vhost: handle virtually non-contiguous buffers in Tx

[dpdk.git] / examples / ipsec-secgw / ipsec-secgw.c

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 84cc9b1..6bbb920 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -78,8 +78,8 @@
 /*
  * Configurable number of RX/TX ring descriptors
  */
-#define IPSEC_SECGW_RX_DESC_DEFAULT 128
-#define IPSEC_SECGW_TX_DESC_DEFAULT 512
+#define IPSEC_SECGW_RX_DESC_DEFAULT 1024
+#define IPSEC_SECGW_TX_DESC_DEFAULT 1024
 static uint16_t nb_rxd = IPSEC_SECGW_RX_DESC_DEFAULT;
 static uint16_t nb_txd = IPSEC_SECGW_TX_DESC_DEFAULT;
 
@@ -422,7 +422,8 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
                }
 
                sa_idx = ip->res[i] & PROTECT_MASK;
-               if (sa_idx == 0 || !inbound_sa_check(sa, m, sa_idx)) {
+               if (sa_idx >= IPSEC_SA_MAX_ENTRIES ||
+                               !inbound_sa_check(sa, m, sa_idx)) {
                        rte_pktmbuf_free(m);
                        continue;
                }
@@ -487,9 +488,9 @@ outbound_sp(struct sp_ctx *sp, struct traffic_type *ip,
        for (i = 0; i < ip->num; i++) {
                m = ip->pkts[i];
                sa_idx = ip->res[i] & PROTECT_MASK;
-               if ((ip->res[i] == 0) || (ip->res[i] & DISCARD))
+               if (ip->res[i] & DISCARD)
                        rte_pktmbuf_free(m);
-               else if (sa_idx != 0) {
+               else if (sa_idx < IPSEC_SA_MAX_ENTRIES) {
                        ipsec->res[ipsec->num] = sa_idx;
                        ipsec->pkts[ipsec->num++] = m;
                } else /* BYPASS */
@@ -847,7 +848,7 @@ static int32_t
 check_params(void)
 {
        uint8_t lcore;
-       uint16_t portid, nb_ports;
+       uint16_t portid;
        uint16_t i;
        int32_t socket_id;
 
@@ -856,8 +857,6 @@ check_params(void)
                return -1;
        }
 
-       nb_ports = rte_eth_dev_count();
-
        for (i = 0; i < nb_lcore_params; ++i) {
                lcore = lcore_params[i].lcore_id;
                if (!rte_lcore_is_enabled(lcore)) {
@@ -876,7 +875,7 @@ check_params(void)
                        printf("port %u is not enabled in port mask\n", portid);
                        return -1;
                }
-               if (portid >= nb_ports) {
+               if (!rte_eth_dev_is_valid_port(portid)) {
                        printf("port %u is not present on the board\n", portid);
                        return -1;
                }
@@ -1172,7 +1171,7 @@ print_ethaddr(const char *name, const struct ether_addr *eth_addr)
 
 /* Check the link status of all ports in up to 9s, and print them finally */
 static void
-check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
+check_all_ports_link_status(uint32_t port_mask)
 {
 #define CHECK_INTERVAL 100 /* 100ms */
 #define MAX_CHECK_TIME 90 /* 9s (90 * 100ms) in total */
@@ -1184,7 +1183,7 @@ check_all_ports_link_status(uint16_t port_num, uint32_t port_mask)
        fflush(stdout);
        for (count = 0; count <= MAX_CHECK_TIME; count++) {
                all_ports_up = 1;
-               for (portid = 0; portid < port_num; portid++) {
+               RTE_ETH_FOREACH_DEV(portid) {
                        if ((port_mask & (1 << portid)) == 0)
                                continue;
                        memset(&link, 0, sizeof(link));
@@ -1353,7 +1352,7 @@ cryptodevs_init(void)
        struct rte_cryptodev_config dev_conf;
        struct rte_cryptodev_qp_conf qp_conf;
        uint16_t idx, max_nb_qps, qp, i;
-       int16_t cdev_id;
+       int16_t cdev_id, port_id;
        struct rte_hash_parameters params = { 0 };
 
