aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-02-20ip-neighbor: Fix aging timeoutVladimir Isaev2-13/+41
Before this patch VPP checked age for ARP/NDP records every 1e5 seconds for any configured aging time. This is 27 hours and it looks like misprint because 1e5 is the number of 10us ticks in a second. Also time to wait is now difference between aging time and time alive for nodes in alive state. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ib5baa85032a44402d5f48c1145245260a42c7bae
2020-02-20map: honor pre-resolve param in map-tAlexander Chernavin6-30/+154
With this commit, forward the translated packet directly to the specified next-hop if pre-resolve param is enabled in MAP-T. Type: fix Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20map: honor icmp6-unreachables param in map-tAlexander Chernavin2-2/+47
With this commit, send ICMPv6 unreachable messages back if security check fails and icmp6-unreachables param enabled in MAP-T. Type: fix Change-Id: I9a8869df7763c764a1672e3faa1fde8dc13ec85a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20nat: avoid running pointless session cleanupsKlement Sekera3-11/+33
Save the next session timeout when sweeping sessions for cleanup so that we can avoid unnecessary runs of the sweeping algorithm. Type: fix Change-Id: I736d00f2dfe242af10f963fbe34b11128f8b0613 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-02-20nat: nat44 split slow and fast pathFilip Varga2-1080/+339
Type: improvement Change-Id: I07c7e1c154583906ac9af958f22ed9a1be382f4a Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-02-20ikev2: fix logging initFilip Tehlar1-3/+2
Type: fix Change-Id: I76bed5ce2df897d0e8e822ee1244018b0e39494d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-20fib: fib path realloc during midchain stackNeale Ranns1-9/+13
Type: fix Change-Id: I0677f46dfa22c8abab7f311230a09ef1cd8ac335 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 02d5a67d39cbb8f1865227afdc79533578067b8d)
2020-02-20tls: need to use thread id to fetch the eventYu Ping1-2/+1
Type: fix Change-Id: I429351f04a2865be4a289a3021277f9b2ced902b Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-19tcp: fix syn-sent resetFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2799ac9723ec3e7effe910bba401fc486c552cac
2020-02-19tls: handle disconect and reset in async modeYu Ping4-14/+48
Type: fix When async is enabled and request is inflight, delay close oepration Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-18devices: netlink: add more error loggingMohsin Kazmi1-10/+50
Type: improvement Change-Id: I4d8ca04840845e1ba631e4260e155df2486155e6 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-02-18misc: deprecating the pluginFlorin Coras16-8622/+0
Type: refactor Not maintained Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5568ecf1161b63cd0f314e2b1503e350e214e51b
2020-02-18crypto: show crypto handlers re-designFilip Tehlar2-24/+37
Type: improvement Show simple and chained handler details on a single line. Change-Id: I5ad807a4d3608fc38c1134f564755d5751c30070 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-18crypto: add support for testing quad loops in crypto algosFilip Tehlar5-97/+504
This patch adds support for test cases with arbitrary long plaintext. Type: feature Change-Id: I48cd3642e30cc49eabc196c45d7f73c484e93057 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-18tcp: add fib to connection cli outputFlorin Coras1-2/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3de653fd90b8030125b627f751c7fb665ade5aee
2020-02-18crypto: add chained buffer support in ipsecmb (AES-GCM)Filip Tehlar1-0/+83
Type: feature Change-Id: Ia65caf38988c7e860e6d028f93659916825ef16b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-18vrrp: do not define _details as autoreplyVratko Polak1-4/+3
Without this, _details_reply messages also end up defined; which is not intended, as there are no _details_t_handler functions. Type: fix Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418 Change-Id: Id052b00b00623ca92e5ddce4cc5e1bdfbb1031db Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-02-18misc: fix coverity warningsDave Barach10-12/+12
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I402b1b06db736b2a7a242ce70ffd409c7c0a4fc2
2020-02-18vlib: calculate per-worker loops/second metricDave Barach3-1/+48
