| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
|
|
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
|
|
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
|
|
If VPP is started in interactive mode, instead of sending logs to syslog
server we print them directly to stderr.
Output is colorized, but that can be turned off with unix { nocolor }
Type: improvement
Change-Id: I9a0f0803e4cba2849a6efa0b6a86b9614ed33ced
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for
dpdk crypto rather than create a one-time process to do the same.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
|
|
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com>
Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com>
Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
|
|
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.
- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.
Type: fix
Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
When the same worker thread processes packet for encrypt and decrypt,
ie. single worker with bi-directional traffic, given that the queue is
shared results in packets to be decrypted being dropped as the encrypt
always happens first for each main loop.
With this change, each crypto device queue is logically split into two
queues, each half the real size, avoiding the described problem.
Change-Id: Ifd3f15e316c92fbd6ca05802456b10a7f73f85da
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
in the same maaner as with other tunnel tyeps we use
the FIB to cache and track the destination used to reach
the tunnel endpoint. Post encap we can then ship the packet
straight to this adjacency and thus elide the costly second
lookup.
- SA add and del function so they can be used both directly
from the API and for tunnels.
- API change for the SA dump to use the SA type
- ipsec_key_t type for convenience (copying, [un]formating)
- no matching tunnel counters in ipsec-if-input
Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
DPDK 19.02 adds two new fields to struct rte_cryptodev_qp_conf,
which the current code was not initializing properly.
Also session mempools are now required to have specific private data.
For that just use the new API to create symmetric session pools.
Change-Id: Ie732d4e10b908aeaea322717d6011113e3e7172c
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
HQoS requires fixes to work with dpdk 19.02 so code is disabled and
pending deprecation unless active maintainer is found.
Change-Id: I3569c4287b6dfdd2c29e02375eb53bf01fa6ae84
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I2c796583087c70fbc5cf09e8afd0f2a1f389d346
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
This patch introduces following changes:
- deprecated free lists which are not used and not compatible
with external buffer managers (i.e. DPDK)
- introduces native support for per-numa buffer pools
- significantly improves performance of buffer alloc and free
Change-Id: I4a8e723ae47056717afd6cac0efe87cb731b5be7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I764c6565f96e0cb9078503e54e3cf3bb3fd9ff3f
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: I47d021522cfc92cfb3877449333cbf31022c06f4
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
startup.conf
otherwise, these pools will occupy an entire huge page for each even
they are very small.
Change-Id: I08919714de9b6cd4b8dddb546ca54364b56ec99f
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Change-Id: Ifa6d8391b1b2413a88b7720fc434e0bc849a149a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: Ic4c46bc733afae8bf0d8146623ed15633928de30
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If1b93341c222160b9a08f127620c024620e55c37
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Some crypto devices rely on rte_cryptodev_start() API to be called by
application to enable a pre-configured H/W Crypto device.
- NXP dpaa2 is one of the example.
Change-Id: I2ad8ca0060604fb4e0541161e91bdebc6642f4da
Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
|
|
Change-Id: I205932bc727c990011bbbe1dc6c0cf5349d19806
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This fixes some compilation warnings with clang on AArch64.
Change-Id: Idb941944e3f199f483c80e143a9e5163a031c4aa
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Replace hash with a vector to improve performance.
Plus other minor performance improvements.
Change-Id: I3f0ebd909782ce3727f6360ce5ff5ddd131f8574
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
The expression to determine whether to delete a session
from the disposal list only evaluates true if some,
but not all, of the sessions in the list were freed.
When all sessions in the list are freed, it evaluates
false and the sessions are left in the list to be freed
again later, which can result in a session pool element
that was reallocated to a different SA being freed,
breaking crypto for the newer SA.
Add an 'else' that handles the case where all sessions
were freed.
Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When using a DPDK cryptodev with IPsec, deleting a
session often results in a SEGV. A bad pointer
is being passed to rte_cryptodev_sym_session_free().
Put the correct value on the crypto disposal list and
add a check to determine whether the call to free the
session is going to result in a crash before doing
it.
Change-Id: I8a6b0a594585ebcfa56b555ede7ef7d67e5e2b33
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
17.11 is still default.
Change-Id: I524d232579db8a59c717c5d760398b6b7f811d03
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- fix ESP transport mode
- safely free crypto sessions
- use rte_mempool_virt2phy/rte_mempool_virt2iova
- align DPDK QAT capabilities for IPsec usage (DPDK 17.08)
- reserve 16B for aad (reference cryptodev doc)
Change-Id: I3822a7456fb5a255c767f5a44a429f91a140fe64
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Also remove DPDK 17.05 support.
Change-Id: I4f96cb3f002cd90b12d800d6904f2364d7c4e270
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic4f797cea6fa21fb29d646256210357cf5267b38
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I2feb3e07c3070e8a525c539dd2feffa0dd1bca21
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
- Global variables declared in header files without
the use of the 'extern' keword will result in multiple
instances of the variable to be created by the compiler
-- one for each different source file in which the
the header file is included. This results in wasted
memory allocated in the BSS segments as well as
potentially introducing bugs in the application.
Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Ubuntu 17.04, gcc version 6.3.0 20170406 (Ubuntu 6.3.0-12ubuntu2),
"make build" fails with the few of the errors below:
error: suggest parentheses around comparison in operand of ‘|’
[-Werror=parentheses]
is_aead = (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 |
Solution: use the logical rather than the bitwise or.
Change-Id: Iffcc1ed2e68b14b248159cb117593d32c623c553
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
This patch reworks the DPDK ipsec implementation including the cryptodev
management as well as replacing new cli commands for better usability.
For the data path:
- The dpdk-esp-encrypt-post node is not necessary anymore.
- IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead
of ip4-input.
The DPDK cryptodev cli commands are replaced by the following new commands:
- show dpdk crypto devices
- show dpdk crypto placement [verbose]
- set dpdk crypto placement (<device> <thread> | auto)
- clear dpdk crypto placement <device> [<thread>]
- show dpdk crypto pools
Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: I62b7aa896dfe218358f11a5197b1228a3dd67152
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
DPDK 17.08 breaks ethdev and cryptodev APIs.
Address those changes while keeping backwards compatibility for
DPDK 17.02 and 17.05.
Change-Id: Idd6ac264d0d047fe586c41d4c4ca74e8fc778a54
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
This patch slightly modifes how to enable DPDK Cryptodev.
The startup option 'enable-cryptodev' has been removed and unless not enough
cryptodevs are found, DPDK cryptodev will be enabled by default.
Change-Id: Ic0ac507802cdc0eeb51f065e04ec43a1885617cf
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Clean up spurious binary API client link dependency on libvlib.so,
which managed to hide behind vlib_mains == 0 checks reached by
VLIB_xxx_FUNCTION macros.
Change-Id: I5df1f8ab07dca1944250e643ccf06e60a8462325
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I238258cdeb77035adc5e88903d824593d0a1da90
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
Fan Zhang
Neale Ranns
Neale Ranns
Damjan Marion
Christian Hopps
Sergio Gonzalez Monroy
Simon Zhang
Kingwel Xie
Klement Sekera
Dave Barach
Sachin Saxena
Radu Nicolau
Matthew Smith
Sergio Gonzalez Monroy
Dave Wallace
Andrew Yourtchenko