Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix crash when peer tries to build INFO req before key exchange which
results using NULL key pointers for crypto operations.
Type: fix
Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This fixes a special case when buffer chain enters decrypt node
and becomes a single buffer after decryption.
Type: fix
Change-Id: Id5da9e8a074f83ec3561949631ce613f35528312
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I1a60809a8bbbbb8ac8b65ab990d51aae1229647f
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: improvement
Change-Id: I275bbca17c5a0263b3e017b48aa6ccd8f59bc7c3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Now UDP enacapsulation doesn't work in transport mode with crypto
algorithms that have iv_sz=8 like AES GCM or 3DES CBC. That happens
because the inserted UDP header overlaps with the old IP header and
gets filled before the information from the old IP header can be
copied to a new IP header. The result is a broken packet:
00:03:39:620863: esp4-encrypt-tun
esp: sa-index 3 spi 3464048590 (0xce792fce) seq 31 sa-seq-hi 0
crypto aes-gcm-128 integrity none udp-encap-enabled
00:03:39:620867: adj-midchain-tx
...
00:03:39:620868: ip4-rewrite
...
00:03:39:620869: GigabitEthernet0/8/0-output
GigabitEthernet0/8/0
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
00:03:39:620870: GigabitEthernet0/8/0-tx
GigabitEthernet0/8/0 tx queue 0
...
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
With this commit, fill UDP header after copying the IP headers in
transport mode.
Type: fix
Change-Id: Ie9a6e562aa05a8378114329d6a9ff395189fa6a8
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I71df27049ef0193578f0c42f8f8bbd5c54e4d53e
|
|
Type: improvement
This can be used as alternative to udpc
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic3f7efe6728b25d4a8a0b61ddb36de66b4672c4f
|
|
vlib_get_buffers can save about 1.2 clocks per packet for vxlan encap
graph node on Skylake.
Type: improvement
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Change-Id: I9cad3211883de117c1b84324e8dfad38879de2d2
|
|
Type: improvement
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Change-Id: Idfec9cb9370a8cf4966d3fdfa440496f21e17005
|
|
Previously, header parser sets the tcp/udp checksum to 0.
It should be read only function for vlib_buffer_t.
Type: fix
Change-Id: I9c3398372f22998da3df188f0b7db13748303068
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Change-Id: I85000cce698d44a96adcab7ff6aa37e7dcca51f7
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibfe203fda5a0c88b26eb50bee8a430dd2cfb7dca
|
|
- updates the quicly version to 0.1.0-vpp
- adds workaround for quicly_send()/assert_consistency() failure
Type: feature
Change-Id: I4c7e0ffc720ad9a685b89046a83646d59febd6cd
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: improvement
Change-Id: I073bb7bea2a55eabbb6c253b003966f0a821e4a3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: docs
Change-Id: I6ad92b35df3e0fecb1334511625eacf3e3d8925f
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Change-Id: I8a6596d7cfa84cb2c5ee2d847395e9cea69c5349
Type: docs
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Fix transposed terms.
Type: fix
Change-Id: Ibc3f5d5d9dbd81c9edf09ae5024c3ac4b1939d03
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9cfa52637e813f2b990688b35634e3af10c58f6a
|
|
This patch adds support for the DPDK iAVF PMD
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I7bb0f621774e4c55b9b7309462e6591ce1b88fb6
|
|
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a.
Reason for revert: Verify failure. Doesn't build.
Type: fix
Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ib5da600b7a40f775de7dc5b9aaa8d967e49e8632
|
|
Wait transitory timeout seconds before moving internal state of TCP
session to CLOSED state per RFC 7857. This patch implements this
functionality for endpoint-dependent NAT.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
|
|
Type: improvement
Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Change-Id: Ia8aef3695f12e09b087be79ebe40e758fb8105ad
|
|
Type: improvement
Change-Id: I34c9e95ad9160436cb62dec7a1a2d0ce94602ab7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
... by removing duplicit test cacses.
There is little value in testing ESN flag when no integ algo
is used. This patch removes such test cases.
Type: improvement
Change-Id: Iae5baa1d39ac32a65d1d28ad57771a87962d8bb3
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch fixes 2 different crashes:
1) BN_bn2bin() returns bytes written, not actual key length. Use
BN_bn2binpad() instead which adds padding.
2) Initiator may receive multiple sa-init responses for the same ispi
which may result in crash. Remember first response and ignore any
subsequent ones.
Type: fix
Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0884bf63db57b4b4dbccf41ab64c030b3fe4dde2
|
|
Change the CLI keyword from address to prefix in sr localsid command.
Type: feature
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: Icc3072404a106ab40e829d2d291e5c179a4443a8
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Type: fix
it was marked MP safe in the CLI (which it shouldn't be) but
it it not marked MP safe on the API.
Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: improvement
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
|
|
If buffer alloc fails, it may happend that rx queue will be stuck
as old code only refills if at least one packet is received.
Type: fix
Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Before this patch, packet was dropped in ip4-input,
but ip4-map-t node dropped response due to
'security check failed'
This patch checkes if hop_limit==1 and sets error
and next frame and sends icmp6 response correctly
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
|
|
Type: fix
Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0875705d3a0c95f2781b0595ef27a30486438aae
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iec5db8dcf3a019b731e15fd79d0208d6eb10943b
|
|
Translation of ICMPv6 error messages to ICMP error messages fails
because the sender port is not set that leads to securtiy check
failure.
With this commit, during ICMPv6 error messages translation, get the
sender port value from the inner packet.
Type: fix
Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Change-Id: Id20a0fe77372602fd211156ccee01c18d829d8df
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3b0041d72d835cbb11e803cc56ac4c68a68238a0
|
|
Type: style
Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866.
Reason for revert: Seems it's breaking ipsec esp tests
Type: fix
Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Fix global copyright date
Type: docs
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7f010d63ec010982f2c8c8388f14214fa6ced0a7
|
|
Fix for the coverity issues.
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I6bf8a874a9a94b9b7d62da047a401eda8a448567
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Use consistent API types.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
This fixes a special case when buffer chain enters decrypt node
and becomes a single buffer after decryption.
Type: fix
Change-Id: I1d4da029b952baa97400adb7173aa63fd97d916b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|