[dpdk-dev] [PATCH v5 0/6] integrate librte_ipsec SAD into ipsec-secgw
Vladimir Medvedkin
vladimir.medvedkin at intel.com
Wed Jan 29 15:06:02 CET 2020
This series integrates SA database (SAD) capabilities from ipsec library.
The goal is to make ipsec-secgw RFC compliant regarding inbound SAD.
Also patch series removes hardcoded limitation for maximum number of SA's
and SP's.
According to our measurements, after this series of patches,
ipsec-secgw performance drops by about 0-2%.
v5:
- introduce SAD cache to solve performance degradation
- ipsec_sad_add() returns an error if the key is present
v4:
- put tunnel SA's into SAD with SPI_ONLY type for performance reason
v3:
- parse SA and SP into sorted array instead of linked list
v2:
- get rid of maximum sp limitation
Vladimir Medvedkin (6):
ipsec: move ipsec sad name length into .h
examples/ipsec-secgw: implement inbound SAD
examples/ipsec-secgw: integrate inbound SAD
examples/ipsec-secgw: get rid of maximum sa limitation
examples/ipsec-secgw: get rid of maximum sp limitation
examples/ipsec-secgw: add SAD cache
examples/ipsec-secgw/Makefile | 1 +
examples/ipsec-secgw/ipsec-secgw.c | 34 +++++-
examples/ipsec-secgw/ipsec.h | 12 +-
examples/ipsec-secgw/meson.build | 2 +-
examples/ipsec-secgw/parser.c | 4 +
examples/ipsec-secgw/parser.h | 9 ++
examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++----------------
examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++
examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++
examples/ipsec-secgw/sp4.c | 114 +++++++++++++-----
examples/ipsec-secgw/sp6.c | 112 ++++++++++++-----
lib/librte_ipsec/ipsec_sad.c | 20 ++--
lib/librte_ipsec/rte_ipsec_sad.h | 2 +
13 files changed, 686 insertions(+), 179 deletions(-)
create mode 100644 examples/ipsec-secgw/sad.c
create mode 100644 examples/ipsec-secgw/sad.h
--
2.7.4
More information about the dev
mailing list