aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/devices/dpdk
AgeCommit message (Collapse)AuthorFilesLines
2017-02-17Implemented IKEv2 initiator features:Radu Nicolau2-0/+4
- IKE_SA_INIT and IKE_AUTH initial exchanges - Delete IKA SA - Rekey and delete Child SA - Child SAs lifetime policy To set up one VPP instance as the initiator use the following CLI commands (or API equivalents): ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> and finally ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange Child SA re-keying process: 1. Child SA expires 2. A new Child SA is created using the Child SA rekey exchange 3. For a set time both SAs are alive 4. After the set time interval expires old SA is deleted Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA) CLI API additions: ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> ikev2 initiate sa-init <profile id> ikev2 initiate del-child-sa <child sa ispi> ikev2 initiate del-sa <sa ispi> ikev2 initiate rekey-child-sa <profile id> <child sa ispi> Sample configurations: Responder: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.responder ikev2 profile set pr1 id remote fqdn vpp.home.initiator ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 Initiator: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.initiator ikev2 profile set pr1 id remote fqdn vpp.home.responder ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20 ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048 ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256 ikev2 profile set pr1 sa-lifetime 3600 10 5 0 Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-02-17dpdk: quad loop and prefetch in fill_free_listDamjan Marion1-15/+71
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-14VPP-279: Document changes for vnet/vnet/devicesBilly McFall2-52/+210
Add doxygen documentation for pcap tx trace CLI command. In the process of adding the documentation, made the following changes to the way the command worked: * If there is an error with any of the attributes, the whole command fails. The existing behavior was to apply attribute by attribute, then bail if there was an issue, with partial apply. * Move the 'on' processing to the end. The existing behavior was to process the 'on' as it was encountered on the commandline. That meant that any attributes after the 'on' in the commandline were saved and displayed, but not really being used in the packet trace. * Enhanced the 'status' to show all the configured attributes. NOTE: The packet capture has some weird behavior with regards to how many packets are written to file and if the file is appended or overwritten. VPP-634 written to document the issue. Change-Id: Iab241228b125385052de242865afd9515fa2524f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-02-06vlib: remove algned/unaligned buffers schemeDamjan Marion1-118/+13
Change-Id: I4433eaed3f4e201edc329c4842cbbf74beb19a9a Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-04dpdk: move to uio_pci_genericDamjan Marion1-1/+1
Change-Id: I3d8b7947ae6d721e9b514a59a7d2de49aed419b5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-02dpdk: fix crypto coverity warningSergio Gonzalez Monroy1-1/+2
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27dpdk: rework cryptodev ipsec build and setupSergio Gonzalez Monroy11-166/+287
Build Cryptodev IPsec support by default when DPDK is enabled but only build hardware Cryptodev PMDs. To enable Cryptodev support, a new startup.conf option for dpdk has been introduced 'enable-cryptodev'. During VPP init, if Cryptodev support is not enabled or not enough cryptodev resources are available then default to OpenSSL ipsec implementation. Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27dpdk : incorrect rx filter being installedPavel Kotucek3-1/+20
When mac address is set prior bringing interface up incorrect rx filter being installed into the e1000 mac. Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-17dpdk: remove duplicate code in buffers.cDamjan Marion1-122/+9
Change-Id: Idc17b4a32d40012556d5d8550942db0372ebf23d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16dpdk: add 'show dpdk version' cliDamjan Marion1-0/+20
Change-Id: Iaecebae25ee4b8df8ca919992a0433e92e82e90c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16dpdk: register rte_delay_us callback from vnetDamjan Marion1-0/+90
Change-Id: Ibf7fc9a54d3fbee431b4814fa8abc5ba29ed9eef Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-14vlib: add buffer and thread callbacksDamjan Marion7-10/+827
Change-Id: I8e2e8f94a884ab2f9909d0c83ba00edd38cdab77 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-13VPP-580: Host Interface created via Command Line Arg is misnamedBilly McFall1-1/+1
Host interfaces created via the command-line arguments are missed named (i.e. - UnknownEthernet0 instead of af_packet0). In DPDK 16.11, they changed the driver names from eth_xxx to net_xxx. However, looks like the AF_PACKET driver still returns "AF_PACKET PMD" as the driver name in the rte_eth_dev_info_get(..) call. I modified the driver name look table in vnet/devices/dpdk/dpdk.h to revert the name back. Change-Id: I2b0a9f6b4d5245b76548027891d40f81a56b230d Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-10API refactoring : dpdkPavel Kotucek2-0/+349
Change-Id: If2541be803a0303401b013390e117c26fd1d9739 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-09VPP-279: af_packet via Command-line Arg should no longer be supportedBilly McFall1-0/+3
With the CLI command 'create host-interface', no longer need to support af_packet interface creation via Command-line Arg. However, this is mostly implemented by passing arguments to DPDK. Instead of blocking functionality, put a warning in the log directing the user to the CLI. Change-Id: I6c6fba6096f32ef232f1da0c5d39396c6d13f54f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion18-0/+9692
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>