aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/odp/ipsec/ipsec.c
AgeCommit message (Collapse)AuthorFilesLines
2018-02-21plugins: odp: Cosmetic changes in the IPsec implementationSzymon Sliwa1-34/+49
1) renamed ipsec_api to enable_odp_ipsec, for consistency 2) added crude ASSERTs to make sure the configuration is sane 3) removed passing ipsec_api as argument, as this is a global flag now 4) reorder code - put ipsec initialization before putting workers in polling mode 5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c 6) change clib_error_return to clib_error in ipsec.c, as clib_error_return silently passes when 0 is the first argument Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-19plugins: odp: Add support for IPsec inline operationSzymon Sliwa1-0/+30
To use inline mode put inline flag in the odp section of the startup.conf file, like this: odp { enable-odp-ipsec inline } Falls back to lookaside mode. Change-Id: I1292a7254b25a15b25285773a43bae112394827d Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-19plugins: odp: Add asynchronous IPsec API nodesSzymon Sliwa1-5/+15
To use asynchronous mode put async in the odp section of the startup.conf file, like this: odp { enable-odp-ipsec async } Falls back to synchronous mode. Change-Id: Iacfdc03158228f4385511e6736fb24a97284320c Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-19plugins: odp: Add new nodes using ODP IPsec APISzymon Sliwa1-10/+91
Created two new nodes for encryption/decryption, based on user preferences we can use them to accellerate IPsec by offloading it to hardware or optimized software implementations To use the new nodes two flags are needed in the odp section of the startup.conf file, like this: To use the new nodes put the enable-odp-ipsec flag to startup.conf file, like this: odp { enable-odp-ipsec } Change-Id: Ib4bbc481efad7e90d63994580b57849b74400947 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-19plugins: odp: ipsec: style changesSzymon Sliwa1-2/+5
1) add footer to check style 2) fix style 3) change the TODO note to a more descriptive one Change-Id: I232c937c13bc0d5f206ebb4426b50bebc512a192 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-06plugins: odp: Refactor the authentication function mappingSzymon Sliwa1-16/+17
Change-Id: Ib0c3e2ceebb3b3929f3f0b96b8a40d07c896d70f Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-06plugins: odp: Add support for async crypto modeSzymon Sliwa1-3/+37
By default ipsec picks asynchronuous crypto. After the operation it may turn out that the operation was performed synchronously anyways, in such case the packet is send further by the esp_* node because there will be no notification event sent about the crypto completion. To use asynchronous mode put async in the odp section of the startup.conf file, like this: odp { async } Falls back to synchronous mode. Change-Id: I5301df5f1c93a5ccd53a9c0ed2c4cacb9ca5fdd4 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-05plugins: odp: Add ODP-IPsec nodeSzymon Sliwa1-0/+263
Based heavily on the src/vnet/ipsec. Reuses the pure software VPP IPsec implementation CLI command. To use enable-odp-crypto needs to be present in the odp section of startup configuration, like this: odp { enable-odp-crypto } Currenlty only IPv4 is supported, and only in transport mode. Authentication headers are not supported, this limitation is inherited from VPP. Supported crypto algorithms are aes-cbc-128 for encryption, and sha-512-256, sha-256-128, sha1-96 for authentication Change-Id: I08c66f96a73d8cb4ef1095f181ddf47506abc39a Signed-off-by: Szymon Sliwa <szs@semihalf.com>