Use exponential smoothing. Each sample has a half-life of 1 second. reported_rate(t) = reported_rate(t-1) * K + rate(t)*(1-K) Sample every 20ms, i.e. 50 samples per second K = exp (-1.0/20.0); K = 0.95; Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9aea5dd5fecfaefffb78245316adb4bf62eb2bd4
2020-02-18tcp: allow custom mss on connectsFlorin Coras2-0/+6
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie4bd68a387f706b3e6868bece2ec4c8c1d92a9c3
2020-02-18tcp: pace timer handlingFlorin Coras3-158/+168
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I93067054631d6ae2411a7b08d7b681aed7a121b2
2020-02-18vppinfra: fix debug image builds on armDamjan Marion1-11/+2
vextq_u8(...) reuqires constant value so instead of inline function we need to use macro. Type: fix Signed-off-by: Damjan Marion <dmarion@me.com> Change-Id: I9c1d878c9ec750f0ed5b5eac4dffde50e97e7357
2020-02-18tls: Add Feature yamlYu Ping1-0/+11
Type: docs Change-Id: Id1972fd1d0769f26ee73db326c22c6a57eb6ceab Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-18rdma: fix bug related to ring bufferElias Rudberg1-2/+2
Fix a bug that caused some input packets to be dropped due to errors of the type 'ip4 length > l2 length'. The change is related to the second call to the rdma_device_input_bufs() function that happens when the end of the ring buffer is reached. Type: fix Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2020-02-18tls: Picotls engine symmetric crypto enhancement by vpp crypto frameworkSimon Zhang4-1/+373
Type: feature Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I1d4fe75e5faf3fa2086d11020828345b173ebd03
2020-02-17misc: fix coverity warningsDave Barach11-16/+48
Add an ALWAYS_ASSERT (...) macro, to (a) shut up coverity, and (b) check the indicated condition in production images. As in: p = hash_get(...); ALWAYS_ASSERT(p) /* was ASSERT(p) */ elt = pool_elt_at_index(pool, p[0]); This may not be the best way to handle a specific case, but failure to check return values at all followed by e.g. a pointer dereference isn't ok. Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ia97c641cefcfb7ea7d77ea5a55ed4afea0345acb
2020-02-17bfd: use tw_timer_template instead of legacy wheelKlement Sekera8-311/+336
Type: refactor Change-Id: I04e71a64e676910dc4c6cbc1ab54ffb0c29aa5b9 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-02-17gtpu: offload RX flowChenmin Sun6-2/+785
ip4 gtpu cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with ice) to offload a gtpu tunnel onto hw: set flow-offload gtpu hw TwentyFiveGigabitEthernet3/0/0 rx gtpu_tunnel0 to remove offload: set flow-offload gtpu hw TwentyFiveGigabitEthernet3/0/0 rx gtpu_tunnel0 del TODO:ipv6 handling Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I8e356feeb0b16cfeadc1bbbe92f773aa2916e715
2020-02-17ikev2: IKE plugin manages the state of the protected tunnel interfaceNeale Ranns1-2/+8
Type: improvement IKE will bring the tunnel up ince the negociation is complete and bring it down when the session ends. It is the clinets responsibility to manage the state of the tunnel before and after these events. So to prevent any unencrpyted traffic egressing the tunnel before the session is negpciated, the tunnel should be in the down state when it a associated with the IKE session. Change-Id: I8aee593c79ca006d6ab08f9fa560fbbf6f8dcc16 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-17crypto-native: calculate ghash using vpclmulqdq instructionsDamjan Marion2-0/+141
vpclmulqdq is introduced on intel icelake architecture and allows computing 4 carry-less multiplications in paralled by using 512-bit SIMD registers Type: feature Change-Id: Idb09d6f51ba6f116bba11649b2d99f649356d449 Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2020-02-17vlib: fix code of getting numa node with specific cpu_idLijian.Zhang1-3/+18
Use below sysfs files to check which numa node a specific cpu_id belongs to. /sys/devices/system/node/online /sys/devices/system/node/node0/cpulist /sys/devices/system/node/node1/cpulist Type: fix Change-Id: I124b80b1fd4a20dd7bd76f0ae27d5ab23a3a8ff1 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2020-02-15tls: Fix Picotls ctx_read rx_content issueSimon Zhang1-18/+21
