aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne4-18/+57
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-30stats: Add version defines in stat_client.hOle Troan1-0/+3
Change-Id: I9894a0c613b0486112623920d49371ceec9e6111 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-30reassembly: avoid race-conditionsKlement Sekera1-12/+26
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-30Sphinx docs: Fix security vulnerability (VPP-1655)Dave Wallace1-1/+1
Change-Id: I9b11d15866d708eb843936ebfd120940d284a2de Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit facb4d44475cd0040cc8964be30180e1adeb2021)
2019-04-29DOC ONLY: add a buffer metadata writeupDave Barach2-1/+192
Change-Id: Ic8034cfe3d3c5a9c3d32e97e93e5d9334cc58ca2 Signed-off-by: Dave Barach <dave@barachs.net>
2019-04-29API: Add support for limits to language.Ole Troan6-20/+65
string name [limit = 64]; Meta-data to do argument validation. Change-Id: I1f3e0f09b2d5285224399413d25206f77bd3f4b1 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-27svm: fix fifo tail/head/ooo logic for u32 wrapFlorin Coras3-16/+283
These were introduced with the switch to unbound tail/head size, so they only affect master. Added unit tests to avoid future surprises. Change-Id: I83b6c9efbe31d8092ba59b8e2ed46f4da97f35db Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-26IF: return VTR attributes for all ifs in dump APIAlexander Chernavin1-20/+20
With this commit, VTR attributes are shown not only for subinterfaces but for all interfaces. Change-Id: I498185d905c0bf48431cddb916165f8e9c841b1f Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion5-58/+39
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-26nat: fix ED mode unknown proto session managementMatthew Smith3-8/+24
In endpoint dependent mode, when a session at the head of a user LRU is reused, if the IP protocol for that session was unknown (any other than tcp, udp, or icmp), the attempt to delete the session mapping from the in2out bihash was not using the same key that was used when the mapping was added. This would cause the deletion of the mapping to fail. If packets arrive later which match the original session, the search for the session key would succeed when it should have failed and the session, which is now associated with a different pair of endpoints, may end up being updated when it should not be. Update the key generation when reallocating an existing session to do the right thing if the session is for an unknown protocol. Also update format_nat_session() for unknown protocols so that 'vppctl show nat44 session detail' will display the protocol correctly. In endpoint dependent mode, the IP protocol is stored in the port field on a session if the protocol is unknown. The value is stored in host byte order, but the format function was swapping the bytes before writing the protocol. Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-26nat: prevent creation when-resolved static mappings on errorsAlexander Chernavin1-1/+1
When you create two identical NAT44 static mappings using interface name as external address and only local or ext port is different, VALUE_EXIST will be raised but when-resolved static mapping will remain. vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443 vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443 nat44 add static mapping: Mapping already exist. vpp# show nat44 static mappings NAT44 static mappings: tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0 tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1 tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1 With this commit, when-resolved static mapping is not created if the translation only differs in local or ext port. Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26svm: fifo segment support for chunk allocationFlorin Coras8-26/+338
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto_ia32: minor change logicallyZhiyong Yang1-2/+1
"break;" will never be run after "return;" Change-Id: I4fdfd10406fdf61897078746d28fa1ee32fb0081 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-25crypto: AES GCM IV length is always 12Damjan Marion4-5/+2
... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25docs: Add VPP inside the CloudFrancesco Spinelli9-4/+805
This commit updates the VPP docs, adding the VPP deployment and configuration inside the cloud Change-Id: I97322deb57f0dfb1aa46cca301adbc91ce4a19f6 Signed-off-by: Francesco Spinelli <francescospinelli94@live.it>
2019-04-25Clean up redirectsDave Barach1-21/+50
Both firefox and chrome seem happy to browse a hugo-generated site Change-Id: Id216ad9c781643df42ac4fbce598eb2afa600f4d Signed-off-by: Dave Barach <dave@barachs.net>
2019-04-25Change dpdk thread data flags type to u16 from u8 to get more useful dataSimon Zhang2-6/+7
Change-Id: Idc3763c38f5aa638d4f290f4d4730577601d78b8 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-04-25tap: Fix the indirect buffer allocationMohsin Kazmi1-1/+1
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-25session: cleanup segment manager and fifo segmentFlorin Coras23-1005/+1001
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25unittest: AES GCM test cases cleanupDamjan Marion1-270/+126
This reverts commit 7f2d57b69ea031cc6110b3a1f4c1ef1c35b67181. Change-Id: I23c3b4d2dab6e13cc8fbbf0ac9d0cfd8af3241c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: CBC IV size is always equal to block sizeDamjan Marion1-27/+13
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: use pre-expanded keysDamjan Marion3-220/+209
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25session: use teps in accept/connect notificationsFlorin Coras11-81/+72
