aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/devices
AgeCommit message (Collapse)AuthorFilesLines
2017-08-11Dedicated SW Interface EventNeale Ranns1-3/+3
Change-Id: I06a10a4291e61aec3f1396d2514ed6fe3901897a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-08-01P2P EthernetPavel Kotucek1-0/+6
Change-Id: Idb97e573961b3bc2acdeef77582314590795f8c3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-07-27vhost: debug vhost-user command needs better error checking on the syntax ↵Steven1-5/+26
(VPP-916) The syntax for debug vhost-user is debug vhost-user <on | off> However, currently the code does not reject the invalid command such as below debug vhost-user debug vhost-user on blah debug vhost-user off blah The fix is to enforece the correct syntax and reject the command when invalid option is entered. Change-Id: I1a04ae8ddb6dd299aa6d15b043362964e685ddde Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit 6a4de2764d9e6cadf36af824dddb3f33c2d6dc7e)
2017-06-29Fix SIGBUS on aarch64Christophe Fontaine1-1/+1
A call to 'clib_smp_swap (&((dq)->interrupt_pending), 0)' was creating a SIGBUS. Instead of making dq->interrupt_pending aligned on 64bits, we reduce the size from uword (u64) to u32, as the number of pending interrupts will never go above max of u32. Change-Id: Ifa5a6d3b7adee222329a671be01305cf50853b33 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-06-21Introduce default rx mode for device driversDamjan Marion1-0/+3
If interface is down and queues are not configured then we are not able to change rx-mode. This change introducess default mode which is stored per interface and applied if driver wants. Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-16Add missing barrier sync to rx placement infra codeDamjan Marion1-5/+15
Change-Id: I25ccf8260dbe7e1550aee3904a688fc135ce1f03 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-02vhost: add debug vhost-user on | off CLISteven2-20/+59
Add runtime debug vhost-user on | off CLI to facilitate troubleshooting. This feature is needed to avoid recompiling the code to debug vhost issues. The debugging messages should not be on the data path to avoid performance hit. Change-Id: I4c40f65dbb222557cba3fb8706fa3b7b62eec95f Signed-off-by: Steven <sluong@cisco.com>
2017-05-25af_packet: fix coverity errorRay Kinsella1-2/+19
Fix coverity error associated with fd. Change-Id: I0648aebaf356308bc03cc7217922479bfc4e22f7 Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
2017-05-22vhost: migrate to use device infra for worker thread assignment, rx-mode.Steven4-484/+336
and add adaptive mode support to receive queue - Migrate vhost to use device infra which does the interface/queue to worker thread assignment. - Retire vhost thread CLI and corresponding code which assigns interface/queue to worker thread. set interface placement should be used instead to customize the interface/queue to worker thread assignment. - Retire vhost interrupt/polling option when creating vhost-user interface. Instead, set interface rx-mode should be used. - Add code in vnet_device_input_unassign_thread to change the node state to interrupt if the last polling interface has left the worker thread for the device of the corresponding interface/queue. - Add adaptive mode support. The node state is set to interrupt initially. When the scheduler detects a burst of traffic, it switches the input node to polling. Then we inform the device that we don't need interrupt notification. When the traffic subsides, the scheduler switches the input node back to interrupt. Then we immediately tell the driver that we want interrupt notification again. - Remove some duplicate code in vlib/main.c Change-Id: Id19bb1b9e50e6521c6464f470f5825c26924d3a8 Signed-off-by: Steven <sluong@cisco.com>
2017-05-20vhost: buffers leak and interface disable upon vring descriptor out of mmapSteven1-16/+9
When processing a vring descriptor which is outside of mmap, we disable the interface and spit a message to shut/no shut the interface. This is not practical as application using vhost cannot constantly checking the logs and do the recovery. The proposed fix is to log an error, like other errors that we encounter. The other bug is buffer leak in the function rewind. At the end of the while loop when b_current != b_head, we still have to give back 1 more buffer or add 1 to rx_buffers_len. Change-Id: I68c0b24f070e644cd8878f42272a7b518f14393f Signed-off-by: Steven <sluong@cisco.com>
2017-05-20af_packet: set mac address supportRay Kinsella1-1/+47
Added support to the interfaces mac address. Resolved an fd leak when the interface is a bridge. Change-Id: I6608c51b11a50bd0ae4aabe0dc5788c4301b5a1e Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
2017-05-17vhost: bad packet assembled from descriptor chainingSteven1-1/+2
When the descriptor is chained via multiple parts, vhost is supposed to reassemble the different parts to form a packet prior to passing the packet to the next input node. However, bad packet was seen, having bad ethertype, source, and destination mac addresses. The problem was due to the destination pointer not being incremented as each chain is processed. THe result was the first chain is copied to the beginning of the buffer, the next chain is copied, then the last chain is also copied to the beginning of the buffer. As a result, the ethertype, source and destination mac, etc, are being overwritten by the very last chain of the descriptor. Change-Id: I78f9a91de68c85574047912576dcc311d7597e21 Signed-off-by: Steven <sluong@cisco.com>
2017-05-15af_packet: support changing the mtu sizeRay Kinsella1-1/+23
Added support to the af_packet device to change the MTU size. Change-Id: I9c9e1e17323721f3efccf70a10b753e12eef94d5 Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
2017-05-10device: Add callback for set interface rx-modeSteven1-0/+1
- When the interface rx-mode is changed via CLI, the corresponding device may want to know about it and to reset the driver. This patch is to add the callback. - In the function vnet_hw_interface_set_rx_mode, it appears it is missing a line hw->rx_mode_by_queue[queue_id] = mode because the function is checking if the new mode is the same as hw->rx_mode_by_queue which is initialized to POLLING. So if the function is called to change the mode to interrupt, it just returns without doing anything. This is the check that I am talking about in the same function. if (hw->rx_mode_by_queue[queue_id] == mode) return 0; Change-Id: Iaca2651c43e0ae3fda6fd8dc128e247b0851cc65 Signed-off-by: Steven <sluong@cisco.com>
2017-05-09Fix remaining 32-bit compile issuesDamjan Marion1-1/+1
Change-Id: I9664214652229b663c3e3ba7406b4ede96bfb123 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-05-02Add interface rx mode commands, unify rx mode and placement CLIDamjan Marion3-176/+48
Change-Id: Ib506c3e9d66170f29e3266ad6dc4d32b829befba Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-04-28af_packet: reflect admin device state on hostRay Kinsella3-15/+78
Setting the interface state in VPP on an af_packet device, was not being reflected on the host. This implied the user had to set the device state in VPP and then on the host, in order to put the interface into an 'up' state. This changes makes the device state consisent in VPP and the host. Change-Id: I6dc6aee79503e04576683db937b861337a2b375b Signed-off-by: Ray Kinsella <ray.kinsella@intel.com>
2017-04-28vhost: Disallow duplicate path name for vhost interfaceSteven2-1/+37
When creating or modifying a vhost interface, verify if the path name already existed and reject the command. Change-Id: I8b2d33b77c847f774492874f7d194fa72c488479 Signed-off-by: Steven <sluong@cisco.com>
2017-04-26vhost: Fix mmap size calculationPierre Pfister1-3/+3
I had a bug where a requested size of 1G was resulting in an aligned size of '1G + 2M', resulting in an OOM error. Previous code was adding one huge page size when memory is already aligned. Change-Id: Idd3aa0e9b893fb3efccba6ae1c7161e26d3f9456 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-04-26vhost: core dump on quit with worker threadsSteven1-0/+2
Patch 6347 removed the socket file when the interface is deleted and when VPP process is exitting. The CLI for deleting the interface has builtin vlib_worker_thread_barrier_sync to prevent the worker threads from running. Unfortunately, the CLI quit does not have the builtin vlib_worker_thread_barrier_sync. As a result, it may cause the worker thread to crash. The fix is to add the vlib_worker_thread_barrier_sync in vhost_user_exit. Change-Id: I1eff81170e131098f1799662f0ab48d6fca3def7 Signed-off-by: Steven <sluong@cisco.com>
2017-04-25"autoreply" flag: autogenerate standard xxx_reply_t messagesDave Barach3-55/+5
Change-Id: I72298aaae7d172082ece3a8edea4217c11b28d79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-24vhost: remove socket linked file when deleting vhost interfaceSteven1-9/+18
- Unlink the file created for the socket when deleting vhost interface if we are the server mode. - Remove all vhost interfaces when VPP process is exitting. Change-Id: Id9b676cd027bbd67b473bbd01901d1ecc4d8e6cb Signed-off-by: Steven <sluong@cisco.com>
2017-04-11Devices: set interface placement does not remove the old interface placementSteven1-3/+0
The command set interface placement is supposed to remove the existing interface placement and add a new interface placement based on the given options. My quick test for the CLI shows that the old interface placement continues to exist. But the new interface placement is also added. The bug exists in vnet_device_input_unassign_thread which checks the old thread index is the same as the passed thread index and skips the deletion if they are the same. The fix is to remove the check which is not supposed to be there. Change-Id: Ib055721fad47513949a03b3cb6dc292bd19fd1e8 Signed-off-by: Steven <sluong@cisco.com>
