Merge pull request #542 from intel-go/develop

Release 0.7.3

Author: gshimansky

Dockerfile

@@ -17,7 +17,9 @@ RUN apt-get -q update && apt-get -q -y install \
     hugepages  \
     libnuma-dev \
     libhyperscan-dev \
-    liblua5.3-dev
+    liblua5.3-dev \
+    libmnl-dev \
+    libibverbs-dev
 
 RUN cd /opt && curl -L -s https://dl.google.com/go/go1.11.4.linux-amd64.tar.gz | tar zx
 

README.md

@@ -84,6 +84,15 @@ Requirements in the DPDK Getting Started Guide for
 Linux](http://dpdk.org/doc/guides/linux_gsg/sys_reqs.html) for more
 information.
 
+Since NFF-Go is build with Mellanox cards support out of the box you
+need to install additional dependencies required for MLX network
+drivers. On Ubuntu they are called `libmnl-dev` and `libibverbs-dev`.
+
+Additional dependencies are required for pktgen, especially if you are
+running RedHat or CentOS Linux distributions. See [this
+file](https://git.dpdk.org/apps/pktgen-dpdk/tree/INSTALL.md?h=pktgen-3.5.9&id=d469543f651506a8c9fb7c667a060950c5d92649)
+for details. LUA section for RedHat and CentOS is in its end.
+
 After building a DPDK driver with the make command, you must register network
 cards to work with the DPDK driver, load necessary kernel modules, and bind
 cards to the modules. See [Compiling the DPDK Target from
@@ -95,7 +104,7 @@ in the DPDK Getting Started Guide for Linux for more information.
 The kernel module, which is required for DPDK user-mode drivers, is built but
 not installed into kernel directory. You can load it using the full path to the
 module file:
-$GOPATH/src/github.com/intel-go/nff-go/test/dpdk/dpdk-17.08/x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
+nff-go/test/dpdk/dpdk/x86_64-native-linuxapp-gcc/kmod/igb_uio.ko
 
 ### Go
 

dpdk/Makefile

@@ -1,4 +1,4 @@
-# Copyright 2017 Intel Corporation. 
+# Copyright 2017-2019 Intel Corporation.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
 
@@ -8,9 +8,7 @@ IMAGENAME = nff-go-pktgen
 # Pktgen variables
 NOCHECK_PKTGEN = yes
 
-# Main DPDK variables
-DPDK_INSTALL_DIR=$(RTE_TARGET)-install
-export WORKDIR=/workdir
+include $(PATH_TO_MK)/leaf.mk
 
 # Disable FSGSBASE and F16C to run in VMs and Docker containers.
 export EXTRA_CFLAGS = -mno-fsgsbase -mno-f16c
@@ -25,7 +23,9 @@ all: pktgen
 
 $(DPDK_DIR)/$(DPDK_INSTALL_DIR):
 	$(MAKE) -C $(DPDK_DIR) config T=$(RTE_TARGET)
-	$(MAKE) -C $(DPDK_DIR) install T=$(RTE_TARGET) DESTDIR=$(DPDK_INSTALL_DIR)
+	sed -ri 's,(MLX._PMD=)n,\1y,' $(DPDK_DIR)/build/.config
+	$(MAKE) -C $(DPDK_DIR)
+	$(MAKE) -C $(DPDK_DIR) install DESTDIR=$(DPDK_INSTALL_DIR)
 
 $(PKTGEN_DIR)/app/$(RTE_TARGET)/pktgen: $(DPDK_DIR)/$(DPDK_INSTALL_DIR)
 	$(MAKE) -C $(PKTGEN_DIR)
@@ -34,8 +34,7 @@ pktgen: $(PKTGEN_DIR)/app/$(RTE_TARGET)/pktgen
 	cp $(PKTGEN_DIR)/app/$(RTE_TARGET)/pktgen .
 
 clean:
-	-$(MAKE) -C $(DPDK_DIR) clean
-	-rm -rf $(DPDK_DIR)/$(DPDK_INSTALL_DIR) $(DPDK_DIR)/build $(DPDK_DIR)/$(RTE_TARGET)
 	-$(MAKE) -C $(PKTGEN_DIR) realclean
-
-include $(PATH_TO_MK)/leaf.mk
+	-rm pktgen
+	-$(MAKE) -C $(DPDK_DIR) clean
+	-rm -rf $(DPDK_DIR)/$(DPDK_INSTALL_DIR) $(DPDK_DIR)/build

examples/Makefile

@@ -7,7 +7,7 @@ IMAGENAME = nff-go-examples
 EXECUTABLES = dump clonablePcapDumper kni copy errorHandling timer \
 			  createPacket sendFixedPktsNumber gtpu pingReplay \
 			  netlink gopacketParserExample devbind
-SUBDIRS = tutorial antiddos demo fileReadWrite firewall forwarding
+SUBDIRS = tutorial antiddos demo fileReadWrite firewall forwarding ipsec
 
