summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec.c
diff options
context:
space:
mode:
authorPiotr Bronowski <piotrx.bronowski@intel.com>2022-07-08 12:45:05 +0000
committerFan Zhang <roy.fan.zhang@intel.com>2022-07-15 12:45:19 +0000
commit86f8208af43efaa71b8e1c0a5ff86fc233456d9d (patch)
tree18feadc95586f549325f2a1872492caa9ad32df0 /src/vnet/ipsec/ipsec.c
parent963e9b583b7fa7c26efc7acee2449069057b93d7 (diff)
ipsec: fast path outbound policy matching implementation for ipv6
With this patch fast path for ipv6 policy lookup is enabled. This impelentation scales and outperforms original implementation when the number of defined flows is higher thatn 100k. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
Diffstat (limited to 'src/vnet/ipsec/ipsec.c')
-rw-r--r--src/vnet/ipsec/ipsec.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 26761a432dd..3c22fbb87dd 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -483,7 +483,9 @@ ipsec_init (vlib_main_t * vm)
if ((error = vlib_call_init_function (vm, ipsec_cli_init)))
return error;
- im->fp_spd_is_enabled = 0;
+ im->ipv4_fp_spd_is_enabled = 0;
+ im->ipv6_fp_spd_is_enabled = 0;
+
im->fp_lookup_hash_buckets = IPSEC_FP_HASH_LOOKUP_HASH_BUCKETS;
vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
@@ -641,13 +643,19 @@ ipsec_config (vlib_main_t *vm, unformat_input_t *input)
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (input, "ipv4-outbound-spd-fast-path on"))
+ if (unformat (input, "ipv6-outbound-spd-fast-path on"))
+ {
+ im->ipv6_fp_spd_is_enabled = 1;
+ }
+ else if (unformat (input, "ipv6-outbound-spd-fast-path off"))
+ im->ipv6_fp_spd_is_enabled = 0;
+ else if (unformat (input, "ipv4-outbound-spd-fast-path on"))
{
- im->fp_spd_is_enabled = 1;
+ im->ipv4_fp_spd_is_enabled = 1;
im->output_flow_cache_flag = 0;
}
else if (unformat (input, "ipv4-outbound-spd-fast-path off"))
- im->fp_spd_is_enabled = 0;
+ im->ipv4_fp_spd_is_enabled = 0;
else if (unformat (input, "spd-fast-path-num-buckets %d",
&ipsec_spd_fp_num_buckets))
{
@@ -656,7 +664,7 @@ ipsec_config (vlib_main_t *vm, unformat_input_t *input)
<< max_log2 (ipsec_spd_fp_num_buckets);
}
else if (unformat (input, "ipv4-outbound-spd-flow-cache on"))
- im->output_flow_cache_flag = im->fp_spd_is_enabled ? 0 : 1;
+ im->output_flow_cache_flag = im->ipv4_fp_spd_is_enabled ? 0 : 1;
else if (unformat (input, "ipv4-outbound-spd-flow-cache off"))
im->output_flow_cache_flag = 0;
else if (unformat (input, "ipv4-outbound-spd-hash-buckets %d",