| #
9ac91e2f |
| 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
ipsec: use IPv6 address structure
Update rte_ipsec_sadv6_key to use rte_ipv6_addr structures instead of
uint8_t[16] arrays.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
|
| #
aae98b8c |
| 04-Oct-2024 |
Aakash Sasidharan <asasidharan@marvell.com> |
ipsec: allow stateless IPsec processing
Introduce stateless packet preparation API for IPsec
processing. The new API would allow preparation of IPsec
packets without altering the internal state of a
ipsec: allow stateless IPsec processing
Introduce stateless packet preparation API for IPsec
processing. The new API would allow preparation of IPsec
packets without altering the internal state of an IPsec
session.
For outbound IPsec processing, the change enables user to
provide sequence number to be used for the IPsec operation.
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
| #
ff4a29d1 |
| 28-Oct-2021 |
Radu Nicolau <radu.nicolau@intel.com> |
ipsec: support TSO
Add support for transmit segmentation offload to inline crypto processing
mode. This offload is not supported by other offload modes, as at a
minimum it requires inline crypto for
ipsec: support TSO
Add support for transmit segmentation offload to inline crypto processing
mode. This offload is not supported by other offload modes, as at a
minimum it requires inline crypto for IPsec to be supported on the
network interface.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
| #
68977baa |
| 14-Oct-2021 |
Radu Nicolau <radu.nicolau@intel.com> |
ipsec: support SA telemetry
Add telemetry support for ipsec SAs.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit
ipsec: support SA telemetry
Add telemetry support for ipsec SAs.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
| #
01eef590 |
| 14-Oct-2021 |
Radu Nicolau <radu.nicolau@intel.com> |
ipsec: support NAT-T
Add support for the IPsec NAT-Traversal use case for Tunnel mode
packets.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@int
ipsec: support NAT-T
Add support for the IPsec NAT-Traversal use case for Tunnel mode
packets.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
| #
c99d2619 |
| 14-Oct-2021 |
Radu Nicolau <radu.nicolau@intel.com> |
ipsec: support more AEAD algorithms
Added support for AES_CCM, CHACHA20_POLY1305 and AES_GMAC.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@int
ipsec: support more AEAD algorithms
Added support for AES_CCM, CHACHA20_POLY1305 and AES_GMAC.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
| #
957394f7 |
| 04-Feb-2020 |
Marcin Smoczynski <marcinx.smoczynski@intel.com> |
ipsec: support CPU crypto mode
Update library to handle CPU cypto security mode which utilizes
cryptodev's synchronous, CPU accelerated crypto operations.
Signed-off-by: Konstantin Ananyev <konstan
ipsec: support CPU crypto mode
Update library to handle CPU cypto security mode which utilizes
cryptodev's synchronous, CPU accelerated crypto operations.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
show more ...
|
| #
b2ee2692 |
| 21-Oct-2019 |
Vladimir Medvedkin <vladimir.medvedkin@intel.com> |
ipsec: add SAD add/delete/lookup implementation
Replace rte_ipsec_sad_add(), rte_ipsec_sad_del() and
rte_ipsec_sad_lookup() stubs with actual implementation.
It uses three librte_hash tables each o
ipsec: add SAD add/delete/lookup implementation
Replace rte_ipsec_sad_add(), rte_ipsec_sad_del() and
rte_ipsec_sad_lookup() stubs with actual implementation.
It uses three librte_hash tables each of which contains
an entries for a specific SA type (either it is addressed by SPI only
or SPI+DIP or SPI+DIP+SIP)
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
show more ...
|
| #
3feb2360 |
| 21-Oct-2019 |
Vladimir Medvedkin <vladimir.medvedkin@intel.com> |
ipsec: add SAD create/destroy implementation
Replace rte_ipsec_sad_create(), rte_ipsec_sad_destroy() and
rte_ipsec_sad_find_existing() API stubs with actual
implementation.
Signed-off-by: Vladimir
ipsec: add SAD create/destroy implementation
Replace rte_ipsec_sad_create(), rte_ipsec_sad_destroy() and
rte_ipsec_sad_find_existing() API stubs with actual
implementation.
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
show more ...
|
| #
401633d9 |
| 21-Oct-2019 |
Vladimir Medvedkin <vladimir.medvedkin@intel.com> |
ipsec: add inbound SAD API
According to RFC 4301 IPSec implementation needs an inbound SA database
(SAD).
For each incoming inbound IPSec-protected packet (ESP or AH) it has to
perform a lookup with
ipsec: add inbound SAD API
According to RFC 4301 IPSec implementation needs an inbound SA database
(SAD).
For each incoming inbound IPSec-protected packet (ESP or AH) it has to
perform a lookup within it's SAD.
Lookup should be performed by:
Security Parameters Index (SPI) + destination IP (DIP) + source IP (SIP)
or SPI + DIP
or SPI only
and an implementation has to return the 'longest' existing match.
This patch extend DPDK IPsec library with inbound security association
database (SAD) API implementation that:
- conforms to the RFC requirements above
- can scale up to millions of entries
- supports fast lookups
- supports incremental updates
Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
show more ...
|
| #
b53e6272 |
| 27-Sep-2019 |
Konstantin Ananyev <konstantin.ananyev@intel.com> |
doc: fix list of unsupported features in IPsec guide
List of unsupported features doesn't reflect latest changes.
Fixes: cd5b860c1851 ("ipsec: support header construction")
Fixes: 2c1887fad075 ("ip
doc: fix list of unsupported features in IPsec guide
List of unsupported features doesn't reflect latest changes.
Fixes: cd5b860c1851 ("ipsec: support header construction")
Fixes: 2c1887fad075 ("ipsec: fix transport mode for IPv6 with extensions")
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Bernard Iremonger <bernard.iremonger@intel.com>
show more ...
|
| #
e95291f0 |
| 31-May-2019 |
Konstantin Ananyev <konstantin.ananyev@intel.com> |
ipsec: support multi-segment packets
Add support for packets that consist of multiple segments.
Take into account that trailer bytes (padding, ESP tail, ICV)
can spawn across multiple segments.
Sig
ipsec: support multi-segment packets
Add support for packets that consist of multiple segments.
Take into account that trailer bytes (padding, ESP tail, ICV)
can spawn across multiple segments.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
show more ...
|
| #
d629b7b5 |
| 26-Apr-2019 |
John McNamara <john.mcnamara@intel.com> |
doc: fix spelling reported by aspell in guides
Fix spelling errors in the guide docs.
Signed-off-by: John McNamara <john.mcnamara@intel.com>
Acked-by: Rami Rosen <ramirose@gmail.com>
|
| #
3ed37e09 |
| 03-Apr-2019 |
Fan Zhang <roy.fan.zhang@intel.com> |
doc: update supported algorithms in IPsec guide
This patch updates the ipsec library programmer's guide with
the additional algorithms which are now supported.
Signed-off-by: Fan Zhang <roy.fan.zha
doc: update supported algorithms in IPsec guide
This patch updates the ipsec library programmer's guide with
the additional algorithms which are now supported.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
show more ...
|
| #
9ef6cb1a |
| 10-Jan-2019 |
Konstantin Ananyev <konstantin.ananyev@intel.com> |
doc: add IPsec library guide
Add IPsec library guide and update release notes.
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@i
doc: add IPsec library guide
Add IPsec library guide and update release notes.
Signed-off-by: Bernard Iremonger <bernard.iremonger@intel.com>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
show more ...
|