getting a compilation error.
> I would appreciate if you could send another revision.
Sure
> 
> Also, I have a small comment below.
Already replied to that comment - if those variables are unsigned then the code will need extra changes, which I would rather not do today, but if you insist... :)
> 
> Thanks,
> Pablo
> 
> > Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> > ---
> >  examples/ipsec-secgw/ipsec-secgw.c | 42
> > +++++++++++++++++++++++++++++++++++++-
> >  examples/ipsec-secgw/ipsec.c       | 31 ++++++++++++++--------------
> >  examples/ipsec-secgw/ipsec.h       |  4 ++--
> >  3 files changed, 58 insertions(+), 19 deletions(-)
> >
> > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-
> > secgw/ipsec-secgw.c index 83d7e32..7a1fd6b 100644
> > --- a/examples/ipsec-secgw/ipsec-secgw.c
> > +++ b/examples/ipsec-secgw/ipsec-secgw.c
> > @@ -1215,7 +1215,7 @@ cryptodevs_init(void)
> >  	struct rte_cryptodev_config dev_conf;
> >  	struct rte_cryptodev_qp_conf qp_conf;
> >  	uint16_t idx, max_nb_qps, qp, i;
> > -	int16_t cdev_id;
> > +	int16_t cdev_id, port_id;
> 
> This should be uint8_t.

[dpdk-dev] [PATCH v3 1/3] security: add get session size function

[Radu Nicolau]

Add function to get security session size.

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 lib/librte_security/rte_security.c           |  7 +++++++
 lib/librte_security/rte_security.h           | 12 ++++++++++++
 lib/librte_security/rte_security_driver.h    | 14 ++++++++++++++
 lib/librte_security/rte_security_version.map |  1 +
 4 files changed, 34 insertions(+)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 5805051..6461dba 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -70,6 +70,13 @@ rte_security_session_update(struct rte_security_ctx *instance,
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+	return instance->ops->session_get_size(instance->device);
+}
+
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 004a0eb..d7362f3 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -315,6 +315,18 @@ rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf);
 
 /**
+ * Get the size of the security session data for a device.
+ *
+ * @param   instance	security instance.
+ *
+ * @return
+ *   - Size of the private data, if successful
+ *   - 0 if device is invalid or does not support the operation.
+ */
+unsigned int
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
  * Free security session header and the session private data and
  * return it to its original mempool.
  *
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index bf0170e..4623904 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
 typedef int (*security_session_update_t)(void *device,
 		struct rte_security_session *sess,
 		struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param	device		Crypto/eth device pointer
+ *
+ * @return
+ *  - On success returns the size of the session structure for device
+ *  - On failure returns 0
+ */
+typedef unsigned int (*security_session_get_size)(void *device);
+
 /**
  * Get stats from the PMD.
  *
@@ -155,6 +167,8 @@ struct rte_security_ops {
 	/**< Configure a security session. */
 	security_session_update_t session_update;
 	/**< Update a security session. */
+	security_session_get_size session_get_size;
+	/**< Return size of security session. */
 	security_session_stats_get_t session_stats_get;
 	/**< Get security session statistics. */
 	security_session_destroy_t session_destroy;
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index bff5039..5a1c8ae 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -7,6 +7,7 @@ EXPERIMENTAL {
 	rte_security_get_userdata;
 	rte_security_session_create;
 	rte_security_session_destroy;
+	rte_security_session_get_size;
 	rte_security_session_stats_get;
 	rte_security_session_update;
 	rte_security_set_pkt_metadata;
-- 
2.7.5

[dpdk-dev] [PATCH v3 2/3] net/ixgbe: implement security session get size

[Radu Nicolau]

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/net/ixgbe/ixgbe_ipsec.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 85305c6..6619c56 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -402,6 +402,12 @@ ixgbe_crypto_create_session(void *device,
 	return 0;
 }
 
+static unsigned int
+ixgbe_crypto_session_get_size(__rte_unused void *device)
+{
+	return sizeof(struct ixgbe_crypto_session);
+}
+
 static int
 ixgbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
@@ -674,6 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 static struct rte_security_ops ixgbe_security_ops = {
 	.session_create = ixgbe_crypto_create_session,
 	.session_update = NULL,
+	.session_get_size = ixgbe_crypto_session_get_size,
 	.session_stats_get = NULL,
 	.session_destroy = ixgbe_crypto_remove_session,
 	.set_pkt_metadata = ixgbe_crypto_update_mb,
-- 
2.7.5

[dpdk-dev] [PATCH v3 3/3] examples/ipsec_secgw: create session mempools for ethdevs

[Radu Nicolau]

