From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 20DD3A051A; Fri, 17 Jan 2020 13:26:46 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E1AEF14EC; Fri, 17 Jan 2020 13:26:44 +0100 (CET) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80048.outbound.protection.outlook.com [40.107.8.48]) by dpdk.org (Postfix) with ESMTP id 5D96D11A4 for ; Fri, 17 Jan 2020 13:26:43 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h2DiCfNh0fiz8ptc8mZjZqWoP+kzNzq71rNQ9vuchKlhJUjvKTiStaiBja5GJuXtv1xBhklurZp8H7mL8XwJX5+j7L5mqE8i4z80qlmC8HmEX7PTinUCJYG835AxeyZi4vgdniPuFEzrZ3xc19r+us1142FcB/JKsklmadCtL7NHxA0Z5Ob4uNoifvPnOQfAo1VqKTXA1WOQW+gEh1GdhXRUviUf9TsXVdVgO01JlZvSzKUEg+YLlzpe/NYyxFIZ5nSZ424iuHpKlPGpZdAmb75UXTqeoYrra3l15kjoa0twMXrn5NfrV2yhBAaMGvX+bPrWS1oUO8zcpFggKyl7eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZroRSPfWuHMAYnIPxRIBGiNNZw/Y/i02lL0bKbyC57s=; b=gMMex6tiz+gl4V5f+Bw8mj42nJo6IRRE3SW29gJITLCk2TtkNJbPcWJOrHmmLpv6b64Rbo48pFRW7OLoQ3NS/IgCG9/7hXwkCmb88BJf5KXrxHXahHY/lhgyDIwiS32RSPpshxU42E2YK6AmfoG6fUtUtwhkEsy9/ajNoEnDiRhLuqk5ipU5WDzffhIj6JvinE0P25lNuXsb2rHxE8Bh6hqxmmH9U0iBi7ufkGNPBGdQWmDMyd75qOCIB5Iu9usREIa+oja6l+e90VPdBSJAbYptqWg+hFVy+kqzg+nVQqMm0VUF2FT4ZevwnZH9wEF9RdVUwgmHpdZkE3fzc33M+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZroRSPfWuHMAYnIPxRIBGiNNZw/Y/i02lL0bKbyC57s=; b=eaXq1fqgLeY5vgtGJNIhYHXqoVg/h6BgozhNPgTy4w5NOmQGmioRKRimzTZjdbbRO7MsAux/4RIrVRxm7ME0ew+rarY0mirPg1emMNSy+R6Nm6yY/b6nNGkbelBus7StFIC5kwfPPFg2cTsujlqJ2TTKVxyIsg3ddLKRe1sLR0c= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6510.eurprd04.prod.outlook.com (20.179.235.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23; Fri, 17 Jan 2020 12:26:41 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::25b0:b1ac:aed0:63e1%7]) with mapi id 15.20.2644.015; Fri, 17 Jan 2020 12:26:41 +0000 From: Akhil Goyal To: Vladimir Medvedkin , "dev@dpdk.org" CC: "konstantin.ananyev@intel.com" Thread-Topic: [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw Thread-Index: AQHVyua84DHp0xL2Skqjd3ora8PiU6fr337QgALsjLA= Date: Fri, 17 Jan 2020 12:26:41 +0000 Message-ID: References: <1578920122-228017-1-git-send-email-vladimir.medvedkin@intel.com> <1579012036-326214-1-git-send-email-vladimir.medvedkin@intel.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.66] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: cc7c0ef3-5218-42ca-34f5-08d79b4881ef x-ms-traffictypediagnostic: VE1PR04MB6510: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1284; x-forefront-prvs: 0285201563 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(396003)(346002)(136003)(39860400002)(366004)(189003)(199004)(66946007)(66476007)(66556008)(4326008)(110136005)(76116006)(9686003)(2906002)(55016002)(66446008)(316002)(64756008)(26005)(6506007)(186003)(44832011)(478600001)(86362001)(5660300002)(52536014)(7696005)(33656002)(8936002)(71200400001)(81166006)(81156014)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6510; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 