DPDK patches and discussions
 help / color / Atom feed
From: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, bernard.iremonger@intel.com,
	akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v5 0/5] ipsec: add inbound SAD
Date: Thu, 10 Oct 2019 17:49:21 +0100
Message-ID: <cover.1570725871.git.vladimir.medvedkin@intel.com> (raw)
In-Reply-To: <cover.1570553345.git.vladimir.medvedkin@intel.com>

According to RFC 4301 IPSec implementation needs an inbound SA database (SAD).
For each incoming inbound IPSec-protected packet (ESP or AH) it has to
perform a lookup within it’s SAD.
Lookup should be performed by:
Security Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)
  or SPI + DIP
  or SPI only
and an implementation has to return the “longest” existing match.
These series extend DPDK IPsec library with SAD table implementation that:
- conforms to the RFC requirements above
- can scale up to millions of entries
- supports fast lookups
- supports incremental updates

Initial series provide an API to create/destroy SAD, and to
add/delete/lookup entries within given SAD table.
Under the hood it uses three librte_hash tables each of which contains
an entries for a specific SA type (either it is addressed by SPI only
or SPI+DIP or SPI+DIP+SIP) Also this patch series introduce test-sad
application to measure performance of the library. According to our
measurements on SKX for 1M entries average lookup cost is ~80 cycles,
average add cost ~500 cycles.

Next Steps:
- integration with ipsec-secgw
- documentation

v5:
- small fix in rte_ipsec_sad_create()
- add comments in rte_ipsec_sad.h

v4:
- fixes in test-sad app
- small fixes in rte_ipsec_sad_create()
- fixes in test_find_existing() from unittests

v3:
- fixes in rte_ipsec_sad_create() and rte_ipsec_sad_find_existing()
- fix typos
- updated commit messages
- added test_find_existing() in unittests

v2:
- various bugs fixed
- rte_ipsec_sad_free renamed to rte_ipsec_sad_destroy
- added const qualifier to rte_ipsec_sad_key *key for add/delete
- added more comments into the code
- added ipv6 support into the testsad app
- added <DEL> measurement into the testsad app
- random SPI values are generated without dups
- added support for configurable burst size in testsad app
- added verbose mode into the testsad app


Vladimir Medvedkin (5):
  ipsec: add inbound SAD API
  ipsec: add SAD create/destroy implementation
  ipsec: add SAD add/delete/lookup implementation
  test/ipsec: add ipsec SAD autotests
  app: add test-sad application

 app/Makefile                           |   1 +
 app/meson.build                        |   3 +-
 app/test-sad/Makefile                  |  18 +
 app/test-sad/main.c                    | 644 ++++++++++++++++++++++++
 app/test-sad/meson.build               |   6 +
 app/test/Makefile                      |   1 +
 app/test/autotest_data.py              |   6 +
 app/test/meson.build                   |   1 +
 app/test/test_ipsec_sad.c              | 887 +++++++++++++++++++++++++++++++++
 lib/librte_ipsec/Makefile              |   4 +-
 lib/librte_ipsec/ipsec_sad.c           | 515 +++++++++++++++++++
 lib/librte_ipsec/meson.build           |   6 +-
 lib/librte_ipsec/rte_ipsec_sad.h       | 176 +++++++
 lib/librte_ipsec/rte_ipsec_version.map |   7 +
 14 files changed, 2270 insertions(+), 5 deletions(-)
 create mode 100644 app/test-sad/Makefile
 create mode 100644 app/test-sad/main.c
 create mode 100644 app/test-sad/meson.build
 create mode 100644 app/test/test_ipsec_sad.c
 create mode 100644 lib/librte_ipsec/ipsec_sad.c
 create mode 100644 lib/librte_ipsec/rte_ipsec_sad.h

-- 
2.7.4


  reply index

Thread overview: 69+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-13 15:13 [dpdk-dev] [RFC " Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-08-13 15:13 ` [dpdk-dev] [RFC 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 0/5] ipsec: add inbound SAD Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 " Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 " Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 " Vladimir Medvedkin
2019-10-10 16:49         ` Vladimir Medvedkin [this message]
2019-10-11 11:34           ` [dpdk-dev] [PATCH v5 " Akhil Goyal
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 0/6] " Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 0/5] " Vladimir Medvedkin
2019-10-22  7:53               ` Akhil Goyal
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-21 14:35             ` [dpdk-dev] [PATCH v7 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 1/6] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-17 15:47           ` [dpdk-dev] [PATCH v6 2/6] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 3/6] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 4/6] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 5/6] app: add test-sad application Vladimir Medvedkin
2019-10-21  9:57             ` Akhil Goyal
2019-10-17 15:48           ` [dpdk-dev] [PATCH v6 6/6] doc/ipsec: update ipsec programmer's guide Vladimir Medvedkin
2019-10-18 10:09             ` Ananyev, Konstantin
2019-10-21  8:19             ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-11 10:42           ` Akhil Goyal
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-10 16:49         ` [dpdk-dev] [PATCH v5 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-09 10:49         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-09 10:56         ` Ananyev, Konstantin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08 16:55       ` [dpdk-dev] [PATCH v4 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-08  9:40     ` [dpdk-dev] [PATCH v3 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-10-02 11:24     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 2/5] ipsec: add SAD create/destroy implementation Vladimir Medvedkin
2019-10-02 11:55     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-10-02 12:04     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-10-02 11:16     ` Ananyev, Konstantin
2019-10-01 17:25   ` [dpdk-dev] [PATCH v2 5/5] app: add test-sad application Vladimir Medvedkin
2019-10-02 13:27     ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 1/5] ipsec: add inbound SAD API Vladimir Medvedkin
2019-09-14 23:05   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 2/5] ipsec: add SAD create/free API Vladimir Medvedkin
2019-09-12 18:08   ` Ananyev, Konstantin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 3/5] ipsec: add SAD add/delete/lookup implementation Vladimir Medvedkin
2019-09-12 17:58   ` Ananyev, Konstantin
2019-10-01 17:24     ` Medvedkin, Vladimir
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 4/5] test/ipsec: add ipsec SAD autotests Vladimir Medvedkin
2019-09-03 16:55 ` [dpdk-dev] [PATCH v1 5/5] app: add test-sad application Vladimir Medvedkin
2019-09-12 18:30   ` Ananyev, Konstantin
2019-09-12 18:33     ` Ananyev, Konstantin
2019-09-12 18:34 ` [dpdk-dev] [RFC 0/5] ipsec: add inbound SAD Ananyev, Konstantin

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1570725871.git.vladimir.medvedkin@intel.com \
    --to=vladimir.medvedkin@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=bernard.iremonger@intel.com \
    --cc=dev@dpdk.org \
    --cc=konstantin.ananyev@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox