summaryrefslogtreecommitdiffstats
path: root/src/vnet/devices
AgeCommit message (Collapse)AuthorFilesLines
2017-02-17Implemented IKEv2 initiator features:Radu Nicolau2-0/+4
- IKE_SA_INIT and IKE_AUTH initial exchanges - Delete IKA SA - Rekey and delete Child SA - Child SAs lifetime policy To set up one VPP instance as the initiator use the following CLI commands (or API equivalents): ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> and finally ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange Child SA re-keying process: 1. Child SA expires 2. A new Child SA is created using the Child SA rekey exchange 3. For a set time both SAs are alive 4. After the set time interval expires old SA is deleted Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA) CLI API additions: ikev2 profile set <id> responder <interface> <addr> ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type> ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type> ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes> ikev2 initiate sa-init <profile id> ikev2 initiate del-child-sa <child sa ispi> ikev2 initiate del-sa <sa ispi> ikev2 initiate rekey-child-sa <profile id> <child sa ispi> Sample configurations: Responder: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.responder ikev2 profile set pr1 id remote fqdn vpp.home.initiator ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 Initiator: ikev2 profile add pr1 ikev2 profile set pr1 auth shared-key-mic string Vpp123 ikev2 profile set pr1 id local fqdn vpp.home.initiator ikev2 profile set pr1 id remote fqdn vpp.home.responder ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0 ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20 ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048 ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256 ikev2 profile set pr1 sa-lifetime 3600 10 5 0 Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-02-17dpdk: quad loop and prefetch in fill_free_listDamjan Marion1-15/+71
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-14VPP-279: Document changes for vnet/vnet/devicesBilly McFall2-52/+210
Add doxygen documentation for pcap tx trace CLI command. In the process of adding the documentation, made the following changes to the way the command worked: * If there is an error with any of the attributes, the whole command fails. The existing behavior was to apply attribute by attribute, then bail if there was an issue, with partial apply. * Move the 'on' processing to the end. The existing behavior was to process the 'on' as it was encountered on the commandline. That meant that any attributes after the 'on' in the commandline were saved and displayed, but not really being used in the packet trace. * Enhanced the 'status' to show all the configured attributes. NOTE: The packet capture has some weird behavior with regards to how many packets are written to file and if the file is appended or overwritten. VPP-634 written to document the issue. Change-Id: Iab241228b125385052de242865afd9515fa2524f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-02-14Fix is_server flag in vhost dump (VPP-562)Marek Gradzki1-0/+1
Change-Id: I5b308eb39ae770d58d1498d7fafa49b236b3f534 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-02-14vhost-user: fix crash when descriptor points to unknown regionDamjan Marion1-1/+2
This happens only on when compiled for older microarchitectures, where BSF insutruction is used instead of TZCNT. BSF provides undefined result if operand is 0. Change-Id: I7a13350786a533428168595097ef01a560fde53b Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-06vlib: remove algned/unaligned buffers schemeDamjan Marion1-118/+13
Change-Id: I4433eaed3f4e201edc329c4842cbbf74beb19a9a Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-04dpdk: move to uio_pci_genericDamjan Marion1-1/+1
Change-Id: I3d8b7947ae6d721e9b514a59a7d2de49aed419b5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-03vhost-user: fix missing speculative enqueue unwindSteven1-0/+4
Running trex in a VM with a bad config, trex sent a bogus pack from the VM to the Virtual interface. It caused a crash. Change-Id: I64d0197b444265553ab4c24f21e6a962e89cb587 Signed-off-by: Steven <sluong@cisco.com>
2017-02-02dpdk: fix crypto coverity warningSergio Gonzalez Monroy1-1/+2
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27dpdk: rework cryptodev ipsec build and setupSergio Gonzalez Monroy11-166/+287
