aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-03-26nat: transitory timeout for TCP CLOSED stateKlement Sekera9-118/+329
Wait transitory timeout seconds before moving internal state of TCP session to CLOSED state per RFC 7857. This patch implements this functionality for endpoint-dependent NAT. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
2020-03-26svm: correct format_fifo_segmentRyujiro Shibuya2-4/+7
Type: improvement Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: Ia8aef3695f12e09b087be79ebe40e758fb8105ad
2020-03-26build: use gcc-8 as default on ubuntu 18.04Damjan Marion1-0/+6
Type: improvement Change-Id: I34c9e95ad9160436cb62dec7a1a2d0ce94602ab7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-26tests: speed up ipsec unit tests executionFilip Tehlar1-54/+1
... by removing duplicit test cacses. There is little value in testing ESN flag when no integ algo is used. This patch removes such test cases. Type: improvement Change-Id: Iae5baa1d39ac32a65d1d28ad57771a87962d8bb3 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar3-12/+56
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: dead peer detectionFilip Tehlar2-4/+95
Type: feature Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25ikev2: fix gcm in ike protocolFilip Tehlar1-1/+1
Type: fix Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras21-103/+150
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-03-25tcp: avoid updating rcv wnd in resetsFlorin Coras1-3/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0884bf63db57b4b4dbccf41ab64c030b3fe4dde2
2020-03-25sr: Change the CLI keyword from address to prefix.Tetsuya Murakami2-3/+3
Change the CLI keyword from address to prefix in sr localsid command. Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Icc3072404a106ab40e829d2d291e5c179a4443a8 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-03-25avf: fix rx queue refill on buffer alloc failureDamjan Marion1-6/+6
If buffer alloc fails, it may happend that rx queue will be stuck as old code only refills if at least one packet is received. Type: fix Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-25nat: fix error countersKlement Sekera4-1/+21
Type: fix Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov2-2/+29
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24quic: disable vnet_crypto and batching if no crypto engines are loadedMathiasRaoul3-11/+33
Type: fix Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-03-24vcl: fix ldp recv return on errorFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0875705d3a0c95f2781b0595ef27a30486438aae
2020-03-24vcl: fix ldp writev 0 vecsFlorin Coras1-12/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iec5db8dcf3a019b731e15fd79d0208d6eb10943b
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin2-1/+131
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-24avf: proper promisc handlingDamjan Marion2-7/+27
Type: fix Change-Id: Id20a0fe77372602fd211156ccee01c18d829d8df Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-23tcp: add lost and in flight to byte trackerFlorin Coras2-2/+15
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3b0041d72d835cbb11e803cc56ac4c68a68238a0
2020-03-23ikev2: fix typo in .api descriptionVratko Polak1-2/+1
Type: style Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-03-23ipsec: Revert "ipsec: fix chained ESP"Florin Coras3-146/+51
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866. Reason for revert: Seems it's breaking ipsec esp tests Type: fix Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-03-23docs: add container functional test writeupDave Barach3-1/+512
Fix global copyright date Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I7f010d63ec010982f2c8c8388f14214fa6ced0a7
2020-03-23srv6-mobile: Fix the coverity issuesTetsuya Murakami1-33/+39
Fix for the coverity issues. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I6bf8a874a9a94b9b7d62da047a401eda8a448567 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-23sr: srv6 API cleanupJakub Grajciar10-338/+217
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-23ipsec: fix chained ESPFilip Tehlar3-51/+146
This fixes a special case when buffer chain enters decrypt node and becomes a single buffer after decryption. Type: fix Change-Id: I1d4da029b952baa97400adb7173aa63fd97d916b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-23ipsec: increment no-tunnel counter in ipsec-tun-inputAlexander Chernavin1-0/+3
If "no-tunnel" error erises, you will not see it in the "show errors" output because the packet will be punted. That fact complicates troubleshooting. Type: improvement Change-Id: Ic08347f81131a4a73a05b66acbfb02797373f5ab Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-23virtio: vhost gso checksum error when both indirect and mrg_rxbuf are offSteven Luong1-20/+19
Turn on gso, turn off both indirect and mrg_rxbuf caused traffic received and sent with checksum error. The problem is we are not mapping the hdr correctly in the shared memory address. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I7ef3bc2755544167b0e624365988111b17399e89
2020-03-23tap: fix the numa/queue for buffersMohsin Kazmi1-1/+1
Type: fix Change-Id: Ib320171708bebde6d1dae0b2c665f9bcfc9102db Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-23virtio: improve error handlingMohsin Kazmi1-9/+30
Type: improvement Change-Id: I134465760272ceb29f85486cba838d8687696bbf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-23docs: Fix build on fresh ubuntu 18.04John DeNisco2-14/+23
Type: docs Signed-off-by: John DeNisco <jdenisco@cisco.com> Change-Id: If842c92183a9cf4b5a9773dced3298005b327e1a
2020-03-22dpdk: false link down issue with ixgbe NICLijian.Zhang1-0/+66