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25IPSEC; dpdk backend for tunnel interface encryptionNeale Ranns10-61/+169
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-25ipsec: drop runts in esp-decryptDamjan Marion2-2/+30
Change-Id: Id7fcaf8590f9f2dcccdebea0ad31c7ecd1cbc8af Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion19-66/+351
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25Remove dummy_interface_tx nodes from l2tp l2xcrw and nshJohn Lo3-27/+0
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4 Signed-off-by: John Lo <loj@cisco.com>
2019-04-24Add get_endpoint in transport vftAloys Augustin7-14/+126
This allows QUIC & TLS specific logic to be implemented, and meaningfull IP/port to be returned when connection is overridden. Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24ip4_lookup_inline: leverage vlib_get_buffers to improve perfZhiyong Yang1-32/+27
vlib_get_buffers can save at least 1.2 clocks/pkt for ip4_lookup_inline on Haswell. Change-Id: I730fc346cec4d2eb5ca364308e45268bda4d5f89 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24dpdk: fix interface namingFlorin Coras1-1/+1
Change-Id: Ia092a93a7ac0cbf9338f9d4a5db8b94b23549a13 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24Clean up multi-thread barrier-sync hold-down timerDave Barach2-13/+57
Main thread: don't bother with the barrier sync hold-down timer if none of the worker threads are busy. Worker threads: avoid epoll_pwait (10ms timeout) when the control-plane has been active in the last half-second. Change-Id: I82008d09968c65e2a4af0ebb7887389992e60603 Signed-off-by: Dave Barach <dave@barachs.net>
2019-04-24QUIC: Add multi-stream support to internal test appsAloys Augustin6-7/+171
Change-Id: Iab07697ef482529e62c11433cffa1f8f894e5bb7 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-04-24UDPC: Fix open segfault with multiple workersAloys Augustin1-1/+3
Change-Id: Ib4a64f17831e2419f1d6140a6d24649c096bdfa5 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24dpdk: get a rid of "Invalid port_id=" log messageDamjan Marion1-3/+5
Change-Id: I65e7188c6893acca67455ff37f2dfbd0bedd5c09 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-24l2: Add support for arp unicast forwardingMohsin Kazmi7-10/+118
Change-Id: I79fc55f36a9b83957f84619bdf8cef08acc8ec24 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-24svm: fifo ooo reads/writes with multiple chunksFlorin Coras6-93/+356
Change-Id: If23a04623a7138c9f6c98ee9ecfa587396618a60 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24svm: move mq test to ut pluginFlorin Coras2-181/+101
Change-Id: Ic4e882b784e5773198e55bd97b1bbd3d6dda888a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24session: remove unused fifo allo return valueFlorin Coras4-14/+8
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24ethernet_input_inline: leverage vlib_get_buffersZhiyong Yang1-17/+14
Make full use of well optimized function vlib_get_buffers for ethernet_input_inline. Change-Id: Iee7df570b87fa95c0902895686a62386d730f9a1 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24Rearrange prefetching in ipsec_output_inlineVratko Polak1-6/+6
Change-Id: I6151e57643ebed42f51b795980db2c52084295ab Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-24svm: move fifo tests to ut pluginFlorin Coras2-362/+271
Change-Id: I638facf6e2128334c3d1a5a8494f378505831e1b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24NAT: VPP-1531 api cleanup & updateFilip Varga11-1211/+1385
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Enable 'test crash' command when running unittest plugin.Paul Vinciguerra1-0/+1
Change-Id: Icf0cff122dfbd260a2865b6c83531f4a8c726132 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-23API: Python and Unix domain socket improvementOle Troan8-41/+40
Handle the case where buffer overflows. Then SOCK_SEQPACKET assumption that multiple API messages are not returned by recv() is broken. Use SOCK_STREAM for API exchanges instead. Add support for running tests over sockets. make test SOCKET=1 Change-Id: Ibe5fd69b1bf617de4c7ba6cce0a7c2b3f97a2821 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23Bump to intel-ipsec-mb version 0.52Damjan Marion2-12/+14
Change-Id: Ifeaf93c98e4af92da9409fa5a2114b577e8c0937 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-23Revert "NAT: VPP-1531 api cleanup & update"Ole Trøan11-1381/+1211
This reverts commit bed1421b9f1b3643d93384084972337b596aec73. /vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’: /vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div] #define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0])) ^ /vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’ rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1); ^~~~~~~~~ Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23API sw_interface_dump: Dump all if index is zeroVratko Polak2-5/+6
This is a temporary measure, to allow CSIT usage of VAT command sw_interface_dump without arguments. Change-Id: Ic40adfcc89d92179e213afc497e4e71bbc0dad83 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-23NAT: VPP-1531 api cleanup & updateFilip Varga11-1211/+1381
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Fix a ipsec command line typoSimon Zhang1-1/+1
Change-Id: Ic75df36e06a77730ff8764f96d3cf53c4e59923b Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-04-23vnet: clean up calc_checksums()Zhiyong Yang1-7/+8
Remove the duplicated code and unnecessary operations. Change-Id: I78005848d29d3156165627926a79015d590d61a6 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>