summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-07-24ipsec: GCM, Anti-replay and ESN fixessNeale Ranns10-125/+345
Type: fix Several Fixes: 1 - Anti-replay did not work with GCM becuase it overwrote the sequence number in the ESP header. To fix i added the seq num to the per-packet data so it is preserved 2 - The high sequence number was not byte swapped during ESP encrypt. 3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM the others return BAD_HMAC. removed the former 4 - improved tracing to show the low and high seq numbers 5 - documented the anti-replay window checks 6 - fixed scapy patch for ESN support for GCM 7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-24tls: handle engine listen failureFlorin Coras1-1/+12
Type:fix Change-Id: I528b7cfcb7a6aada94ee3649378e6fbe84d2e4e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-24fib: remove unused input parameterZhiyong Yang1-5/+2
Type: style Change-Id: I2a21076fffaeb5726be80356aaffc9fea3d95850 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-24vppinfra: add mapped pcap file supportGary Boon6-0/+822
Type: feature Change-Id: Ic720d56a6f8901efde2a58519bc9aa553205a9a6 Signed-off-by: Gary Boon <gboon@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23api: binary api cleanupDave Barach22-40/+90
Multiple API message handlers call vnet_get_sup_hw_interface(...) without checking the inbound sw_if_index. This can cause a pool_elt_at_index ASSERT in a debug image, and major disorder in a production image. Given that a number of places are coded as follows, add an "api_visible_or_null" variant of vnet_get_sup_hw_interface, which returns NULL given an invalid sw_if_index, or a hidden sw interface: - hw = vnet_get_sup_hw_interface (vnm, sw_if_index); + hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index); if (hw == NULL || memif_device_class.index != hw->dev_class_index) return clib_error_return (0, "not a memif interface"); Rename two existing xxx_safe functions -> xxx_or_null to make it obvious what they return. Type: fix Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23quic: Refactor connections closing and deletionAloys Augustin2-21/+81
This code should handle the 3 following cases: - Active close quic_proto_on_close sets state to ACTIVE_CLOSING send packets eventually returns an error, calling quic_connection_closed which deletes the connection - Passive close quic_on_closed_by_peer -> set state to PASSIVE_CLOSING "race" between app confirmation (calling quic_proto_on_close) and quicly signalling that it's done (triggers call to quic_connection_closed). If quic_connection_closed is called first, it sets the state to PASSIVE CLOSING QUIC CLOSED, then when quic_proto_on_close is called it frees the connection. If quic_proto_on_close is called first, it sets the state to PASSIVE CLOSING APP CLOSED, then when quic_connection_closed is called it frees the connection - Error close (reset) quic_connection_closed is called in state READY. This means a timeout or protocol error happened. This calls session_transport_reset_notify, the app should confirm the deletion and quic_proto_on_close will be called to delete the connection. Change-Id: I3acbf9b079ed2439bdbb447197c428c78915d8c0 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-23udp: fix typo in udp connectinon flagsDave Wallace1-1/+1
Type: fix Fixes: 3b726197 Change-Id: Ib515f0995e5c837349ebcad5f63fbd1b2a197e13 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-07-23session: reorganize dispatch logicFlorin Coras3-153/+141
Type:refactor Change-Id: Id796d0103e61e15c35a586d8cbd3d8916487b84d Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23vlib: address vlib_error_t scaling issueDave Barach7-39/+37
Encoding the vpp node index into the vlib_error_t as a 10-bit quantity limits us to 1K graph nodes. Unfortunately, a few nodes need 6 bit per-node error codes. Only a very few nodes have so many counters. It turns out that there are about 2K total error counters in the system, which is (approximately) the maximum error heap index. The current (index,code) encoding limits the number of interfaces to around 250, since each interface has two associated graph nodes and we have about 500 "normal, interior" graph node This patch adds an error-index to node-index map, so we can store error heap indices directly in the vlib_buffer_t. Type: refactor Change-Id: I28101cad3d8750819e27b8785fc0cf71ff54f79a Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23udp: fix connection flagsAloys Augustin1-3/+3
