aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/odp/ipsec
AgeCommit message (Collapse)AuthorFilesLines
2018-02-19plugins: odp: ipsec: style changesSzymon Sliwa2-60/+78
1) add footer to check style 2) fix style 3) change the TODO note to a more descriptive one Change-Id: I232c937c13bc0d5f206ebb4426b50bebc512a192 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-19plugins: odp: ipsec: Del GRE as it was not testedSzymon Sliwa1-8/+1
In case of trying to add GRE to the IPsec implementation, be careful as the post_crypto and ipsec fields of the vnet_buffer union overlap, and both are needed for the ODP based ipsec with GRE. Change-Id: If20fa9d78f2879264c02922f21bc204fba1ab616 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-06plugins: odp: Refactor the authentication function mappingSzymon Sliwa1-16/+17
Change-Id: Ib0c3e2ceebb3b3929f3f0b96b8a40d07c896d70f Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-06plugins: odp: Add support for IPv6 IPsecSzymon Sliwa2-69/+65
Change-Id: I229128ccd88c1cf608e20507ca26752b9c0495f5 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-06plugins: odp: Add support for async crypto modeSzymon Sliwa4-20/+385
By default ipsec picks asynchronuous crypto. After the operation it may turn out that the operation was performed synchronously anyways, in such case the packet is send further by the esp_* node because there will be no notification event sent about the crypto completion. To use asynchronous mode put async in the odp section of the startup.conf file, like this: odp { async } Falls back to synchronous mode. Change-Id: I5301df5f1c93a5ccd53a9c0ed2c4cacb9ca5fdd4 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-05plugins: odp: Add tunnel modeSzymon Sliwa2-14/+26
Change-Id: I8be5f8aa63da8fdf4b2043ba9cd048f2269e4e99 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-05plugins: odp: Remove copying from the esp_{encrypt, decrypt}Szymon Sliwa2-195/+189
Change-Id: I5d71505e221e837c7569963fda674e970e5ee31d Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-02-05plugins: odp: Add ODP-IPsec nodeSzymon Sliwa5-0/+1525
Based heavily on the src/vnet/ipsec. Reuses the pure software VPP IPsec implementation CLI command. To use enable-odp-crypto needs to be present in the odp section of startup configuration, like this: odp { enable-odp-crypto } Currenlty only IPv4 is supported, and only in transport mode. Authentication headers are not supported, this limitation is inherited from VPP. Supported crypto algorithms are aes-cbc-128 for encryption, and sha-512-256, sha-256-128, sha1-96 for authentication Change-Id: I08c66f96a73d8cb4ef1095f181ddf47506abc39a Signed-off-by: Szymon Sliwa <szs@semihalf.com>