Hi,
Crypto key in crypto session cannot be changed and in this case you need
'n' different crypto sessions only and it cannot be reused.
Regards,
Bala
On 17 February 2016 at 21:11, Gábor Sándor Enyedi <
gabor.sandor.eny...@ericsson.com> wrote:
> How can you change the crypto key? Each user has its own.
>
> Gabor
>
>
> On 02/17/2016 12:13 PM, Bala Manoharan wrote:
>
> Hi,
>
> There is no need to create a crypto session for each packet. The
> application needs to create a crypto session for a unique cipher/auth key
> (ie all the parameters in odp_crypto_session_params_t ).
> A crypto session is created so that application can create a crypto
> session and reuse it for packets which need similar processing. The
> parameters of crypto session are as follows
>
> typedef struct odp_crypto_session_params {
> odp_crypto_op_t op; /**< Encode versus decode */
> odp_bool_t auth_cipher_text; /**< Authenticate/cipher
> ordering */
> odp_crypto_op_mode_t pref_mode; /**< Preferred sync vs async */
> odp_cipher_alg_t cipher_alg; /**< Cipher algorithm */
> odp_crypto_key_t cipher_key; /**< Cipher key */
> odp_crypto_iv_t iv; /**< Cipher Initialization
> Vector (IV) */
> odp_auth_alg_t auth_alg; /**< Authentication algorithm */
> odp_crypto_key_t auth_key; /**< Authentication key */
> odp_queue_t compl_queue; /**< Async mode completion
> event queue */
> odp_pool_t output_pool; /**< Output buffer pool */
> } odp_crypto_session_params_t
>
> If you see the odp_crypto_operation() function it reuses an existing
> crypto session and only provides parameters which are unique per packet (ie
> cipher/auth range, input packet, etc )
>
> The limit of 32 crypto sessions is a limitation on the linux-generic
> implementation and this value might depend on individual platforms.
>
> Regards,
> Bala
>
> On 16 February 2016 at 18:40, Gábor Sándor Enyedi <
> gabor.sandor.eny...@ericsson.com> wrote:
>
>> Hi,
>>
>> I want to keep up IPSec connections with up to ~100K users
>> simultaneously. After looking into the code, it seems that both
>> linux-generic and odp-dpdk can allocate at most 32 crypto sessions (with
>> odp_crypto_session_create). Please confirm, that this is not a bug, but
>> crypto sessions are considered to be a very limited resource and an ODP
>> application should create and destroy a crypto session for each packet,
>> when all the users are sending traffic at the same time.
>> Thanks,
>>
>> Gabor
>> _______________________________________________
>> lng-odp mailing list
>> lng-odp@lists.linaro.org
>> https://lists.linaro.org/mailman/listinfo/lng-odp
>>
>
>
>
_______________________________________________
lng-odp mailing list
lng-odp@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/lng-odp