2017-04-11vhost: interrupt mode enhancementsSteven2-34/+26
- Add cpu index to the vring structure for quick lookup - Reduce the code that needs to be protected by vlib_worker_thread_barrier_sync - Set minimum timer no less than 1 ms Change-Id: Iafef4bf6879a8efb350abf4e0f517e38f7ff7a8b Signed-off-by: Steven <sluong@cisco.com>
2017-04-10Common device-input interrupt infraDamjan Marion4-29/+175
Change-Id: I23b588eb56a3f5690158449a1f9bc8053cd3d251 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-04-07MPLS McastNeale Ranns1-1/+1
1 - interface-DPO Used in the Data-plane to change a packet's input interface 2 - MPLS multicast FIB entry Same as a unicast entry but it links to a replicate not a load-balance DPO 3 - Multicast MPLS tunnel Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to . 4 - Resolve a path via a local label (of an mLDP LSP) For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP. 5 - MPLS disposition path sets RPF-ID For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet. 6 - RPF check with per-entry RPF-ID An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface. Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-04-06Use thread local storage for thread indexDamjan Marion6-126/+130
This patch deprecates stack-based thread identification, Also removes requirement that thread stacks are adjacent. Finally, possibly annoying for some folks, it renames all occurences of cpu_index and cpu_number with thread index. Using word "cpu" is misleading here as thread can be migrated ti different CPU, and also it is not related to linux cpu index. Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-30vppinfra: add spinlock inline functionsDamjan Marion6-26/+12
Change-Id: I86089e9bb604adfc260a111685001be1c897ce53 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-29vhost: vhost-user component may become unusable with too many open files ↵Steven1-9/+20
(VPP-668) When the number of open files is reached in the system, vhost may encounter a failure in socket call and return from vhost-user-process. The return terminates all attempts of incoming socket connections in the future, even if the condition is reconciled. The fix is to not return from vhost-user-process, record the error in the interface, spit out the error, and retry the connection every 3 seconds. Change-Id: I806baedf13e8c9b73e7c7820c094240f39949950 Signed-off-by: Steven <sluong@cisco.com>
2017-03-28af_packet driver needs to check VLIB_BUFFER_NEXT_PRESENT flag is setJim Gibson1-1/+2
when walking vlib_buffer_t next_buffer chain on transmit. On buffer allocation: - next_buffer is not and may contain a stale invalid value that should be ignored if not overwritten by a valid value. - VLIB_BUFFER_NEXT_PRESENT flag is cleared and only set if a valid value is written to next_buffer. Change-Id: I9b0ccdc54f4f7456f8328ce7c4a0d52d0fba8caa Signed-off-by: Jim Gibson <gibson+fdio@cisco.com>
2017-03-26Rename "show interfaces" -> "show interface"Dave Barach2-2/+2
To line up with "show interface placement," recently added. Otherwise, "show int" refers only to "show interface placement," which tends to annoy the cash customers... Change-Id: Iea9e3681aeb051e2b0e1ecbf06706d98af9a3abf Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-22vhost: support interrupt modeSteven2-22/+322
vhost currently supports only polling mode. This patch is to add interrupt mode. When the interface is configured for interrupt mode, our input node does not get called unless there is a packet in the vring. If a particular CPU has one interface configured for polling mode and another in interrupt, the input node is set to polling for that CPU. This diffs also includes two crashes in vlib's dispatch_node. One is included in https://gerrit.fd.io/r/#/c/5516. The other crash is in the ASSERT. The ASSERT can become true when the caller of dispatch_node is in a loop. The first call converted the node to polling. The second call thereafter will hit the ASSERT. Change-Id: If17b6d48b20d7d8605c6a161459828637173cd32 Signed-off-by: Steven <sluong@cisco.com>
2017-03-20vnet: add device-input threadplacement infraDamjan Marion5-68/+300
This change adds two new debug CLI command: - "show interface placmenet" to display which thread (main or worker) is responsible for processing interface rx queue vpp# show interface placement Thread 0 (vpp_main): node af-packet-input: host-vpp1 queue 0 Thread 1 (vpp_wk_0): node af-packet-input: host-virbr0 queue 0 Thread 2 (vpp_wk_1): node af-packet-input: host-vpp2 queue 0 host-lxcbr0 queue 0 - "set interface placmenet" to assign thread (main or worker) which process specific interface rx queue vpp# set interface placement host-vpp1 queue 0 main Change-Id: Id4dd00cf2b05e10fae2125ac7cb4411b446c5e9c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-17Fix IP feature ordering.Neale Ranns1-1/+0
