summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-03-31udp: validate input data lengthFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3f34011ca61ded310d0411e7b50548982bd164ac
2020-03-31nat: fix unknown proto translation out2in_edAlexander Chernavin1-2/+2
An unknown proto packet can be processed as UDP with destination port rewriting which breaks the original packet. With this commit, stop processing unknown proto packets after nat44_ed_out2in_unknown_proto() execution. Type: fix Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-31ipsec: use id in ipsec_tunnel_protect_detailsMatthew Smith1-4/+6
Type: fix The data populated into an ipsec_tunnel_protect_details message includes an outbound SA and a list of inbound SAs for a tunnel interface. These are populated with SA indices. The values used by an API client to refer to an SA in other messages is the SA id rather than the index. Use the SA id instead of the index. Change-Id: Ifaad32801092a7f87bd0dcf19de418d36613f8dd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-03-31ikev2: fix crash during peer live checkFilip Tehlar1-1/+8
Fix crash when peer tries to build INFO req before key exchange which results using NULL key pointers for crypto operations. Type: fix Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-31ipsec: fix chained ESPFilip Tehlar3-51/+147
This fixes a special case when buffer chain enters decrypt node and becomes a single buffer after decryption. Type: fix Change-Id: Id5da9e8a074f83ec3561949631ce613f35528312 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-31vlib: move pci api types from vnet/pci to vlib/pciJakub Grajciar8-32/+12
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I1a60809a8bbbbb8ac8b65ab990d51aae1229647f Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-31rdma: print device info from PCI VPD in 'show hardware' outputDamjan Marion1-0/+14
Type: improvement Change-Id: I275bbca17c5a0263b3e017b48aa6ccd8f59bc7c3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-31ipsec: fix udp-encap in transport modeAlexander Chernavin2-3/+58
Now UDP enacapsulation doesn't work in transport mode with crypto algorithms that have iv_sz=8 like AES GCM or 3DES CBC. That happens because the inserted UDP header overlaps with the old IP header and gets filled before the information from the old IP header can be copied to a new IP header. The result is a broken packet: 00:03:39:620863: esp4-encrypt-tun esp: sa-index 3 spi 3464048590 (0xce792fce) seq 31 sa-seq-hi 0 crypto aes-gcm-128 integrity none udp-encap-enabled 00:03:39:620867: adj-midchain-tx ... 00:03:39:620868: ip4-rewrite ... 00:03:39:620869: GigabitEthernet0/8/0-output GigabitEthernet0/8/0 IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c UDP: 10.255.0.10 -> 10.255.0.20 version 0, header length 0 tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff) dscp CS4 ecn NON_ECN fragment id 0x0000 UDP: 128 -> 0 length 0, checksum 0x0000 00:03:39:620870: GigabitEthernet0/8/0-tx GigabitEthernet0/8/0 tx queue 0 ... IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c UDP: 10.255.0.10 -> 10.255.0.20 version 0, header length 0 tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff) dscp CS4 ecn NON_ECN fragment id 0x0000 UDP: 128 -> 0 length 0, checksum 0x0000 With this commit, fill UDP header after copying the IP headers in transport mode. Type: fix Change-Id: Ie9a6e562aa05a8378114329d6a9ff395189fa6a8 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-30tcp: reuse session infra for syns and resetsFlorin Coras6-88/+71
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I71df27049ef0193578f0c42f8f8bbd5c54e4d53e
2020-03-30session udp: flag for connected udpFlorin Coras6-7/+50
Type: improvement This can be used as alternative to udpc Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic3f7efe6728b25d4a8a0b61ddb36de66b4672c4f
2020-03-30vxlan: leverage vlib_get_buffers in vxlan_encap_inlineZhiyong Yang1-12/+14
vlib_get_buffers can save about 1.2 clocks per packet for vxlan encap graph node on Skylake. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Change-Id: I9cad3211883de117c1b84324e8dfad38879de2d2
2020-03-30vppinfra: add support for avx512 alignment version of load and storeZhiyong Yang1-0/+8
Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Change-Id: Idfec9cb9370a8cf4966d3fdfa440496f21e17005
2020-03-30gso: fix the header parser to read onlyMohsin Kazmi3-6/+44
Previously, header parser sets the tcp/udp checksum to 0. It should be read only function for vlib_buffer_t. Type: fix Change-Id: I9c3398372f22998da3df188f0b7db13748303068 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-30interface: remove mtu clib_warning message from api handlerPaul Vinciguerra1-1/+0
Type: fix Change-Id: I85000cce698d44a96adcab7ff6aa37e7dcca51f7 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-03-27vcl: support for uword segmentsFlorin Coras3-12/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibfe203fda5a0c88b26eb50bee8a430dd2cfb7dca
2020-03-27quic: Check quicly version tag at compile timeMathiasRaoul15-561/+56
- updates the quicly version to 0.1.0-vpp - adds workaround for quicly_send()/assert_consistency() failure Type: feature Change-Id: I4c7e0ffc720ad9a685b89046a83646d59febd6cd Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-03-27vppinfra: add clib_bihash_get_bucketDamjan Marion2-20/+13
