fib: midchain adjacency optimisations

Type: improvement

 - inline some common encap fixup functions into the midchain
   rewrite node so we don't incur the cost of the virtual function call
 - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
 - add adj-midchain-tx to multiarch sources
 - don't run adj-midchain-tx as a feature, instead put this node as the
   adj's next and at the end of the feature arc.
 - cache the feature arc config index (to save the cache miss going to fetch it)
 - don't check if features are enabled when taking the arc (since we know they are)

the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)

for IPSec:
 - don't run esp_encrypt as a feature, instead when required insert this
   node into the adj's next and into the end of the feature arc. this
   implies that encrypt is always 'the last feature' run, which is
   symmetric with decrypt always being the first.
 - esp_encrpyt for tunnels has adj-midchain-tx as next node

Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec.h b/src/vnet/ipsec/ipsec.h
index 712e16d..7646ffb 100644
--- a/src/vnet/ipsec/ipsec.h
+++ b/src/vnet/ipsec/ipsec.h
@@ -66,12 +66,10 @@
   u32 esp6_decrypt_next_index;
   u32 esp4_decrypt_tun_node_index;
   u32 esp4_decrypt_tun_next_index;
+  u32 esp4_encrypt_tun_node_index;
   u32 esp6_decrypt_tun_node_index;
   u32 esp6_decrypt_tun_next_index;
-  u32 esp44_encrypt_tun_feature_index;
-  u32 esp46_encrypt_tun_feature_index;
-  u32 esp66_encrypt_tun_feature_index;
-  u32 esp64_encrypt_tun_feature_index;
+  u32 esp6_encrypt_tun_node_index;
 } ipsec_esp_backend_t;
 
 typedef struct
@@ -132,11 +130,13 @@
   u32 esp4_encrypt_node_index;
   u32 esp4_decrypt_node_index;
   u32 esp4_decrypt_tun_node_index;
+  u32 esp4_encrypt_tun_node_index;
   u32 ah4_encrypt_node_index;
   u32 ah4_decrypt_node_index;
   u32 esp6_encrypt_node_index;
   u32 esp6_decrypt_node_index;
   u32 esp6_decrypt_tun_node_index;
+  u32 esp6_encrypt_tun_node_index;
   u32 ah6_encrypt_node_index;
   u32 ah6_decrypt_node_index;
   /* next node indices */
@@ -151,15 +151,13 @@
   u32 ah6_encrypt_next_index;
   u32 ah6_decrypt_next_index;
 
-  /* tun encrypt arcs and feature nodes */
-  u32 esp44_encrypt_tun_feature_index;
-  u32 esp64_encrypt_tun_feature_index;
-  u32 esp46_encrypt_tun_feature_index;
-  u32 esp66_encrypt_tun_feature_index;
-
   /* tun nodes to drop packets when no crypto alg set on outbound SA */
-  u32 esp4_no_crypto_tun_feature_index;
-  u32 esp6_no_crypto_tun_feature_index;
+  u32 esp4_no_crypto_tun_node_index;
+  u32 esp6_no_crypto_tun_node_index;
+
+  /* tun nodes for encrypt on L2 interfaces */
+  u32 esp4_encrypt_l2_tun_node_index;
+  u32 esp6_encrypt_l2_tun_node_index;
 
   /* pool of ah backends */
   ipsec_ah_backend_t *ah_backends;
@@ -278,6 +276,7 @@
 int ipsec_select_esp_backend (ipsec_main_t * im, u32 esp_backend_idx);
 
 clib_error_t *ipsec_rsc_in_use (ipsec_main_t * im);
+void ipsec_set_async_mode (u32 is_enabled);
 
 always_inline ipsec_sa_t *
 ipsec_sa_get (u32 sa_index)
@@ -285,11 +284,6 @@
   return (pool_elt_at_index (ipsec_main.sad, sa_index));
 }
 
-void ipsec_add_feature (const char *arc_name, const char *node_name,
-			u32 * out_feature_index);
-
-void ipsec_set_async_mode (u32 is_enabled);
-
 #endif /* __IPSEC_H__ */
 
 /*