Age | Commit message (Collapse) | Author | Files | Lines |
|
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
|
|
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
|
|
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
|
|
Use udp transport refcnt instead of local port refcnt when accepting new
connections.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
|
|
Type: improvement
Change-Id: Idb318eb386617013015c43153bf0bd92fa28b9b6
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ia9295b79340a18de6eb5fe80877dcf4ce97b35eb
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: I3a48ec4fd4a4063b6e3792b87def7bb796fc947c
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tuntap requires porting on FreeBSD, only build on Linux for now.
Type: improvement
Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Id1c72928324b85bc67860e600722bf8baeff45b2
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: I948e447082233187d9ca794ca56a62fad4592e13
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Working from the implementation in linux/mem.c add FreeBSD specific
functionality. This duplicates parts of the Linux implementation and a
depuplication job could be run in the future.
Stub out some parts of the API for now, they are either use unavailable
features on FreeBSD or require further implementation than this initial
implementation.
Type: improvement
Change-Id: I1e443e32304d19776a9a4d5e34adfa16ec919427
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Allow FreeBSD as a platform in the main CMakeLists file. This requires a
correct target for the compiler and an explicit name in the system
check.
The included subdirs require further changes to build, but the compiler
needs to find them before it can complain.
Type: improvement
Change-Id: Ic56fe68290519ef5d3ed61082e7fb0ba0528a3fc
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tap requires some porting on FreeBSD, while we wait for those changes
only build tap on Linux.
Type: improvement
Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Idcedc14089a49483d83c28a82ecb79d1b856f225
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Fix instances where timers are reset after programming fin.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
|
|
UDP transport port refcount is incremented even if port is shared. So
decrement it, by unregistering, whener udp connections are cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
|
|
Set last thread id and last packet position in TRACE_DUMP_REPLY.
To enable collection of traces from multiple workers using iterator.
Type: fix
Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
Type: test
Change-Id: I09df597ccb8a3c4af47b8a36010afb81df533236
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Allow to select 8-8-8-8 or 16-8-8 mtrie FIB implementation.
Type: improvement
Change-Id: I2f4aec8bfec987d3f3d9f9cc5a16fabf4b6cc2ac
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
- improved readability of some error messages
- printing container logs to stdout on test failure (last 20 lines)
Type: test
Change-Id: Idbb358bdd89aa7b1a6bdc9d96bf029d4c299ce64
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Split virtual interface tests in VPP into smaller and modular
tests for testing various interface types and features.
Type: test
Change-Id: Ic38af88379f75eee3090679d411edbdc8fd5d2e5
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
|
After changes done in https://gerrit.fd.io/r/c/vpp/+/40281 ,
mbedtls plugin is failing to build if enabled.
Discussion https://lists.fd.io/g/vpp-dev/topic/104344802#24060
Type: fix
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
Change-Id: Iee58b69301ac64f058bca0a7f7a0dedd2def4b35
|
|
Type: improvement
Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
Argument to vcl_epoll_ctl_add_unhandled_event is often the result of an
and between events and EPOLLET which is larger than u8
Type: fix
Change-Id: I8c98f557fa1db9f3eb79c90ecdd60ac9366d4d40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
FreeBSD's siginfo_t doesn't have the ptr value used on linux to encode a
token. Fow now recover the code from siginfo_t and leave the opaque
value as 0.
Type: improvement
Change-Id: Ic6ef96f018b326b99d68534a4488cfc49fdf16e1
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
As a placeholder stub out clib_perf functions on FreeBSD, the interface
for performance counters on FreeBSD is different and will require its
own implementation.
Type: improvement
Change-Id: I61511ebe5ee1fd6fe93d3179c7843c811f47a846
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD has support netlink since 13.2, but keeps its header in a
slightly different place. Correctly include netlink/netlink.h for
FreeBSD.
