| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
This patch improves the per dpdk-input loop number of packets
received from the port. The change mimics how packets rx happened
before VPP 22.02/DPDK 21.11: instead of trying to rx huge number
of packets (256) in one go, rx more times with up to 32 packets
max each time.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
(cherry picked from commit a9fe20f4b8f7a9bd65cc8ee1b6a0204af7fc3627)
|
|
Originally after remove the policy entry in spd, macro "vec_del1"
can change localization of the last entry in vector and finally the
entry list has not been sorted.
This patch fixes this issue by change executed macro "vec_delete"
instead of "vec_del1".
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
(cherry picked from commit aacd3ed6d5c9c32b646795583a634ca5925603d2)
|
|
- update wordlist and fix typos so that 'make docs-spell' passes
- sort spelling_wordlist.txt
- update docs maintainers list
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
|
|
User can define first_seg_size and add-segment-size in the tls
configuration section, but current code does not take this configuration
into account and sets a default value to first_seg_size and add_seg_size
respectively.
This commit checks if configuration was set and only if not uses the
default values.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I0077f7d54fe7773dd92522476f882c924fda22df
|
|
When computing the inner packet checksum, the code wrongly
assumes that the IP version of the inner packet is the
same of the outer one. On the contrary, it is perfectly
possible to encapsulate v6 packets into v4 and viceversa,
so we need to check the IP format of the inner header before
calling vnet_calc_checksums_inline.
Ticket: VPP-2020
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad
Signed-off-by: Mauro Sardara <msardara@cisco.com>
(cherry picked from commit 9539647b895c456ca53892a9259e3127c6b92d35)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib2e1d847607c9c7d928b174b87e5c21d53153ebe
(cherry picked from commit e8d67719fde74eee34d2a36f0d00343de4bbac7d)
|
|
The index i was incremented in the wrong place, and the check on the
presence of a next buffer in the chain was actually done for the
next desc_status rather than the current one.
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
(cherry picked from commit b0f0f8c8dd9d694bfc13652f89b8b577e9c1c708)
|
|
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF.
Type: fix
Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com>
Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
|
|
Type: fix
Change-Id: Id183c47328510b5db7ffcc7a4dfb41f5a3151399
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
(cherry picked from commit 1b969c2f6a181d4f7cca542dad00e4feb1e45650)
|
|
- A call to vapi_msg_control_ping_hton() is generated in
a static inline function in vlib.api.vapi.h, which is
defined/generated in memclnt.api.vapi.h without
including memclnt.api.vapi.h in vlib.api.vapi.h.
This breaks the compilation of plugins which include
only vlib.api.vapi.h (e.g. hicn_plugin from the HICN
project).
Type: fix
Fixes: a1400cecb
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5574f4ed496183ea93265f493bf3624254a865a2
(cherry picked from commit 14baada2140ad5a19e4d502e81296fe70b5b54d1)
|
|
- HICN project's hicn_plugin requires vnet header files
fib/fib_entry_track.h and udp/udp_encap.h to be
included in build-root/install-vpp*-*/vpp/include/vnet
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iabd3f8fe0aee8d727758fc6ef202e859d68d63a3
(cherry picked from commit 40cfc1560ee6fa11e4d6c74e9730541a8a45b68a)
|
|
type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I32291160f0d22a804929d0a040472ff952f02544
Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
|
|
mpls fib DB size was 2^20 instead of intended 2^21.
Therefore large mpls labels caused DB to overflow and write
to other tables or some random objects. Or crash with ASAN.
Sometimes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
(cherry picked from commit cf2595dfc0b446dd9bd5311d972cfb53b5567df8)
|
|
Type: improvement
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I214f6fb5b63d97ca4afe3b10fd2d3e3410b5a6e4
|
|
This is required after distinguishing between max_frame_size and MTU
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
(cherry picked from commit 66593a6a63fe30ed4b8bed96844244d78274e8f2)
|
|
Type: fix
Fixes: 6fdcc3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I820c505482801ff2ab8dac41a0016bb3a741a4ee
(cherry picked from commit d85fe1a2164daf3cb23f48e6b9fd1ec2d97c87bc)
|
|
Revert "vxlan: crash on configuring vxlan tunnel on l3 mode"
This reverts commit b8de7d43e4955bb4025cd0e0e7390279841b6d7d.
