vpp - Vector Packet Processing

Age	Commit message (Collapse)	Author	Files	Lines
2019-12-23	ipsec: Test and fix IPSec worker hand-off	Neale Ranns	1	-2/+2
	Type: fix Change-Id: I5cb9a3845ddbc5f4de4eb4e9c481f606fe5cec9a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-12-17	ipsec: bind an SA to a worker	Neale Ranns	1	-10/+28
	the sequence number increment and the anti-replay window checks must be atomic. Given the vector nature of VPP we can't simply use atomic increments for sequence numbers, since a vector on thread 1 with lower sequence numbers could be 'overtaken' by packets on thread 2 with higher sequence numbers. The anti-replay logic requires a critical section, not just atomics, and we don't want that. So when the SA see the first packet it is bound to that worker all subsequent packets, that arrive on a different worker, are subject to a handoff. Type: feature Change-Id: Ia20a8645fb50622ea6235ab015a537f033d531a4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-09-25	ip: respect buffer boundary when searching for ipv6 headers	Klement Sekera	1	-1/+2
	Type: fix Change-Id: I5a5461652f8115fa1270e20f748178fb5f5450f2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-08-01	ipsec: Redo the anit-replay check post decrypt	Neale Ranns	1	-0/+7
	Type: fix Change-Id: I1fa8c5326d6f22cfb8dd40e97d8a22d11a716922 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-24	ipsec: GCM, Anti-replay and ESN fixess	Neale Ranns	1	-2/+2
	Type: fix Several Fixes: 1 - Anti-replay did not work with GCM becuase it overwrote the sequence number in the ESP header. To fix i added the seq num to the per-packet data so it is preserved 2 - The high sequence number was not byte swapped during ESP encrypt. 3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM the others return BAD_HMAC. removed the former 4 - improved tracing to show the low and high seq numbers 5 - documented the anti-replay window checks 6 - fixed scapy patch for ESN support for GCM 7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-18	ipsec: ipsec-tun protect	Neale Ranns	1	-6/+1
	please consult the new tunnel proposal at: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-05	ipsec: ah_decrypt rework	Filip Tehlar	1	-167/+283
	This patch refactors AH decrypt node in such way that it calls crypto backend only once per node call. Type: refactor Change-Id: I0dc72ff699042a151e64d44f76f791c5136ec009 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-05-14	IPSEC: remove unecessary pass by reference of sequence number	Neale Ranns	1	-1/+1
	Change-Id: Id406eb8c69a89c57305d8f138e8e6730037aa799 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-04	ipsec: trunc_size -> icv_size	Damjan Marion	1	-1/+1
	Change-Id: Idb661261c2191adda963a7815822fd7a27a9e7a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29	IPSEC-GRE: fixes and API update to common types.	Neale Ranns	1	-4/+1
	Change-Id: Icdcbac7453baa837a9c0c4a2401dff4a6aa6cba0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28	ipsec: anti-replay code cleanup	Damjan Marion	1	-22/+4
	Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-27	ipsec: compress ipsec_sa_t so data used by dataplane code fits in cacheline	Damjan Marion	1	-5/+6
	Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25	IPSEC tests fnd fix or Extended Sequence Numbers	Neale Ranns	1	-8/+4
	Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-20	ipsec: keep crypto data inside SA	Damjan Marion	1	-4/+2
	Change-Id: Ie8986bd3652d25c4befe681cea77df95aba37ebc Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-19	crypto: introduce crypto infra	Damjan Marion	1	-4/+2
	Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-05	ipsec: cleanup, remove unnecessary code,	Kingwel Xie	1	-4/+2
	ipsec_proto_main moved to ipsec.c fix missing '\0' of backend name Change-Id: I90760b3045973a46792c2f098d9b0b1b3d209ad0 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-22	IPSEC: header exports	Neale Ranns	1	-0/+1
	Change-Id: I7d48a4e236c6e7b11b0c9750a30fb68e829d64a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-18	IPSEC: move SA counters into the stats segment	Neale Ranns	1	-2/+8
	1) stats are accessed via the stat segment which is more condusive to monitoring 2) stats are accurate in the presence of multiple threads. There's no guarantee that an SA is access from only one worker. Change-Id: Id5e217ea253ddfc9480aaedb0d008dea031b1148 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-07	IPSEC: no second lookup after tunnel encap	Neale Ranns	1	-3/+3
	in the same maaner as with other tunnel tyeps we use the FIB to cache and track the destination used to reach the tunnel endpoint. Post encap we can then ship the packet straight to this adjacency and thus elide the costly second lookup. - SA add and del function so they can be used both directly from the API and for tunnels. - API change for the SA dump to use the SA type - ipsec_key_t type for convenience (copying, [un]formating) - no matching tunnel counters in ipsec-if-input Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-04	ipsec: simplify bumping counters - cosmetic change	Klement Sekera	1	-36/+10
	Change-Id: Ibb55427ed49d0277854a352922c6c4bb007bf072 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-02	IPSEC-AH: anti-replay testing	Neale Ranns	1	-4/+5
	Change-Id: Ia5d45db73e4bdb32214ed4f365d5eec8e28115f3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-30	IPSEC-AH: fix packet drop	Neale Ranns	1	-5/+0
	Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-10-29	migrate ipsec to new multiarch infra	Klement Sekera	1	-11/+6
	Change-Id: Ibef46e068cd72415af28920b0146adf48105bf68 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-23	c11 safe string handling support	Dave Barach	1	-3/+3
	Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-23	ipsec: fix wrong counter bump	Klement Sekera	1	-1/+1
	Change-Id: I5105b688ef3df2c949ba09e1e90c1b8913502388 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-22	ipsec: split ipsec nodes into ip4/ip6 nodes	Klement Sekera	1	-81/+108
	Change-Id: Ic6b27659f1fe9e8df39e80a0441305e4e952195a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-10-03	ipsec: add missing ipv6 ah code & ipv6 tests	Klement Sekera	1	-13/+45
	Change-Id: I89e90193ded1beb6cb0950c15737f9467efac1c3 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-11-28	IPSec AH protocol enhancement in VPP native core	“mukeshyadav1984”	1	-0/+343
	Change-Id: Iec5804d768485f4015bbf732d8d19ef2f24e6939 Signed-off-by: “mukeshyadav1984” <mukyadav@cisco.com>