Re: [vpp-dev] hw_address of vnet_hw_interface_t
Hi, It is the responsibility of the interface drivers to allocate the hw_address i.e.: error = ethernet_register_interface (vnm, virtio_device_class.index, vif->dev_instance, vif->mac_addr, >hw_if_index, virtio_pci_flag_change); -br Mohsin From: on behalf of Catalin Vasile Date: Friday, April 2, 2021 at 5:44 AM To: "vpp-dev@lists.fd.io" Subject: [vpp-dev] hw_address of vnet_hw_interface_t Hi, I'm trying to go through the VPP sources. One of the things I having a hard time understanding is: where is hw_address allocated for vnet_hw_interface_t ? I cannot find it anywhere. Best regards, Catalin Vasile -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19100): https://lists.fd.io/g/vpp-dev/message/19100 Mute This Topic: https://lists.fd.io/mt/81796186/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] child sa rekey
Hi Venu, > Strongswan keeps track for whatever is required but kernel feeds > the relevant information via events. Right, VPP model is different: it does not keep track of lifetime and the control plane must poll the per-SA bytes counters instead (which is what eg. the VPP ike2 plugin is doing). Best ben -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19099): https://lists.fd.io/g/vpp-dev/message/19099 Mute This Topic: https://lists.fd.io/mt/81780992/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] child sa rekey
small correction , strongswan call *expire* not migrate On Fri, 2 Apr 2021 at 15:07, Venumadhav Josyula via lists.fd.io wrote: > Hi Benoit, > > Strongswan keeps track for whatever is required but kernel feeds the > relevant information via events. > > For *child sa*, in the kernel world, it is kernel which XFRM_EXPIRE > message via netlink. The strongswan is listening of netlink events for the > same. When it receives events from the kernel it processes expire and calls > the relevant 'charon->kernel->migrate'. > > Please note i am only talking about child sa rekey where kernel send > events, for IKE SA rekey the strongswan works on timer basis. > > Thanks, > Regards, > Venu > > On Fri, 2 Apr 2021 at 14:35, Benoit Ganne (bganne) > wrote: > >> Hi Venu, >> >> I am not familiar with the kernel-vpp plugin you mention, however if I >> understand correctly your question is how strongSwan can know it must >> trigger a rekey because of time expiration or max bytes transferred? >> VPP IPsec does not manage SA lifetimes by itself, it is the >> responsibility of strongSwan (or any other IKE stack). strongSwan can keep >> track of time by itself, and regarding the max bytes limit, VPP exposes >> per-SA bytes counters, so strongSwan should poll those counters >> periodically and trigger a rekey if needed. >> Also, VPP comes with its own IKEv2 implementation (which does support >> lifetime management), you can find examples here: >> https://gerrit.fd.io/r/c/vpp/+/31414 >> >> Best >> ben >> >> > -Original Message- >> > From: vpp-dev@lists.fd.io On Behalf Of Venumadhav >> > Josyula >> > Sent: jeudi 1 avril 2021 18:05 >> > To: vpp-dev >> > Subject: [vpp-dev] child sa rekey >> > >> > Hi Vpp Ipsec Experts, >> > >> > I wanted to understand how child sa rekey ( lifetime) are handled in >> vpp. >> > i) We are using strongswan + kernel-vpp plugin for our ikev2 exchange. >> > ii) Now we are facing the issue child sa rekey, the problem child sa >> > rekey is not getting triggered. I understand, the strongswan needs to >> > trigger this. We triggered manually it works, but timeout of lifetime >> does >> > not work. Please also note there is no issue with IKE SA rekey timeout >> > expiry. >> > iii) for ii) in the kernel world while adding as these parameters such >> > lifetime are passed. And it is the kernel that triggers child sa rekey >> on >> > hard timer expiry. >> > iv) How do we pass these parameter lifetime cfg to the vpp, is it >> handled >> > or not handled. >> > >> > Please note we are using the vpp 20.09 release version for the same. >> > >> > Thank and regards >> > Venu >> > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19098): https://lists.fd.io/g/vpp-dev/message/19098 Mute This Topic: https://lists.fd.io/mt/81780992/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] child sa rekey
