IPSec transport mode support.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Support IPSec IPv6 allowing IPv4/IPv6 traffic in IPv4 or IPv6 tunnel.
We need separate Routing (LPM) and SP (ACL) tables for IPv4 and IPv6,
but a common SA table.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Modify the default SP config variables names to be consistent with SA.
The resulting naming convention is that variables with suffixes _out/_in
are the default for ep0 and the reverse for ep1.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The application only ASSERTS that an SA is not NULL (only when debugging
is enabled) without properly dealing with the case of not having an SA
for the processed packet.
Behavior should be such as if no SA is found, drop the packet.
Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Rework implementation moving from function pointers approach, where each
function implements very specific functionality, to a generic function
approach.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add support for building the application with DEBUG=1.
This option adds the compiler stack protection flag and enables extra
output in the application.
Also remove unnecessary VPATH setup.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Building the application with -O3 and -fstack-protection (default in
Ubuntu) results in the following error:
*** stack smashing detected ***: ./build/ipsec-secgw terminated
The error is caused by storing an 8B value in a 4B variable.
Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Current code fails to correctly check padding sequence for inbound
packets.
Padding sequence starts on 1 but it checks for 0.
Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
SNOW3G and KASUMI unit tests are very similar and
they were using duplicated code, so this commit
refactor and remove some of the duplicated functions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
With the new libsso library, buffers can be encrypted/decrypted,
providing an offset in bits, so an extra unit test has been
added to cover this case.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Snow3G PMD supports now buffers that are non byte multiple,
so tests to cover this case have been added.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
No padding was added in the input buffers for snow3G tests,
due to a wrong calculation of the length (should be multiple
of the block size). This fix takes into account the case
where the length is not byte multiple.
Fixes: 8bdf665fe6 ("app/test: add SNOW 3G")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Instead of modifying the content of the buffers, to compare them
at bit-level, use the new macro TEST_ASSERT_BUFFERS_ARE_EQUAL_BIT,
which does not make any modifications in the buffers.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
The underlying libsso library support SSE4.1 instruction set,
so feature flags of the crypto device must be updated
to reflect this.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Underlying libsso_snow3g library now supports bit-level
operations, so PMD has been updated to allow them.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
In order to avoid using magic numbers, macros for
the IV and digest lengths for Snow3G have been added.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
With the library update, the way to compile the library
has changed, so documentation reflects this change.
Also, the patch to fix the compilation issues present with gcc > 5.0
has been removed, as the issues have been fixed in the library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
The underlying libsso library that SNOW3G PMD uses has been updated,
so now it is called libsso_snow3g. Also, the path to the library
has been renamed to reflect this changes (now called LIBSSO_SNOW3G_PATH).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
In order to compare buffers with length and offset in bits,
new macros have been created, which use the previous compare function
to compare full bytes and then, compare first and last bytes of
each buffer separately.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Added new SW PMD which makes use of the libsso_kasumi SW library,
which provides wireless algorithms KASUMI F8 and F9
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_KASUMI_F8
- RTE_CRYPTO_SYM_AUTH_KASUMI_F9
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Some crypto PMDs that support symmetric crypto were not marked
as supported in the supported feature flags table.
Fixes: 2373c0661b ("doc: add cryptodevs guide overview")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Instead of using the previous RTE_APP_TEST_DEBUG macro,
to dump memory when it was enabled (with rte_hexdump),
a new TEST_HEXDUMP is defined, which will call rte_hexdump
if RTE_LOG_LEVEL is set to RTE_LOG_DEBUG.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Fixes: 202d375c60 ("app/test: add cryptodev unit and performance tests")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When RTE_APP_TEST_DEBUG is set, there were some errors:
app/test/test_cryptodev.c: In function ‘create_gcm_operation’:
app/test/test_cryptodev.c:3619:18: error: ‘struct rte_crypto_op’ has no member named ‘digest’
ut_params->op->digest.data,
^
app/test/test_cryptodev.c:3620:18: error: ‘struct rte_crypto_op’ has no member named ‘digest’
ut_params->op->digest.length);
^
app/test/test_cryptodev.c:3662:41: error: ‘struct rte_crypto_op’ has no member named ‘iv’
rte_hexdump(stdout, "iv:", ut_params->op->iv.data, iv_pad_len);
^
app/test/test_cryptodev.c:3664:17: error: ‘struct rte_crypto_op’ has no member named ‘additional_auth’
ut_params->op->additional_auth.data, aad_len);
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Cryptodev performance tests do not need to use any function
from rte_hexdump.h.
