Hi , I have looked at the ipsec code in VPP and trying to understand how it works in a multi threaded environment. Noticed that the datastructures for spd, sad and tunnel interface are pools and there are no locks to prevent race conditions.
For instance the ipsec-input node passes SA index to the esp-encrypt node, and esp-encrypt node looks up the SA from sad pool. But during the time in which the packet is passed from one node to another the entry at SA index may be changed or deleted. Same seems to be true for dpdk-esp-encrypt and dpdk-esp-decrypt. How are these cases handled? Can the implementation be used in multi-threaded environment? Please help understand the IPSec implementation. Thanks Krishna
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9709): https://lists.fd.io/g/vpp-dev/message/9709 Mute This Topic: https://lists.fd.io/mt/22720913/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
