summaryrefslogtreecommitdiffstats
path: root/vnet/vnet/ipsec/esp_encrypt.c
AgeCommit message (Collapse)AuthorFilesLines
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion1-425/+0
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-12-12ipsec: go straight to lookup after esp encryptSergio Gonzalez Monroy1-4/+4
Currently, IPsec tunnel traffic goes to ip4-input/ip6-input after esp-encrypt. It is not necessary to check that the new IP header is valid (if it is not valid then we have otehr issues). Instead, just send packets straight to ip4-lookup/ip6-lookup after esp-encrypt. Change-Id: I5e35d500cb0f33f418f8554ed1f4390f02b6647d Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-11-28dpdk: add ipsec cryptodev supportSergio Gonzalez Monroy1-25/+0
DPDK Cryptodev support and related IPsec ESP nodes using DPDK Cryptodev APIs. When DPDK Cryptodev support is enabled, the node graph is modified by adding and replacing some of the nodes. The following nodes are replaced: * esp-encrypt -> dpdk-esp-encrypt * esp-decrypt -> dpdk-esp-decrypt The following nodes are added: * dpdk-crypto-input : polling input node * dpdk-esp-encrypt-post : internal node * dpdk-esp-decrypt-post : internal node Change-Id: I6dca9a890abaf4fb2a4fffce3fd08ac013e4d701 Signed-off-by: Zhang, Roy Fan <roy.fan.zhang@intel.com> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-11-22dpdk: quad loop dpdk tx and code optimizationsDamjan Marion1-1/+0
Beside performance optimization this change also introduces rte_mbuf validation in dpdk tx code. If packet is arrving from non-DPDK source like self-originated packets or non-dpdk devices (tuntap, af_packet, netmap, pg) it is not anymore exepcted that it contains valid rte_mbuf metadata unless it is explictely stated by setting VNET_BUFFER_RTE_MBUF_VALID flag. dpdk-input node sets VNET_BUFFER_RTE_MBUF_VALID on all packets and that reduces cost of validation in tx node. Change-Id: I4ad40f398f7b5cf90656a2069a27c0f6fc13efba Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-11-15feature: remove old interface output feature codeDamjan Marion1-3/+1
Only consumer was ipsec which is now moved to the new ip{4,6}-output feature arc. Change-Id: I06008e67b5449c25eae77f28e1688521af3a23e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-09-21VPP-414: Fixed IPSec transport mode in esp_encrypt.cMatus Fabian1-2/+5
Change-Id: I27accb0c87d6bf2fbbe90d8d1bc074697299e639 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2016-09-06IPsec speculative enqueue in exception path, fixes VPP-384Sergio Gonzalez Monroy1-0/+2
Enqueue buffers into next frame before validating them. Change-Id: I466518bc6f304678136a2c3d37f136ce878eef05 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-08-17VPP-202: L2-GRE over IPSecv16.12-rc0Matus Fabian1-15/+18
GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE. The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by bridging the physical interface with IPSec-GRE tunnel interface. Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2016-08-17Fix coverity issues in IPSec code, fixes VPP-189Damjan Marion1-9/+11
Change-Id: I4e43606884ebad9a84abda779b82417192727ef3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-08-09VPP-256 - Coding style cleanup vnet/vnet/ipsecKeith Burns (alagalah)1-272/+300
Change-Id: Ie9e05e2c74e7843a937870e2c64db0499f03a6a4 Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
2016-07-11VPP-183: IPSec transport modeMatus Fabian1-0/+20
Change-Id: I22399aa9d55db0d91da7ba6acbbf552c0d201458 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2016-07-06VPP-177: IPsec empty buffers allocation fixMatus Fabian1-1/+2
Change-Id: I6d224fe19f1e0dd7ad5659e0734bc96ba37337ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2016-06-10Copy missing buffer metadata for ESP transport mode packetsDamjan Marion1-1/+4
Change-Id: I3f5113533b365366cc3f6ef87858e19879f703cf Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-05-19Add support for multiple microarchitectures in single binaryDamjan Marion1-0/+2
* compiler -march= parameter is changed from native to corei7 so code is always genereted with instructions which are available on the Nehalem microarchitecture (up to SSE4.2) * compiler -mtune= parameter is added so code is optimized for corei7-avx which equals to Sandy Bridge microarchitecture * set of macros is added which allows run-time detection of available cpu instructions (e.g. clib_cpu_supports_avx()) * set of macros is added which allows us to clone graph node funcitons where cloned function is optmized for different microarchitecture Those macros are using following attributes: __attribute__((flatten)) __attribute__((target("arch=core-avx2))) I.e. If applied to foo_node_fn() macro will generate cloned functions foo_node_fn_avx2() and foo_node_fn_avx512() (future) It will also generate function void * foo_node_fn_multiarch_select() which detects available instruction set and returns pointer to the best matching function clone. Change-Id: I2dce0ac92a5ede95fcb56f47f3d1f3c4c040bac0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2016-05-04VPP-42: VPP crashes in IPsec code when running multithreadedMatthew Smith1-8/+11
Change-Id: Ib231642cfead5f5e8e45508361a11c87aad83b51 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2016-04-22Add clib_memcpy macro based on DPDK rte_memcpy implementationDamjan Marion1-1/+1
Change-Id: I22cb443c4bd0bf298abb6f06e8e4ca65a44a2854 Signed-off-by: Damjan Marion <damarion@cisco.com>
2015-12-08Initial commit of vpp code.v1.0.0Ed Warnicke1-0/+386
Change-Id: Ib246f1fbfce93274020ee93ce461e3d8bd8b9f17 Signed-off-by: Ed Warnicke <eaw@cisco.com>