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features(). Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour. Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-16vhost: wrong value return for VHOST_USER_VRING_GET_BASESteven1-4/+11
When the VM is migrated, the driver sends VHOST_USER_VRING_GET_BASE message to the device to get the vring offset. The device is supposed to shut down the vring, and return the current vring offset. What the code did was to shutdown the vring, initialize the vring, and return 0 to the driver. The fix is to first store last_avail_idx in the message and then close the vring. Change-Id: I432e9f50f36d89fe53a45e050edcf5e1218caf7a Signed-off-by: Steven <sluong@cisco.com>
2017-03-10Retire vpp_liteDamjan Marion4-4465/+0
vpp_lite platform is not needed anymore as same efect can be achieved with following startup.conf config: plugins { plugin dpdk_plugin.so { disable } } Change-Id: I690ea8ceb1c6e1fe32e01e7da54e9958019a93bf Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-09vlib_mains == 0 special cases be goneDave Barach1-5/+4
Clean up spurious binary API client link dependency on libvlib.so, which managed to hide behind vlib_mains == 0 checks reached by VLIB_xxx_FUNCTION macros. Change-Id: I5df1f8ab07dca1944250e643ccf06e60a8462325 Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-08vhost: binary API changes for interrupt modeSteven4-10/+41
Add operation_mode for create_vhost_user_if, modify_vhost_user_if, and sw_interface_vhost_user_details. Only polling mode is supported for these APIs. Other mode is rejected and gets VNET_API_ERROR_UNIMPLEMENTED error. Change-Id: I0596f4e2c087aa2b6f78eb3e0b63910b1859641e Signed-off-by: Steven <sluong@cisco.com>
2017-03-06features: take device-input buffer advance value directlyDamjan Marion3-4/+3
Change-Id: Ifac7d9134d03d79164ce6f06ae9413279bbaadb3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-02Clean up binary api message handler registration issuesDave Barach1-9/+1
Removed a fair number of "BUG" message handlers, due to conflicts with actual message handlers in api_format.c. Vpp itself had no business receiving certain messages, up to the point where we started building in relevant code from vpp_api_test. Eliminated all but one duplicate registration complaint. That one needs attention from the vxlan team since the duplicated handlers have diverged. Change-Id: Iafce5429d2f906270643b4ea5f0130e20beb4d1d Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-01dpdk: be a pluginDamjan Marion25-11695/+0
Change-Id: I238258cdeb77035adc5e88903d824593d0a1da90 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-03-01devices: vnet_get_aggregate_rx_packets should not be dpdk specificDamjan Marion9-44/+58
Change-Id: I1152db4b7d1602653d7d8b2c6cb28cf5c526c4ca Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-28dpdk: retire support for dpdk 16.07Damjan Marion5-58/+3
Change-Id: I8585552c026415340fe9fd0458cb8450da3c4ae2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-28vlib: add buffer cloning supportDamjan Marion2-13/+39
Change-Id: I50070611af15b2b4cc29664a8bee4f821ac3c835 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-27vlib: add VLIB_BUFFER_EXT_HDR_VALID flagDamjan Marion2-2/+2
Change-Id: If56c66dd12eded1cc997087de5fd1b975766c4e2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-24Fixed QAT device binding and device unbinding when vpp package is removedRadu Nicolau1-1/+1
Change-Id: I35ad6a42093cad0945df1df09a39c63c4560dce6 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-02-24VPP-279: Document changes for vnet/vnet/devicesBilly McFall2-100/+617
Add doxygen documentation for dpdk CLI commands. Outside of adding documentation to the CLI Commands, modified the CLI code as follows: * The "set dpdk interface placement" command allows the user to move interface/queues to a different thread. But there is only a subset of threads that are valid. Updated the "show dpdk interface placement" command to display all valid threads, even if all interface/queues have been moved off. Updated the "show dpdk interface hqos placement" the same way. * There is a command to modify the Subport attributes, but no way to display the changes. Added a "Subport" section to the "show dpdk interface hqos" command. * Reworked the "set dpdk interface hqos subport" command. - The current implementation had a local rte_sched_subport_params structure and initialized it to default values, then overwrote with what was input. The side effect of this is that if all the current data is non-default, and a new command is entered with just one attribute, all the remaining attrbutes are getting set back to default under the cover. Very