summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-11-13crypto: do not crash if no crypto engine loadedBenoît Ganne1-1/+1
Do not overflow ops_handlers vector. Type: fix Change-Id: I8d5e7fb8125a7bd87ecfe6f4f1390fb9f43dad8f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-13build: fix make checkstyleFlorin Coras1-1/+1
Type: fix Comment out yamllint for now. Change-Id: Id40a5aef3fa15b2c6e9d7fe6fd6201923593b4cd Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-13papi: enhance MACAddress() equalityPaul Vinciguerra1-1/+7
Allows for comparison without needing str(MACAddress()) Traceback (most recent call last): File "/vpp/test/test_ip6.py", line 1074, in test_icmpv6_echo self.assertEqual(ether.dst, self.pg0.remote_mac) AssertionError: '02:01:00:00:ff:02' != MACAddress(02:01:00:00:ff:02) Type: feature Change-Id: Ife1cbfc74d477695d15b33a19da7dd2fa241a348 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-12tap: Move client registration check to topPaul Vinciguerra2-9/+14
Type: fix Change-Id: I33dc4cf7b6c69f74c7bf4971ce59442678b878ef Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-12docs: update logging configuration section.Paul Vinciguerra1-10/+10
Type: docs Change-Id: I6359623b2eadb404fc391e4c4608fff86020f53f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-12virtio: remove unused codeDamjan Marion1-4/+0
Type: refactor Change-Id: I25f1cc3969c6a6ec1384079dc437537acd2ec152 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-11-12interface: Allow VLAN tag-rewrite on non-sub-interfaces too.Jon Loeliger7-56/+134
This fix was first made in commit fdea5c6a00b74971dbb1b7ec4e25839a871006ca but was subsequently lost in commit 053204ab039d34a990ff0e14c32ce3b294fcce0e Added unit test for setting VTR on a non-sub-interface to help ensure no future regressions of this ability. Type: fix Change-Id: I71ce2684fb72383741455829ae2d397ea2e95eae Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-12vcl: fix nonblocking accept with >1 event in the queueCarl Smith1-3/+3
We discard unwanted events until we get an ACCEPTED. But if we are non-blocking we need to check the queue length every time and EAGAIN if empty before waiting. Type: fix Signed-off-by: Carl Smith <carl.smith@alliedtelesis.co.nz> Change-Id: Ie0c7e5cb00f0d37d2e1534f8bb384221ff56f2e3
2019-11-12ip: IP address and prefix types (moved from LISP)Neale Ranns21-483/+545
Type: refactor Change-Id: I2c6b59013bfd21136a2955442c779685f951932b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-12papi: add wrapper to validate crc manifestOle Troan1-0/+28
If a client application is built against 19.08, it can dump the "manifest" of API signatures. Either the all APIs (--dump) or the APIs it is interested in (--dumpfiltered). When the developers of said client application wants to verify that it works with VPP 20.01. It can connect to VPP and --validate the old mainfest file, and will be told a list of messages (both request and reply) that has changed. import argparse from vpp_papi import VPP import sys import argparse parser = argparse.ArgumentParser() group = parser.add_mutually_exclusive_group() group.add_argument("--dump", action="store_true") group.add_argument("--dumpfiltered", action="store_true") group.add_argument("--validate", action="store_true") args = parser.parse_args() vpp = VPP(use_socket=True) vpp.connect(name='apimanifest') if args.validate: # Verify manifest message_table = eval(sys.stdin.read()) missing = vpp.validate_message_table(message_table) print ('Changed message signatures: {}'.format(missing)) elif args.dump: # Output manifest to stdout print('{}'.format(vpp.dump_message_table())) elif args.dumpfiltered: # Output manifest to stdout filterlist = eval(sys.stdin.read()) print('{}'.format(vpp.dump_message_table_filtered(filterlist))) vpp.disconnect() Type: feature Change-Id: I7e708b36f599ed88e4864970c8593cc2fe5fbf61 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-12session: session enable in multiworkerNathan Skrzypczak2-1/+18
Having session enable in config file wasn't working for multiple workers Type: fix Change-Id: Ib29ba540a6e1d714e7e470f4c7518e3d266fe7ca Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-12tls: fix picotls coverity warningsFlorin Coras1-13/+13
Type: fix Change-Id: Ib5c9de9c9053b8339f514ff648a75c3b56b55215 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-12bonding: fix non-null terminated vectorBenoît Ganne1-2/+2
Type: fix Change-Id: Iea7d73a304236b525b95bdad3bfdb41e711f8cdb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-12crypto: not use vec api with opt_data[VNET_CRYPTO_N_OP_IDS]Lijian Zhang3-3/+4
opt_data is defined as a array, while in some code, e.g., function vnet_crypto_get_op_type, it's used as vec. vec api is not applicable to static arraies. src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0))) Type: fix Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-11-12svm: improve fifo segment verbose cliFlorin Coras2-9/+37
Type: feature Also make sure that size for dlmalloc allocated private segments is accurate. Change-Id: I6ec81ff99a13dd29b9664d768835a68019f0c96c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-11vlib: fix handoff queue sequencing bugDave Barach1-1/+2
