git.droids-corp.org - dpdk.git/commit

author	Vladimir Medvedkin <vladimir.medvedkin@intel.com>
	Mon, 21 Oct 2019 14:35:42 +0000 (15:35 +0100)
committer	Akhil Goyal <akhil.goyal@nxp.com>
	Wed, 23 Oct 2019 14:57:06 +0000 (16:57 +0200)
commit	401633d9c11288fb1e558455f099527c4f20deda
tree	acf0a69c4b39138501e4d7ca3c9b6e17fe584584	tree \| snapshot
parent	65beb9abca6dbb2167a53ab31d79e03f0857357b	commit \| diff

ipsec: add inbound SAD API

According to RFC 4301 IPSec implementation needs an inbound SA database
(SAD).
For each incoming inbound IPSec-protected packet (ESP or AH) it has to
perform a lookup within it's SAD.
Lookup should be performed by:
Security Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)
or SPI + DIP
or SPI only
and an implementation has to return the 'longest' existing match.
This patch extend DPDK IPsec library with inbound security association
database (SAD) API implementation that:
- conforms to the RFC requirements above
- can scale up to millions of entries
- supports fast lookups
- supports incremental updates

Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

doc/guides/prog_guide/ipsec_lib.rst		diff \| blob \| history
doc/guides/rel_notes/release_19_11.rst		diff \| blob \| history
lib/librte_ipsec/Makefile		diff \| blob \| history
lib/librte_ipsec/ipsec_sad.c	[new file with mode: 0644]	blob
lib/librte_ipsec/meson.build		diff \| blob \| history
lib/librte_ipsec/rte_ipsec_sad.h	[new file with mode: 0644]	blob
lib/librte_ipsec/rte_ipsec_version.map		diff \| blob \| history