Hi, There is no need to create a crypto session for each packet. The application needs to create a crypto session for a unique cipher/auth key (ie all the parameters in odp_crypto_session_params_t ). A crypto session is created so that application can create a crypto session and reuse it for packets which need similar processing. The parameters of crypto session are as follows
typedef struct odp_crypto_session_params { odp_crypto_op_t op; /**< Encode versus decode */ odp_bool_t auth_cipher_text; /**< Authenticate/cipher ordering */ odp_crypto_op_mode_t pref_mode; /**< Preferred sync vs async */ odp_cipher_alg_t cipher_alg; /**< Cipher algorithm */ odp_crypto_key_t cipher_key; /**< Cipher key */ odp_crypto_iv_t iv; /**< Cipher Initialization Vector (IV) */ odp_auth_alg_t auth_alg; /**< Authentication algorithm */ odp_crypto_key_t auth_key; /**< Authentication key */ odp_queue_t compl_queue; /**< Async mode completion event queue */ odp_pool_t output_pool; /**< Output buffer pool */ } odp_crypto_session_params_t If you see the odp_crypto_operation() function it reuses an existing crypto session and only provides parameters which are unique per packet (ie cipher/auth range, input packet, etc ) The limit of 32 crypto sessions is a limitation on the linux-generic implementation and this value might depend on individual platforms. Regards, Bala On 16 February 2016 at 18:40, Gábor Sándor Enyedi < gabor.sandor.eny...@ericsson.com> wrote: > Hi, > > I want to keep up IPSec connections with up to ~100K users simultaneously. > After looking into the code, it seems that both linux-generic and odp-dpdk > can allocate at most 32 crypto sessions (with odp_crypto_session_create). > Please confirm, that this is not a bug, but crypto sessions are considered > to be a very limited resource and an ODP application should create and > destroy a crypto session for each packet, when all the users are sending > traffic at the same time. > Thanks, > > Gabor > _______________________________________________ > lng-odp mailing list > lng-odp@lists.linaro.org > https://lists.linaro.org/mailman/listinfo/lng-odp >
_______________________________________________ lng-odp mailing list lng-odp@lists.linaro.org https://lists.linaro.org/mailman/listinfo/lng-odp