Set vm->check_frame_queues after actually enqueuing a frame. Under obscure circumstances, the code managed to set check_frame_queues so far in advance that 100 dispatch cycles could elapse before the frame enqueue succeeded. That resulted in permanent lack of queue service. Type: fix Ticket: VPP-1734 Fixes: 18191 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If2d398202b4ba2b96581d25e8142daef3f74c9e5
2019-11-11tcp: improve lost rxt heuristicFlorin Coras3-34/+55
Type: feature - retransmit first unacked segment if newer retransmitted packets are acked - avoid spurious retransmits if recovery ends with sacked bytes Change-Id: Ic1b56d22e025822edb7609afb136e47440ea6032 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-11ip: functional interface to ip fragmentationOle Troan12-412/+476
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-10dhcp: ipv6 prefix delegation improvementsDave Barach4-14/+116
Autoconfigure router advertisements for delegated prefixes. Clean up a longstanding issue. If vpp receives a dhcpv6 renew reply, do NOT reset per-delegated-prefix timers. That prevented vpp from sending a solicit to renew the delegation on time. That, in turn caused the RA code to send advertisements with valid_time = preferred_time = 0. That causes almost any downstream client to throw away its delegated address. Miscellaneous changes o src/vnet/ip/ip6_neighbor.c - always memset elements allocated from pools to zero. DGMS. o Remove debug spew from the ipv6 connection-tracker plugin Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I428feccdc47efdc413898600e0d62916928a6eb7
2019-11-10tls: picotls engine basic enabling for TLSSimon Zhang5-0/+878
Type: feature Change-Id: I700d999771d837604dd0571741f4f0bcbec82403 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-11-10session: re-set tx fifo event if out of buffersFlorin Coras1-1/+2
Type: fix Change-Id: I7416e827fbc5c63d082273656441c81dd6246d8a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-10tcp: avoid retransmits post resetFlorin Coras2-0/+6
Type: fix Change-Id: Ib6a8f5ca597389700e5746f089a5cec7eee65ab5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-09dhcp: fix dhcpv6 client and dhcpv6 prefix delegationDave Barach3-37/+19
Keep trying even if the interface in question is not "admin-up, link-up." In real life, it's normal for link autonegotiation to take a good fraction of a second. The driver layer takes care of packets sent to an interface which can't transmit at the moment. Renew address leases at the preferred renewal time, not at the expiration time. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I68ec1c52cc1f4a8aa256185820748b845e92f7c1
2019-11-09build: Fix typo introduced in src/plugins/mdata/FEATURE.yamlPaul Vinciguerra1-1/+1
Type: fix Fixes: Ide0bb276659119c59bdbbc8b8155e37562a648b8 Change-Id: I4db18508910d5fe5f5df4d902e15cf19b10c0621 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-08build: use cmake build typesDamjan Marion3-38/+39
Type: make Change-Id: If822c85d6ff26982516ea1d597ca81aa84773b2b Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-11-08rdma: fix next node rx redirectBenoît Ganne1-8/+2
Type: fix Change-Id: I694db40c3a0361852d01b84c7a45e32e39e9f4af Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-08rdma: fix name auto-generation on createBenoît Ganne1-1/+5
When creating rdma interface without specifying a name, we need to generate one instead of NULL. Type: fix Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-08ipsec: remove dedicated IPSec tunnelsNeale Ranns25-1737/+626
APIs for dedicated IPSec tunnels will remain in this release and are used to programme the IPIP tunnel protect. APIs will be removed in a future release. see: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-08vcl: fix epoll connected events sidFlorin Coras1-2/+1
Type: fix Use sid returned by vcl_session_connected_handler instead of trying to infer it from vpp session handle. Change-Id: Ic0fbb90ec2bd851b435fc3f2a34265ac9a8ab29f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-08tap: add check for vhost-net backendDamjan Marion1-0/+9
Type: feature Change-Id: I402f4c88dee70fbb0b3b61dc4e0a4034d24d8b56 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-11-08tap: fix cli parserDamjan Marion1-4/+5
Type: fix Change-Id: I38ee9efd23774cce7790565825527cca9ba6f200 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-11-08tcp: fix ip check in lookup validationFlorin Coras1-11/+17
Type: fix Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-08session: add space around ternary operatorVratko Polak2-1/+1
Type: style Change-Id: If28a4959c1d60ab1caf22dbc8b72d9adf7060bd4 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-11-08tests: python3 use byte strings in raw()Ole Troan19-204/+204
Raw('\xaf) and Raw(b'\xaf) are two quite different things in python 2 versus 3. In most cases this didn't make a difference, apart from those cases where length of payload actually mattered. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I3cba5c1486e436a3ca8aa10a7b393da75aa9f6b9
2019-11-07crypto-ipsecmb: improve gcm performance using dedicated API.Fan Zhang1-88/+54
This patch improves the GCM encrypt and decrypt performance using the dedicated API provided by intel-ipsec-mb library. This helps remove the overhead caused by the JOB API. Type: feature Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I00c9ab3ed9f2660093fb2584feb8bca4979acee8