Also moved offloaded packets from cryptodev queues

Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 examples/ipsec-secgw/ipsec-secgw.c | 42 +++++++++++++++++++++++++++++++++++++-
 examples/ipsec-secgw/ipsec.c       | 12 ++++-------
 examples/ipsec-secgw/ipsec.h       |  4 ++--
 3 files changed, 47 insertions(+), 11 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 192d8ec..3a28fcc 100644
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -1354,7 +1354,7 @@ cryptodevs_init(void)
 	struct rte_cryptodev_config dev_conf;
 	struct rte_cryptodev_qp_conf qp_conf;
 	uint16_t idx, max_nb_qps, qp, i;
-	int16_t cdev_id;
+	int16_t cdev_id, port_id;
 	struct rte_hash_parameters params = { 0 };
 
 	params.entries = CDEV_MAP_ENTRIES;
@@ -1383,6 +1383,14 @@ cryptodevs_init(void)
 		if (sess_sz > max_sess_sz)
 			max_sess_sz = sess_sz;
 	}
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) == 0)
+			continue;
+		sess_sz = rte_security_session_get_size(
+				rte_eth_dev_get_sec_ctx(port_id));
+		if (sess_sz > max_sess_sz)
+			max_sess_sz = sess_sz;
+	}
 
 	idx = 0;
 	for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
@@ -1455,6 +1463,38 @@ cryptodevs_init(void)
 					cdev_id);
 	}
 
+	/* create session pools for eth devices that implement security */
+	for (port_id = 0; port_id < rte_eth_dev_count(); port_id++) {
+		if ((enabled_port_mask & (1 << port_id)) &&
+				rte_eth_dev_get_sec_ctx(port_id)) {
+			int socket_id = rte_eth_dev_socket_id(port_id);
+
+			if (!socket_ctx[socket_id].session_pool) {
+				char mp_name[RTE_MEMPOOL_NAMESIZE];
+				struct rte_mempool *sess_mp;
+
+				snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+						"sess_mp_%u", socket_id);
+				sess_mp = rte_mempool_create(mp_name,
+						CDEV_MP_NB_OBJS,
+						max_sess_sz,
+						CDEV_MP_CACHE_SZ,
+						0, NULL, NULL, NULL,
+						NULL, socket_id,
+						0);
+				if (sess_mp == NULL)
+					rte_exit(EXIT_FAILURE,
+						"Cannot create session pool "
+						"on socket %d\n", socket_id);
+				else
+					printf("Allocated session pool "
+						"on socket %d\n", socket_id);
+				socket_ctx[socket_id].session_pool = sess_mp;
+			}
+		}
+	}
+
+
 	printf("\n");
 
 	return 0;
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 05e89a1..4ef446d 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -368,7 +368,6 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 	struct ipsec_mbuf_metadata *priv;
 	struct rte_crypto_sym_op *sym_cop;
 	struct ipsec_sa *sa;
-	struct cdev_qp *cqp;
 
 	for (i = 0; i < nb_pkts; i++) {
 		if (unlikely(sas[i] == NULL)) {
@@ -431,8 +430,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 				continue;
 			}
 
-			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
-			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+			ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
 				rte_security_set_pkt_metadata(
 						sa->security_ctx,
@@ -459,8 +457,7 @@ ipsec_enqueue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 				continue;
 			}
 
-			cqp = &ipsec_ctx->tbl[sa->cdev_id_qp];
-			cqp->ol_pkts[cqp->ol_pkts_cnt++] = pkts[i];
+			ipsec_ctx->ol_pkts[ipsec_ctx->ol_pkts_cnt++] = pkts[i];
 			if (sa->ol_flags & RTE_SECURITY_TX_OLOAD_NEED_MDATA)
 				rte_security_set_pkt_metadata(
 						sa->security_ctx,
@@ -485,11 +482,10 @@ ipsec_dequeue(ipsec_xform_fn xform_func, struct ipsec_ctx *ipsec_ctx,
 
 	for (i = 0; i < ipsec_ctx->nb_qps && nb_pkts < max_pkts;) {
 		struct cdev_qp *cqp;
-
 		cqp = &ipsec_ctx->tbl[ipsec_ctx->last_qp];
 
-		while (cqp->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
-			pkt = cqp->ol_pkts[--cqp->ol_pkts_cnt];
+		while (ipsec_ctx->ol_pkts_cnt > 0 && nb_pkts < max_pkts) {
+			pkt = ipsec_ctx->ol_pkts[--ipsec_ctx->ol_pkts_cnt];
 			rte_prefetch0(pkt);
 			priv = get_priv(pkt);
 			sa = priv->sa;
diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index ac77064..6059f6c 100644
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -130,8 +130,6 @@ struct cdev_qp {
 	uint16_t in_flight;
 	uint16_t len;
 	struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
-	uint16_t ol_pkts_cnt;
 };
 
 struct ipsec_ctx {
@@ -143,6 +141,8 @@ struct ipsec_ctx {
 	uint16_t last_qp;
 	struct cdev_qp tbl[MAX_QP_PER_LCORE];
 	struct rte_mempool *session_pool;
+	struct rte_mbuf *ol_pkts[MAX_PKT_BURST] __rte_aligned(sizeof(void *));
+	uint16_t ol_pkts_cnt;
 };
 
 struct cdev_key {
-- 
2.7.5

Re: [dpdk-dev] [PATCH v3 1/3] security: add get session size function

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 18, 2018 3:42 PM
> To: dev@dpdk.org
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Yigit, Ferruh
> <ferruh.yigit@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; akhil.goyal@nxp.com; Nicolau, Radu
> <radu.nicolau@intel.com>
> Subject: [PATCH v3 1/3] security: add get session size function
> 
> Add function to get security session size.
> 
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>

Series applied to dpdk-next-crypto.
Thanks,

Pablo