confusing for the user. Updated the code to read the current value and overwrite what has changed. - DPDK does not have a read subport data, so no way query the current applied values. The set command was not updating the local copy that is created at init. Modified the code to store the updated values if the DPDK apply function was successful. - Several functions repeated the same code to get a pointer to the local HQoS data. Added a utility function.get_hqos(..), to perform this action. Did not port other code to use new function. * The "set dpdk interface hqos pktfield" allows the user to set the packet fields required for classifiying the incoming packet. The classification is across three fields (subport, pipe, tc). The command was using 0,1,2 to represent these three fields, but had no explanation regarding these magic numbers. Updated the command to take the three tokens (subport, pipe, tc) for more clarity. For legacy sake, still allow 0,1,2 to be entered. Also updated the "show dpdk interface hqos" command to show these tokens. * The "set dpdk interface hqos tctbl" maps an interface and value 0-63 to a traffic class and queue. The "show dpdk interface hqos" command showed the internal DPDK magic number for traffic class and queue. Updated the show command to display what was input instead of the magic number. * The "show dpdk hqos queue" command always returns zeros by default because RTE_SCHED_COLLECT_STATS is not defined in DPDK. Took me a while to figure out why I wasn't getting values returned. So returned an error message if RTE_SCHED_COLLECT_STATS is not defined instead of zeros. Change-Id: I22b640d668245839ee977ef3602175c61d91d24c Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-02-22VPP-635: CLI Memory leak with invalid parameterBilly McFall5-134/+343
In the CLI parsing, below is a common pattern: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else return clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); } unformat_free (line_input); The 'else' returns if an unknown string is encountered. There a memory leak because the 'unformat_free(line_input)' is not called. There is a large number of instances of this pattern. Replaced the previous pattern with: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "x")) x = 1; : else { error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); goto done: } } /* ...Remaining code... */ done: unformat_free (line_input); return error; } In multiple files, 'unformat_free (line_input);' was never called, so there was a memory leak whether an invalid string was entered or not. Also, there were multiple instance where: error = clib_error_return (0, "unknown input `%U'", format_unformat_error, line_input); used 'input' as the last parameter instead of 'line_input'. The result is that output did not contain the substring in error, instead just an empty string. Fixed all of those as well. There are a lot of file, and very mind numbing work, so tried to keep it to a pattern to avoid mistakes. Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2 Signed-off-by: Billy McFall <bmcfall@redhat.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-02-17Implemented IKEv2 initiator features:Radu Nicolau2-0/+4
- IKE_SA_INIT and IKE_AUTH initial exchanges - Delete IKA SA - Rekey and delete Child SA - Child SAs lifetime policy To set up one VPP instance as the initiator use the following CLI commands (or API equivalents): ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> and finally ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange Child SA re-keying process: 1. Child SA expires 2. A new Child SA is created using the Child SA rekey exchange 3. For a set time both SAs are alive 4. After the set time interval expires old SA is deleted Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA) CLI API additions: ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> ikev2 initiate sa-init <profile id> ikev2 initiate del-child-sa <child sa ispi> ikev2 initiate del-sa <sa ispi> ikev2 initiate rekey-child-sa <profile id> <child sa ispi> Sample configurations: Responder: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.responder ikev2 profile set pr1 id remote fqdn vpp.home.initiator ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 Initiator: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.initiator ikev2 profile set pr1 id remote fqdn vpp.home.responder ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20 ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048 ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256 ikev2 profile set pr1 sa-lifetime 3600 10 5 0 Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-02-17dpdk: quad loop and prefetch in fill_free_listDamjan Marion1-15/+71
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5 Signed-off-by: Damjan Marion <damarion@cisco.com>