diff options
| author |   Neale Ranns <nranns@cisco.com> | 2019-07-16 15:28:52 +0000 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-07-19 21:46:36 +0000 |
| commit | 1f50bf8fc57ebf78f9056185a342493be460a847 (patch) | |
| tree | 55bcf7508dc679b9a38552438d21b8b1fa05331e /src/vnet/ipsec | |
| parent | cca9618a5e1b126263ef262974b0b4d6ac6352a2 (diff) | |
fib: FIB Entry tracking
Instead of all clients directly RR sourcing the entry they are tracking,
use a deidcated 'tracker' object. This tracker object is a entry
delegate and a child of the entry. The clients are then children of the
tracker.
The benefit of this aproach is that each time a new client tracks the
entry it doesn't RR source it. When an entry is sourced all its children
are updated. Thus, new clients tracking an entry is O(n^2). With the
tracker as indirection, the entry is sourced only once.
Type: feature
Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
| -rw-r--r-- | src/vnet/ipsec/ipsec_sa.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index e3eff586906..11d6b10c4a4 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -17,6 +17,7 @@ #include <vnet/ipsec/esp.h> #include <vnet/udp/udp.h> #include <vnet/fib/fib_table.h> +#include <vnet/fib/fib_entry_track.h> #include <vnet/ipsec/ipsec_tun.h> /** @@ -218,12 +219,10 @@ ipsec_sa_add_and_lock (u32 id, return VNET_API_ERROR_NO_SUCH_FIB; } - sa->fib_entry_index = fib_table_entry_special_add (sa->tx_fib_index, - &pfx, - FIB_SOURCE_RR, - FIB_ENTRY_FLAG_NONE); - sa->sibling = fib_entry_child_add (sa->fib_entry_index, - FIB_NODE_TYPE_IPSEC_SA, sa_index); + sa->fib_entry_index = fib_entry_track (sa->tx_fib_index, + &pfx, + FIB_NODE_TYPE_IPSEC_SA, + sa_index, &sa->sibling); ipsec_sa_stack (sa); /* generate header templates */ @@ -288,10 +287,7 @@ ipsec_sa_del (ipsec_sa_t * sa) if (ipsec_sa_is_set_IS_TUNNEL (sa) && !ipsec_sa_is_set_IS_INBOUND (sa)) { - fib_entry_child_remove (sa->fib_entry_index, sa->sibling); - fib_table_entry_special_remove - (sa->tx_fib_index, - fib_entry_get_prefix (sa->fib_entry_index), FIB_SOURCE_RR); + fib_entry_untrack (sa->fib_entry_index, sa->sibling); dpo_reset (&sa->dpo); } vnet_crypto_key_del (vm, sa->crypto_key_index); |