Revert "add ipsecmb plugin"

This reverts commit be16020c5034bc69df25a8ecd7081aec9898d93c.

The arm verify job actually failed but the result was overwritten by an x86 ubuntu retry. 

Change-Id: Idcae7691fc575053563b8ff8bcad661c15891668
Signed-off-by: Florin Coras <fcoras@cisco.com>

src/plugins/ipsecmb/CMakeLists.txt

@@ -1,46 +0,0 @@
-# Copyright (c) 2018 Cisco and/or its affiliates.
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at:
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-find_path(IPSECMB_INCLUDE_DIR NAMES intel-ipsec-mb.h HINTS ${IPSECMB_INCLUDE_DIR_HINT})
-find_library(IPSECMB_LIB NAMES libIPSec_MB.a HINTS ${IPSECMB_LIB_DIR_HINT})
-
-if(IPSECMB_INCLUDE_DIR AND IPSECMB_LIB)
-
-	get_filename_component(IPSECMB_LIB_DIR ${IPSECMB_LIB} DIRECTORY)
-	set(IPSECMB_LINK_FLAGS "${IPSECMB_LINK_FLAGS} -L${IPSECMB_LIB_DIR} -Wl,--whole-archive ${IPSECMB_LIB} -Wl,--no-whole-archive")
-	set(IPSECMB_LINK_FLAGS "${IPSECMB_LINK_FLAGS} -Wl,--exclude-libs,libIPSec_MB.a,-l:libIPSec_MB.a")
-	include_directories(${IPSECMB_INCLUDE_DIR})
-	add_vpp_plugin(ipsecmb
-		SOURCES
-		ipsecmb.c
-		ah_encrypt.c
-		ah_decrypt.c
-		esp_encrypt.c
-		esp_decrypt.c
-
-		MULTIARCH_SOURCES
-		ah_encrypt.c
-		ah_decrypt.c
-		esp_encrypt.c
-		esp_decrypt.c
-
-		LINK_FLAGS
-		${IPSECMB_LINK_FLAGS}
-		)
-
-	message(STATUS "Intel IPSecMB found: ${IPSECMB_INCLUDE_DIR}")
-else()
-	message(STATUS "Intel IPSecMB not found")
-endif()
-
-

src/plugins/ipsecmb/ipsecmb.h

@@ -1,97 +0,0 @@
-#ifndef __included_ipsecmb_h__
-#define __included_ipsecmb_h__
-
-#include <vppinfra/types.h>
-#include <vppinfra/vec.h>
-#include <vppinfra/clib.h>
-#include <vppinfra/warnings.h>
-#include <vnet/ipsec/ipsec.h>
-
-WARN_OFF (attributes);
-
-#ifdef always_inline
-#undef always_inline
-#define __need_redefine__
-#endif
-
-#include <intel-ipsec-mb.h>
-
-#ifdef __need_redefine__
-#if CLIB_DEBUG > 0
-#define always_inline static inline
-#else
-#define always_inline static inline __attribute__ ((__always_inline__))
-#endif
-#endif // __need_redefine__
-WARN_ON (attributes);
-
-typedef struct
-{
-  keyexp_t keyexp_fn;
-  JOB_CIPHER_MODE cipher_mode;
-  u8 key_len;
-  u8 iv_size;
-  u8 block_size;
-} ipsecmb_crypto_alg_t;
-
-typedef struct
-{
-  hash_one_block_t hash_one_block_fn;
-  u8 block_size;
-  JOB_HASH_ALG hash_alg;
-  u8 hash_output_length;
-} ipsecmb_integ_alg_t;
-
-typedef struct
-{
-  u8 aes_enc_key_expanded[16 * 15] __attribute__ ((aligned (16)));
-  u8 aes_dec_key_expanded[16 * 15] __attribute__ ((aligned (16)));
-  u8 ipad_hash[256] __attribute__ ((aligned (16)));
-  u8 opad_hash[256] __attribute__ ((aligned (16)));
-} ipsecmb_sa_t;
-
-typedef struct
-{
-  u8 data[16];
-} random_bytes_t;
-
-typedef u8 urandom_buffer_t[4096];
-
-typedef struct
-{
-  /** read buffer for random data from /dev/urandom */
-  urandom_buffer_t urandom_buffer;
-  /** pool of all the random_bytes_t objects ever allocated */
-  random_bytes_t *rb_pool;
-  /** vector of random_bytes_t objects containing random bytes */
-  u32 *rb_from_dev_urandom;
-  /** vector of used random_bytes_t objects */
-  u32 *rb_recycle_list;
-  /** vector of random bytes collected from encrypted data */
-  u32 *rb_from_traffic;
-} ipsecmb_per_thread_data_t;
-
-typedef struct
-{
-  ipsecmb_crypto_alg_t *crypto_algs;
-  ipsecmb_integ_alg_t *integ_algs;
-  MB_MGR **mb_mgr;
-  ipsecmb_sa_t *sad;
-  ipsecmb_per_thread_data_t *per_thread_data;
-  int dev_urandom_fd;
-} ipsecmb_main_t;
-
-extern ipsecmb_main_t ipsecmb_main;
-
-#define P(x,y) x ## _ ## y
-#define E(x,y) P(x,y)
-#define IPSECMB_FUNC(f) E(f,CLIB_MARCH_VARIANT)
-/*
- * fd.io coding-style-patch-verification: ON
- *
- * Local Variables:
- * eval: (c-set-style "gnu")
- * End:
- */
-
-#endif /* __included_ipsecmb_h__ */

src/vnet/buffer.h

@@ -274,10 +274,6 @@ typedef struct
     {
       u32 flags;
       u32 sad_index;
-      u32 ip_version_traffic_class_and_flow_label;
-      u8 tos;
-      u8 ttl_or_hop_limit;
-      u32 seq;
     } ipsec;
 
