summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ipsec_spd.c
AgeCommit message (Collapse)AuthorFilesLines
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski1-21/+130
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-07-15ipsec: fast path outbound policy matching implementation for ipv6Piotr Bronowski1-3/+21
With this patch fast path for ipv6 policy lookup is enabled. This impelentation scales and outperforms original implementation when the number of defined flows is higher thatn 100k. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
2022-06-29ipsec: add/delete ipsec fast path policyPiotr Bronowski1-1/+16
This patch introduces functions to add and delete fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
2020-11-06ipsec: add support for tx-table-id in cli + exampleBenoît Ganne1-1/+1
Type: improvement Change-Id: I840741dfe040718b682935cdbcb0ba958d45a591 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-13ipsec: remove spurious warningsNeale Ranns1-3/+0
Type: fix Fixes: 999c8ee6d6 Change-Id: Idcdddbe45f2e0adfd375b07199bb30f77c28702d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-22IPSEC: header exportsNeale Ranns1-0/+1
Change-Id: I7d48a4e236c6e7b11b0c9750a30fb68e829d64a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-05IPSEC: SPD counters in the stats sgementNeale Ranns1-6/+4
- return the stats_index of each SPD in the create API call - no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly - only one pool of SPD entries (rhter than one per-SPD) to support this - no packets/bytes in the dump API. Polling the stats segment is much more efficient (if the SA lifetime is based on packet/bytes) - emit the policy index in the packet trace and CLI commands. Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-01IPSEC: minor refactorNeale Ranns1-0/+118
No function change. Only breaking the monster ipsec.[hc] into smaller constituent parts Change-Id: I3fd4d2d041673db5865d46a4002f6bd383f378af Signed-off-by: Neale Ranns <nranns@cisco.com>