DPDK patches and discussions
 help / color / Atom feed
From: Akhil Goyal <akhil.goyal@nxp.com>
To: Vladimir Medvedkin <vladimir.medvedkin@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Mariusz Drost <mariuszx.drost@intel.com>
Cc: "konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>,
	"bernard.iremonger@intel.com" <bernard.iremonger@intel.com>
Subject: Re: [dpdk-dev] [PATCH v5 0/5] ipsec: add inbound SAD
Date: Fri, 11 Oct 2019 11:34:26 +0000
Message-ID: <VE1PR04MB6639BBB2664798561ED55326E6970@VE1PR04MB6639.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <cover.1570725871.git.vladimir.medvedkin@intel.com>



> -----Original Message-----
> From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
> Sent: Thursday, October 10, 2019 10:19 PM
> To: dev@dpdk.org
> Cc: konstantin.ananyev@intel.com; bernard.iremonger@intel.com; Akhil Goyal
> <akhil.goyal@nxp.com>
> Subject: [PATCH v5 0/5] ipsec: add inbound SAD
> 
> According to RFC 4301 IPSec implementation needs an inbound SA database
> (SAD).
> For each incoming inbound IPSec-protected packet (ESP or AH) it has to
> perform a lookup within it’s SAD.
> Lookup should be performed by:
> Security Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)
>   or SPI + DIP
>   or SPI only
> and an implementation has to return the “longest” existing match.
> These series extend DPDK IPsec library with SAD table implementation that:
> - conforms to the RFC requirements above
> - can scale up to millions of entries
> - supports fast lookups
> - supports incremental updates
> 
> Initial series provide an API to create/destroy SAD, and to
> add/delete/lookup entries within given SAD table.
> Under the hood it uses three librte_hash tables each of which contains
> an entries for a specific SA type (either it is addressed by SPI only
> or SPI+DIP or SPI+DIP+SIP) Also this patch series introduce test-sad
> application to measure performance of the library. According to our
> measurements on SKX for 1M entries average lookup cost is ~80 cycles,
> average add cost ~500 cycles.
> 
> Next Steps:
> - integration with ipsec-secgw
> - documentation

I believe documentation should be part of this patchset combined with the patches
which introduce that API.
Apart from that, 0ne comment is there on the lookup API return value.

Integration with IPSec Application can be done separately. No issues with that.
With this series, I think we don’t need the changes done in 
http://patches.dpdk.org/user/todo/dpdk/?series=6499
If it is agreed, I will move it as Rejected.

With Above changes - Series 
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Please send these changes so that I can merge this series.



> 
> v5:
> - small fix in rte_ipsec_sad_create()
> - add comments in rte_ipsec_sad.h
> 
> v4:
> - fixes in test-sad app
> - small fixes in rte_ipsec_sad_create()
> - fixes in test_find_existing() from unittests
> 
> v3:
> - fixes in rte_ipsec_sad_create() and rte_ipsec_sad_find_existing()
> - fix typos
> - updated commit messages
> - added test_find_existing() in unittests
> 
> v2:
> - various bugs fixed
> - rte_ipsec_sad_free renamed to rte_ipsec_sad_destroy
> - added const qualifier to rte_ipsec_sad_key *key for add/delete
> - added more comments into the code
> - added ipv6 support into the testsad app
> - added <DEL> measurement into the testsad app
> - random SPI values are generated without dups
> - added support for configurable burst size in testsad app
> - added verbose mode into the testsad app
> 
> 
> Vladimir Medvedkin (5):
>   ipsec: add inbound SAD API
>   ipsec: add SAD create/destroy implementation
>   ipsec: add SAD add/delete/lookup implementation
>   test/ipsec: add ipsec SAD autotests
>   app: add test-sad application
> 
>  app/Makefile                           |   1 +
>  app/meson.build                        |   3 +-
>  app/test-sad/Makefile                  |  18 +
>  app/test-sad/main.c                    | 644 ++++++++++++++++++++++++
>  app/test-sad/meson.build               |   6 +
>  app/test/Makefile                      |   1 +
>  app/test/autotest_data.py              |   6 +
>  app/test/meson.build                   |   1 +
>  app/test/test_ipsec_sad.c              | 887
> +++++++++++++++++++++++++++++++++
>  lib/librte_ipsec/Makefile              |   4 +-
>  lib/librte_ipsec/ipsec_sad.c           | 515 +++++++++++++++++++
>  lib/librte_ipsec/meson.build           |   6 +-
>  lib/librte_ipsec/rte_ipsec_sad.h       | 176 +++++++
>  lib/librte_ipsec/rte_ipsec_version.map |   7 +
>  14 files changed, 2270 insertions(+), 5 deletions(-)
>  create mode 100644 app/test-sad/Makefile
>  create mode 100644 app/test-sad/main.c
>  create mode 100644 app/test-sad/meson.build
>  create mode 100644 app/test/test_ipsec_sad.c
>  create mode 100644 lib/librte_ipsec/ipsec_sad.c
>  create mode 100644 lib/librte_ipsec/rte_ipsec_sad.h
> 
> --
> 2.7.4


  reply index

Thread overview: 69+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-13 15:13 [dpdk-dev] [RFC " Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 " Vladimir Medvedkin
2019-10-11 11:34           ` Akhil Goyal [this message]
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22  7:53               ` Akhil Goyal
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21  9:57             ` Akhil Goyal
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09             ` Ananyev, Konstantin
2019-10-21  8:19             ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42           ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27     ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58   ` Ananyev, Konstantin
2019-10-01 17:24     ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30   ` Ananyev, Konstantin
2019-09-12 18:33     ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=VE1PR04MB6639BBB2664798561ED55326E6970@VE1PR04MB6639.eurprd04.prod.outlook.com \
    --to=akhil.goyal@nxp.com \
    --cc=bernard.iremonger@intel.com \
    --cc=dev@dpdk.org \
    --cc=konstantin.ananyev@intel.com \
    --cc=mariuszx.drost@intel.com \
    --cc=vladimir.medvedkin@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox