582 Commits

Author SHA1 Message Date
Bernard Iremonger
077d223e25 examples/ethtool: use ixgbe public function
Replace rte_eth_dev_set_vf_rxmode with rte_pmd_ixgbe_set_vf_rx_mode.

Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
2017-01-17 19:39:28 +01:00
Qiming Yang
1e07b4ecb1 examples/ethtool: display firmware version
This patch enhances the ethtool example to support to show
firmware version, in the same way that the Linux kernel
ethtool does.

Signed-off-by: Qiming Yang <qiming.yang@intel.com>
Acked-by: Remy Horton <remy.horton@intel.com>
2017-01-17 22:34:36 +01:00
Tomasz Kulasek
faf08c8b0f examples/performance-thread: add packet type parsing
Last changes in Niantic and Fortville NIC drivers causes that
vector Rx path is chosen by default in l3fwd-thread application.
This path doesn't support propagation of hw packet type recognition
to the packet_type field in mbuf, and packets cannot be classified
properly.

The approach to solve this problem is similar to the commit:
71a7e2424e07 ("examples/l3fwd: fix using packet type blindly").

To use sw packet analyzer, new command line option "--parse-ptype" is
introduced.

Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
2017-01-17 18:40:17 +01:00
Jasvinder Singh
d30185b7bf examples/ip_pipeline: fix parsing of pass-through pipeline
This patch fixes the configuration file parsing error when load balancing
function is enabled in pass-through pipeline.

error log:
pipeline> [APP] Initializing PIPELINE1 ...
[PIPELINE1] Pass-through
Parse error in section "PIPELINE1": entry "lb" has invalid value ("hash")

Fixes: cbe82f6cfb0a ("examples/ip_pipeline: add swap action in pass-through")
Cc: stable@dpdk.org

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2017-01-17 18:37:41 +01:00
Sankar Chokkalingam
ac6bad59f1 examples/ip_pipeline: fix coremask limitation
Issue:
coremask used in IP Pipeline is limited to 64 cores.

Solution:
Modified coremask as an array of uint64_t to support RTE_MAX_LCORE

Fixes: 7f64b9c004aa ("examples/ip_pipeline: rework config file syntax")
Fixes: eb32fe7c5574 ("examples/ip_pipeline: rework initialization parameters")
Fixes: b4aee0fb9c6d ("examples/ip_pipeline: reconfigure thread binding dynamically")
Fixes: 4e14069328fc ("examples/ip_pipeline: measure CPU utilization")

Signed-off-by: Sankar Chokkalingam <sankarx.chokkalingam@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2017-01-17 18:37:41 +01:00
Anand B Jyoti
50c644fc1f examples/ip_pipeline: check VLAN and MPLS parameters
This commit add to CLI command check for the following errors
1. SVLAN and CVLAN IDs greater than 12 bits
2. MPLS ID greater than 20 bits
3. max number of supported MPLS labels to avoid array overflow

It prevents running CLI commands with invalid parameters.

Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2017-01-17 18:37:41 +01:00
Thomas Monjalon
45e1c8b782 examples/ip_pipeline: remove useless makefile line
A dollar sign is missing and it is not needed because of VPATH.

Reported-by: Ilya V. Matveychikov <matvejchikov@gmail.com>
Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
2017-01-17 18:21:11 +01:00
Olivier Matz
88617471b8 examples/l3fwd: rework long options parsing
Avoid the use of several strncpy() since getopt is able to
map a long option with an id, which can be matched in the
same switch/case than short options.

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
2017-01-17 18:10:50 +01:00
Olivier Matz
6876790da1 examples/l2fwd: rework long options parsing
Do the same than in l3fwd to avoid strcmp() for long options.

For l2fwd, there is no long option that take advantage of this new
mechanism as --mac-updating and --no-mac-updating are directly setting a
flag without needing an entry in the switch/case.

So this patch just prepares the framework in case a new long option is
added in the future.

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
2017-01-17 18:10:43 +01:00
Jianfeng Tan
e2a6f1246e examples/l3fwd-power: fix stop and close on signal
As it gets killed, in SIGINT signal handler, device is not stopped
and closed. In virtio's case, vector assignment in the KVM is not
deassigned.

