aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-02-06 01:41:05 -0800
committerFlorin Coras <florin.coras@gmail.com>2019-02-07 19:13:32 +0000
commit8d7c502002636da1cb7c71a87757f328e7c2c4fd (patch)
tree1005d63dcb3a24f7bb2ad2d3224bfcb062909666 /src/plugins
parent3d0ef26a0285b9baa486c91b2e6609125a2bc651 (diff)
IPSEC: no second lookup after tunnel encap
in the same maaner as with other tunnel tyeps we use the FIB to cache and track the destination used to reach the tunnel endpoint. Post encap we can then ship the packet straight to this adjacency and thus elide the costly second lookup. - SA add and del function so they can be used both directly from the API and for tunnels. - API change for the SA dump to use the SA type - ipsec_key_t type for convenience (copying, [un]formating) - no matching tunnel counters in ipsec-if-input Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/dpdk/ipsec/ipsec.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index 2415422ae2d..f79b4301e9c 100644
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -252,7 +252,7 @@ crypto_set_aead_xform (struct rte_crypto_sym_xform *xform,
xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
xform->aead.algo = c->alg;
- xform->aead.key.data = sa->crypto_key;
+ xform->aead.key.data = sa->crypto_key.data;
xform->aead.key.length = c->key_len;
xform->aead.iv.offset =
crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb);
@@ -280,7 +280,7 @@ crypto_set_cipher_xform (struct rte_crypto_sym_xform *xform,
xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
xform->cipher.algo = c->alg;
- xform->cipher.key.data = sa->crypto_key;
+ xform->cipher.key.data = sa->crypto_key.data;
xform->cipher.key.length = c->key_len;
xform->cipher.iv.offset =
crypto_op_get_priv_offset () + offsetof (dpdk_op_priv_t, cb);
@@ -306,7 +306,7 @@ crypto_set_auth_xform (struct rte_crypto_sym_xform *xform,
xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
xform->auth.algo = a->alg;
- xform->auth.key.data = sa->integ_key;
+ xform->auth.key.data = sa->integ_key.data;
xform->auth.key.length = a->key_len;
xform->auth.digest_length = a->trunc_size;
xform->next = NULL;
@@ -511,7 +511,8 @@ add_del_sa_session (u32 sa_index, u8 is_add)
case IPSEC_CRYPTO_ALG_AES_GCM_128:
case IPSEC_CRYPTO_ALG_AES_GCM_192:
case IPSEC_CRYPTO_ALG_AES_GCM_256:
- clib_memcpy (&sa->salt, &sa->crypto_key[sa->crypto_key_len - 4], 4);
+ clib_memcpy (&sa->salt,
+ &sa->crypto_key.data[sa->crypto_key.len - 4], 4);
break;
default:
seed = (u32) clib_cpu_time_now ();
f='#n58'>58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 
# Copyright (c) 2021 Cisco and/or its affiliates.
#
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# Licensed under the Apache License 2.0 or
# GNU General Public License v2.0 or later;  you may not use this file
# except in compliance with one of these Licenses. You
# may obtain a copy of the Licenses at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#     https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
#
# Note: If this file is linked with Scapy, which is GPLv2+, your use of it
# must be under GPLv2+.  If at any point in the future it is no longer linked
# with Scapy (or other GPLv2+ licensed software), you are free to choose
# Apache 2.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Stream profile for T-rex traffic generator.

Stream profile:
 - Two streams sent in directions 0 --> 1 and 1 --> 0 at the same time.
 - Packet: ETH / IP /
 - Direction 0 --> 1:
   - Destination MAC address: 52:54:00:00:nf_id:01
   - Source IP address range:      10.10.10.1 - 10.10.10.254
   - Destination IP address range: 20.20.20.1
 - Direction 1 --> 0:
   - Destination MAC address: 52:54:00:00:nf_id:02
   - Source IP address range:      20.20.20.1 - 20.20.20.254
   - Destination IP address range: 10.10.10.1
"""

from trex.stl.api import *
from profile_trex_stateless_base_class import TrafficStreamsBaseClass


class TrafficStreams(TrafficStreamsBaseClass):
    """Stream profile."""

    def __init__(self):
        """Initialization and setting of streams' parameters."""

        super(TrafficStreamsBaseClass, self).__init__()

        # Service density parameters.
        self.nf_chains = 6
        self.nf_nodes = 4

        # MACs used in packet headers.
        self.p1_dst_start_mac = u"52:54:00:00:00:01"
        self.p2_dst_start_mac = u"52:54:00:00:00:02"

        # IPs used in packet headers.
        self.p1_src_start_ip = u"10.10.10.1"
        self.p1_src_end_ip = u"10.10.10.254"
        self.p1_dst_start_ip = u"20.20.20.1"

        self.p2_src_start_ip = u"20.20.20.1"
        self.p2_src_end_ip = u"20.20.20.254"
        self.p2_dst_start_ip = u"10.10.10.1"

    def define_packets(self):
        """Defines the packets to be sent from the traffic generator.

        Packet definition: | ETH | IP |

        :returns: Packets to be sent from the traffic generator.
        :rtype: tuple
        """

        # Direction 0 --> 1
        base_pkt_a = (
            Ether(
              dst=self.p1_dst_start_mac
            ) /
            IP(
              src=self.p1_src_start_ip,
              dst=self.p1_dst_start_ip,
              proto=61
          )
        )
        # Direction 1 --> 0
        base_pkt_b = (
            Ether(
              dst=self.p2_dst_start_mac
            ) /
            IP(
              src=self.p2_src_start_ip,
              dst=self.p2_dst_start_ip,
              proto=61
            )
        )

        # Direction 0 --> 1
        vm1 = STLScVmRaw(
            [
                STLVmFlowVar(
                    name=u"mac_dst",
                    min_value=1,
                    max_value=self.nf_chains*self.nf_nodes,
                    size=1,
                    step=self.nf_nodes,
                    op=u"inc"
                ),
                STLVmWrFlowVar(
                    fv_name=u"mac_dst",
                    pkt_offset=4
                ),
                STLVmFlowVar(
                    name=u"src",
                    min_value=self.p1_src_start_ip,
                    max_value=self.p1_src_end_ip,
                    size=4,
                    op=u"inc"
                ),
                STLVmWrFlowVar(
                    fv_name=u"src",
                    pkt_offset=u"IP.src"
                ),
                STLVmFixIpv4(
                    offset=u"IP"
                )
            ]
        )
        # Direction 1 --> 0
        vm2 = STLScVmRaw(
            [
                STLVmFlowVar(
                    name=u"mac_dst",
                    min_value=self.nf_nodes,
                    max_value=self.nf_chains*self.nf_nodes,
                    size=1,
                    step=self.nf_nodes,
                    op=u"inc"
                ),
                STLVmWrFlowVar(
                    fv_name=u"mac_dst",
                    pkt_offset=4
                ),
                STLVmFlowVar(
                    name=u"src",
                    min_value=self.p2_src_start_ip,
                    max_value=self.p2_src_end_ip,
                    size=4,
                    op=u"inc"
                ),
                STLVmWrFlowVar(
                    fv_name=u"src",
                    pkt_offset=u"IP.src"
                ),
                STLVmFixIpv4(
                    offset=u"IP"
                )
            ]
        )

        return base_pkt_a, base_pkt_b, vm1, vm2


def register():
    """Register this traffic profile to T-rex.

    Do not change this function.

    :return: Traffic streams.
    :rtype: Object
    """
    return TrafficStreams()