Reason for revert: VPP-2014
Type: fix
Fixes: b8de7d43e4955bb4025cd0e0e7390279841b6d7d
Change-Id: Ic4d10f28985ee10e0550a1bbfd465ada915e4aa6
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
|
|
Type: fix
Since commit https://github.com/DPDK/dpdk/commit/e2a6d08bef489215ebb77b1d3033875ada757cfa
DPDK started advertising scattered Rx feature for elastic network adapters. Thus, dpdk
plugin doesn't have to disable it for ENA by default anymore
Signed-off-by: akolechk <akolechk@cisco.com>
Change-Id: I2d4f429be992e3c4edcc0c3adf8c55f3d5381631
|
|
When the ipfix address was changed to be an ip_address instead of
an ip4_address the output when creating an exporter via the cli
should have been modified to take the address of the v4 part of
the addr.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I141456cd9092c861a4c4aefba4035dbde23efcd6
(cherry picked from commit bf9918a7e0c6bf116b90780cbc2c111ca7995399)
|
|
Fixed coverity-issue CID 248456.
Originally passing argument of type "uint64_t *" to function:
"memcopy_s_inline".
This patch fixes the problem by changing type of passing argument and
make a portable assumption.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I17e4583a05ea1263e4d8a4acc9949454e5fd92c0
(cherry picked from commit ffd9057493ba75d157d8fd316f4978b64a6efb30)
|
|
Originally cryptodev doesn't support chacha20-poly1305 with aad length
0.
This patch add support in cryptodev for chacha20-poly1305 with aad
length 0. This length is using in Wireguard.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
|
|
Originally wireguard doesn't support async mode for decryption packets.
This patch add async mode for decryption in wireguard.
In addition, it contains some performance improvement such as
prefetching packet header and reducing the number of current time
function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieba6ae0078f3ff140c05b517891afb57232b3b7d
(cherry picked from commit 77e69ae2d172dce74f4da4cae52bb63e28daa3ae)
|
|
Originally wireguard doesn't support async mode for encryption packets.
This patch add async mode for encryption in wireguard and also adds
support chacha20-poly1305 algorithm in cryptodev for async handler.
In addition it contains new command line to activate async mode for wireguard:
set wireguard async mode on|off
and also add new command to check active mode for wireguard:
show wireguard mode
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6
(cherry picked from commit 492d7790ff26c569bee81617c662363652891140)
|
|
Originally wireguard does packet by packet encryption and decryption.
This patch adds burst mode for encryption and decryption packets. In
addition, it contains some performance improvement such as prefetching
packet header and reducing the number of current time function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I04c7daa9b6dc56cd15c789661a64ec642b35aa3f
(cherry picked from commit 8ca08496a43e8d98fe2d4130d760c6fb600d0a93)
|
|
Change-Id: I23e72a788d6f382601945986c8cb8cfc3bb9da8e
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: feature
This patch adds the GEN4-b support to DPDK Cryptodev PMD and
fixes a problem on its raw api AEAD enqueue.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I3a1a9b0ae51a5725ce9d5265a059e26ceb16c49e
|
|
Also improve logging....
Type: fix
Change-Id: I3d3aee52cd45e59ecd6ce13bd516c66559638fec
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I1031c6ce80d90814edda7b52b11039874b95714f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8ea0193ebb2a721a0582451ffd64c4063ac6d233
|
|
Found by coverity as defect id 243763
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Type: fix
Change-Id: Idbada5528a1f2625f6498072d538edf306268b6d
|
|
Type: fix
During the interface creation time, (by default) admin-up
flag is locally set for tap and virtio interfaces.