This patch will invoke dev_stop() and dev_close() in signal handler.

Fixes: d7937e2e3d12 ("power: initial import")

Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Tested-by: Lei Yao <lei.a.yao@intel.com>
2017-01-17 09:27:16 +01:00
Jianfeng Tan
82bea46616 examples/l3fwd-power: add --parse-ptype option
To support those devices that do not provide packet type info when
receiving packets, add a new option, --parse-ptype, to analyze
packet type in the Rx callback.

Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Tested-by: Lei Yao <lei.a.yao@intel.com>
2017-01-17 09:27:14 +01:00
Yong Wang
b3bee7d87d examples/vhost: fix lcore initialization
when "TAILQ_INIT()" was added to the loop of "for (lcore_id = 0; ...)"
statement, the assignment to "lcore_ids" was removed out of the loop.
It changed the original initialization of "lcore_ids".

Fix it by introducing two braces.

Fixes: 45657a5c6861 ("examples/vhost: use tailq to link vhost devices")
Cc: stable@dpdk.org

Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
2017-01-17 09:20:18 +01:00
Yong Wang
12ee45a362 examples/vhost: fix calculation of mbuf count
When calculating 'nr_mbufs_per_core', 'MAX_PKT_BURST' was mutiplied
twice. Fix it by removing one of them.

Fixes: bdb19b771e6f ("examples/vhost: fix mbuf allocation failure")
Cc: stable@dpdk.org

Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Acked-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
2017-01-17 09:20:18 +01:00
John McNamara
be05eb445c make python scripts PEP8 compliant
Make all DPDK python application compliant with the PEP8 standard
to allow for consistency checking of patches and to allow further
refactoring.

Signed-off-by: John McNamara <john.mcnamara@intel.com>
2017-01-04 21:12:58 +01:00
Qiming Yang
bcb5b1af48 examples/ethtool: fix driver information
Function pcmd_drvinfo_callback uses struct info to get
the ethtool information of each port. Struct info will
store the information of previous port until this
information be updated. This patch fixes this issue.

Fixes: bda68ab9d1e7 ("examples/ethtool: add user-space ethtool sample application")

Signed-off-by: Qiming Yang <qiming.yang@intel.com>
Acked-by: Remy Horton <remy.horton@intel.com>
2016-12-20 18:22:03 +01:00
Remy Horton
6c66be9a76 examples/ethtool: fix querying non-PCI devices
Doing a device information query on a non-PCI device such as
vhost was resulting in the dereferencing of a NULL pointer
(the absent PCI data), causing a segmentation fault.

Fixes: bda68ab9d1e7 ("examples/ethtool: add user-space ethtool sample application")

Signed-off-by: Remy Horton <remy.horton@intel.com>
2016-12-20 16:06:41 +01:00
Olivier Matz
5d8f0baf69 log: do not drop debug logs at compile time
Today, all logs whose level is lower than INFO are dropped at
compile-time. This prevents from enabling debug logs at runtime using
--log-level=8.

The rationale was to remove debug logs from the data path at
compile-time, avoiding a test at run-time.

This patch changes the behavior of RTE_LOG() to avoid the compile-time
optimization, and introduces the RTE_LOG_DP() macro that has the same
behavior than the previous RTE_LOG(), for the rare cases where debug
logs are in the data path.

So it is now possible to enable debug logs at run-time by just
specifying --log-level=8. Some drivers still have special compile-time
options to enable more debug log. Maintainers may consider to
remove/reduce them.

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
2016-12-01 18:09:13 +01:00
Fan Zhang
a1469c319f examples/ipsec-secgw: fix configuration parsing
Fix pointer to local outside scope.

Coverity issue: 137871
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2016-11-07 21:44:42 +01:00
Fan Zhang
63e8c07c72 examples/ipsec-secgw: fix configuration parsing
Fix copy into fixed size buffer issue.

Coverity issue: 137875
Fixes: 0d547ed0 ("examples/ipsec-secgw: support configuration file")

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2016-11-07 21:38:45 +01:00
Yuanhan Liu
164a601b52 vhost: remove references to vhost-cuse
vhost-cuse is removed, update corresponding comments that are still
referencing it.

Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
2016-11-07 15:59:21 +01:00
Fan Zhang
07b156199f examples/ipsec-secgw: fix configuration string termination
Coverity issue: 137854, 137855
Fixes: 0d547ed03717 ("examples/ipsec-secgw: support configuration file")

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2016-11-07 00:35:43 +01:00
Hemant Agrawal
2ba4dd4bc0 examples/l3fwd: use accelerated CRC on ARM
if machine level CRC extension are available, offload the
hash to machine provide functions e.g. armv8-a CRC extensions
support it

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
2016-10-25 18:49:18 +02:00
Michael Qiu
8e22aae5cb examples/tep_term: fix packet length with multi-segments
For multi-seg mbuf, ip->total_length should be pkt_len subtract
ether len.

Fixes: 4abe471ed6fc ("examples/tep_term: implement VXLAN processing")

Signed-off-by: Michael Qiu <qiudayu@chinac.com>
Acked-by: Jianfeng Tan <jianfeng.tan@intel.com>
2016-10-25 17:50:47 +02:00
Michael Qiu
39f84786a2 examples/tep_term: fix L4 length
l4_len is not fixed, althrough mostly it is a fixed value,
but when guest using iperf to do some tests, the l4_len
will have another 12 bytes optional fields.

Fixes: 2bb43bd4350a ("examples/tep_term: add TSO offload configuration")

Signed-off-by: Michael Qiu <qiudayu@chinac.com>
Acked-by: Jianfeng Tan <jianfeng.tan@intel.com>
2016-10-25 17:50:34 +02:00
Jasvinder Singh
3c55519274 examples/ip_pipeline: fix build with gcc 6
This patch fixes the misleading indentation error on compiling
ip_pipeline app with gcc v6.2.1.

Fixes: 3f2c9f3bb6c6 ("examples/ip_pipeline: add TAP port")

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-25 16:30:52 +02:00
Jasvinder Singh
9e4b3b1844 examples/ip_pipeline: fix build on BSD
Error log:
 CC init.o
 examples/ip_pipeline/init.c:38:22: fatal error: linux/if.h: No such file or directory
 #include <linux/if.h>

Fixes: 3f2c9f3bb6c6 ("examples/ip_pipeline: add TAP port")

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-25 16:29:33 +02:00
Piotr Azarewicz
893fbab031 examples/l2fwd-crypto: fix verify with decrypt in chain
This patch fixes crypto operation data parameters setting
in l2fwd-crypto application, making decryption in chain
with auth verification work.

How to reproduce the issue:

1. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain CIPHER_HASH \
--cipher_op ENCRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op GENERATE --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

2. Send packet with payload and capture forwarded packet.
Payload in forwarded packet is encrypted, what is good.

3. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain HASH_CIPHER \
--cipher_op DECRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op VERIFY --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

4. Send earlier captured packet and capture forwarded packet.
Payload in newly captured packet is not decrypted, what is wrong.

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
2016-10-13 21:58:44 +02:00
Yuanhan Liu
00b8b70666 examples/vhost: add --dequeue-zero-copy option
Add an option, --dequeue-zero-copy, to enable dequeue zero copy.

One thing worth noting while using dequeue zero copy is the nb_tx_desc
has to be small enough so that the eth driver will hit the mbuf free
threshold easily and thus free mbuf more frequently.

The reason behind that is, when dequeue zero copy is enabled, guest Tx
used vring will be updated only when corresponding mbuf is freed. If mbuf
is not freed frequently, the guest Tx vring could be starved.

Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Tested-by: Qian Xu <qian.q.xu@intel.com>
2016-10-13 10:29:31 +02:00
Jianfeng Tan
d3ab8f9737 examples/tep_term: fix inner L4 checksum
When sending packets from virtual machine which in need of TSO
by hardware NIC, the inner L4 checksum is not correct on the
other side of the cable.

It's because get_psd_sum() depends on PKT_TX_TCP_SEG to calculate
pseudo-header checksum, but currently this bit is set after the
function get_psd_sum() is called. The fix is straightforward.
Move the bit setting before get_psd_sum() is called.

Fixes: a50245ede72a ("examples/tep_term: initialize VXLAN sample")

Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
2016-10-13 14:37:48 +02:00
Jianfeng Tan
67b9708f56 examples/tep_term: fix offload on VXLAN
Based on previous fix of offload on VXLAN using i40e, applications
need to set proper tunneling type on ol_flags so that i40e driver
can pass it to NIC.

Fixes: a50245ede72a ("examples/tep_term: initialize VXLAN sample")

Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
2016-10-13 14:37:48 +02:00
Hemant Agrawal
4cbcb7caca examples/l3fwd: enable 4M hash for all 64-bit archs
This patch enables the support for 4 million hash entries
for all 64 bit architectures.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2016-10-13 14:37:48 +02:00
Maxime Coquelin
cf435a07c0 examples/l2fwd: add option --[no-]mac-updating
l2fwd could be useful for testing virtual devices without the need
of physical ones.

To achieve this, this patch adds a new option to enable/disable the
MAC addresses updating done at forwarding time: --[no-]mac-updating

It enables the use of l2fwd for basic VM to VM communication.

By default, MAC address updating remains enabled, to keep consistency
with previous usage.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
2016-10-13 14:37:48 +02:00
Jasvinder Singh
edabd7fef5 examples/qos_sched: fix dequeue from ring
The app_worker_thread() and app_mixed_thread() use rte_ring_sc_dequeue_bulk
to dequeue packets from the ring and this imposes restriction on number of
packets in software ring to be greater than the specified value to start
actual dequeue operation, thus, adds latency to those packets. Therefore,
rte_ring_sc_dequeue_bulk is replaced with rte_ring_sc_dequeue_burst.

Fixes: de3cfa2c9823 ("sched: initial import")

Suggested-by: Tao Y Yang <tao.y.yang@intel.com>
Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
2016-10-13 14:37:48 +02:00
Jasvinder Singh
a77b948a65 examples/ip_pipeline: add configuration with TAP
To illustrate the TAP port usage, the sample configuration file with
passthrough pipeline connected to TAP interface is added.

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-13 11:44:32 +02:00
Jasvinder Singh
3f2c9f3bb6 examples/ip_pipeline: add TAP port
The TAP port support is added to ip_pipeline app. To parse
configuration file with TAP port entries, parsing function is implemented.
The TAP ports configuration check and initialization routines have been
included in application code.

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-13 11:44:08 +02:00
Gowrishankar Muthukrishnan
33aa4f077d examples/ip_pipeline: fix plugin loading
There is typo in init.c of ip_pipeline example due to which,
invalid file path is added to -d option of EAL i.e path starting
with =.

Signed-off-by: Gowrishankar Muthukrishnan <gowrishankar.m@linux.vnet.ibm.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-12 22:50:42 +02:00
Jasvinder Singh
22a79fc830 examples/ip_pipeline: add swap action in configuration
The network_layers configuration file (config/network_layers.cfg)
demonstrates the various network layer components such as TCP, UDP,
ICMP etc, which can be easily integrated into ip pipeline
infrastructure.

The loopback function (implemented using passthrough pipeline) is
updated to perform swap operation on the IP source and destination
address, and UDP source and destination ports.

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-12 22:46:12 +02:00
Jasvinder Singh
cbe82f6cfb examples/ip_pipeline: add swap action in pass-through
Pass-through pipeline is updated with addition of packet fields swap
action. To enable swap action, new entry i.e 'swap' is required in
the passthrough pipeline section of the configuration file, and this
entry contains the offsets (in bytes) of the packet fields to be
swapped.

Each swap entry specifies the pair of packet fields offsets to be
swapped. Therefore, to perform swap action on more than one pair of
packets fields, separate swap entries, each one responsible for unique
pair of packet fields are needed.

