Age | Commit message (Collapse) | Author | Files | Lines |
|
1) renamed ipsec_api to enable_odp_ipsec, for consistency
2) added crude ASSERTs to make sure the configuration is sane
3) removed passing ipsec_api as argument, as this is a global flag now
4) reorder code - put ipsec initialization before putting
workers in polling mode
5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c
6) change clib_error_return to clib_error in ipsec.c, as
clib_error_return silently passes when 0 is the first argument
Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
To use inline mode put inline flag in the odp section
of the startup.conf file, like this:
odp {
enable-odp-ipsec
inline
}
Falls back to lookaside mode.
Change-Id: I1292a7254b25a15b25285773a43bae112394827d
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
To use asynchronous mode put async in the odp section
of the startup.conf file, like this:
odp {
enable-odp-ipsec
async
}
Falls back to synchronous mode.
Change-Id: Iacfdc03158228f4385511e6736fb24a97284320c
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Created two new nodes for encryption/decryption,
based on user preferences we can use them to accellerate
IPsec by offloading it to hardware or optimized software
implementations
To use the new nodes two flags are needed in the odp
section of the startup.conf file, like this:
To use the new nodes put the enable-odp-ipsec flag to
startup.conf file, like this:
odp {
enable-odp-ipsec
}
Change-Id: Ib4bbc481efad7e90d63994580b57849b74400947
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
1) add footer to check style
2) fix style
3) change the TODO note to a more descriptive one
Change-Id: I232c937c13bc0d5f206ebb4426b50bebc512a192
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: Ib0c3e2ceebb3b3929f3f0b96b8a40d07c896d70f
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
By default ipsec picks asynchronuous crypto. After the operation it may
turn out that the operation was performed synchronously anyways, in such
case the packet is send further by the esp_* node because there will be
no notification event sent about the crypto completion.
To use asynchronous mode put async in the odp section
of the startup.conf file,
like this:
odp {
async
}
Falls back to synchronous mode.
Change-Id: I5301df5f1c93a5ccd53a9c0ed2c4cacb9ca5fdd4
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Based heavily on the src/vnet/ipsec.
Reuses the pure software VPP IPsec implementation
CLI command. To use enable-odp-crypto needs to be
present in the odp section of startup configuration,
like this:
odp {
enable-odp-crypto
}
Currenlty only IPv4 is supported, and only in transport
mode.
Authentication headers are not supported, this limitation
is inherited from VPP.
Supported crypto algorithms are
aes-cbc-128 for encryption, and
sha-512-256, sha-256-128, sha1-96 for authentication
Change-Id: I08c66f96a73d8cb4ef1095f181ddf47506abc39a
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|