| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1) renamed ipsec_api to enable_odp_ipsec, for consistency
2) added crude ASSERTs to make sure the configuration is sane
3) removed passing ipsec_api as argument, as this is a global flag now
4) reorder code - put ipsec initialization before putting
workers in polling mode
5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c
6) change clib_error_return to clib_error in ipsec.c, as
clib_error_return silently passes when 0 is the first argument
Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Created two new nodes for encryption/decryption,
based on user preferences we can use them to accellerate
IPsec by offloading it to hardware or optimized software
implementations
To use the new nodes two flags are needed in the odp
section of the startup.conf file, like this:
To use the new nodes put the enable-odp-ipsec flag to
startup.conf file, like this:
odp {
enable-odp-ipsec
}
Change-Id: Ib4bbc481efad7e90d63994580b57849b74400947
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Based heavily on the src/vnet/ipsec.
Reuses the pure software VPP IPsec implementation
CLI command. To use enable-odp-crypto needs to be
present in the odp section of startup configuration,
like this:
odp {
enable-odp-crypto
}
Currenlty only IPv4 is supported, and only in transport
mode.
Authentication headers are not supported, this limitation
is inherited from VPP.
Supported crypto algorithms are
aes-cbc-128 for encryption, and
sha-512-256, sha-256-128, sha1-96 for authentication
Change-Id: I08c66f96a73d8cb4ef1095f181ddf47506abc39a
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
Szymon Sliwa