Following illustrates the pass-through pipeline configuration that
swaps the source and destination addresses of the mac and tcp
ports of the received packets.

[EAL]
log_level = 0

[PIPELINE0]
type = MASTER
core = 0

[PIPELINE1]
type = PASS-THROUGH
core = 1
pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0
pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0

swap = 256 262; MACDST <-> MACSRC
;swap = 282 286; IPSRC <-> IPDST
swap = 290 292; PORTSRC <-> PORTDST

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-12 22:44:08 +02:00
Jasvinder Singh
eb87d619fa examples/ip_pipeline: set source port default
The default value of ``file_name`` parameter of the source port structure is
changed from ``NULL`` to ``./config/packets.pcap``.

Signed-off-by: Jasvinder Singh <jasvinder.singh@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
2016-10-12 22:26:18 +02:00
Sergio Gonzalez Monroy
50d75cae2a examples/ipsec-secgw: initialize SA salt
This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
e715ca2892 examples/ipsec-secgw: add cryptodev queue size constant
Introduce a specific cryptodev queue size macro.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
6e1892a698 examples/ipsec-secgw: check SP only when setup
Application will segfault if there is IPv4 or IPv6 and no SP/ACL rules
for IPv4 or IPv6 respectively.

Avoid checking the ACL/SP in such cases.

Fixes: 906257e965b7 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
4470c22de2 examples/ipsec-secgw: add AES-CTR
RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.`

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
a9121c4001 examples/ipsec-secgw: add AES-GCM
Add support for AES-GCM (Galois-Counter Mode).

RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
a60c05b540 examples/ipsec-secgw: reset crypto operation status
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
cef50fc6f1 examples/ipsec-secgw: change CBC IV generation
NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator

This patch implements the first recommended method by using the forward
function to generate the IV.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Slawomir Mrozowicz
4ab82fec13 examples/l2fwd-crypto: update for libcrypto
Libcrypto PMD has support for:

Supported cipher algorithms:
RTE_CRYPTO_CIPHER_3DES_CBC
RTE_CRYPTO_CIPHER_AES_CBC
RTE_CRYPTO_CIPHER_AES_CTR
RTE_CRYPTO_CIPHER_3DES_CTR
RTE_CRYPTO_CIPHER_AES_GCM

Supported authentication algorithms:
RTE_CRYPTO_AUTH_AES_GMAC
RTE_CRYPTO_AUTH_MD5
RTE_CRYPTO_AUTH_SHA1
RTE_CRYPTO_AUTH_SHA224
RTE_CRYPTO_AUTH_SHA256
RTE_CRYPTO_AUTH_SHA384
RTE_CRYPTO_AUTH_SHA512
RTE_CRYPTO_AUTH_MD5_HMAC
RTE_CRYPTO_AUTH_SHA1_HMAC
RTE_CRYPTO_AUTH_SHA224_HMAC
RTE_CRYPTO_AUTH_SHA256_HMAC
RTE_CRYPTO_AUTH_SHA384_HMAC
RTE_CRYPTO_AUTH_SHA512_HMAC

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Pablo de Lara
1f393d822d examples/l2fwd-crypto: enable ZUC EEA3 and EIA3
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-08 17:53:10 +02:00
Fan Zhang
60a94afefc examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample
application. The sample configuration files show how to setup
back-to-back systems that would forward traffic through an IPsec
tunnel.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-10-04 20:41:09 +02:00
Fan Zhang
0d547ed037 examples/ipsec-secgw: support configuration file
This patch adds the configuration file support to ipsec_secgw
sample application. Instead of hard-coded rules, the users can
specify their own SP, SA, and routing rules in the configuration
file. A command line option "-f" is added to pass the
configuration file location to the application.

Configuration item formats:

SP rule format:
sp <ip_ver> <dir> esp <action> <priority> <src_ip> <dst_ip> \
<proto> <sport> <dport>

SA rule format:
sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key> \
<mode> <src_ip> <dst_ip>

Routing rule format:
rt <ip_ver> <src_ip> <dst_ip> <port>

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-10-04 20:41:09 +02:00