From 04fa1906fce99078695e08c8b71a132ebe6af4fd Mon Sep 17 00:00:00 2001 From: Vladimir Medvedkin Date: Mon, 20 Apr 2020 20:16:35 +0100 Subject: [PATCH] examples/ipsec-secgw: remove limitation for crypto sessions Get rid of hardcoded limit of cryptodev sessions. Signed-off-by: Vladimir Medvedkin Tested-by: Konstantin Ananyev Acked-by: Konstantin Ananyev Acked-by: Akhil Goyal --- examples/ipsec-secgw/ipsec-secgw.c | 25 +++++++++++++++++++------ examples/ipsec-secgw/ipsec.h | 3 +++ examples/ipsec-secgw/sa.c | 9 +++++++++ 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c index 6d02341dea..161fd218aa 100644 --- a/examples/ipsec-secgw/ipsec-secgw.c +++ b/examples/ipsec-secgw/ipsec-secgw.c @@ -62,7 +62,6 @@ volatile bool force_quit; #define CDEV_QUEUE_DESC 2048 #define CDEV_MAP_ENTRIES 16384 -#define CDEV_MP_NB_OBJS 1024 #define CDEV_MP_CACHE_SZ 64 #define MAX_QUEUE_PAIRS 1 @@ -2025,10 +2024,11 @@ cryptodevs_init(uint16_t req_queue_num) dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions; - if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS) + if (dev_max_sess != 0 && + dev_max_sess < get_nb_crypto_sessions()) rte_exit(EXIT_FAILURE, "Device does not support at least %u " - "sessions", CDEV_MP_NB_OBJS); + "sessions", get_nb_crypto_sessions()); if (rte_cryptodev_configure(cdev_id, &dev_conf)) rte_panic("Failed to initialize cryptodev %u\n", @@ -2280,12 +2280,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz) { char mp_name[RTE_MEMPOOL_NAMESIZE]; struct rte_mempool *sess_mp; + uint32_t nb_sess; snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, "sess_mp_%u", socket_id); + /* + * Doubled due to rte_security_session_create() uses one mempool for + * session and for session private data. + */ + nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * + rte_lcore_count()) * 2; sess_mp = rte_cryptodev_sym_session_pool_create( - mp_name, CDEV_MP_NB_OBJS, - sess_sz, CDEV_MP_CACHE_SZ, 0, + mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, socket_id); ctx->session_pool = sess_mp; @@ -2302,11 +2308,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id, { char mp_name[RTE_MEMPOOL_NAMESIZE]; struct rte_mempool *sess_mp; + uint32_t nb_sess; snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, "sess_mp_priv_%u", socket_id); + /* + * Doubled due to rte_security_session_create() uses one mempool for + * session and for session private data. + */ + nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ * + rte_lcore_count()) * 2; sess_mp = rte_mempool_create(mp_name, - CDEV_MP_NB_OBJS, + nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0, NULL, NULL, NULL, diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 1e642d17d3..2f69199004 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -416,4 +416,7 @@ check_flow_params(uint16_t fdir_portid, uint8_t fdir_qid); int create_ipsec_esp_flow(struct ipsec_sa *sa); +uint32_t +get_nb_crypto_sessions(void); + #endif /* __IPSEC_H__ */ diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 632482176c..cd1397531a 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -160,6 +160,7 @@ const struct supported_aead_algo aead_algos[] = { #define SA_INIT_NB 128 +static uint32_t nb_crypto_sessions; struct ipsec_sa *sa_out; uint32_t nb_sa_out; static uint32_t sa_out_sz; @@ -712,6 +713,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, } rule->fallback_sessions = 1; + nb_crypto_sessions++; fallback_p = 1; continue; } @@ -795,6 +797,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, ips->type = RTE_SECURITY_ACTION_TYPE_NONE; } + nb_crypto_sessions++; *ri = *ri + 1; } @@ -1624,3 +1627,9 @@ sa_sort_arr(void) qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp); qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp); } + +uint32_t +get_nb_crypto_sessions(void) +{ + return nb_crypto_sessions; +} -- 2.20.1