Re: [lng-odp] crypto contexts

Wed, 17 Feb 2016 03:14:32 -0800 

Hi,

There is no need to create a crypto session for each packet. The
application needs to create a crypto session for a unique cipher/auth key
(ie all the parameters in odp_crypto_session_params_t ).
A crypto session is created so that application can create a crypto session
and reuse it for packets which need similar processing.  The parameters of
crypto session are as follows

typedef struct odp_crypto_session_params {
        odp_crypto_op_t op;                /**< Encode versus decode */
        odp_bool_t auth_cipher_text;       /**< Authenticate/cipher
ordering */
        odp_crypto_op_mode_t pref_mode;    /**< Preferred sync vs async */
        odp_cipher_alg_t cipher_alg;       /**< Cipher algorithm */
        odp_crypto_key_t cipher_key;       /**< Cipher key */
        odp_crypto_iv_t  iv;               /**< Cipher Initialization
Vector (IV) */
        odp_auth_alg_t auth_alg;           /**< Authentication algorithm */
        odp_crypto_key_t auth_key;         /**< Authentication key */
        odp_queue_t compl_queue;           /**< Async mode completion event
queue */
        odp_pool_t output_pool;            /**< Output buffer pool */
} odp_crypto_session_params_t

If you see the odp_crypto_operation() function it reuses an existing crypto
session and only provides parameters which are unique per packet (ie
cipher/auth range, input packet, etc )

The limit of 32 crypto sessions is a limitation on the linux-generic
implementation and this value might depend on individual platforms.

Regards,
Bala

On 16 February 2016 at 18:40, Gábor Sándor Enyedi <
[email protected]> wrote:

> Hi,
>
> I want to keep up IPSec connections with up to ~100K users simultaneously.
> After looking into the code, it seems that both linux-generic and odp-dpdk
> can allocate at most 32 crypto sessions (with odp_crypto_session_create).
> Please confirm, that this is not a bug, but crypto sessions are considered
> to be a very limited resource and an ODP application should create and
> destroy a crypto session for each packet, when all the users are sending
> traffic at the same time.
> Thanks,
>
> Gabor
> _______________________________________________
> lng-odp mailing list
> [email protected]
> https://lists.linaro.org/mailman/listinfo/lng-odp
>

_______________________________________________
lng-odp mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/lng-odp

Reply via email to