Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib.ipsec: optimization, standard compliance and fix a packet leak #1381

Merged
merged 14 commits into from
Sep 13, 2018
Merged

lib.ipsec: optimization, standard compliance and fix a packet leak #1381

merged 14 commits into from
Sep 13, 2018

Conversation

eugeneia
Copy link
Member

  • improved ESP performance by avoiding lib.protocol.header on the fast path (531170a), and an improved padding function (796c177)
  • use full 16-byte ICV as opposed to 12-byte ICV (43d498a), use standard AEAD identifier
  • fix a packet leak in ESP resynchronization (5b86f94)

eugeneia added 14 commits April 10, 2018 19:49
@eugeneia
snabbmark esp: add rudimentary PMU analysis
17e8c6c
@eugeneia
lib.ipsec.aes_128_gcm: add rudimentary PMU profiling to selftest
461f195
@eugeneia
snabbmark esp: fix bug where packets of wrong size were constructed
9d14b98 
...for transport mode when run without an explicit mode.
@eugeneia
snabbmark esp: minor changes
7f75dc1 
 * add a note that explains performance differences between esp transport and
   tunnel modes

 * explicitly return a single value from `decap' in tunnel mode (because of
   that thing where LuaJIT can trip over this)

...these changes are mostly notes to prevent future selfs from wondering about
this again.
@eugeneia
lib.ipsec: add missing licensing headers
bb72e66
@eugeneia
lib.ipsec.esp: correct bogus note about IP fragment handling
53ae8bd
@eugeneia
lib.ipsec.esp: avoid lib.protocol.* on the fast-path
531170a 
This avoids the potentially significant overhead of the lib.protocol.header
abstractions during ESP encapsulation by using raw FFI casts instead.
@eugeneia
lib.ipsec.esp: use full 16 (instead of 12) byte ICV
43d498a 
Support the one mandatory ICV length, RFC4106 says:

  Implementations MUST support a full-length 16-octet ICV, and MAY support
  8 or 12 octet ICVs, and MUST NOT support other ICV lengths.

Also use the chance to use standard AEAD indentifers to denote the supported
AEAD, as per ietf-ipsec@2018-01-08.yang schema.
@eugeneia
Merge branch 'snabbmark-ipsec-pmu' into ipsec-next
9e270a2
@eugeneia
Merge branch 'ipsec-standard-icv' into ipsec-next
f7e2874
@eugeneia
Merge branch 'ipsec-protocol-overhead' into ipsec-next
820daaf
@eugeneia
lib.ipsec.esp: keep lib.protocol.esp*
66a0dbb
@eugeneia
lib.ipsec.esp: optimize padding by specializing for power of two
796c177 
Saves some cycles during encapsulation by specializing the padding function for
power of two alignments.
@eugeneia
lib.ipsec.esp: fix a packet leak in :resync()
5b86f94
@eugeneia eugeneia merged commit 5b86f94 into snabbco:ipsec Sep 13, 2018
eugeneia added a commit that referenced this pull request Sep 13, 2018
@eugeneia
Merge PR #1381 (lib.ipsec: optimization and fixes) into ipsec
94f9b4b
@eugeneia eugeneia mentioned this pull request Sep 13, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@eugeneia