Age | Commit message (Collapse) | Author | Files | Lines |
|
Due to some bugs in the old odp-dpdk aad field needed to be
manually initialized to 0. That is no longer true, what's more
odp does not contain this field, thus making it impossible to compile.
Due to above mentioned reasons, delete this.
Change-Id: I5ec9278d44e49991fad741a43100da4b64823bf3
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I62cba4a845c91b208420f3f6b20781d75976c113
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I89cdac40c9f768f42443406cebf7257c3e139b47
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
1) renamed ipsec_api to enable_odp_ipsec, for consistency
2) added crude ASSERTs to make sure the configuration is sane
3) removed passing ipsec_api as argument, as this is a global flag now
4) reorder code - put ipsec initialization before putting
workers in polling mode
5) remove not used recycle vector from esp_encrypt.c/esp_decrypt.c
6) change clib_error_return to clib_error in ipsec.c, as
clib_error_return silently passes when 0 is the first argument
Change-Id: Id2c6da985e872f12c8409918fb9cc6113b486d10
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I1f71fae3af5e36b710c8c978d8b9b74ea802e012
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: Ib32d9df19bb9b0db1b3a0d30d991f1a1f11d66c7
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
To use inline mode put inline flag in the odp section
of the startup.conf file, like this:
odp {
enable-odp-ipsec
inline
}
Falls back to lookaside mode.
Change-Id: I1292a7254b25a15b25285773a43bae112394827d
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
To use asynchronous mode put async in the odp section
of the startup.conf file, like this:
odp {
enable-odp-ipsec
async
}
Falls back to synchronous mode.
Change-Id: Iacfdc03158228f4385511e6736fb24a97284320c
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Created two new nodes for encryption/decryption,
based on user preferences we can use them to accellerate
IPsec by offloading it to hardware or optimized software
implementations
To use the new nodes two flags are needed in the odp
section of the startup.conf file, like this:
To use the new nodes put the enable-odp-ipsec flag to
startup.conf file, like this:
odp {
enable-odp-ipsec
}
Change-Id: Ib4bbc481efad7e90d63994580b57849b74400947
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
1) added casts on assignment to post_crypto.next_index
as the type of the field changed
2) removed checking result when crypto operation is
asynchronous as it make no sense
3) fixed bug which could cause issues when some of the
operations are done synchronously and some
asynchronously
Change-Id: I123d70402c0210b11dfc2d0fff2c72aa100ce838
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Add a check if crypto operation was successful
Change-Id: Iaa7c4df89aab309a4c85300240d245b4cdb30533
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
1) add footer to check style
2) fix style
3) change the TODO note to a more descriptive one
Change-Id: I232c937c13bc0d5f206ebb4426b50bebc512a192
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
In case of trying to add GRE to the IPsec implementation, be careful as the
post_crypto and ipsec fields of the vnet_buffer union overlap, and both are
needed for the ODP based ipsec with GRE.
Change-Id: If20fa9d78f2879264c02922f21bc204fba1ab616
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: Ib0c3e2ceebb3b3929f3f0b96b8a40d07c896d70f
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I229128ccd88c1cf608e20507ca26752b9c0495f5
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
By default ipsec picks asynchronuous crypto. After the operation it may
turn out that the operation was performed synchronously anyways, in such
case the packet is send further by the esp_* node because there will be
no notification event sent about the crypto completion.
To use asynchronous mode put async in the odp section
of the startup.conf file,
like this:
odp {
async
}
Falls back to synchronous mode.
Change-Id: I5301df5f1c93a5ccd53a9c0ed2c4cacb9ca5fdd4
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I8be5f8aa63da8fdf4b2043ba9cd048f2269e4e99
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I5d71505e221e837c7569963fda674e970e5ee31d
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Based heavily on the src/vnet/ipsec.
Reuses the pure software VPP IPsec implementation
CLI command. To use enable-odp-crypto needs to be
present in the odp section of startup configuration,
like this:
odp {
enable-odp-crypto
}
Currenlty only IPv4 is supported, and only in transport
mode.
Authentication headers are not supported, this limitation
is inherited from VPP.
Supported crypto algorithms are
aes-cbc-128 for encryption, and
sha-512-256, sha-256-128, sha1-96 for authentication
Change-Id: I08c66f96a73d8cb4ef1095f181ddf47506abc39a
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|