fib: midchain adjacency optimisations
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 6b31926..95e322e 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -124,17 +124,6 @@
*out_next_index = vlib_node_add_next (vm, prev_node->index, node->index);
}
-void
-ipsec_add_feature (const char *arc_name,
- const char *node_name, u32 * out_feature_index)
-{
- u8 arc;
-
- arc = vnet_get_feature_arc_index (arc_name);
- ASSERT (arc != (u8) ~ 0);
- *out_feature_index = vnet_get_feature_index (arc, node_name);
-}
-
u32
ipsec_register_ah_backend (vlib_main_t * vm, ipsec_main_t * im,
const char *name,
@@ -198,14 +187,10 @@
&b->esp6_decrypt_tun_node_index,
&b->esp6_decrypt_tun_next_index);
- ipsec_add_feature ("ip4-output", esp4_encrypt_node_tun_name,
- &b->esp44_encrypt_tun_feature_index);
- ipsec_add_feature ("ip4-output", esp6_encrypt_node_tun_name,
- &b->esp46_encrypt_tun_feature_index);
- ipsec_add_feature ("ip6-output", esp6_encrypt_node_tun_name,
- &b->esp66_encrypt_tun_feature_index);
- ipsec_add_feature ("ip6-output", esp4_encrypt_node_tun_name,
- &b->esp64_encrypt_tun_feature_index);
+ b->esp6_encrypt_tun_node_index =
+ vlib_get_node_by_name (vm, (u8 *) esp6_encrypt_node_tun_name)->index;
+ b->esp4_encrypt_tun_node_index =
+ vlib_get_node_by_name (vm, (u8 *) esp4_encrypt_node_tun_name)->index;
b->check_support_cb = esp_check_support_cb;
b->add_del_sa_sess_cb = esp_add_del_sa_sess_cb;
@@ -284,11 +269,8 @@
im->esp4_decrypt_tun_next_index = b->esp4_decrypt_tun_next_index;
im->esp6_decrypt_tun_node_index = b->esp6_decrypt_tun_node_index;
im->esp6_decrypt_tun_next_index = b->esp6_decrypt_tun_next_index;
-
- im->esp44_encrypt_tun_feature_index = b->esp44_encrypt_tun_feature_index;
- im->esp64_encrypt_tun_feature_index = b->esp64_encrypt_tun_feature_index;
- im->esp46_encrypt_tun_feature_index = b->esp46_encrypt_tun_feature_index;
- im->esp66_encrypt_tun_feature_index = b->esp66_encrypt_tun_feature_index;
+ im->esp4_encrypt_tun_node_index = b->esp4_encrypt_tun_node_index;
+ im->esp6_encrypt_tun_node_index = b->esp6_encrypt_tun_node_index;
if (b->enable_disable_cb)
{