Build Cryptodev IPsec support by default when DPDK is enabled but only build hardware Cryptodev PMDs. To enable Cryptodev support, a new startup.conf option for dpdk has been introduced 'enable-cryptodev'. During VPP init, if Cryptodev support is not enabled or not enough cryptodev resources are available then default to OpenSSL ipsec implementation. Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27dpdk : incorrect rx filter being installedPavel Kotucek3-1/+20
When mac address is set prior bringing interface up incorrect rx filter being installed into the e1000 mac. Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-19af_packet: multithreading supportMohsin KAZMI4-11/+86
This patch adds multithreading support for af_packet interfaces. Change-Id: Ief5d1117e7ffeaa59dbc2831e583d5d8e8d4fa7a Signed-off-by: Mohsin KAZMI <sykazmi@cisco.com>
2017-01-18Fix coverity warnings, VPP-608Dave Barach1-2/+6
Change-Id: Ib0144ba3a9a09971d3946c932e8fed6d5c1ad278 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-17Fix crash on deleting activated vhost-user - VPP-603Wojciech Dec1-3/+4
Vhost-user pool getting freed prematurely Change-Id: I952821ec85efa68923d09a643c70b6b309ea2574 Signed-off-by: Wojciech Dec <wdec@cisco.com>
2017-01-17dpdk: remove duplicate code in buffers.cDamjan Marion1-122/+9
Change-Id: Idc17b4a32d40012556d5d8550942db0372ebf23d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16dpdk: add 'show dpdk version' cliDamjan Marion1-0/+20
Change-Id: Iaecebae25ee4b8df8ca919992a0433e92e82e90c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-16dpdk: register rte_delay_us callback from vnetDamjan Marion1-0/+90
Change-Id: Ibf7fc9a54d3fbee431b4814fa8abc5ba29ed9eef Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-14vlib: add buffer and thread callbacksDamjan Marion7-10/+827
Change-Id: I8e2e8f94a884ab2f9909d0c83ba00edd38cdab77 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-01-14VPP-279: Document changes for vnet/vnet/devicesBilly McFall3-3/+97
Add doxygen documentation for netmap CLI commands. Change-Id: I8d3ce12b1cfa5af30ddcd31cb476ca4652cfc2f3 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-13VPP-580: Host Interface created via Command Line Arg is misnamedBilly McFall1-1/+1
Host interfaces created via the command-line arguments are missed named (i.e. - UnknownEthernet0 instead of af_packet0). In DPDK 16.11, they changed the driver names from eth_xxx to net_xxx. However, looks like the AF_PACKET driver still returns "AF_PACKET PMD" as the driver name in the rte_eth_dev_info_get(..) call. I modified the driver name look table in vnet/devices/dpdk/dpdk.h to revert the name back. Change-Id: I2b0a9f6b4d5245b76548027891d40f81a56b230d Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-10VPP-585: vhost-user interface deletion leaks memory.Ole Troan1-0/+7
Change-Id: I69bbc447e1989adea40f052eac4550036b6e2e1e Signed-off-by: Ole Troan <ot@cisco.com>
2017-01-10API refactoring : dpdkPavel Kotucek2-0/+349
Change-Id: If2541be803a0303401b013390e117c26fd1d9739 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-09VPP-279: af_packet via Command-line Arg should no longer be supportedBilly McFall1-0/+3
With the CLI command 'create host-interface', no longer need to support af_packet interface creation via Command-line Arg. However, this is mostly implemented by passing arguments to DPDK. Instead of blocking functionality, put a warning in the log directing the user to the CLI. Change-Id: I6c6fba6096f32ef232f1da0c5d39396c6d13f54f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-06VPP-279: doxygen documentation for host interface CLI commandsBilly McFall2-2/+65
Change-Id: I2c6c16688be35e2e122c2377ded467c68a4c5a97 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2017-01-03VPP-574: fix VPP hang during security group configuration on a suspended VMAndrew Yourtchenko1-0/+4
The unix connect() in vhost-user driver in VPP is blocking, and a non-expedient accept() on the other side causes the entire VPP to hang. Solution: set the nonblocking flag for the socket fd before calling connect(), and set the socket back to blocking after the accept() succeeds. Change-Id: Ia5ee782037eeffabdad71db8241f476a048a4f6f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-03Fix crash on null vhost-user socket - VPP-573Wojciech Dec1-0/+5
Fix for VPP-573. Change-Id: If7d9690901efebf62fdf28219097153d98c79c0c Signed-off-by: Wojciech Dec <wdec@cisco.com>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion47-0/+22733
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>