82WgqvLyfJnury+HUit5HeVbPCAthgNSmdXGUXADy6PjKpDCqIzcp1dmnjCyOkBn//TKWZZrMVqRcaUMPdX3KJD+3TsSg2ZGrrvKlYKgj5kvRo1c7DVRBjyYv3nokukhOh7EXftrbkq3d7Ow/oxuRnRw/6P7DR1MTOdRklFnQ+6L2W7OYbib/jxmXzQKUPqHc9Ekfje0R/bXKnTR98Kxh+BlNiB8o3yRG7zIkQQVYzJAD5iLJ7ntxz6VbyL8i2FdX7r1EAhQ7hK21rpirsSwvlbe0aUWVnEBw1TIFmFjGwgd0dBzvBi3OIcBOuTBchRtrVqkov8VXmnv4pE9SgWPAOE2s3F7X+hq61a0Tuy3hbgd0u1OResgT3bdZCjyva1HLEE4X+73Zw75kXZE+tlfZJd5rXviefvTj9zYnnPqNh+N+Eeh2N4PKfVCKvqnVRT8 x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: cc7c0ef3-5218-42ca-34f5-08d79b4881ef X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2020 12:26:41.4843 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pIT3I9X+QAl5BQbOVwZmgl77d81uMirbe455eCa4/zXcTSxLS9sW8NjZGK2Yk3RcofPKTE0bDSwH2JX4S0zD2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6510 Subject: Re: [dpdk-dev] [PATCH v4 0/5] integrate librte_ipsec SAD into ipsec-secgw X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Vladimir, The lookup logic for SAD has been brought more closer to real use case, but= it looks very high on CPU and should be optimized. We cannot have 10-15% d= rop because of this change in SA lookup for small packet(82B) sizes where C= PU is bottleneck. For large packet sizes it will not impact. >=20 > Hi Vladimir, >=20 > There is more than 10% drop with this patchset on NXP hardware with both > legacy mode and the ipsec lib mode. This would need some debugging. > Didn't you see any drop on intel? >=20 > Regards, > Akhil >=20 > > > > This series integrates SA database (SAD) capabilities from ipsec librar= y. > > The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. > > Also patch series removes hardcoded limitation for maximum number of SA= 's > > and SP's. > > > > v4: > > - put tunnel SA's into SAD with SPI_ONLY type for performance reason > > > > v3: > > - parse SA and SP into sorted array instead of linked list > > > > v2: > > - get rid of maximum sp limitation > > > > Vladimir Medvedkin (5): > > ipsec: move ipsec sad name length into .h > > examples/ipsec-secgw: implement inbound SAD > > examples/ipsec-secgw: integrate inbound SAD > > examples/ipsec-secgw: get rid of maximum sa limitation > > examples/ipsec-secgw: get rid of maximum sp limitation > > > > examples/ipsec-secgw/Makefile | 1 + > > examples/ipsec-secgw/ipsec-secgw.c | 4 +- > > examples/ipsec-secgw/ipsec.h | 11 +- > > examples/ipsec-secgw/meson.build | 2 +- > > examples/ipsec-secgw/parser.c | 4 + > > examples/ipsec-secgw/parser.h | 9 ++ > > examples/ipsec-secgw/sa.c | 256 +++++++++++++++++++++++------= ------- > - > > examples/ipsec-secgw/sad.c | 90 +++++++++++++ > > examples/ipsec-secgw/sad.h | 74 +++++++++++ > > examples/ipsec-secgw/sp4.c | 114 ++++++++++++----- > > examples/ipsec-secgw/sp6.c | 112 +++++++++++----- > > lib/librte_ipsec/ipsec_sad.c | 20 +-- > > lib/librte_ipsec/rte_ipsec_sad.h | 2 + > > 13 files changed, 528 insertions(+), 171 deletions(-) > > create mode 100644 examples/ipsec-secgw/sad.c > > create mode 100644 examples/ipsec-secgw/sad.h > > > > -- > > 2.7.4