 .PHONY: dpi nffPktgen
 dpi:

examples/devbind.go

@@ -1,12 +1,12 @@
 package main
 
 import (
-	"log"
 	"flag"
+	"log"
 
+	"github.com/intel-go/nff-go/devices"
 	"github.com/intel-go/nff-go/flow"
 	"github.com/intel-go/nff-go/packet"
-	"github.com/intel-go/nff-go/devices"
 )
 
 // Example that shows how to bind a driver to a NIC

examples/gopacketParserExample.go

@@ -20,8 +20,7 @@ var (
 
 func main() {
 	flag.BoolVar(&printOn, "print", false, "enable print of parsed layers")
-	outport1 := flag.Uint("outport1", 1, "port for 1st sender")
-	outport2 := flag.Uint("outport2", 1, "port for 2nd sender")
+	outport := flag.Uint("outport", 1, "port for sender")
 	inport := flag.Uint("inport", 0, "port for receiver")
 	noscheduler := flag.Bool("no-scheduler", false, "disable scheduler")
 	flag.Parse()
@@ -40,12 +39,7 @@ func main() {
 	var ctx gopacketContext
 	flow.CheckFatal(flow.SetHandler(firstFlow, gopacketHandleFunc, ctx))
 
-	// Split for two senders and send
-	secondFlow, err := flow.SetPartitioner(firstFlow, 150, 150)
-	flow.CheckFatal(err)
-
-	flow.CheckFatal(flow.SetSender(firstFlow, uint16(*outport1)))
-	flow.CheckFatal(flow.SetSender(secondFlow, uint16(*outport2)))
+	flow.CheckFatal(flow.SetSender(firstFlow, uint16(*outport)))
 
 	flow.SystemStart()
 }

examples/gtpu.go

@@ -80,7 +80,7 @@ func encap(current *packet.Packet, context flow.UserContext) bool {
 	ipv4.NextProtoID = common.UDPNumber
 	ipv4.SrcAddr = packet.BytesToIPv4(11, 22, 33, 44)
 	ipv4.DstAddr = packet.BytesToIPv4(55, 66, 77, 88)
-	ipv4.HdrChecksum = packet.CalculateIPv4Checksum(ipv4)
+	ipv4.HdrChecksum = packet.SwapBytesUint16(packet.CalculateIPv4Checksum(ipv4))
 
 	current.ParseL4ForIPv4()
 	udp := current.GetUDPNoCheck()

examples/ipsec/Makefile

@@ -0,0 +1,8 @@
+# Copyright 2019 Intel Corporation.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+PATH_TO_MK = ../../mk
+SUBDIRS = stability perf
+
+include $(PATH_TO_MK)/intermediate.mk