     /* MAP */

test/test_ipsec_nat.py

@@ -9,7 +9,7 @@ from util import ppp, ppc
 from template_ipsec import TemplateIpsec
 
 
-class TemplateIPSecNAT(TemplateIpsec):
+class IPSecNATTestCase(TemplateIpsec):
     """ IPSec/NAT
     TUNNEL MODE:
 
@@ -33,7 +33,7 @@ class TemplateIPSecNAT(TemplateIpsec):
 
     @classmethod
     def setUpClass(cls):
-        super(TemplateIPSecNAT, cls).setUpClass()
+        super(IPSecNATTestCase, cls).setUpClass()
         cls.tun_if = cls.pg0
         cls.vapi.ipsec_spd_add_del(cls.tun_spd_id)
         cls.vapi.ipsec_interface_add_del_spd(cls.tun_spd_id,
@@ -236,8 +236,3 @@ class TemplateIPSecNAT(TemplateIpsec):
         self.pg_start()
         capture = self.pg1.get_capture(len(pkts))
         self.verify_capture_plain(capture)
-
-
-class IPSecNAT(TemplateIPSecNAT):
-    """ IPSec/NAT """
-    pass

test/test_ipsecmb_ah.py

@@ -1,31 +0,0 @@
-from test_ipsec_ah import TemplateIpsecAh
-from template_ipsec import IpsecTraTests, IpsecTunTests, IpsecTcpTests
-
-
-class TestIpsecMBAh1(TemplateIpsecAh, IpsecTraTests, IpsecTunTests):
-    """ IpsecMB AH - TUN & TRA tests """
-    extra_vpp_plugin_config = [
-        "plugin", "ipsecmb_plugin.so", "{", "enable", "}"]
-
-    tra4_encrypt_node_name = "ah4-encrypt-ipsecmb"
-    tra4_decrypt_node_name = "ah4-decrypt-ipsecmb"
-    tra6_encrypt_node_name = "ah6-encrypt-ipsecmb"
-    tra6_decrypt_node_name = "ah6-decrypt-ipsecmb"
-    tun4_encrypt_node_name = "ah4-encrypt-ipsecmb"
-    tun4_decrypt_node_name = "ah4-decrypt-ipsecmb"
-    tun6_encrypt_node_name = "ah6-encrypt-ipsecmb"
-    tun6_decrypt_node_name = "ah6-decrypt-ipsecmb"
-
-    @classmethod
-    def ipsec_select_backend(cls):
-        cls.vapi.ipsec_select_backend(protocol=cls.vpp_ah_protocol, index=1)
-
-
-class TestIpsecMBAh2(TemplateIpsecAh, IpsecTcpTests):
-    """ IpsecMB AH - TCP tests """
-    extra_vpp_plugin_config = [
-        "plugin", "ipsecmb_plugin.so", "{", "enable", "}"]
-
-    @classmethod
-    def ipsec_select_backend(cls):
-        cls.vapi.ipsec_select_backend(protocol=cls.vpp_ah_protocol, index=1)

test/test_ipsecmb_esp.py

@@ -1,30 +0,0 @@
-from test_ipsec_esp import TemplateIpsecEsp
-from template_ipsec import IpsecTraTests, IpsecTunTests, IpsecTcpTests
-
-
-class TestIpsecMBEsp1(TemplateIpsecEsp, IpsecTraTests, IpsecTunTests):
-    """ IpsecMB ESP - TUN & TRA tests """
-    extra_vpp_plugin_config = [
-        "plugin", "ipsecmb_plugin.so", "{", "enable", "}"]
-    tra4_encrypt_node_name = "esp4-encrypt-ipsecmb"
-    tra4_decrypt_node_name = "esp4-decrypt-ipsecmb"
-    tra6_encrypt_node_name = "esp6-encrypt-ipsecmb"
-    tra6_decrypt_node_name = "esp6-decrypt-ipsecmb"
-    tun4_encrypt_node_name = "esp4-encrypt-ipsecmb"
-    tun4_decrypt_node_name = "esp4-decrypt-ipsecmb"
-    tun6_encrypt_node_name = "esp6-encrypt-ipsecmb"
-    tun6_decrypt_node_name = "esp6-decrypt-ipsecmb"
-
-    @classmethod
-    def ipsec_select_backend(cls):
-        cls.vapi.ipsec_select_backend(protocol=cls.vpp_esp_protocol, index=1)
-
-
-class TestIpsecMBEsp2(TemplateIpsecEsp, IpsecTcpTests):
-    """ IpsecMB ESP - TCP tests """
-    extra_vpp_plugin_config = [
-        "plugin", "ipsecmb_plugin.so", "{", "enable", "}"]
-
-    @classmethod
-    def ipsec_select_backend(cls):
-        cls.vapi.ipsec_select_backend(protocol=cls.vpp_esp_protocol, index=1)

test/test_ipsecmb_nat.py

@@ -1,13 +0,0 @@
-#!/usr/bin/env python
-
-from test_ipsec_nat import TemplateIPSecNAT
-
-
-class IPSecMBNATTestCase(TemplateIPSecNAT):
-    """ IPSecMB/NAT """
-    extra_vpp_plugin_config = [
-        "plugin", "ipsecmb_plugin.so", "{", "enable", "}"]
-
-    @classmethod
-    def ipsec_select_backend(cls):
-        cls.vapi.ipsec_select_backend(protocol=cls.vpp_ah_protocol, index=1)