Change-Id: Ib69f9bd7970aeb2ee6a1c114d38dcb7f8698dc6d Type: fix Fixes: c754239 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-23session: avoid postponing closeFlorin Coras1-14/+0
Type: feature Change-Id: I96e850fc15b79349abbb52d91c0314f255d635be Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23tcp: generate closed notifications whenever tcp closesFlorin Coras2-1/+6
Type: fix This gives the session layer a chance to to cleanup events. Change-Id: I7499e94acf06340e2b19a1d91a4c61a63cd66c52 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23tests: pin pip versionAloys Augustin1-0/+4
New pip releases can break pip-tools. This commit pins the version of pip used in the test virtualenv to prevent uncontrolled breakage. This fixes the current issue in make test: TypeError: __init__() got an unexpected keyword argument 'index_urls' Change-Id: I3b7ecb31e651401ada0d357e2bf093c91c934565 Type: feature Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-23nat: fixed handoff in2out lookup of static mappings by external addressFilip Varga1-2/+2
Type: fix Change-Id: Ie5befde2f23caffb033b3b9f35ac1535c1224925 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-23devices: vhost handling VHOST_USER_SET_FEATURESSteven Luong1-0/+1
Some combinations of new qemu (2.11) and old dpdk (16.10) may send VHOST_USER_SET_FEATURES at the end of the protocol exchange which the vhost interface is already declared up and ready. Unfortunately, the process of VHOST_USER_SET_FEATURES will cause the interface to go down. Not sure if it is correct or needed. Because there is no additional messages thereafter, the hardware interface stays down. The fix is to check the interface again at the end of processing VHOST_USER_SET_FEATURES. If it is up and ready, we bring back the hardware interface. Type: fix Change-Id: I490cd03820deacbd8b44d8f2cb38c26349dbe3b2 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-07-22bonding: fix create bond CLIZhiyong Yang2-2/+2
1. "numa-only" is optional and is disabled by default for lacp mode. 2. update lacp doc. Type: fix Change-Id: I6a3a8423ef31ad9980353a796957693cd6205d73 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-22udp: support close with dataFlorin Coras3-19/+41
Also adds connection flags. Type: feature Change-Id: I76f21eb88ab203076149b7c03dc31c22fc0f342e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-22docs: improve home gateway use-case documentationDave Barach1-18/+131
Add plugin config, systemd config, netplan config, software installation via ssh, and a quick HowTo for setting up a double-nat test gateway. Fix a minor doc bug which caused a complaint on vpp-dev@lists.fd.io: /etc/vpp/startup.conf -> /setup.gate, but the vpp configuration file wasn't explicitly tagged with the name /setup.gate. Type: docs Change-Id: Ib219040d7c3c8b50ed66f8e9d3afd3dcf51b6b7b Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-22quic: move patch for quicly 0.0.3Aloys Augustin1-0/+0
Change-Id: I58e58f1f297820b110013f4bf6ede827ced94a3d Type: fix Fixes: 5ff9765 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-22quic: update quicly libraryAloys Augustin4-18/+6
Update quicly to latest version that includes our upstreamed patch. Change-Id: I0b26c72e49bce81daf4fb069b5818defd6cf25b9 Type: feature Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-22gso: Fix the l3 packet gso segment sizeMohsin Kazmi2-1/+9
Type: fix Ticket: VPP-1721 Change-Id: I7a5d4f1440048ddc9f599ac11d06e5a7df20440e Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-07-22gtpu: fix missing trace issueZhiyong Yang1-0/+16
Type: fix Change-Id: I1e1c39452edd94712455d102a6faad58bc7f66ff Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-22stats: fix use-after-free hash key stringBenoît Ganne2-9/+10
Hash keys are not copied by the hash infrastructure, instead the pointer is used directly. stat_segment_register_gauge() does not allocate a private object for the key, causing issues when it is freed or reused. Allocate a private object on insertion into the hashtable instead. Type: fix Fixes: 92e3082199d10add866894e86a9762d79a3536c4 Change-Id: Ifb6addfcaec81bdb7ea3512050ce55f06ef09a4c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-19fib: FIB Entry trackingNeale Ranns21-148/+468
