examples/ipsec-secgw: remove limitation for crypto sessions

Get rid of hardcoded limit of cryptodev sessions.

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 6d02341..161fd21 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -62,7 +62,6 @@ volatile bool force_quit;
 
 #define CDEV_QUEUE_DESC 2048
 #define CDEV_MAP_ENTRIES 16384
-#define CDEV_MP_NB_OBJS 1024
 #define CDEV_MP_CACHE_SZ 64
 #define MAX_QUEUE_PAIRS 1
 
@@ -2025,10 +2024,11 @@ cryptodevs_init(uint16_t req_queue_num)
                dev_conf.ff_disable = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
 
                uint32_t dev_max_sess = cdev_info.sym.max_nb_sessions;
-               if (dev_max_sess != 0 && dev_max_sess < CDEV_MP_NB_OBJS)
+               if (dev_max_sess != 0 &&
+                               dev_max_sess < get_nb_crypto_sessions())
                        rte_exit(EXIT_FAILURE,
                                "Device does not support at least %u "
-                               "sessions", CDEV_MP_NB_OBJS);
+                               "sessions", get_nb_crypto_sessions());
 
                if (rte_cryptodev_configure(cdev_id, &dev_conf))
                        rte_panic("Failed to initialize cryptodev %u\n",
@@ -2280,12 +2280,18 @@ session_pool_init(struct socket_ctx *ctx, int32_t socket_id, size_t sess_sz)
 {
        char mp_name[RTE_MEMPOOL_NAMESIZE];
        struct rte_mempool *sess_mp;
+       uint32_t nb_sess;
 
        snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
                        "sess_mp_%u", socket_id);
+       /*
+        * Doubled due to rte_security_session_create() uses one mempool for
+        * session and for session private data.
+        */
+       nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+               rte_lcore_count()) * 2;
        sess_mp = rte_cryptodev_sym_session_pool_create(
-                       mp_name, CDEV_MP_NB_OBJS,
-                       sess_sz, CDEV_MP_CACHE_SZ, 0,
+                       mp_name, nb_sess, sess_sz, CDEV_MP_CACHE_SZ, 0,
                        socket_id);
        ctx->session_pool = sess_mp;
 
@@ -2302,11 +2308,18 @@ session_priv_pool_init(struct socket_ctx *ctx, int32_t socket_id,
 {
        char mp_name[RTE_MEMPOOL_NAMESIZE];
        struct rte_mempool *sess_mp;
+       uint32_t nb_sess;
 
        snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
                        "sess_mp_priv_%u", socket_id);
+       /*
+        * Doubled due to rte_security_session_create() uses one mempool for
+        * session and for session private data.
+        */
+       nb_sess = (get_nb_crypto_sessions() + CDEV_MP_CACHE_SZ *
+               rte_lcore_count()) * 2;
        sess_mp = rte_mempool_create(mp_name,
-                       CDEV_MP_NB_OBJS,
+                       nb_sess,
                        sess_sz,
                        CDEV_MP_CACHE_SZ,
                        0, NULL, NULL, NULL,

diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
index 1e642d1..2f69199 100644 (file)
--- a/examples/ipsec-secgw/ipsec.h
+++ b/examples/ipsec-secgw/ipsec.h
@@ -416,4 +416,7 @@ check_flow_params(uint16_t fdir_portid, uint8_t fdir_qid);
 int
 create_ipsec_esp_flow(struct ipsec_sa *sa);
 
+uint32_t
+get_nb_crypto_sessions(void);
+
 #endif /* __IPSEC_H__ */

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 6324821..cd13975 100644 (file)
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -160,6 +160,7 @@ const struct supported_aead_algo aead_algos[] = {
 
 #define SA_INIT_NB     128
 
+static uint32_t nb_crypto_sessions;
 struct ipsec_sa *sa_out;
 uint32_t nb_sa_out;
 static uint32_t sa_out_sz;
@@ -712,6 +713,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                        }
 
                        rule->fallback_sessions = 1;
+                       nb_crypto_sessions++;
                        fallback_p = 1;
                        continue;
                }
@@ -795,6 +797,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
                ips->type = RTE_SECURITY_ACTION_TYPE_NONE;
        }
 
+       nb_crypto_sessions++;
        *ri = *ri + 1;
 }
 
@@ -1624,3 +1627,9 @@ sa_sort_arr(void)
        qsort(sa_in, nb_sa_in, sizeof(struct ipsec_sa), sa_cmp);
        qsort(sa_out, nb_sa_out, sizeof(struct ipsec_sa), sa_cmp);
 }
+
+uint32_t
+get_nb_crypto_sessions(void)
+{
+       return nb_crypto_sessions;
+}