examples/ipsec-secgw: destroy lookaside sessions

Lookaside mode also creates security and crypto sessions that needs to
be destroyed after they are no longer used.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
index 4251952bf33499161b6fe4c9a04335bbea5ee4af..37d0ff058ece216ab7d7a4d59a06d6a58e175b08 100644 (file)
--- a/examples/ipsec-secgw/ipsec-secgw.c
+++ b/examples/ipsec-secgw/ipsec-secgw.c
@@ -2485,8 +2485,37 @@ check_event_mode_params(struct eh_conf *eh_conf)
        return 0;
 }
 
+static int
+one_session_free(struct rte_ipsec_session *ips)
+{
+       int32_t ret = 0;
+
+       if (ips->type == RTE_SECURITY_ACTION_TYPE_NONE ||
+               ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
+               /* Session has not been created */
+               if (ips->crypto.ses == NULL)
+                       return 0;
+
+               ret = rte_cryptodev_sym_session_clear(ips->crypto.dev_id,
+                                                     ips->crypto.ses);
+               if (ret)
+                       return ret;
+
+               ret = rte_cryptodev_sym_session_free(ips->crypto.ses);
+       } else {
+               /* Session has not been created */
+               if (ips->security.ctx == NULL || ips->security.ses == NULL)
+                       return 0;
+
+               ret = rte_security_session_destroy(ips->security.ctx,
+                                                  ips->security.ses);
+       }
+
+       return ret;
+}
+
 static void
-inline_sessions_free(struct sa_ctx *sa_ctx)
+sessions_free(struct sa_ctx *sa_ctx)
 {
        struct rte_ipsec_session *ips;
        struct ipsec_sa *sa;
@@ -2503,16 +2532,7 @@ inline_sessions_free(struct sa_ctx *sa_ctx)
                        continue;
 
                ips = ipsec_get_primary_session(sa);
-               if (ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL &&
-                   ips->type != RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO)
-                       continue;
-
-               if (!rte_eth_dev_is_valid_port(sa->portid))
-                       continue;
-
-               ret = rte_security_session_destroy(
-                               rte_eth_dev_get_sec_ctx(sa->portid),
-                               ips->security.ses);
+               ret = one_session_free(ips);
                if (ret)
                        RTE_LOG(ERR, IPSEC, "Failed to destroy security "
                                            "session type %d, spi %d\n",
@@ -3102,11 +3122,11 @@ skip_sec_ctx:
        /* Free eventmode configuration memory */
        eh_conf_uninit(eh_conf);
 
-       /* Destroy inline inbound and outbound sessions */
+       /* Destroy inbound and outbound sessions */
        for (i = 0; i < NB_SOCKETS && i < rte_socket_count(); i++) {
                socket_id = rte_socket_id_by_idx(i);
-               inline_sessions_free(socket_ctx[socket_id].sa_in);
-               inline_sessions_free(socket_ctx[socket_id].sa_out);
+               sessions_free(socket_ctx[socket_id].sa_in);
+               sessions_free(socket_ctx[socket_id].sa_out);
        }
 
        for (cdev_id = 0; cdev_id < rte_cryptodev_count(); cdev_id++) {

diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index b66ff2b6503637c627d4abdd6bcb9f291df3ff6d..3027fbc45fc146b02f03d8b7522b528cc5b6ae9f 100644 (file)
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -124,31 +124,31 @@ create_lookaside_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa,
                                "SEC Session init failed: err: %d\n", ret);
                                return -1;
                        }
+                       ips->security.ctx = ctx;
                } else {
                        RTE_LOG(ERR, IPSEC, "Inline not supported\n");
                        return -1;
                }
        } else {
+               uint16_t cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
+
                if (ips->type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO) {
                        struct rte_cryptodev_info info;
-                       uint16_t cdev_id;
 
-                       cdev_id = ipsec_ctx->tbl[cdev_id_qp].id;
                        rte_cryptodev_info_get(cdev_id, &info);
                        if (!(info.feature_flags &
                                RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO))
                                return -ENOTSUP;
 
-                       ips->crypto.dev_id = cdev_id;
                }
+               ips->crypto.dev_id = cdev_id;
                ips->crypto.ses = rte_cryptodev_sym_session_create(
                                ipsec_ctx->session_pool);
-               rte_cryptodev_sym_session_init(ipsec_ctx->tbl[cdev_id_qp].id,
+               rte_cryptodev_sym_session_init(cdev_id,
                                ips->crypto.ses, sa->xforms,
                                ipsec_ctx->session_priv_pool);
 
-               rte_cryptodev_info_get(ipsec_ctx->tbl[cdev_id_qp].id,
-                               &cdev_info);
+               rte_cryptodev_info_get(cdev_id, &cdev_info);
        }
 
        sa->cdev_id_qp = cdev_id_qp;