This issue is observed with X520-2 NICs on FD.io lab Taishan server. After VPP booting up and bringing up the interfaces with command "set interface state <interface> up", it still shows link down status from the command "show hardware-interfaces". However, the hardware link status is actually up. dpdk_process() cannot get the hardware link status correctly via rte_eth_link_get_nowait(). In ixgbe_dev_link_update_share(), if the media type is fiber and the link is down, a flag (IXGBE_FLAG_NEED_LINK_CONFIG) is set. A callback to ixgbe_dev_setup_link_alarm_handler() is scheduled trying to set up the link and clear the flag afterwards. If the device is started or stopped before the flag is cleared, the scheduled callback is canceled. This causes the flag to remain set and subsequent calls to ixgbe_dev_link_update_share() return without trying to retrieve the link state because the flag is set. When the callback is canceled by either interface start or stop operation, in ixgbe_dev_cancel_link_thread(), after cancelling the callback/thread, unset the flag on the device to avoid this condition. Type: fix Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Change-Id: I04de377dc048307a78a5b7109ebdfaf376d5e029
2020-03-22vppinfra: fix typo in dlmalloc.cDave Barach2-2/+8
Fix libffi package name for Ubuntu 20.04 Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Idc567717494b4c40c307f20a40d5e10cd26b0a46
2020-03-21srv6-mobile: Fix the localsid length issue on vnet/srv6Tetsuya Murakami4-7/+10
Fix the following issue. 1. The localsid length was not stored in sr localsid structure. 2. SRv6 mobile test cases were modified based on the new sr localsid CLI syntax. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ieb7620c35439e90a599802a7e0dba61a39707349
2020-03-21srv6-mobile: Support GTP4/6.DT and User Plane message mappingTetsuya Murakami10-206/+2119
Support the following new features in srv6-mobile. 1. GTP4.DT 2. GTP6.DT 3. User Plane Message encoding based on draft-murakami-dmm-user-plane-message-encoding-01 4. Add SRv6 mobile test cases Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I890e5171bf03513d54b4830f01b9dc7f47fe7c48 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-21ipsec: efficient layout of ESP per thread dataRajesh Goel1-3/+4
Type: fix Change-Id: I1ba921503a41ca37ce5c920682893617740571a9 Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
2020-03-21vppinfra: fix minor cuckoo bugs and add cuckoo_16_8Klement Sekera5-26/+170
Type: improvement Change-Id: If1164d2eb81e9d4748436cb1bb8b164857d70565 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-21gtpu: encap-vrf-id in show gtpu tunnels commandNick Zavaritsky1-2/+9
Show encap-vrf-id instead of fib-idx. When a tunnel is created, you specify encap-vrf-id, hence it makes sense for the show command to present it the same way. Fib index, on the other hand, is the internal artifact of how IP tables are managed; showing it isn't helpful. Type: improvement Change-Id: I8d1713d6727dd8685d6c10c07f421c18edafa6e0 Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
2020-03-21libmemif: don't consume rx queue interrupt, if memif_rx_burst failsJan Cavojsky3-5/+16
Type: fix Signed-off-by: Jan Cavojsky <jan.cavojsky@pantheon.tech> Change-Id: Ic6c15c88c80c4045c290cd78533be6f070c7470a
2020-03-21vlib: leave SIGPROF signal with its default handlerJieqiang Wang3-0/+3
When profiling VPP with MAP (a software profile suite on Arm CPUs, see details in https://www.arm.com/products/development-tools/server-and-hpc/forge/map) on Arm servers, VPP will receive SIGPROF signal because MAP uses SIGPROF signal to drive its sampler to do profiling on VPP. However, the default action of SIGPROF signal handler in VPP such as unix_signal_handler() is process termination. To profile VPP with MAP, the SIGPROF handler should be left as default, and MAP sampler will overwrite it with its own implementation. Type: feature Change-Id: Ie14e513d35ec27a66e95067689408bad8ed1ad6b Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-03-21vlib: allow using core 0 as a last resortVladimir Isaev1-15/+12
Right now even following configuration fails: cpu { corelist-workers 0 } I think we should allow user to use CPU 0 if he explicitly configured it or as the last automatically assigned core. Type: improvement Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I041c30349bace558c673475e9a0cffccae5821f7
2020-03-21vlib: complain if workers are configured twiceVladimir Isaev1-1/+10
Right now following configuration leads to crash: cpu { corelist-workers 2 workers 2 } because threads count will be set to 2, but we have only one core in coremask. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ia93b892733971e7c8ddfceaaec5f4eb8bf9063ac
2020-03-21ikev2: fix l2 interfaceFilip Tehlar1-2/+4
Type: fix Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21virtio: fix link up/down flagMohsin Kazmi1-3/+9
Type: fix "set int state <interface> down" puts the virtio device link down. It will not put the link in "UP" state, when "set int state <interface up>" will be used again to change the interface admin up. This patch fixes it. To test: create tap set int state tap0 up set int state tap0 down sh hardware sh int set int state tap0 up sh int sh hardware Change-Id: I3c0e31539f8a2a1e40220e7fb57eedecf408f067 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-21ikev2: add support for custom ipsec-over-udp portFilip Tehlar12-15/+193
Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21virtio: fix the out of order descriptors in txMohsin Kazmi4-8/+102
Type: fix Some vhost-backends give used descriptors back in out-of-order. This patch fixes the native virtio to handle out-of-order descriptors. Change-Id: I57323303349f6a385e412ee22772ab979ae8edbf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-21vlib: fix error when creating avf interface on SMP systemJieqiang Wang1-1/+13
On SMP architecture, '/sys/bus/pci/devices/<devices id>/numa_node' file will return -1 as a valid value if it does not have any NUMA node information. Using -1 as a valid node id to access data structures will cause memory issue. Fix the error by setting the value of numa_node to 0 if '/sys/bus/pci/devices/ <devices id>/numa_node' returns -1 and it is a SMP system. Type: fix Change-Id: Ib60e79c3656fe5b17e08fd9011122683e8b08b6f Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-03-20tcp: avoid spurious retransmit attemptFlorin Coras1-4/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6ce6fb0fe0ceb8a70b6a13e6a72fdb842bfded7a
2020-03-20rdma: ring db only once per vector on txBenoît Ganne2-28/+62
Type: improvement Change-Id: I09b017d60bc38ff8a4a7a73aff42b27611bd8955 Signed-off-by: Benoît Ganne <bganne@cisco.com>