This series integrates SA database (SAD) capabilities from ipsec library. The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. Also patch series removes hardcoded limitation for maximum number of SA's and SP's. According to our measurements, after this series of patches, ipsec-secgw performance drops by about 0-2%.
v6: - add SA check for NULL pointer after rte_ipsec_sad_lookup() - using mbuf ptype field to distinguish v4 and v6 packets - add SAD cache size option into documentation v5: - introduce SAD cache to solve performance degradation - ipsec_sad_add() returns an error if the key is present v4: - put tunnel SA's into SAD with SPI_ONLY type for performance reason v3: - parse SA and SP into sorted array instead of linked list v2: - get rid of maximum sp limitation Vladimir Medvedkin (8): ipsec: move ipsec sad name length into .h examples/ipsec-secgw: implement inbound SAD examples/ipsec-secgw: integrate inbound SAD examples/ipsec-secgw: get rid of maximum sa limitation examples/ipsec-secgw: get rid of maximum sp limitation examples/ipsec-secgw: add SAD cache examples/ipsec-secgw: set/use mbuf ptype doc: update ipsec-secgw guide doc/guides/sample_app_ug/ipsec_secgw.rst | 6 + examples/ipsec-secgw/Makefile | 1 + examples/ipsec-secgw/ipsec-secgw.c | 36 ++++- examples/ipsec-secgw/ipsec.h | 12 +- examples/ipsec-secgw/meson.build | 2 +- examples/ipsec-secgw/parser.c | 4 + examples/ipsec-secgw/parser.h | 9 ++ examples/ipsec-secgw/sa.c | 238 ++++++++++++++++++------------- examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++ examples/ipsec-secgw/sad.h | 170 ++++++++++++++++++++++ examples/ipsec-secgw/sp4.c | 114 +++++++++++---- examples/ipsec-secgw/sp6.c | 112 +++++++++++---- lib/librte_ipsec/ipsec_sad.c | 20 +-- lib/librte_ipsec/rte_ipsec_sad.h | 2 + 14 files changed, 696 insertions(+), 179 deletions(-) create mode 100644 examples/ipsec-secgw/sad.c create mode 100644 examples/ipsec-secgw/sad.h -- 2.7.4
