The existing comparision triggers the following clang assertion:
error: result of comparison of constant 50331648 with expression of type
'u16' (aka 'unsigned short') is always true
Section 9.1 of RFC3315 describes the DUID type field as:
"A DUID consists of a two-octet type code represented in network byte"
correctly convert the local type to a network short for the comparison.
Type: fix
Change-Id: I7cb048035bd5e06372e29471ae6004ee1b2191b9
Signed-off-by: Tom Jones <thj@freebsd.org>
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
After 9a9604b introduced adaptive mode for crypto dispatch,
the performance of async mode at lower rate got worse.
A work around for CSIT test is done by changing dispatch mode via explicit API call
in 139aba2047
In this change, the CLI is brought back to allow user to fix the
dispatch mode.
set crypto async dispatch mode <polling|interrupt|adaptive>
Type: improvement
Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
libepoll-shim has some hacks to enable functionality, one of these
redefines close as a macro. This conflicts with a close call back. On
FreeBSD undefine this macro at point of use.
Type: improvement
Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2
Signed-off-by: Tom Jones <thj@freebsd.org>
Linux doesn't support the Linux idiom of using lseek and a write to set
the size of a file, instead use ftruncate to accomplish the same effect.
This change is taken from the Nanoteq VPP port commit:
04a1b19b37
Type: improvement
Change-Id: Ie0b83e751b8b8f20b6814e5c9f760035747dfad9
Signed-off-by: Tom Jones <thj@freebsd.org>
FreeBSD doesn't offer epoll, but an implementation which uses kqueue is
available as an external library. On FreeBSD in subsystems which require
epoll have cmake look for libepoll-shim.
Type: improvement
Change-Id: Iafd5406a9e2ebaa53fd94034489ffbbf87a7d040
Signed-off-by: Tom Jones <thj@freebsd.org>
FreeBSD only defines posix scheduling policies, remove the others from
the for each look to allow build.
Type: improvement
Change-Id: Ifdb9414417e8b6ffdf216fd001708b347c496b97
Signed-off-by: Tom Jones <thj@freebsd.org>
Add support for adding Linux and FreeBSD specific sources to
add_vpp_library and support for installing Linux specific headers. Don't
add support for FreeBSD specific headers until we have some to install.
Type: improvement
Change-Id: I38549cf4d71999b71b3298e529323956e54ddc36
Signed-off-by: Tom Jones <thj@freebsd.org>
When an other interface is specified to generate packets from, we should
bind its sw_if_index to the pg interface to use.
Fix if_index_by_sw_if_index variable name, and force to specify a pg
interface to source traffic from.
Type: fix
Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
AlmaLinux is identical to Rocky and can be made to work with
the same build dependencies
Type: feature
Change-Id: I24bb8781a02c15f887c9c26cc98621e6256f4115
Signed-off-by: Kaj Niemi <kajtzu@a51.org>
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's
max path is 4 bytes shorter than Linux's.
Type: improvement
Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7
Signed-off-by: Tom Jones <thj@freebsd.org>
FreeBSD has its own set of syscalls for getting current CPU and NUMA
domain information. Stub out these calls and return CPU 0 and NUMA domain
0 as placeholders until we bring in FreeBSD specific calls.
Type: improvement
Change-Id: Id61df0273b0bcc6acf4844ee626e4f246f9f217b
Signed-off-by: Tom Jones <thj@freebsd.org>
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
Use udp transport refcnt instead of local port refcnt when accepting new
connections.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
tuntap requires porting on FreeBSD, only build on Linux for now.
Type: improvement
Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8
Signed-off-by: Tom Jones <thj@freebsd.org>
Working from the implementation in linux/mem.c add FreeBSD specific
functionality. This duplicates parts of the Linux implementation and a
depuplication job could be run in the future.
Stub out some parts of the API for now, they are either use unavailable
features on FreeBSD or require further implementation than this initial
implementation.
Type: improvement
Change-Id: I1e443e32304d19776a9a4d5e34adfa16ec919427
Signed-off-by: Tom Jones <thj@freebsd.org>
Allow FreeBSD as a platform in the main CMakeLists file. This requires a
correct target for the compiler and an explicit name in the system
check.
The included subdirs require further changes to build, but the compiler
needs to find them before it can complain.
Type: improvement
Change-Id: Ic56fe68290519ef5d3ed61082e7fb0ba0528a3fc
Signed-off-by: Tom Jones <thj@freebsd.org>
tap requires some porting on FreeBSD, while we wait for those changes
only build tap on Linux.
Type: improvement
Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a
Signed-off-by: Tom Jones <thj@freebsd.org>
UDP transport port refcount is incremented even if port is shared. So
decrement it, by unregistering, whener udp connections are cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
Set last thread id and last packet position in TRACE_DUMP_REPLY.
To enable collection of traces from multiple workers using iterator.
Type: fix
Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