While, in VPP the state of these interfaces are still
admin-down. User needs to explicitly call
'set interface state <interface-name> up' to admin-up the
newly created tap or virtio interface(s) in VPP. So, this
behavior is inconsistent.
This patch fixes the issue to have consistent behavior
for given interface between local and global administration
state.
Change-Id: Ifd8904a09fbdbe7b386874ac3231dc0527064518
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I35c36401ce3ab59900be59a9abddba66f6399978
|
|
Type: improvement
Change-Id: I3659de6599f402c92e3855e3bf0e5e3388f2bea0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output.
This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this:
...
00:00:01:111710: ip4-midchain
tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[]
stacked-on:
[@1]: dpo-drop ip4 flow hash: 0x00000000
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111829: local0-output
ipsec0
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 5858585858585858585858585858585858585858585858585858585858585858
00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0
00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664
00:00:01:112017: error-drop
rx:pg1
00:00:01:112034: drop
local0-output: interface is down
although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop.
This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed.
The resulting drop is:
...
00:00:01:111504: ip4-midchain
tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[]
stacked-on:
[@1]: dpo-drop ip4 flow hash: 0x00000000
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111533: ip4-drop
ICMP: 172.16.2.2 -> 1.1.1.1
tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN
fragment id 0x0001
ICMP echo_request checksum 0xecf4 id 0
00:00:01:111620: error-drop
rx:pg1
00:00:01:111640: drop
null-node: blackholed packets
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
|
|
- per hw-interface-class handlers
- ethernet set_mtu callback
- driver can now refuse MTU change
Type: improvement
Change-Id: I3d37c9129930ebec7bb70caf4263025413873048
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Decouples vnet return values from API return codes.
New vnet_error() creates vnet_error_t whicgh contains both vnet function
return value and return string.
vnet_api_error() converts vlib_error_t constructed with vnet_error() to
API return value.
Type: improvement
Change-Id: I17042954d48c010150fc1dfc5fce9330e8149e87
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: I7fa113e924640f9d798c1eb6ae64b9c0a9e2104c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I1ef5cb250ac1e35b9a5003597eda3d54d2e5ca73
|
|
Type: improvement
Change-Id: I9772088bca176fd0fdb162677ec55c59aa8f3adf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: 65105c95f
Change-Id: I8dee4b560a49891f954d7eb8e79ea535cedeaa88
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
This patch bumps ipsecmb library version from 1.0 to 1.1
Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Change-Id: I9851fef2944a6e213d97039bb6dd48cc0df1e4b4
|
|
Do burst of connects with barrier held.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7e6dcf097022b56d6880de0cba7b8492a938077b
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iada49493635a9c3db8b725ca367d0d4ca5007357
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e60d83644878f7d267582c2497d785e0f6facc1
|
|
Type: feature
This patch bumps dpdk version from 21.08 to 21.11
Change-Id: Id37fdba75f1ea4f4eac3c92226f3b1c539e1daca
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: If61d7409ff14b9f771c1dc8ec9f35e179cea7a28
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ib2c55dd2a246a690b2089f5c0b88508f732281f2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1025cccd784f80b557847f69c3ea1ada5c9de60d
|
|
Change the skipping bundle message to debug
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I942ff72bd9c26ccad923442fdedddf22ba75e117
|
Benoît Ganne
Fan Zhang
Gabriel Oginski
Dave Wallace
Ofer Heifetz
Mauro Sardara
Florin Coras
Dzmitry Sautsa
Nathan Skrzypczak
Andrew Yourtchenko
Dmitry Valter
Artem Glazychev
Ed Warnicke
akolechk
Paul Atkins
Damjan Marion
Dave Barach
Pim van Pelt
Mohsin Kazmi
Tetsuya Murakami
Neale Ranns
Marcel Cornu
Ray Kinsella