From 993b6bee63d4f455db0a6021c9659aad4545acf2 Mon Sep 17 00:00:00 2001
From: Piotr Bronowski <piotrx.bronowski@intel.com>
Date: Wed, 31 Aug 2022 13:48:14 +0000
Subject: ipsec: introduce fast path ipv4 inbound matching

This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.

Type: feature

Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
---
 src/vnet/ipsec/ipsec_spd_policy.h | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/vnet/ipsec/ipsec_spd_policy.h')

diff --git a/src/vnet/ipsec/ipsec_spd_policy.h b/src/vnet/ipsec/ipsec_spd_policy.h
index 57985116c94..34f444efb9c 100644
--- a/src/vnet/ipsec/ipsec_spd_policy.h
+++ b/src/vnet/ipsec/ipsec_spd_policy.h
@@ -134,10 +134,17 @@ typedef union
 	ip6_address_t ip6_raddr;
       };
     };
-
-    u16 lport;
-    u16 rport;
-    u16 protocol;
+    union
+    {
+      struct
+      {
+	u16 lport;
+	u16 rport;
+      };
+      u32 spi;
+    };
+    u8 protocol;
+    u8 action;
     u16 is_ipv6;
   };
   /* for ipv6 */
-- 
cgit 1.2.3-korg