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I19cdd2055ea494fc36628b4a94fc56742c1d1a8a Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-02-15tap: fix the default parameter for num_rx_queuesMohsin Kazmi3-40/+53
Type: fix Change-Id: I1a20fea56f1ba1fada7c7ce96ea333bf097b1273 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-02-14tls: remove session lookup operation in TLSYu Ping1-2/+0
Type: fix Change-Id: I50329bda365d98f9f9d56a58187fb4fb2a4eb461 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-14tcp: reset fin-wait-2 timeout connectionsFlorin Coras2-0/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id931f3f308a01788d222d0d62f26f5c579321c6a
2020-02-14tunnel: add FEATURE.yamlNeale Ranns1-0/+9
Type: docs Change-Id: I171903bd3fd3219ad0e1ebd79a6dbf6f094d9cb8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-14vcl: fix ldp read on closing sessionFlorin Coras2-15/+10
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60be191866d20721951ad22f571a2a3275511e12
2020-02-14vrrp dns: fix coverity warningsDave Barach3-2/+9
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a
2020-02-14dpdk: TSO does not work for Cisco VICSteven Luong1-0/+11
While TSO is supported for Intel NIC, Cisco VIC does not work. The problem is due to txmode offloads is not properly set for the Cisco VIC when enable-tcp-udp-checksum is configured. Type: fix Ticket: VPP-1838 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I72c41db9b327ed8d08ef70d74e8cc6206d4a102f
2020-02-14dpdk: fix flow(with mark action) deletion crash issueChenmin Sun1-1/+1
Type: fix this patch fixes mark flow deletion crash issue, see below test flow add src-ip any proto udp src-port 111 dst-port 222 mark 100 test flow enable index 0 1/1 test flow disable index 0 1/1 test flow enable index 0 1/1 test flow disable index 0 1/1 -> [crash] This is because the code resets a wrong vector in flow lookup entry recycle logic. See function dpdk_flow_ops_fn(). Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I2b0a1e531931ab25541d672d88da18dc2289f1ce
2020-02-14tcp: improve reset generation in reset nodeFlorin Coras2-57/+41
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7a4a4a52c3e4ad47aabb2ef5f53a0e0bb7e71690
2020-02-14tcp: minimal set of worker statsFlorin Coras4-7/+115
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9dafe564229095d50285276a654f4983f93faff2
2020-02-14crypto-native: refactor CBC codeDamjan Marion5-606/+446
Type: refactor Change-Id: I61e25942de318d03fb3d75689259709d687479bc Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-13nsim: fix quad-loop packet traceDave Barach1-11/+12
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I756170bd799d1f482186cbb4b5dff9373ae6e08f
2020-02-13vcl: clear accept msg flagsFlorin Coras2-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb513232e7b091c8f767726bfa1deb10a7e3b751
2020-02-13vrrp: add plugin providing vrrp supportMatthew Smith19-0/+6912
Type: feature Add a new plugin to support HA using VRRPv3 (RFC 5798). Change-Id: Iaa2c37e6172f8f41e9165f178f44d481f6e247b9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-13vppinfra: add 128-bit and 512-bit a ^ b ^ c shortcutDamjan Marion4-18/+33
This allows us to combine 2 XOR operations into signle instruction which makes difference in crypto op: - in x86, by using ternary logic instruction - on ARM, by using EOR3 instruction (available with sha3 feature) Type: refactor Change-Id: Ibdf9001840399d2f838d491ca81b57cbd8430433 Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2020-02-13vcl: handle close after resetFlorin Coras2-10/+32
Can happen if a connection is reset before fully accepted. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0ae68d71b66722dd19ca6f1cee44a080e5ff4447
2020-02-13crypto-native: add AArch64 AES-GCM native implementationDamjan Marion7-55/+78
Type: feature Change-Id: I4f96b0af13b875d491704b010328a1814e1dbda1 Signed-off-by: Damjan Marion <dmarion@me.com>
2020-02-13dpdk: Add iova-mode to startupVladimir Ratnikov1-1/+2
In some cases of using vfio-pci driver, it should be required to enable pa or va mode. Without it, rtl_eal_init unable to allocate memory required. Debugging told that iova-mode pa/va could help. And it helps. This patch allows to pass iova-mode to vpp startup.conf Type: feature Change-Id: I36b87f5d3d141891b37cda2c306d50433954a34a Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>