Cover Detail
Show a cover letter.
GET /api/covers/61426/?format=api
http://patches.dpdk.org/api/covers/61426/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/cover/cover.1571322982.git.vladimir.medvedkin@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<cover.1571322982.git.vladimir.medvedkin@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/cover.1571322982.git.vladimir.medvedkin@intel.com", "date": "2019-10-17T15:47:57", "name": "[v6,0/6] ipsec: add inbound SAD", "submitter": { "id": 1216, "url": "http://patches.dpdk.org/api/people/1216/?format=api", "name": "Vladimir Medvedkin", "email": "vladimir.medvedkin@intel.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/cover/cover.1571322982.git.vladimir.medvedkin@intel.com/mbox/", "series": [ { "id": 6917, "url": "http://patches.dpdk.org/api/series/6917/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=6917", "date": "2019-10-17T15:47:57", "name": "ipsec: add inbound SAD", "version": 6, "mbox": "http://patches.dpdk.org/series/6917/mbox/" } ], "comments": "http://patches.dpdk.org/api/covers/61426/comments/", "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 0619B1E989;\n\tThu, 17 Oct 2019 17:48:11 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 2D2941E930\n\tfor <dev@dpdk.org>; Thu, 17 Oct 2019 17:48:08 +0200 (CEST)", "from orsmga005.jf.intel.com ([10.7.209.41])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t17 Oct 2019 08:48:08 -0700", "from silpixa00400072.ir.intel.com ([10.237.222.213])\n\tby orsmga005.jf.intel.com with ESMTP; 17 Oct 2019 08:48:06 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.67,308,1566889200\"; d=\"scan'208\";a=\"371174127\"", "From": "Vladimir Medvedkin <vladimir.medvedkin@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com, bernard.iremonger@intel.com,\n\takhil.goyal@nxp.com", "Date": "Thu, 17 Oct 2019 16:47:57 +0100", "Message-Id": "<cover.1571322982.git.vladimir.medvedkin@intel.com>", "X-Mailer": "git-send-email 2.7.4", "MIME-Version": "1.0", "In-Reply-To": "<cover.1570725871.git.vladimir.medvedkin@intel.com>", "References": "<cover.1570725871.git.vladimir.medvedkin@intel.com>", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v6 0/6] ipsec: add inbound SAD", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "According to RFC 4301 IPSec implementation needs an inbound SA database (SAD).\nFor each incoming inbound IPSec-protected packet (ESP or AH) it has to\nperform a lookup within it’s SAD.\nLookup should be performed by:\nSecurity Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)\n or SPI + DIP\n or SPI only\nand an implementation has to return the “longest” existing match.\nThese series extend DPDK IPsec library with SAD table implementation that:\n- conforms to the RFC requirements above\n- can scale up to millions of entries\n- supports fast lookups\n- supports incremental updates\n\nInitial series provide an API to create/destroy SAD, and to\nadd/delete/lookup entries within given SAD table.\nUnder the hood it uses three librte_hash tables each of which contains\nan entries for a specific SA type (either it is addressed by SPI only\nor SPI+DIP or SPI+DIP+SIP) Also this patch series introduce test-sad\napplication to measure performance of the library. According to our\nmeasurements on SKX for 1M entries average lookup cost is ~80 cycles,\naverage add cost ~500 cycles.\n\nv6:\n- fix rte_ipsec_sad_lookup() comments regarding return value\n- added parallel lookup feature to test-sad app\n- added read/write concurrency support flag to test-sad app\n- added programmer's guide\n- updated release notes\n\nv5:\n- small fix in rte_ipsec_sad_create()\n- add comments in rte_ipsec_sad.h\n\nv4:\n- fixes in test-sad app\n- small fixes in rte_ipsec_sad_create()\n- fixes in test_find_existing() from unittests\n\nv3:\n- fixes in rte_ipsec_sad_create() and rte_ipsec_sad_find_existing()\n- fix typos\n- updated commit messages\n- added test_find_existing() in unittests\n\nv2:\n- various bugs fixed\n- rte_ipsec_sad_free renamed to rte_ipsec_sad_destroy\n- added const qualifier to rte_ipsec_sad_key *key for add/delete\n- added more comments into the code\n- added ipv6 support into the testsad app\n- added <DEL> measurement into the testsad app\n- random SPI values are generated without dups\n- added support for configurable burst size in testsad app\n- added verbose mode into the testsad app\n\nVladimir Medvedkin (6):\n ipsec: add inbound SAD API\n ipsec: add SAD create/destroy implementation\n ipsec: add SAD add/delete/lookup implementation\n test/ipsec: add ipsec SAD autotests\n app: add test-sad application\n doc/ipsec: update ipsec programmer's guide\n\n app/Makefile | 1 +\n app/meson.build | 3 +-\n app/test-sad/Makefile | 18 +\n app/test-sad/main.c | 668 +++++++++++++++++++++++++\n app/test-sad/meson.build | 6 +\n app/test/Makefile | 1 +\n app/test/autotest_data.py | 6 +\n app/test/meson.build | 1 +\n app/test/test_ipsec_sad.c | 887 +++++++++++++++++++++++++++++++++\n doc/guides/prog_guide/ipsec_lib.rst | 152 ++++++\n doc/guides/rel_notes/release_19_11.rst | 3 +\n lib/librte_ipsec/Makefile | 4 +-\n lib/librte_ipsec/ipsec_sad.c | 515 +++++++++++++++++++\n lib/librte_ipsec/meson.build | 6 +-\n lib/librte_ipsec/rte_ipsec_sad.h | 176 +++++++\n lib/librte_ipsec/rte_ipsec_version.map | 7 +\n 16 files changed, 2449 insertions(+), 5 deletions(-)\n create mode 100644 app/test-sad/Makefile\n create mode 100644 app/test-sad/main.c\n create mode 100644 app/test-sad/meson.build\n create mode 100644 app/test/test_ipsec_sad.c\n create mode 100644 lib/librte_ipsec/ipsec_sad.c\n create mode 100644 lib/librte_ipsec/rte_ipsec_sad.h" }{ "id": 61426, "url": "