diff options
| author |   Piotr Bronowski <piotrx.bronowski@intel.com> | 2022-08-31 13:48:14 +0000 |
|---|---|---|
| committer | Piotr Bronowski <piotrx.bronowski@intel.com> | 2022-09-12 11:55:14 +0200 |
| commit | 993b6bee63d4f455db0a6021c9659aad4545acf2 (patch) | |
| tree | 9c098bf4cadb56fbb3170264b0801c1565cac872 /src/vnet/ipsec/ipsec_spd.h | |
| parent | a27aa6b413512415a592ecd1f14714fd1634d29c (diff) | |
ipsec: introduce fast path ipv4 inbound matching
This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
Diffstat (limited to 'src/vnet/ipsec/ipsec_spd.h')
| -rw-r--r-- | src/vnet/ipsec/ipsec_spd.h | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/src/vnet/ipsec/ipsec_spd.h b/src/vnet/ipsec/ipsec_spd.h index 887ae99c101..3a4fd0ec91c 100644 --- a/src/vnet/ipsec/ipsec_spd.h +++ b/src/vnet/ipsec/ipsec_spd.h @@ -42,20 +42,31 @@ typedef enum ipsec_spd_policy_t_ extern u8 *format_ipsec_policy_type (u8 * s, va_list * args); +typedef struct +{ + /* index in the mask types pool */ + u32 mask_type_idx; + /* counts references correspond to given mask type index */ + u32 refcount; +} ipsec_fp_mask_id_t; + /** * @brief A fast path Security Policy Database */ typedef struct { - /** vectors for each of the policy types */ + /** vectors for each of the fast path policy types */ u32 *fp_policies[IPSEC_SPD_POLICY_N_TYPES]; - u32 *fp_mask_types[IPSEC_SPD_POLICY_N_TYPES]; - - clib_bihash_40_8_t fp_ip6_lookup_hash; /* spd fp ip6 lookup hash table. */ - clib_bihash_16_8_t fp_ip4_lookup_hash; /* spd fp ip4 lookup hash table. */ - - u8 fp_ip6_lookup_hash_initialized; - + ipsec_fp_mask_id_t *fp_mask_ids[IPSEC_SPD_POLICY_N_TYPES]; + /* names of bihash tables */ + u8 *name4_out; + u8 *name4_in; + u8 *name6_out; + u8 *name6_in; + u32 ip6_out_lookup_hash_idx; /* fp ip6 lookup hash out index in the pool */ + u32 ip4_out_lookup_hash_idx; /* fp ip4 lookup hash out index in the pool */ + u32 ip6_in_lookup_hash_idx; /* fp ip6 lookup hash in index in the pool */ + u32 ip4_in_lookup_hash_idx; /* fp ip4 lookup hash in index in the pool */ } ipsec_spd_fp_t; /** @@ -67,7 +78,6 @@ typedef struct u32 id; /** vectors for each of the policy types */ u32 *policies[IPSEC_SPD_POLICY_N_TYPES]; - /* TODO remove fp_spd. Use directly ipsec_spd_t for fast path */ ipsec_spd_fp_t fp_spd; } ipsec_spd_t; |