2019-11-07pmalloc: always lock pagesDamjan Marion2-25/+16
Type: feature Change-Id: I5bbf37969c9c51e40a013d1fc3ab966838eeb80d Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-11-07build: Fix 3rd party CI systems.Paul Vinciguerra1-1/+4
Commit https://gerrit.fd.io/r/#/c/15525/ breaks 3rd party CI jobs. This suggests an alternative solution that supports both use cases. Type: feature Change-Id: I966210cf4594651735e6a8bffa32dd52b4539a13 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-07dpdk: ipsec gcm fixesChristian Hopps3-25/+14
- Fix AAD initialization. With use-esn the aad data consists of the SPI and the 64-bit sequence number in big-endian order. Fix the u32 swapped code. - Remove salt-reinitialization. The GCM code seems inspired by the GCM RFCs recommendations on IKE keydata and how to produce a salt value (create an extra 4 octets of keying material). This is not IKE code though and the SA already holds the configured salt value which this code is blowing away. Use the configured value instead. Type: fix Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0 Signed-off-by: Christian Hopps <chopps@labn.net>
2019-11-07crypto: fix crypto perf unittest crashFan Zhang1-1/+33
Type: fix crypto perf test crashes for key size different than 16 bytes. This patch fixes the issue Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
2019-11-07tcp: fix retransmit with no sacksFlorin Coras3-10/+18
Type: fix Change-Id: I6f7df0d358f57f7feadb9b7a3fcffb99558b2af8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-07api: fix dead client scan heap issueNathan Skrzypczak1-0/+4
Type: fix On multiworker setup when an app client dies, the vec_reset_length call fails the assert in clib_mem_is_heap_object. Same thing might happen for the clib_warnings Change-Id: I369f9d2dbe60407c84994a4e8d25f6df7848ca93 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07session: Add crypto contextNathan Skrzypczak3-7/+68
Type: feature Crypto contexts are a per protocol cache for storing crypto related connection data. They share a common interface with generic properties : cert, key, engine and session refcount. Change-Id: I8165e05afbcc6ecb3777b6abeab62c369d2fe9ed Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07hsa: Add ckpair & crypto engine in vpp_echoNathan Skrzypczak6-78/+80
Type: feature * vpp echo adds and dels a cert and key pair for each run * it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls) Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07quic: Add support for ckpair & crypto engineNathan Skrzypczak2-20/+49
quic choice used ckpair is now the one passed to connect or listen via mq. The crypto engine is chosen with the value passed to connect or listen via mq: * If NONE(0) is provided, we default to quic_main. default_crypto_engine (picotls at init, can be changed via debug cli : quic set crypto api [crypto engine]) * If PICTOLS/VPP is provided, use this one * Other values return an error Type: feature Change-Id: Ifab893d6d03c83f202e6c7e7a9936f546a4b1530 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07session: ckpair store & crypto engine as mq paramsNathan Skrzypczak5-4/+12
Type: feature This patch adds the logic to pass to connect & listen msg in the mq the following parameters * ckpair index * crypto engine (for now only used in quic) Change-Id: I7213d8b581cb4532a9a6b18c4b3fe021287b7733 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07session: fix app attach on errorNathan Skrzypczak1-3/+2
Type: fix Change-Id: I57b3c76515544ba3655690b37e0dacb47734ba6d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07svm: fix byte accounting when allocating fifo headerFlorin Coras1-0/+1
Type: fix Change-Id: Ie50625271d257da814445ce13c2e6cd98986d523 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-07interface: shmemioerror while getting name_filter argAleksander Djuric4-6/+14
Type: fix Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com> Change-Id: I5e0eb7024d208040d79e9d6db863f41e2ecf4ee6 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-07tests: make threads in punt tests join when finishedAndrew Yourtchenko1-8/+23
The 42693521f6046997133c8f63bcfc9d615d96f69d added the timeout to the child process join + print the name of the offending child process. Upon testing the issue furher, appeared the offenders were always the same - punt tests. The processes running them were stuck trying to acquire lock, even if all the user-accessible execution has finished. Some searching revealed that one needs to tread carefully when dealing with Thread and Multiprocessing at the same time. punt tests used threads but did not call thread.join. Somehow it worked in some cases but not the others. This fix makes the threads exit cleanly - which also makes the timeouts waiting for the process to join disappear. Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I05d99bb48a9987544bbfe45118755c09d7867aa0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-11-06tcp: validate the IP address while checking TCP connectionSrikanth Akula1-9/+31
Type: feature Along with the port information, we need to validate the IP address details as well. This is very useful in the case port re-use scenario Signed-off-by: Srikanth Akula <srakula@cisco.com> Change-Id: I11e1ebcd3e56aae47ac235a89606a83c928aa6bb