Instead of all clients directly RR sourcing the entry they are tracking, use a deidcated 'tracker' object. This tracker object is a entry delegate and a child of the entry. The clients are then children of the tracker. The benefit of this aproach is that each time a new client tracks the entry it doesn't RR source it. When an entry is sourced all its children are updated. Thus, new clients tracking an entry is O(n^2). With the tracker as indirection, the entry is sourced only once. Type: feature Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19session: improve event loggingFlorin Coras4-60/+49
Type:feature Change-Id: I67a52ee48963a66915e2ebd116626eb9c296a9a5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-19vcl: fix coverity warningFlorin Coras1-1/+2
Type:fix Change-Id: I7b91ce9359f94131882ab430606586b1a6cf3e02 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-19bonding: add support for numa-only in lacp modeZhiyong Yang10-4/+69
If numa-only is set, Only slaves on local numa node transmit pkts if have at least one, otherwise the bond interface works as usual. CLI change: create bond mode lacp [load-balance { l2 | l23 | l34 } {numa-only}] [hw-addr <mac-address>] [id <if-id>] The new member "u8 numa_only;" is also added to bond_create_if_args_t. Type: feature Change-Id: Icdccedafb0738d8c9d4a5acce909ce562428c071 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-19session: Use parent_handle instead of transport_optsNathan Skrzypczak10-24/+25
Type: feature This is mostly used for quic in the case of a stream creation (i.e. connect on an already established QUIC session). We want do default parent_handle to INVALID to be able to distinguish it from parent_handle = 0 Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-19vat: remove #if BUILTIN from vat_main_t definitionDave Barach1-2/+0
Otherwise, vat plugins will be confused about the offset from &vat_main of the vlib_main_t * pointer, leading to NULL pointer crashes. Type: fix Change-Id: I7298b7ce8c000217ed7fdd2e97a3cbf978464377 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-19api: fix coverity warningDave Barach1-3/+8
Type: fix Ticket: VPP-1649 Change-Id: Ia159d0f67d33719d05fa2dbd82f9c8c9b5d8f2a9 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-19ipsec: register for port 4500 at INITNeale Ranns1-13/+5
Type: fix Fixes: 41afb33 Change-Id: Iceb99ead32f1858a5b4f85911d7cb2b39cc9add5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19vppinfra: fix OOM check in bihashAndreas Schultz1-1/+1
The OOM check must consider the end of alloced arena and not the start when checking for overflow. Type: fix Change-Id: Ie83e653d0894199d2fa433a604a0fe0cee142338 Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
2019-07-19docs: Fix conf.py for read the docsjdenisco2-3/+2
Change-Id: Iaaf9e6ef5acc82fb751c851cc943cf0c48a8940d Signed-off-by: jdenisco <jdenisco@cisco.com>
2019-07-19misc: 19.01.3 Release NotesAndrew Yourtchenko1-0/+9
Type: docs Change-Id: I3f9d243d6f5d99faea67c24c9bf5c42c7a4dc3b0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-07-19ip: admin change affects intf IPv4 addr routesMatthew G Smith2-7/+127
Type: feature When admin status is changed on an interface, add or delete the routes for the IPv4 addresses configured on that interface. This is already being done for IPv6 interface addresses. Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-18vcl: add QUIC supportNathan Skrzypczak6-84/+423
Type: feature * Adds the concept of a "connectable listener" : a session that can be both connected and accepted on. * vppcom_session_is_connectable_listener (fd) that tells if the fd is a connectable listener * vppcom_session_listener (fd) that gives you the listener's fd that accepted the session (if any) * vppcom_session_n_accepted (fd) that gives the number of sessions a listener accepted. Change-Id: Id89d67d8339fb15a7cf7e00a9c5448175eca04fc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-18session: Refactor invalid session idx/handleNathan Skrzypczak2-3/+1
Type: refactor Change-Id: I885d9d2af1674f705339e3e96f87ff766965c9e5 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-18build: add more src dirs for generate_json.pyVratko Polak1-4/+7
Because file vpe.api is in src/vpp/api/ and memclnt.api is in src/vlibmemory/. Also removed api_types, as iteration can be done over output_dir_map. Type: fix Fixes: 9529feb4525dfd13e5636640083361256121d275 Ticket: VPP-1715 Change-Id: I021afeafdf98904d076953f0b09d1e3587fd3100 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-07-18tap: fix memory errors with create/delete APIBenoît Ganne1-7/+9