Type: improvement Change-Id: I073bb7bea2a55eabbb6c253b003966f0a821e4a3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-27docs ethernet: add docs for ethernet SectionPaul Vinciguerra2-0/+21
Type: docs Change-Id: I6ad92b35df3e0fecb1334511625eacf3e3d8925f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-03-27docs: minor typos in configuring/startup.rstPaul Vinciguerra1-2/+2
Change-Id: I8a6596d7cfa84cb2c5ee2d847395e9cea69c5349 Type: docs Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-03-27build tests: fix 'test-wipe-papi' targetPaul Vinciguerra1-1/+1
Fix transposed terms. Type: fix Change-Id: Ibc3f5d5d9dbd81c9edf09ae5024c3ac4b1939d03 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-03-27acl: API cleanupJakub Grajciar20-1179/+1177
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-27docs: document lxd container bootstrap procedureDave Barach1-0/+130
Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9cfa52637e813f2b990688b35634e3af10c58f6a
2020-03-27dpdk: enable DPDK iAVF PMDChenmin Sun3-0/+23
This patch adds support for the DPDK iAVF PMD Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I7bb0f621774e4c55b9b7309462e6591ce1b88fb6
2020-03-26acl: revert acl: api cleanupOle Trøan20-1183/+1095
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-26acl: API cleanupJakub Grajciar20-1123/+1206
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-26session: fix coverity warningDave Barach1-1/+1
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib5da600b7a40f775de7dc5b9aaa8d967e49e8632
2020-03-26nat: transitory timeout for TCP CLOSED stateKlement Sekera9-118/+329
Wait transitory timeout seconds before moving internal state of TCP session to CLOSED state per RFC 7857. This patch implements this functionality for endpoint-dependent NAT. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
2020-03-26svm: correct format_fifo_segmentRyujiro Shibuya2-4/+7
Type: improvement Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: Ia8aef3695f12e09b087be79ebe40e758fb8105ad
2020-03-26build: use gcc-8 as default on ubuntu 18.04Damjan Marion1-0/+6
Type: improvement Change-Id: I34c9e95ad9160436cb62dec7a1a2d0ce94602ab7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-26tests: speed up ipsec unit tests executionFilip Tehlar1-54/+1
... by removing duplicit test cacses. There is little value in testing ESN flag when no integ algo is used. This patch removes such test cases. Type: improvement Change-Id: Iae5baa1d39ac32a65d1d28ad57771a87962d8bb3 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar3-12/+56
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: dead peer detectionFilip Tehlar2-4/+95
Type: feature Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25ikev2: fix gcm in ike protocolFilip Tehlar1-1/+1
Type: fix Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras21-103/+150
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-03-25tcp: avoid updating rcv wnd in resetsFlorin Coras1-3/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0884bf63db57b4b4dbccf41ab64c030b3fe4dde2
2020-03-25sr: Change the CLI keyword from address to prefix.Tetsuya Murakami2-3/+3
Change the CLI keyword from address to prefix in sr localsid command. Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Icc3072404a106ab40e829d2d291e5c179a4443a8 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-03-25avf: fix rx queue refill on buffer alloc failureDamjan Marion1-6/+6
If buffer alloc fails, it may happend that rx queue will be stuck as old code only refills if at least one packet is received. Type: fix Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-25nat: fix error countersKlement Sekera4-1/+21
Type: fix Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov2-2/+29
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24quic: disable vnet_crypto and batching if no crypto engines are loadedMathiasRaoul3-11/+33
Type: fix Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-03-24vcl: fix ldp recv return on errorFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0875705d3a0c95f2781b0595ef27a30486438aae
2020-03-24vcl: fix ldp writev 0 vecsFlorin Coras1-12/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iec5db8dcf3a019b731e15fd79d0208d6eb10943b
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin2-1/+131
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-24avf: proper promisc handlingDamjan Marion2-7/+27
Type: fix Change-Id: Id20a0fe77372602fd211156ccee01c18d829d8df Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-23tcp: add lost and in flight to byte trackerFlorin Coras2-2/+15
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3b0041d72d835cbb11e803cc56ac4c68a68238a0
2020-03-23ikev2: fix typo in .api descriptionVratko Polak1-2/+1
Type: style Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-03-23ipsec: Revert "ipsec: fix chained ESP"Florin Coras3-146/+51
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866. Reason for revert: Seems it's breaking ipsec esp tests Type: fix Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-03-23docs: add container functional test writeupDave Barach3-1/+512
Fix global copyright date Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I7f010d63ec010982f2c8c8388f14214fa6ced0a7