Type: improvement
Change-Id: Iec78ca72db74ea7f9c874e7039c7d17b6321f9dc
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Place Linux specific features behind CLIB_LINUX. The previous #ifdef
calls would still pass even if CLIB_LINUX is set to 0 in clib.h, instead
use #if.
Type: improvement
Change-Id: Ibe4424eee4bc0065f54764b017b9a56a3e854380
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Limit the libraries we build on FreeBSD. This change intends to get us
closer to building on FreeBSD, DPDK will require a larger set of changes
so remove it until those changes are ready to integrate.
Type: improvement
Change-Id: I0f672a2b5bc30f2228020049fa71a81a2569ef54
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
On FreeBSD we need to include stdint.h to get __WORDSIZE.
Type: improvement
Change-Id: I784aa0856fd8298f33016b7ccedecfa3672d5429
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Finding the program counter in the ucontext struct is platform and
architecture specific, place the Linux checks inside an #ifdef and add a
look up for the FreeBSD amd64 specific naming.
Type: improvement
Change-Id: I42fcef5f20227c23d84acee336e37c4870146bb4
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
__unused is a clang keyword, this struct member will trip the build when
using clang. Instead call the unused padding 'pad' which should be clear
to the purpose if not the usage.
Type: improvement
Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: If136e0854dbaecfa62fc009ca2b0b94e8d9a56f2
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Don't use the MAP_HUGETLB mmap flag on FreeBSD as it isn't available on
the platform.
Type: improvement
Change-Id: Ie2046601c693f9ef12cf8113d6dbd87c322f1cf0
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD doesn't support sysfs or preallocating hugepages directly. In
lieu of refactoring clib_sysfs calls place this one behind an #ifdef
linux.
Type: improvement
Change-Id: I4079ca70175e4cec44d913db2b0407a3ca6306c9
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD has platform specific APIs for interfacing with performance
counters. Until we bring in FreeBSD support, don't build perfmon on
platforms which aren't linux.
Type: improvement
Change-Id: Iabc418922c0d2e851c6098508761135f53433ae8
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
The SIGPWR signal is specific to Linux, place it behind a Linux flag to
help the build on FreeBSD.
Type: improvement
Change-Id: Ie36c2ceb201afff98e92bbe64595c3953b11c457
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Add vlib_worker_wait_one_loop prior to invoking dpo_reset
upon uninstalling a fib entry to avoid contention with DP.
Type: fix
Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Attempting to create a host-interface with an invalid af_packet name
causes a crash, as we attempt to read the contents of a null ptr.
Change-Id: Ia31ae21684c2b66baa1ceaadf29e19fae33c4ed4
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
The improvement was removed in 40129,
causing 5-40% regressions in AVF tests.
There is a memory-speed trade-off,
this change prefers speed over memory efficiency.
Ideally, the choice should be configurable,
but that is not easy to achieve, considering
how early is vlib_buffer_main_init called.
Type: fix
Fixes: 038dad7ef29b0b724071edb5f8cc7a9845584454
Change-Id: I4746f3634abe6d233c9d092a372de05b3d1ae4b6
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add/del functions can be used from external modules.
Type: improvement
Change-Id: I267bcfacd58970bcacae13744d8acc690b87d2fc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA,
establish a new equivalent IKE SA with the peer to whom the old
IKE SA is shared using a CREATE_CHILD_SA within the existing IKE
SA. An IKE SA so created inherits all of the original IKE SA's
Child SAs, and the new IKE SA is used for all control messages
needed to maintain those Child SAs.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
|
|
show udp transport ports
Dumps list of ports registered by udp transport, as opposed to udp
local, and their refcount.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
|
|
Session lookup tables could be allocated from workers, e.g., connects
are done from first worker. Make sure consumers are not affected by
stopping workers.
Type: fix
Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I89624254649089e497d119eb6cee2cecf3dc11f3
|
|
Move vlib worker rpc flushing to main worker from memclnt api into vlib.
RPCs are no longer delivered via binary api queues
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5b8761a57d1f4a1f2220e860cfb2e6b980f46f6d
|