        params.entries = CDEV_MAP_ENTRIES;
@@ -1382,6 +1381,20 @@ cryptodevs_init(void)
                if (sess_sz > max_sess_sz)
                        max_sess_sz = sess_sz;
        }
+       RTE_ETH_FOREACH_DEV(port_id) {
+               void *sec_ctx;
+
+               if ((enabled_port_mask & (1 << port_id)) == 0)
+                       continue;
+
+               sec_ctx = rte_eth_dev_get_sec_ctx(port_id);
+               if (sec_ctx == NULL)
+                       continue;
+
+               sess_sz = rte_security_session_get_size(sec_ctx);
+               if (sess_sz > max_sess_sz)
+                       max_sess_sz = sess_sz;
+       }
 
        idx = 0;
        for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {
@@ -1454,6 +1467,38 @@ cryptodevs_init(void)
                                        cdev_id);
        }
 
+       /* create session pools for eth devices that implement security */
+       RTE_ETH_FOREACH_DEV(port_id) {
+               if ((enabled_port_mask & (1 << port_id)) &&
+                               rte_eth_dev_get_sec_ctx(port_id)) {
+                       int socket_id = rte_eth_dev_socket_id(port_id);
+
+                       if (!socket_ctx[socket_id].session_pool) {
+                               char mp_name[RTE_MEMPOOL_NAMESIZE];
+                               struct rte_mempool *sess_mp;
+
+                               snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
+                                               "sess_mp_%u", socket_id);
+                               sess_mp = rte_mempool_create(mp_name,
+                                               CDEV_MP_NB_OBJS,
+                                               max_sess_sz,
+                                               CDEV_MP_CACHE_SZ,
+                                               0, NULL, NULL, NULL,
+                                               NULL, socket_id,
+                                               0);
+                               if (sess_mp == NULL)
+                                       rte_exit(EXIT_FAILURE,
+                                               "Cannot create session pool "
+                                               "on socket %d\n", socket_id);
+                               else
+                                       printf("Allocated session pool "
+                                               "on socket %d\n", socket_id);
+                               socket_ctx[socket_id].session_pool = sess_mp;
+                       }
+               }
+       }
+
+
        printf("\n");
 
        return 0;
@@ -1599,7 +1644,7 @@ main(int32_t argc, char **argv)
        int32_t ret;
        uint32_t lcore_id;
        uint8_t socket_id;
-       uint16_t portid, nb_ports;
+       uint16_t portid;
 
        /* init EAL */
        ret = rte_eal_init(argc, argv);
@@ -1618,8 +1663,6 @@ main(int32_t argc, char **argv)
                rte_exit(EXIT_FAILURE, "Invalid unprotected portmask 0x%x\n",
                                unprotected_port_mask);
 
-       nb_ports = rte_eth_dev_count();
-
        if (check_params() < 0)
                rte_exit(EXIT_FAILURE, "check_params failed\n");
 
@@ -1653,7 +1696,7 @@ main(int32_t argc, char **argv)
                pool_init(&socket_ctx[socket_id], socket_id, NB_MBUF);
        }
 
-       for (portid = 0; portid < nb_ports; portid++) {
+       RTE_ETH_FOREACH_DEV(portid) {
                if ((enabled_port_mask & (1 << portid)) == 0)
                        continue;
 
@@ -1663,7 +1706,7 @@ main(int32_t argc, char **argv)
        cryptodevs_init();
 
        /* start ports */
-       for (portid = 0; portid < nb_ports; portid++) {
+       RTE_ETH_FOREACH_DEV(portid) {
                if ((enabled_port_mask & (1 << portid)) == 0)
                        continue;
 
@@ -1682,7 +1725,7 @@ main(int32_t argc, char **argv)
                        rte_eth_promiscuous_enable(portid);
        }
 
-       check_all_ports_link_status(nb_ports, enabled_port_mask);
+       check_all_ports_link_status(enabled_port_mask);
 
        /* launch per-lcore init on every lcore */
        rte_eal_mp_remote_launch(main_loop, NULL, CALL_MASTER);