From patchwork Fri Jan 31 17:39:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Medvedkin X-Patchwork-Id: 65439 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5D775A0524; Fri, 31 Jan 2020 18:39:52 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 30B6A1C115; Fri, 31 Jan 2020 18:39:52 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id E2E541C10F for ; Fri, 31 Jan 2020 18:39:49 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Jan 2020 09:39:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,386,1574150400"; d="scan'208";a="223202774" Received: from silpixa00400072.ir.intel.com ([10.237.222.213]) by orsmga008.jf.intel.com with ESMTP; 31 Jan 2020 09:39:48 -0800 From: Vladimir Medvedkin To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, akhil.goyal@nxp.com Date: Fri, 31 Jan 2020 17:39:37 +0000 Message-Id: <1580492385-120134-1-git-send-email-vladimir.medvedkin@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com> References: <1580306768-110555-1-git-send-email-vladimir.medvedkin@intel.com> Subject: [dpdk-dev] [PATCH v6 0/8] integrate librte_ipsec SAD into ipsec-secgw X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This series integrates SA database (SAD) capabilities from ipsec library. The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. Also patch series removes hardcoded limitation for maximum number of SA's and SP's. According to our measurements, after this series of patches, ipsec-secgw performance drops by about 0-2%. v6: - add SA check for NULL pointer after rte_ipsec_sad_lookup() - using mbuf ptype field to distinguish v4 and v6 packets - add SAD cache size option into documentation v5: - introduce SAD cache to solve performance degradation - ipsec_sad_add() returns an error if the key is present v4: - put tunnel SA's into SAD with SPI_ONLY type for performance reason v3: - parse SA and SP into sorted array instead of linked list v2: - get rid of maximum sp limitation Vladimir Medvedkin (8): ipsec: move ipsec sad name length into .h examples/ipsec-secgw: implement inbound SAD examples/ipsec-secgw: integrate inbound SAD examples/ipsec-secgw: get rid of maximum sa limitation examples/ipsec-secgw: get rid of maximum sp limitation examples/ipsec-secgw: add SAD cache examples/ipsec-secgw: set/use mbuf ptype doc: update ipsec-secgw guide doc/guides/sample_app_ug/ipsec_secgw.rst | 6 + examples/ipsec-secgw/Makefile | 1 + examples/ipsec-secgw/ipsec-secgw.c | 36 ++++- examples/ipsec-secgw/ipsec.h | 12 +- examples/ipsec-secgw/meson.build | 2 +- examples/ipsec-secgw/parser.c | 4 + examples/ipsec-secgw/parser.h | 9 ++ examples/ipsec-secgw/sa.c | 238 ++++++++++++++++++------------- examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++ examples/ipsec-secgw/sad.h | 170 ++++++++++++++++++++++ examples/ipsec-secgw/sp4.c | 114 +++++++++++---- examples/ipsec-secgw/sp6.c | 112 +++++++++++---- lib/librte_ipsec/ipsec_sad.c | 20 +-- lib/librte_ipsec/rte_ipsec_sad.h | 2 + 14 files changed, 696 insertions(+), 179 deletions(-) create mode 100644 examples/ipsec-secgw/sad.c create mode 100644 examples/ipsec-secgw/sad.h