CLI allocates vectors consumed by tap_create_if(), whereas API pass null-terminated C-strings allocated on API segment. Do not try to be too clever here, and just allocate our own private copies. Type: fix Fixes: 8d879e1a6bac47240a232893e914815f781fd4bf Ticket: VPP-1724 Change-Id: I3ccdb8e0fcd4cb9be414af9f38cf6c33931a1db7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-18vlib: convert frame_index into real pointersAndreas Schultz10-90/+52
The fast path almost always has to deal with the real pointers. Deriving the frame pointer from a frame_index requires a load of the 32bit frame_index from memory, another 64bit load of the heap base pointer and some calculations. Lets store the full pointer instead and do a single 64bit load only. This helps avoiding problems when the heap is grown and frames are allocated below vm->heap_aligned_base. Type: refactor Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-18lb: update api.c to use scaffolding from latest skelPaul Vinciguerra4-43/+112
Type: refactor Change-Id: I01329385684f4a4f477cb046079b554ae3024ded Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-17tcp: add node with no 6-tuple lookupVladimir Kropylev1-22/+96
Type: feature Add new node in TCP stack where TCP 6 tuple lookup is not required. In new node, packet metadata contains connection-index which can be used to retrieve the TCP connection. The new node will be used by proxy. Change-Id: I3aa0268946898912f4176d5c8c5903e06657479d Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
2019-07-17quic: Add back stream connect conditionNathan Skrzypczak1-1/+1
Type: fix This is needed for VCL patch in the case the Qsession handle we connect to is 0. A better way to do this would be to add a u16 header to the transport_opts, as session_handles are : <u16 unused><u16 thread_id><u32 session_index> But this requires modifying all clients. Change-Id: If171bcf982eba3bd705b586c9fd4a6c2ad0e114b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-17build: add targets for json api filesPaul Vinciguerra2-0/+102
Type: make Ticket: VPP-1715 Change-Id: I78497d679d9e793b47a06a0c5cb3b12d86b08489 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-17session: move constants definitionFlorin Coras2-2/+3
Type:refactor Change-Id: Ie4a89ae603cd365b28795c92daa08d5943e692ea Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-17session: use llist in session node evt handlingFlorin Coras4-68/+172
Type: refactor Change-Id: I24159e0a848f552b4e27acfb5fe6f2cd91b50a19 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-17session: grab mq lock until ctrl event is enqueuedFlorin Coras1-2/+1
Type: fix Change-Id: I26a6af7f92316f7a8a5309047b3b3605b87ca327 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-17vppinfra: elog: fix read overflow in string lookupBenoît Ganne1-5/+7
elog string hashtable use strlen() to determine string length for hashing, strings must be NULL-terminated for both inserts and lookups. Type: fix Fixes: 9c8ca8dd3197e40dfcb8bcecd95c10eeb56239ed Change-Id: I0680d39a9b89411055fd6adc89c9f253adfae32c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-16session: fix node enable sequenceVladimir Kropylev1-1/+1
Type: fix Change the sequence to first allocate session_manager and then enable the session-nodes. During “session enable”, sometimes an issue was seen when in some cases POLLING node calls transport_update_time -> tcp_update_time -> tcp_set_time_now which access tcp_main.wrk_ctx before tcp_main_enable allocates the wrk_ctx. 0 0x00007ffff73f7778 in tcp_set_time_now (wrk=<optimized out>) at src/vnet/tcp/tcp.h:953 1 tcp_update_time (now=11.059735140000001, thread_index=<optimized out>) at src/vnet/tcp/tcp.c:1192 2 0x00007ffff75a75de in transport_update_time (time_now=11.059735140000001, thread_index=thread_index@entry=1 '\001') at src/vnet/session/transport.c:740 3 0x00007ffff75a0f4c in session_queue_node_fn (vm=0x7fff74913480, node=0x7fff75e7d5c0, frame=<optimized out>) at src/vnet/session/session_node.c:873 Change-Id: Id2288dd05ba179af2ff22c58bac1331fc21a1c7d Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
2019-07-16papi: use the injected logger wherever possibleVratko Polak1-18/+6
As the injected logger is already expected to be used everywhere, this is a fix. The few lines in vpp_serializer.py are not fixed, but they are not encountered in CSIT testing. Functions call_logger and return_logger have single call site each (and confusing names, as they do not log), so saved few lines by inlining them. Type: fix Change-Id: I7dd1e610ef6b885943708bf78bddedfbcf4daa1a Signed-off-by: Vratko Polak <vrpolak@cisco.com>