Fixes: 202d375c60 ("app/test: add cryptodev unit and performance tests")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Updating the AES performance test in line with snow3g performance test.
Output format has been updated so as to get better understanding of numbers.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Adding performance test for snow3g wireless algorithm.
Performance test can run over both software and hardware.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
This patch adds the HMAC-SHA224 and HMAC-SHA384 digest generation and
verification tests to crypto
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch reworks the crypto AES unit test by introducing a new unified
test function
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The KeepAlive rte_keepalive_mark_sleep function was not being exported.
Fixes: 90c622f356 ("keepalive: add liveness callback")
Signed-off-by: Remy Horton <remy.horton@intel.com>
Patch fixes resource leak in rte_eal_hugepage_attach() where mapped files
were not freed back to the OS in case of failure. Patch uses the behavior
of Linux munmap: "It is not an error if the indicated range does not
contain any mapped pages".
Coverity issue: 13295, 13296, 13303
Fixes: af75078fec ("first public release")
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
It is possible to get an integer overflow if we try to reserve a memzone
with len = 0 (meaning the maximum contiguous space available) and the
maximum available elem size is less than (MALLOC_ELEM_OVERHEAD + align).
Coverity issue: 107111
Fixes: fafcc11985 ("mem: rework memzone to be allocated by malloc")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch fixes wrong resource release of pci_uio_unmap().
The 'path' member of mapped_pci_resource structure is allocated by
primary process, but currently it will be freed by both primary
and secondary process.
The patch fixes to be freed by only primary process.
Signed-off-by: Tetsuya Mukawa <mukawa@igel.co.jp>
Acked-by: David Marchand <david.marchand@6wind.com>
This patch fixes resource leak of pci_uio_map_secondary().
If pci_map_resource() succeeds but mapped address is different from an
address primary process mapped, this should be error.
Then the addresses secondary process mapped should be freed.
Signed-off-by: Tetsuya Mukawa <mukawa@igel.co.jp>
Acked-by: David Marchand <david.marchand@6wind.com>
This patch fixes wrong error checking of rte_eal_parse_devargs_str().
Currently, a return value of strdup() is wrongly checked.
Fixes: 0fe11ec592 ("eal: add vdev init and uninit")
Signed-off-by: Tetsuya Mukawa <mukawa@igel.co.jp>
Acked-by: David Marchand <david.marchand@6wind.com>
The function rte_thread_setname needs glibc 2.12,
otherwise it returns -1 without using any parameter.
The macro RTE_SET_USED avoids an "unused parameter" warning.
Fixes: 3901ed99c2 ("eal: fix thread naming on FreeBSD")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
rte_thread_setname was a macro defined only for Linux.
The function rte_thread_setname() can now be used on FreeBSD
as well on Linux.
It is required to build librte_pdump.
The macro was 0 for old glibc. The function is now returning -1.
The related logs are decreased from error to debug level because
it is not an important failure, just a debug inconvenience.
Fixes: 278f945402 ("pdump: add new library for packet capture")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: David Marchand <david.marchand@6wind.com>
The function rte_keepalive_register_alive_callback do not exist.
The function rte_keepalive_register_relay_callback was missing for BSD.
