Message ID | 1580492385-120134-1-git-send-email-vladimir.medvedkin@intel.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5D775A0524; Fri, 31 Jan 2020 18:39:52 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 30B6A1C115; Fri, 31 Jan 2020 18:39:52 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id E2E541C10F for <dev@dpdk.org>; Fri, 31 Jan 2020 18:39:49 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Jan 2020 09:39:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,386,1574150400"; d="scan'208";a="223202774" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga008.jf.intel.com with ESMTP; 31 Jan 2020 09:39:48 -0800 From: Vladimir Medvedkin <vladimir.medvedkin@intel.com> To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com Date: Fri, 31 Jan 2020 17:39:37 +0000 Message-Id: <1580492385-120134-1-git-send-email-vladimir.medvedkin@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com> References: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com> Subject: [dpdk-dev] [PATCH v6 0/8] integrate librte_ipsec SAD into ipsec-secgw X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Series |
integrate librte_ipsec SAD into ipsec-secgw
|
|
Message
Vladimir Medvedkin
Jan. 31, 2020, 5:39 p.m. UTC
This series integrates SA database (SAD) capabilities from ipsec library. The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. Also patch series removes hardcoded limitation for maximum number of SA's and SP's. According to our measurements, after this series of patches, ipsec-secgw performance drops by about 0-2%. v6: - add SA check for NULL pointer after rte_ipsec_sad_lookup() - using mbuf ptype field to distinguish v4 and v6 packets - add SAD cache size option into documentation v5: - introduce SAD cache to solve performance degradation - ipsec_sad_add() returns an error if the key is present v4: - put tunnel SA's into SAD with SPI_ONLY type for performance reason v3: - parse SA and SP into sorted array instead of linked list v2: - get rid of maximum sp limitation Vladimir Medvedkin (8): ipsec: move ipsec sad name length into .h examples/ipsec-secgw: implement inbound SAD examples/ipsec-secgw: integrate inbound SAD examples/ipsec-secgw: get rid of maximum sa limitation examples/ipsec-secgw: get rid of maximum sp limitation examples/ipsec-secgw: add SAD cache examples/ipsec-secgw: set/use mbuf ptype doc: update ipsec-secgw guide doc/guides/sample_app_ug/ipsec_secgw.rst | 6 + examples/ipsec-secgw/Makefile | 1 + examples/ipsec-secgw/ipsec-secgw.c | 36 ++++- examples/ipsec-secgw/ipsec.h | 12 +- examples/ipsec-secgw/meson.build | 2 +- examples/ipsec-secgw/parser.c | 4 + examples/ipsec-secgw/parser.h | 9 ++ examples/ipsec-secgw/sa.c | 238 ++++++++++++++++++------------- examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++ examples/ipsec-secgw/sad.h | 170 ++++++++++++++++++++++ examples/ipsec-secgw/sp4.c | 114 +++++++++++---- examples/ipsec-secgw/sp6.c | 112 +++++++++++---- lib/librte_ipsec/ipsec_sad.c | 20 +-- lib/librte_ipsec/rte_ipsec_sad.h | 2 + 14 files changed, 696 insertions(+), 179 deletions(-) create mode 100644 examples/ipsec-secgw/sad.c create mode 100644 examples/ipsec-secgw/sad.h
Comments
> This series integrates SA database (SAD) capabilities from ipsec library. > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. > Also patch series removes hardcoded limitation for maximum number of SA's > and SP's. > According to our measurements, after this series of patches, > ipsec-secgw performance drops by about 0-2%. > > v6: > - add SA check for NULL pointer after rte_ipsec_sad_lookup() > - using mbuf ptype field to distinguish v4 and v6 packets > - add SAD cache size option into documentation > > v5: > - introduce SAD cache to solve performance degradation > - ipsec_sad_add() returns an error if the key is present > > v4: > - put tunnel SA's into SAD with SPI_ONLY type for performance reason > > v3: > - parse SA and SP into sorted array instead of linked list > > v2: > - get rid of maximum sp limitation > > Vladimir Medvedkin (8): > ipsec: move ipsec sad name length into .h > examples/ipsec-secgw: implement inbound SAD > examples/ipsec-secgw: integrate inbound SAD > examples/ipsec-secgw: get rid of maximum sa limitation > examples/ipsec-secgw: get rid of maximum sp limitation > examples/ipsec-secgw: add SAD cache > examples/ipsec-secgw: set/use mbuf ptype > doc: update ipsec-secgw guide > > doc/guides/sample_app_ug/ipsec_secgw.rst | 6 + > examples/ipsec-secgw/Makefile | 1 + > examples/ipsec-secgw/ipsec-secgw.c | 36 ++++- > examples/ipsec-secgw/ipsec.h | 12 +- > examples/ipsec-secgw/meson.build | 2 +- > examples/ipsec-secgw/parser.c | 4 + > examples/ipsec-secgw/parser.h | 9 ++ > examples/ipsec-secgw/sa.c | 238 ++++++++++++++++++------------- > examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++ > examples/ipsec-secgw/sad.h | 170 ++++++++++++++++++++++ > examples/ipsec-secgw/sp4.c | 114 +++++++++++---- > examples/ipsec-secgw/sp6.c | 112 +++++++++++---- > lib/librte_ipsec/ipsec_sad.c | 20 +-- > lib/librte_ipsec/rte_ipsec_sad.h | 2 + > 14 files changed, 696 insertions(+), 179 deletions(-) > create mode 100644 examples/ipsec-secgw/sad.c > create mode 100644 examples/ipsec-secgw/sad.h > > -- > 2.7.4 Squashed the last patch with 6th patch Applied to dpdk-next-crypto Thanks.