examples/ipsec/crypt.go

@@ -0,0 +1,122 @@
+// Copyright 2019 Intel Corporation.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Only IPv4, Only tunnel, Only ESP, Only AES-128-CBC
+package ipsec
+
+import "github.com/intel-go/nff-go/examples/ipsec/crypto_mb"
+
+import "crypto/aes"
+import "crypto/cipher"
+import "crypto/hmac"
+import "crypto/sha1"
+import "hash"
+
+const VECTOR = 8
+
+type SContext struct {
+	mac123  hash.Hash
+	modeEnc cipher.BlockMode
+	modeDec cipher.BlockMode
+}
+
+type VContext struct {
+	mac123  crypto_mb.MultiHash
+	modeEnc crypto_mb.MultiBlockMode
+	modeDec crypto_mb.MultiBlockMode
+
+	vectorEncryptionPart [][]byte
+	vectorIV             [][]byte
+	vectorAuthPart       [][]byte
+	vectorAuthPlace      [][]byte
+
+	s SContext
+}
+
+type SetIVerM interface {
+	SetIV([][]byte)
+}
+
+type SetIVer interface {
+	SetIV([]byte)
+}
+
+func InitSContext() interface{} {
+	var auth123Key = []byte("qqqqqqqqqqqqqqqqqqqq")
+	var crypt123Key = []byte("AES128Key-16Char")
+	block123, _ := aes.NewCipher(crypt123Key)
+
+	tempScalarIV := make([]byte, 16)
+
+	n := new(SContext)
+	n.mac123 = hmac.New(sha1.New, auth123Key)
+	n.modeEnc = cipher.NewCBCEncrypter(block123, tempScalarIV)
+	n.modeDec = cipher.NewCBCDecrypter(block123, tempScalarIV)
+	return n
+}
+
+func InitVContext() interface{} {
+	var auth123Key = []byte("qqqqqqqqqqqqqqqqqqqq")
+	var crypt123Key = []byte("AES128Key-16Char")
+	block123 := crypto_mb.NewAESMultiBlock(crypt123Key)
+
+	tempVectorIV := make([][]byte, VECTOR, VECTOR)
+	for i := 0; i < VECTOR; i++ {
+		tempVectorIV[i] = make([]byte, 16)
+	}
+
+	n := new(VContext)
+	n.mac123 = crypto_mb.NewHmac(crypto_mb.New, auth123Key)
+	n.modeEnc = crypto_mb.NewMultiCBCEncrypter(block123, tempVectorIV)
+	n.modeDec = crypto_mb.NewMultiCBCDecrypter(block123, tempVectorIV)
+	n.vectorEncryptionPart = make([][]byte, VECTOR, VECTOR)
+	n.vectorIV = make([][]byte, VECTOR, VECTOR)
+	n.vectorAuthPart = make([][]byte, VECTOR, VECTOR)
+	n.vectorAuthPlace = make([][]byte, VECTOR, VECTOR)
+	n.s = *InitSContext().(*SContext)
+	return n
+}
+
+func (c SContext) Copy() interface{} {
+	return InitSContext()
+}
+
+func (c VContext) Copy() interface{} {
+	return InitVContext()
+}
+
+func (c SContext) Delete() {
+}
+
+func (c VContext) Delete() {
+}
+
+func Encrypt(EncryptionPart [][]byte, where [][]byte, IV [][]byte, Z uint, context *VContext) {
+	if Z != VECTOR {
+		for t := uint(0); t < Z; t++ {
+			context.s.modeEnc.(SetIVer).SetIV(IV[t])
+			context.s.modeEnc.CryptBlocks(EncryptionPart[t], where[t])
+		}
+	} else {
+		context.modeEnc.(SetIVerM).SetIV(IV[:])
+		context.modeEnc.CryptManyBlocks(EncryptionPart, where)
+	}
+}
+
+func Authenticate(AuthenticationPart [][]byte, where [][]byte, Z uint, context *VContext) {
+	if Z != VECTOR {
+		for t := uint(0); t < Z; t++ {
+			context.s.mac123.Reset()
+			context.s.mac123.Write(where[t])
+			copy(where[t], context.s.mac123.Sum(nil))
+		}
+	} else {
+		context.mac123.Reset()
+		context.mac123.Write(context.vectorAuthPart)
+		temp := context.mac123.Sum(nil)
+		for t := uint(0); t < VECTOR; t++ {
+			copy(where[t], temp[t])
+		}
+	}
+}

examples/ipsec/crypto_mb/aes.go

@@ -0,0 +1,42 @@
+// Copyright 2019 Intel Corporation.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package crypto_mb
+
+//TODO check cpuid
+
+type aes_x8 struct {
+	blockSize int
+	enc       []uint32
+	dec       []uint32
+}
+
+func (this *aes_x8) BlockSize() int {
+	return this.blockSize
+}
+
+func (this *aes_x8) VecSize() int {
+	return 8
+}
+
+//TODO accept number of blocks
+func NewAESMultiBlock(key []byte) MultiBlock {
+	if len(key) != 16 {
+		// TODO return error?
+		panic("For now only 16-byte keys are supported")
+	}
+	n := len(key) + 28
+	rounds := 10
+	c := aes_x8{len(key), make([]uint32, n), make([]uint32, n)}
+	expandKeyAsm(rounds, &key[0], &c.enc[0], &c.dec[0])
+	return &c
+}
+
+// in aes.s
+//go:noescape
+func encrypt8BlocksAsm(xk *uint32, dst, src [][]byte)
+
+func (this *aes_x8) DecryptMany(dst, src [][]byte) {
+	panic("Not implemented yet")
+}