Hi Benoit, Strongswan keeps track for whatever is required but kernel feeds the relevant information via events. For *child sa*, in the kernel world, it is kernel which XFRM_EXPIRE message via netlink. The strongswan is listening of netlink events for the same. When it receives events from the kernel it processes expire and calls the relevant 'charon->kernel->migrate'. Please note i am only talking about child sa rekey where kernel send events, for IKE SA rekey the strongswan works on timer basis. Thanks, Regards, Venu On Fri, 2 Apr 2021 at 14:35, Benoit Ganne (bganne) wrote: > Hi Venu, > > I am not familiar with the kernel-vpp plugin you mention, however if I > understand correctly your question is how strongSwan can know it must > trigger a rekey because of time expiration or max bytes transferred? > VPP IPsec does not manage SA lifetimes by itself, it is the responsibility > of strongSwan (or any other IKE stack). strongSwan can keep track of time > by itself, and regarding the max bytes limit, VPP exposes per-SA bytes > counters, so strongSwan should poll those counters periodically and trigger > a rekey if needed. > Also, VPP comes with its own IKEv2 implementation (which does support > lifetime management), you can find examples here: > https://gerrit.fd.io/r/c/vpp/+/31414 > > Best > ben > > > -Original Message- > > From: vpp-dev@lists.fd.io On Behalf Of Venumadhav > > Josyula > > Sent: jeudi 1 avril 2021 18:05 > > To: vpp-dev > > Subject: [vpp-dev] child sa rekey > > > > Hi Vpp Ipsec Experts, > > > > I wanted to understand how child sa rekey ( lifetime) are handled in vpp. > > i) We are using strongswan + kernel-vpp plugin for our ikev2 exchange. > > ii) Now we are facing the issue child sa rekey, the problem child sa > > rekey is not getting triggered. I understand, the strongswan needs to > > trigger this. We triggered manually it works, but timeout of lifetime > does > > not work. Please also note there is no issue with IKE SA rekey timeout > > expiry. > > iii) for ii) in the kernel world while adding as these parameters such > > lifetime are passed. And it is the kernel that triggers child sa rekey on > > hard timer expiry. > > iv) How do we pass these parameter lifetime cfg to the vpp, is it handled > > or not handled. > > > > Please note we are using the vpp 20.09 release version for the same. > > > > Thank and regards > > Venu > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19097): https://lists.fd.io/g/vpp-dev/message/19097 Mute This Topic: https://lists.fd.io/mt/81780992/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] child sa rekey
Hi Venu, I am not familiar with the kernel-vpp plugin you mention, however if I understand correctly your question is how strongSwan can know it must trigger a rekey because of time expiration or max bytes transferred? VPP IPsec does not manage SA lifetimes by itself, it is the responsibility of strongSwan (or any other IKE stack). strongSwan can keep track of time by itself, and regarding the max bytes limit, VPP exposes per-SA bytes counters, so strongSwan should poll those counters periodically and trigger a rekey if needed. Also, VPP comes with its own IKEv2 implementation (which does support lifetime management), you can find examples here: https://gerrit.fd.io/r/c/vpp/+/31414 Best ben > -Original Message- > From: vpp-dev@lists.fd.io On Behalf Of Venumadhav > Josyula > Sent: jeudi 1 avril 2021 18:05 > To: vpp-dev > Subject: [vpp-dev] child sa rekey > > Hi Vpp Ipsec Experts, > > I wanted to understand how child sa rekey ( lifetime) are handled in vpp. > i) We are using strongswan + kernel-vpp plugin for our ikev2 exchange. > ii) Now we are facing the issue child sa rekey, the problem child sa > rekey is not getting triggered. I understand, the strongswan needs to > trigger this. We triggered manually it works, but timeout of lifetime does > not work. Please also note there is no issue with IKE SA rekey timeout > expiry. > iii) for ii) in the kernel world while adding as these parameters such > lifetime are passed. And it is the kernel that triggers child sa rekey on > hard timer expiry. > iv) How do we pass these parameter lifetime cfg to the vpp, is it handled > or not handled. > > Please note we are using the vpp 20.09 release version for the same. > > Thank and regards > Venu -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19096): https://lists.fd.io/g/vpp-dev/message/19096 Mute This Topic: https://lists.fd.io/mt/81780992/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] New Committer Proposal
+1 /neale From: vpp-dev@lists.fd.io on behalf of Damjan Marion via lists.fd.io Date: Wednesday, 31 March 2021 at 19:58 To: vpp-dev Cc: Zhang, Roy Fan Subject: [vpp-dev] New Committer Proposal Dear VPP Committers, I would like to propose Roy Fan Zhang from Intel as a new VPP committer. Fan made significant contributions to the VPP including the async crypto infrastructure and crypto scheduler. Beside that I found that Fan is active in the community, and willing to help. Please let me know if you agree/neutral/disagree with +1/0/-1 (committers only please). My +1 is here. Thanks, Damjan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19094): https://lists.fd.io/g/vpp-dev/message/19094 Mute This Topic: https://lists.fd.io/mt/81756505/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-