|
Revision tags: v24.11, v24.11-rc4, v24.11-rc3, v24.11-rc2, v24.11-rc1 |
|
| #
2ede1422 |
| 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
security: use IPv6 address structure
For consistency with the rest of the code base, update
rte_security_ipsec_tunnel_param to use rte_ipv6_addr structures instead
of in6_addr.
Signed-off-by: Robin
security: use IPv6 address structure
For consistency with the rest of the code base, update
rte_security_ipsec_tunnel_param to use rte_ipv6_addr structures instead
of in6_addr.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
show more ...
|
| #
5ac1abdd |
| 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
pipeline: use IPv6 address structure
Update rte_table_action_ipv6_header and rte_table_action_nat_params to
use rte_ipv6_addr structures instead of uint8_t[16] arrays.
For consistency, also update
pipeline: use IPv6 address structure
Update rte_table_action_ipv6_header and rte_table_action_nat_params to
use rte_ipv6_addr structures instead of uint8_t[16] arrays.
For consistency, also update rte_swx_ipsec_sa_encap_params to use
rte_ipv6_addr instead of in6_addr.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
show more ...
|
| #
89b5642d |
| 18-Oct-2024 |
Robin Jarry <rjarry@redhat.com> |
net: use IPv6 address structure for packet headers
The rte_ipv6_hdr uses ad-hoc uint8_t[16] arrays to represent addresses.
Replace these arrays with the newly added rte_ipv6_addr structure. Adapt
al
net: use IPv6 address structure for packet headers
The rte_ipv6_hdr uses ad-hoc uint8_t[16] arrays to represent addresses.
Replace these arrays with the newly added rte_ipv6_addr structure. Adapt
all code accordingly.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
show more ...
|
|
Revision tags: v24.07, v24.07-rc4, v24.07-rc3, v24.07-rc2, v24.07-rc1, v24.03, v24.03-rc4, v24.03-rc3, v24.03-rc2 |
|
| #
015f535f |
| 01-Mar-2024 |
Stephen Hemminger <stephen@networkplumber.org> |
pipeline: use a better random generator
The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.
Signed-off-by:
pipeline: use a better random generator
The rand() function is weak and using it for salt might be a future
security issue. Use rte_rand() which has a bigger period and more
secure.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
show more ...
|
| #
e9fd1ebf |
| 04-Mar-2024 |
Tyler Retzlaff <roretzla@linux.microsoft.com> |
lib: use C11 alignment attribute on variables
The current location used for __rte_aligned(a) for alignment of
variables is not compatible with MSVC.
For variables, standard C11 offers alignas(a) su
lib: use C11 alignment attribute on variables
The current location used for __rte_aligned(a) for alignment of
variables is not compatible with MSVC.
For variables, standard C11 offers alignas(a) supported by conformant
compilers i.e. both MSVC and GCC.
Replace use of __rte_aligned(a) on variables/fields with alignas(a).
Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
show more ...
|
|
Revision tags: v24.03-rc1, v23.11, v23.11-rc4, v23.11-rc3, v23.11-rc2, v23.11-rc1 |
|
| #
1d63855b |
| 21-Sep-2023 |
Nithin Dabilpuram <ndabilpuram@marvell.com> |
security: introduce out-of-place inline ingress
Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need ou
security: introduce out-of-place inline ingress
Similar to out-of-place (OOP) processing support that exists for
Lookaside crypto/security sessions, Inline ingress security
sessions may also need out of place processing in usecases
where original encrypted packet needs to be retained for post
processing. So for NIC's which have such a kind of HW support,
a new SA option is provided to indicate whether OOP needs to
be enabled on that Inline ingress security session or not.
Since for inline ingress sessions, packet is not received by
CPU until the processing is done, we can only have per-SA
option and not per-packet option like Lookaside sessions.
Also remove reserved_opts field from the rte_security_ipsec_sa_options
struct as mentioned in deprecation notice.
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
show more ...
|
|
Revision tags: v23.07, v23.07-rc4, v23.07-rc3, v23.07-rc2, v23.07-rc1, v23.03, v23.03-rc4, v23.03-rc3, v23.03-rc2, v23.03-rc1 |
|
| #
5a0e82cc |
| 07-Feb-2023 |
Cristian Dumitrescu <cristian.dumitrescu@intel.com> |
pipeline: fix IPsec crypto session leak
In case of rte_ipsec_session_prepare() error, the crypto session was
not freed, leading to its leakage.
Coverity issue: 383139
Fixes: 20777eb5f913 ("pipeline
pipeline: fix IPsec crypto session leak
In case of rte_ipsec_session_prepare() error, the crypto session was
not freed, leading to its leakage.
Coverity issue: 383139
Fixes: 20777eb5f913 ("pipeline: add IPsec")
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
show more ...
|
| #
20777eb5 |
| 26-Jan-2023 |
Cristian Dumitrescu <cristian.dumitrescu@intel.com> |
pipeline: add IPsec
This block is providing IPsec support to the SWX pipeline. The IPsec
block is external to the pipeline, so it needs to be explicitly
instantiated and connected to a pipeline thro
pipeline: add IPsec
This block is providing IPsec support to the SWX pipeline. The IPsec
block is external to the pipeline, so it needs to be explicitly
instantiated and connected to a pipeline through the I/O ports.
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
Signed-off-by: Kamalakannan R <kamalakannan.r@intel.com>
show more ...
|