This series integrates SA database (SAD) capabilities from ipsec library. The goal is to make ipsec-secgw RFC compliant regarding inbound SAD. Also patch series removes hardcoded limitation for maximum number of SA's and SP's. According to our measurements, after this series of patches, ipsec-secgw performance drops by about 0-2%.
v5: - introduce SAD cache to solve performance degradation - ipsec_sad_add() returns an error if the key is present v4: - put tunnel SA's into SAD with SPI_ONLY type for performance reason v3: - parse SA and SP into sorted array instead of linked list v2: - get rid of maximum sp limitation Vladimir Medvedkin (6): ipsec: move ipsec sad name length into .h examples/ipsec-secgw: implement inbound SAD examples/ipsec-secgw: integrate inbound SAD examples/ipsec-secgw: get rid of maximum sa limitation examples/ipsec-secgw: get rid of maximum sp limitation examples/ipsec-secgw: add SAD cache examples/ipsec-secgw/Makefile | 1 + examples/ipsec-secgw/ipsec-secgw.c | 34 +++++- examples/ipsec-secgw/ipsec.h | 12 +- examples/ipsec-secgw/meson.build | 2 +- examples/ipsec-secgw/parser.c | 4 + examples/ipsec-secgw/parser.h | 9 ++ examples/ipsec-secgw/sa.c | 238 +++++++++++++++++++++---------------- examples/ipsec-secgw/sad.c | 149 +++++++++++++++++++++++ examples/ipsec-secgw/sad.h | 168 ++++++++++++++++++++++++++ examples/ipsec-secgw/sp4.c | 114 +++++++++++++----- examples/ipsec-secgw/sp6.c | 112 ++++++++++++----- lib/librte_ipsec/ipsec_sad.c | 20 ++-- lib/librte_ipsec/rte_ipsec_sad.h | 2 + 13 files changed, 686 insertions(+), 179 deletions(-) create mode 100644 examples/ipsec-secgw/sad.c create mode 100644 examples/ipsec-secgw/sad.h -- 2.7.4