examples: use separate crypto session mempools

[dpdk.git] / examples / ipsec-secgw / ipsec-secgw.c

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index a0faddf..fc102a3 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -54,8 +54,8 @@
 #define NB_MBUF        (32000)
 
 #define CDEV_QUEUE_DESC 2048
-#define CDEV_MAP_ENTRIES 1024
-#define CDEV_MP_NB_OBJS 2048
+#define CDEV_MAP_ENTRIES 16384
+#define CDEV_MP_NB_OBJS 1024
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
@@ -197,8 +197,7 @@ static struct rte_eth_conf port_conf = {
                .mq_mode        = ETH_MQ_RX_RSS,
                .max_rx_pkt_len = ETHER_MAX_LEN,
                .split_hdr_size = 0,
-               .offloads = DEV_RX_OFFLOAD_CHECKSUM |
-                           DEV_RX_OFFLOAD_CRC_STRIP,
+               .offloads = DEV_RX_OFFLOAD_CHECKSUM,
        },
        .rx_adv_conf = {
                .rss_conf = {
@@ -510,11 +509,13 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
                sa_idx = ip->res[i] & PROTECT_MASK;
                if (ip->res[i] & DISCARD)
                        rte_pktmbuf_free(m);
+               else if (ip->res[i] & BYPASS)
+                       ip->pkts[j++] = m;
                else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
                        ipsec->res[ipsec->num] = sa_idx;
                        ipsec->pkts[ipsec->num++] = m;
-               } else /* BYPASS */
-                       ip->pkts[j++] = m;
+               } else /* invalid SA idx */
+                       rte_pktmbuf_free(m);
        }
        ip->num = j;
 }
@@ -819,11 +820,15 @@ main_loop(__attribute__((unused)) void *dummy)
        qconf->inbound.sa_ctx = socket_ctx[socket_id].sa_in;
        qconf->inbound.cdev_map = cdev_map_in;
        qconf->inbound.session_pool = socket_ctx[socket_id].session_pool;
+       qconf->inbound.session_priv_pool =
+                       socket_ctx[socket_id].session_priv_pool;
        qconf->outbound.sp4_ctx = socket_ctx[socket_id].sp_ip4_out;
        qconf->outbound.sp6_ctx = socket_ctx[socket_id].sp_ip6_out;
        qconf->outbound.sa_ctx = socket_ctx[socket_id].sa_out;
        qconf->outbound.cdev_map = cdev_map_out;
        qconf->outbound.session_pool = socket_ctx[socket_id].session_pool;
+       qconf->outbound.session_priv_pool =
+                       socket_ctx[socket_id].session_priv_pool;
 
        if (qconf->nb_rx_queue == 0) {
                RTE_LOG(INFO, IPSEC, "lcore %u has nothing to do\n", lcore_id);
@@ -1390,9 +1395,27 @@ cryptodevs_init(void)
 
        uint32_t max_sess_sz = 0, sess_sz;
        for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
+               void *sec_ctx;
+
+               /* Get crypto priv session size */
                sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
                if (sess_sz > max_sess_sz)
                        max_sess_sz = sess_sz;
+
+               /*
+                * If crypto device is security capable, need to check the
+                * size of security session as well.
+                */
+
+               /* Get security context of the crypto device */
+               sec_ctx = rte_cryptodev_get_sec_ctx(cdev_id);
+               if (sec_ctx == NULL)
+                       continue;
+
+               /* Get size of security session */
+               sess_sz = rte_security_session_get_size(sec_ctx);
+               if (sess_sz > max_sess_sz)
+                       max_sess_sz = sess_sz;
        }
        RTE_ETH_FOREACH_DEV(port_id) {
                void *sec_ctx;
@@ -1441,10 +1464,10 @@ cryptodevs_init(void)
                dev_conf.nb_queue_pairs = qp;
 
                uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
-               if (dev_max_sess != 0 && dev_max_sess < (CDEV_MP_NB_OBJS / 2))
+               if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
                        rte_exit(EXIT_FAILURE,
                                "Device does not support at least %u "
-                               "sessions", CDEV_MP_NB_OBJS / 2);
+                               "sessions", CDEV_MP_NB_OBJS);
 
                if (!socket_ctx[dev_conf.socket_id].session_pool) {
                        char mp_name[RTE_MEMPOOL_NAMESIZE];
@@ -1452,6 +1475,19 @@ cryptodevs_init(void)
 
                        snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
                                        "sess_mp_%u", dev_conf.socket_id);
+                       sess_mp = rte_cryptodev_sym_session_pool_create(
+                                       mp_name, CDEV_MP_NB_OBJS,
+                                       0, CDEV_MP_CACHE_SZ, 0,
+                                       dev_conf.socket_id);
+                       socket_ctx[dev_conf.socket_id].session_pool = sess_mp;
+               }
+
+               if (!socket_ctx[dev_conf.socket_id].session_priv_pool) {
+                       char mp_name[RTE_MEMPOOL_NAMESIZE];
+                       struct rte_mempool *sess_mp;
+
+                       snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+                                       "sess_mp_priv_%u", dev_conf.socket_id);
                        sess_mp = rte_mempool_create(mp_name,
                                        CDEV_MP_NB_OBJS,
                                        max_sess_sz,
@@ -1459,25 +1495,31 @@ cryptodevs_init(void)
                                        0, NULL, NULL, NULL,
                                        NULL, dev_conf.socket_id,
                                        0);
-                       if (sess_mp == NULL)
-                               rte_exit(EXIT_FAILURE,
-                                       "Cannot create session pool on socket %d\n",
-                                       dev_conf.socket_id);
-                       else
-                               printf("Allocated session pool on socket %d\n",
-                                       dev_conf.socket_id);
-                       socket_ctx[dev_conf.socket_id].session_pool = sess_mp;
+                       socket_ctx[dev_conf.socket_id].session_priv_pool =
+                                       sess_mp;
                }
 
+               if (!socket_ctx[dev_conf.socket_id].session_priv_pool ||
+                               !socket_ctx[dev_conf.socket_id].session_pool)
+                       rte_exit(EXIT_FAILURE,
+                               "Cannot create session pool on socket %d\n",
+                               dev_conf.socket_id);
+               else
+                       printf("Allocated session pool on socket %d\n",
+                                       dev_conf.socket_id);
+
                if (rte_cryptodev_configure(cdev_id, &dev_conf))
                        rte_panic("Failed to initialize cryptodev %u\n",
                                        cdev_id);
 
                qp_conf.nb_descriptors = CDEV_QUEUE_DESC;
+               qp_conf.mp_session =
+                       socket_ctx[dev_conf.socket_id].session_pool;
+               qp_conf.mp_session_private =
+                       socket_ctx[dev_conf.socket_id].session_priv_pool;
                for (qp = 0; qp < dev_conf.nb_queue_pairs; qp++)
                        if (rte_cryptodev_queue_pair_setup(cdev_id, qp,
-                                       &qp_conf, dev_conf.socket_id,
-                                       socket_ctx[dev_conf.socket_id].session_pool))
+                                       &qp_conf, dev_conf.socket_id))
                                rte_panic("Failed to setup queue %u for "
                                                "cdev_id %u\n", 0, cdev_id);
 
@@ -1499,7 +1541,7 @@ cryptodevs_init(void)
                                snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
                                                "sess_mp_%u", socket_id);
                                sess_mp = rte_mempool_create(mp_name,
-                                               CDEV_MP_NB_OBJS,
+                                               (CDEV_MP_NB_OBJS * 2),
                                                max_sess_sz,
                                                CDEV_MP_CACHE_SZ,
                                                0, NULL, NULL, NULL,