Fixes: 90c622f356 ("keepalive: add liveness callback")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Using of the /dev/stdin generates a warning when compiling on FreeBSD:
objcopy: Warning: '/dev/stdin' is not an ordinary file
app/test/Makefile:78: recipe for target 'test_resource_c.res.o' failed
# ls -l /dev/stdin
lrwxr-xr-x 1 root wheel 4 Jun 17 12:24 /dev/stdin -> fd/0
Replace /dev/stdin by a temporary file.
Reported-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Signed-off-by: Jan Viktorin <viktorin@rehivetech.com>
Tested-by: Thomas Monjalon <thomas.monjalon@6wind.com>
The variables AESNI_MULTI_BUFFER_LIB_PATH and LIBSSO_PATH
are not required for "make clean".
It is the same fix as in the commit e277b2397.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
The objcopy and tar commands were printed even in quiet mode.
They are now replaced by a simple line and still visible in verbose mode.
Fixes: ab64f5df80 ("app/test: support resources externally linked")
Fixes: 66819e6c11 ("app/test: support resources archived by tar")
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Call rte_pdump_init and rte_pdump_uninit for packet
capturing initialization and uninitialization.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
The new pdump tool is added for packet capturing on dpdk.
This tool runs as secondary process by default.
Tool facilitates the command line options like
port, device_id, queue which user should pass on
to the tool to request the packet capture on those devices.
Tool creates the rte ring, mempool and pcap vdev and
calls the enable API of the pdump library with port/device_id,
queue, ring and mempool as arguments to enable the packet
capture on specific devices and gets the packets from the
primary process over the ring. Once the packets are
received, those packets will be send to the pcap vdev.
Tool can be terminated by using ctrl+c(SIGINT) upon which tool
calls the disable API of the pdump library to disable the packet capture
and dequeues the rest of the packets from the ring and sends them on
to the pcap vdev, then after releases all allocated resources.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
The librte_pdump library provides a framework for
packet capturing in dpdk. The library provides set of
APIs to initialize the packet capture framework, to
enable or disable the packet capture, and to uninitialize
it.
The librte_pdump library works on a client/server model.
The server is responsible for enabling or disabling the
packet capture and the clients are responsible
for requesting the enabling or disabling of the packet
capture.
Enabling APIs are supported with port, queue, ring and
mempool parameters. Applications should pass on this information
to get the packets from the dpdk ports.
For enabling requests from applications, library creates the client
request containing the mempool, ring, port and queue information and
sends the request to the server. After receiving the request, server
registers the Rx and Tx callbacks for all the port and queues.
After the callbacks registration, registered callbacks will get the
Rx and Tx packets. Packets then will be copied to the new mbufs that
are allocated from the user passed mempool. These new mbufs then will
be enqueued to the application passed ring. Applications need to dequeue
the mbufs from the rings and direct them to the devices like
pcap vdev for viewing the packets outside of the dpdk
using the packet capture tools.
For disabling requests, library creates the client request containing
the port and queue information and sends the request to the server.
After receiving the request, server removes the Rx and Tx callback
for all the port and queues.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Converted rte_eth_dev_get_port_by_name to a public API.
Converted rte_eth_dev_get_name_by_port to a public API.
The librte_pdump library provides the APIs to enable or disable the
packet capture either using the port id or pci address or device name.
So pdump library need to do a mapping from name to port and port to name
internally to validate the device name and register the Rx and Tx
callbacks for the mapped ports. So these APIs are made public for the
pdump library for doing the mentioned mappings.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
The new fields nb_rx_queues and nb_tx_queues are added to the
rte_eth_dev_info structure.
Changes to API rte_eth_dev_info_get() are done to update these new fields
to the rte_eth_dev_info object.
Release notes is updated with the changes.
The librte_pdump library needs to register Rx and Tx callbacks for all
the nb_rx_queues and nb_tx_queues, when application wants to capture the
packets on all the software configured number of Rx and Tx queues of the
device. So far there is no support to get nb_rx_queues and nb_tx_queues
information from the ethdev library. Hence these changes are introduced.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
