Branch: refs/heads/master
Home: https://github.com/Linaro/odp
Commit: f60d82e96b995e10217ab40b6ad9f9cba3a6cadb
https://github.com/Linaro/odp/commit/f60d82e96b995e10217ab40b6ad9f9cba3a6cadb
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/odp_ipsec.c
Log Message:
-----------
linux-gen: ipsec: speed up random IV generation by thread-local buffering
Outbound IPsec processing for SAs that require random IV is slow
since the the OpenSSL based odp_random_data() is slow and not
multi-thread scalable.
Improve performance by not calling odp_random_data() for every packet
but by getting random data for IVs from a thread local buffer that is
filled by less frequent but larger odp_random_data requests.
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 917a2bf7e8a41538f811889099738eb3979efc3a
https://github.com/Linaro/odp/commit/917a2bf7e8a41538f811889099738eb3979efc3a
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/include/odp_ipsec_internal.h
M platform/linux-generic/odp_ipsec.c
M platform/linux-generic/odp_ipsec_sad.c
Log Message:
-----------
linux-gen: ipsec: remove SA reference counting from outbound processing
SA reference counting in IPsec output has severe performance penalty
when the same SA is used in multiple threads. Remove SA reference
counting from odp_ipsec_out() and odp_ipsec_out_enq() as it is
actually unnecessary with applications adhering to the ODP API.
The reference counting would prevent odp_ipsec_sa_disable() from
completing if IPsec outbound processing for the same SA were still
in progress in some other thread. With a correctly behaving ODP
application such situation never occurs because the ODP API requires
that odp_ipsec_sa_disable() must not be called at the same time as
odp_ipsec_out() or odp_ipsec_out_enq() for the same SA. The disable
call must thus happen after (in the C11 thread model sense, including
memory ordering) any conflicting IPsec output call, which means that
the ODP application must use appropriate synchronization mechanisms to
ensure that all odp_ipsec_out()/odp_ipsec_out_enc() calls (for the SA)
have completed before odp_ipsec_sa_disable() is called.
Similarly, when an SA is created, the handle must not be used in
other threads for output before the creation is complete and visible.
This means that an ODP application must use proper synchronization
mechanism when passing the handle of a newly created SA to another
thread and before using it there. This in turns make the SA state
check in ipsec_sa_lock() unnecessary when indirectly called through
the IPsec output routines.
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 23e4a06ea025492e33a9a0f759386133e9eef6ad
https://github.com/Linaro/odp/commit/23e4a06ea025492e33a9a0f759386133e9eef6ad
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/include/odp_ipsec_internal.h
M platform/linux-generic/odp_ipsec.c
M platform/linux-generic/odp_ipsec_sad.c
Log Message:
-----------
linux-gen: ipsec: separate hot r/w data from r/o data in an SA
Group very frequently updated SA state together, separately from
read-only data to reduce false sharing of cache lines and resulting
cache missed (not done for tun_ipv4.hdr_id which should be removed).
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 3b11463dc8f9ce6bdb95490eeda933e6b6be3534
https://github.com/Linaro/odp/commit/3b11463dc8f9ce6bdb95490eeda933e6b6be3534
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/include/odp_ipsec_internal.h
M platform/linux-generic/odp_ipsec.c
M platform/linux-generic/odp_ipsec_sad.c
Log Message:
-----------
linux-gen: ipsec: use sequence number counter for counter based IV
Reduce frequently updated SA state by reusing 64-bit sequence number
as a counter based IV instead of having a separate counter for it.
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 71b674a18a4655ab17bb9ab851492f8c51a9b950
https://github.com/Linaro/odp/commit/71b674a18a4655ab17bb9ab851492f8c51a9b950
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M test/validation/api/ipsec/ipsec.c
Log Message:
-----------
validation: ipsec: make output checking accept any IP ID value
ODP implementation is free to choose the IP ID value in the outbound
IP header. Make outbound validation check accept any IP ID value, not
just the one in the test vector. Relax packet check for AH packets
since IP ID is included in the ICV and the expected ICV cannot be
easily calculated in the current api validation code.
Fixes: https://bugs.linaro.org/show_bug.cgi?id=4017
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 0c6352e2d0f755c310692f5cf627801abf8ccb63
https://github.com/Linaro/odp/commit/0c6352e2d0f755c310692f5cf627801abf8ccb63
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/include/odp_ipsec_internal.h
M platform/linux-generic/odp_ipsec.c
M platform/linux-generic/odp_ipsec_sad.c
Log Message:
-----------
linux-gen: ipsec: use global IPv4 ID allocator for all tunnel SAs
Change the per-SA IPv4 ID allocator to a global one for IPsec to
reduce the risk of duplicate IPv4 IDs when there are multiple
SAs between the same endpoints.
Use zero IPv4 ID in atomic datagrams (RFC 6864).
Fixes: https://bugs.linaro.org/show_bug.cgi?id=4013
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Commit: 577a58dddef4824f709f00b602543bde3f440ac7
https://github.com/Linaro/odp/commit/577a58dddef4824f709f00b602543bde3f440ac7
Author: Janne Peltonen <janne.pelto...@nokia.com>
Date: 2018-10-10 (Wed, 10 Oct 2018)
Changed paths:
M platform/linux-generic/odp_ipsec_sad.c
Log Message:
-----------
linux-gen: ipsec: make IPv4 ID allocator scale better to multiple threads
Allocate IPv4 ID to threads in blocks to avoid updating shared IPv4
ID variable for every packet. Keep free ID blocks in a ring to
maximize the time before reusing a block.
Signed-off-by: Janne Peltonen <janne.pelto...@nokia.com>
Reviewed-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischo...@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uva...@linaro.org>
Compare: https://github.com/Linaro/odp/compare/65f2959da164...577a58dddef4
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
