Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I1152db4b7d1602653d7d8b2c6cb28cf5c526c4ca
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I8585552c026415340fe9fd0458cb8450da3c4ae2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I50070611af15b2b4cc29664a8bee4f821ac3c835
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If56c66dd12eded1cc997087de5fd1b975766c4e2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I35ad6a42093cad0945df1df09a39c63c4560dce6
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Add doxygen documentation for dpdk CLI commands.
Outside of adding documentation to the CLI Commands, modified the CLI
code as follows:
* The "set dpdk interface placement" command allows the user to move
interface/queues to a different thread. But there is only a subset of
threads that are valid. Updated the "show dpdk interface placement"
command to display all valid threads, even if all interface/queues
have been moved off. Updated the "show dpdk interface hqos placement"
the same way.
* There is a command to modify the Subport attributes, but no way to
display the changes. Added a "Subport" section to the "show dpdk
interface hqos" command.
* Reworked the "set dpdk interface hqos subport" command.
- The current implementation had a local rte_sched_subport_params
structure and initialized it to default values, then overwrote with
what was input. The side effect of this is that if all the current
data is non-default, and a new command is entered with just one
attribute, all the remaining attrbutes are getting set back to
default under the cover. Very confusing for the user. Updated the
code to read the current value and overwrite what has changed.
- DPDK does not have a read subport data, so no way query the current
applied values. The set command was not updating the local copy that
is created at init. Modified the code to store the updated values if
the DPDK apply function was successful.
- Several functions repeated the same code to get a pointer to the
local HQoS data. Added a utility function.get_hqos(..), to perform
this action. Did not port other code to use new function.
* The "set dpdk interface hqos pktfield" allows the user to set the
packet fields required for classifiying the incoming packet. The
classification is across three fields (subport, pipe, tc). The command
was using 0,1,2 to represent these three fields, but had no
explanation regarding these magic numbers. Updated the command to take
the three tokens (subport, pipe, tc) for more clarity. For legacy
sake, still allow 0,1,2 to be entered. Also updated the "show dpdk
interface hqos" command to show these tokens.
* The "set dpdk interface hqos tctbl" maps an interface and value 0-63
to a traffic class and queue. The "show dpdk interface hqos" command
showed the internal DPDK magic number for traffic class and queue.
Updated the show command to display what was input instead of the
magic number.
* The "show dpdk hqos queue" command always returns zeros by default
because RTE_SCHED_COLLECT_STATS is not defined in DPDK. Took me a
while to figure out why I wasn't getting values returned. So returned
an error message if RTE_SCHED_COLLECT_STATS is not defined instead of
zeros.
Change-Id: I22b640d668245839ee977ef3602175c61d91d24c
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
In the CLI parsing, below is a common pattern:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
}
unformat_free (line_input);
The 'else' returns if an unknown string is encountered. There a memory
leak because the 'unformat_free(line_input)' is not called. There is a
large number of instances of this pattern.
Replaced the previous pattern with:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
{
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
goto done:
}
}
/* ...Remaining code... */
done:
unformat_free (line_input);
return error;
}
In multiple files, 'unformat_free (line_input);' was never called, so
there was a memory leak whether an invalid string was entered or not.
Also, there were multiple instance where:
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
used 'input' as the last parameter instead of 'line_input'. The result
is that output did not contain the substring in error, instead just an
empty string. Fixed all of those as well.
There are a lot of file, and very mind numbing work, so tried to keep
it to a pattern to avoid mistakes.
Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add doxygen documentation for pcap tx trace CLI command.
In the process of adding the documentation, made the following changes
to the way the command worked:
* If there is an error with any of the attributes, the whole command
fails. The existing behavior was to apply attribute by attribute,
then bail if there was an issue, with partial apply.
* Move the 'on' processing to the end. The existing behavior was to
process the 'on' as it was encountered on the commandline. That meant
that any attributes after the 'on' in the commandline were saved and
displayed, but not really being used in the packet trace.
* Enhanced the 'status' to show all the configured attributes.
NOTE: The packet capture has some weird behavior with regards to how
many packets are written to file and if the file is appended or
overwritten. VPP-634 written to document the issue.
Change-Id: Iab241228b125385052de242865afd9515fa2524f
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: I4433eaed3f4e201edc329c4842cbbf74beb19a9a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3d8b7947ae6d721e9b514a59a7d2de49aed419b5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
When mac address is set prior bringing interface up incorrect rx filter
being installed into the e1000 mac.
Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: Idc17b4a32d40012556d5d8550942db0372ebf23d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Iaecebae25ee4b8df8ca919992a0433e92e82e90c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibf7fc9a54d3fbee431b4814fa8abc5ba29ed9eef
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I8e2e8f94a884ab2f9909d0c83ba00edd38cdab77
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Host interfaces created via the command-line arguments are missed named
(i.e. - UnknownEthernet0 instead of af_packet0). In DPDK 16.11, they
changed the driver names from eth_xxx to net_xxx. However, looks like
the AF_PACKET driver still returns "AF_PACKET PMD" as the driver name
in the rte_eth_dev_info_get(..) call. I modified the driver name look
table in vnet/devices/dpdk/dpdk.h to revert the name back.
Change-Id: I2b0a9f6b4d5245b76548027891d40f81a56b230d
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: If2541be803a0303401b013390e117c26fd1d9739
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
With the CLI command 'create host-interface', no longer need to
support af_packet interface creation via Command-line Arg. However,
this is mostly implemented by passing arguments to DPDK. Instead of
blocking functionality, put a warning in the log directing the user
to the CLI.
Change-Id: I6c6fba6096f32ef232f1da0c5d39396c6d13f54f
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|