Age | Commit message (Collapse) | Author | Files | Lines |
|
- Implement our own quic packet allocator to allocate more memory at the end of the
packet to store crypto offloading related data
- 1RTT packets offloading encryption/decryption using vnet crypto
- Add cli to change max packet per key
Type: feature
Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: feature
Change-Id: I32256061b9509880eec843db2f918879cdafbe47
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: feature
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Change-Id: I5452f8bbd0ff9e2a57f7bd7d134a8824efa5f30a
|
|
- use neutral types in preparation for ARMv8 support
- simplify x86 key extraction support
Type: refactor
Change-Id: I947eb37b8c9d9ee6909bb32ef14c4de192d40a46
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Not in functional state for a long time ...
Type: refactor
Change-Id: I2cc1525a6d49518cbc94faf6afbf0d2d0d515f56
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Both are out of sync for long time...
Type: refactor
Change-Id: I7de3170d35330fc172501d87655dfef91998b8fe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add several more MAP-T BR tests for normal packet flow.
Type: test
Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Apply exponential smoothing to the clock rate update calculation in
clib_time_verify_frequency(), with a half-life of 1 minute and a
sampling frequency of 16 seconds. Within 5 minutes or so, the
calculation converges
With each rate recalculation: reset total_cpu_time based on the kernel
timebase delta since vpp started, and the new clock rate
Improve the "show clock [verbose]" debug CLI command.
BFD echo + echo fail tests marked off until the BFD code can be
reworked a bit.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I24e88a78819b12867736c875067b386ef6115c5c
|
|
host mtu can't be set if tap interface is in namespace.
This patch fixes this issue.
Type: fix
Change-Id: I63811c4b56c708fe708061a8afbaec41994f08ca
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Tap configuration code sets the host mac address
two time. This patch fixes it.
Type: fix
Change-Id: I7bebb9b7f25352a8a9a98bae6a0636757c0cea9c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Change-Id: I64665b290e2c42bbd9b0e877e9e4b028090b0ede
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
cleaned up some trivial typo's while reading through adj.h
Type: docs
Change-Id: I1b6cd815dc10ed3da8db2024b3e015e076235d50
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
common funcitons across IP-in-IP and GRE tunnels for encap/decap
functions
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
|
|
Type: feature
Change-Id: I7f8e3763d7f8364563a25d0fcc782976b906b325
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Add newly added typedefs.
- Update string examples.
Change-Id: I1e7ee7cbf5901ba97302472521bf1f42a14765ea
Type: docs
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
With this commit, ICMP Time Exceeded is sent to sender when TTL
expires at MAP BR.
Type: fix
Change-Id: I8effe163beab32596883127b819308cc355512c3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: refactor
Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add missing cast to time conversion function to to deal with arbitrary
clocks-per-second values.
Type: fix
Change-Id: I5075a823e7a95c972c513ac765252337d5f59fbf
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: test
Change-Id: I5522e88ee178d0563c246895393e835d125f1b81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When there are no dhcp client interfaces configured, it's not
useful to make periodic / timeout log entries.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
|
|
Type: fix
Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Avoid rcv wnd probing after zero window advertisments by registering for
tx dequeue notifications and forcing acks that open the rcv wnd.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
|
|
Type: refactor
Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When MTU is not set, ignore_df and mtu check
always returns true and packets are dropped.
This patch puts MTU checks after it was
compared with 0 and set to maximum if not set.
Added trace node.
If MTU is less than the total length value of
the IPv4 packet plus 20, the translator MUST
send an ICMPv4 "Fragmentation Needed" error message
to the IPv4 source address
Type: fix
Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
|
|
Type: feature
Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Steps to reproduce VPP crash:
1. configure localsid End behavior
2. ping the localsid address
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
|
|
Type: fix
Change-Id: Ifb007207be97119e07c3a0eba4714eb519de043c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Change-Id: I9d1f9f00ac011a93709850186dcf4cf5ea3bf88a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
"classify filter trace ... " and "classify filter pcap ..." are
mutually exclusive.
vnet_pcap_dispatch_trace_configure needs to check for
set->table_indices == NULL.
Type: fix
Ticket: VPP-1827
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I43733364087ffb0a43de92e450955033431d559d
|
|
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to
computing the checksum. We missed ip4 udp case. This oversight requires all
clients to set udp->checksum = 0 if ip4 udp checksum offload is needed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
|
|
Type: feature
plus fixes for gre
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
|
|
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
More RFC compliance.
Ticket: VPP-1816 BFD: peer discriminator not reset on timeout
Type: fix
Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Event polling instance is always identified by libmemif main private context.
Fixes event polling handled by libmemif.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I51dcdb279b18f8ce97bad3b2695848e0b25a232d
|
|
Type: fix
Fixes: 418b225931634f6d113d2971cb9550837d69929d
Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Regardless of whether the virtio_net_hdr is sent as a separate
descriptors or in the same descriptor as the data, we always want to
skip the header length - maybe moving to the next descriptor along the
way.
Type: fix
Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html
Type: docs
Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Call session queue node with the right node runtime instead of the
pre-input node runtime.
Type: fix
Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I30e37f7e549083337b11ace95b4ff4f427d9fc8c
|
|
Type: feature
The current feature ordering of NAT44 nodes with respect to the
ACL plugin's IPv4 input/output features is:
ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes
ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes
ACL rules with action permit+reflect can keep track of outbound
flows and allow the replies inbound without an explicit inbound rule.
If ACL permit+reflect rules are configured on an interface that also
has NAT44 configured with output-feature/postrouting translation of
outbound packets, the ACL rules cannot allow inbound packets. The
ACL state that was stored on the outbound flow contains the IP
addresses of the original packet, prior to translation. The inbound
packets are being evaluated by the ACL node using the translated
addresses.
The order of processing inbound needs to be the opposite of what it
was outbound for this to work. Change the NAT44 features on
ip4-output so that they run before outbound ACL nodes. This matches
the existing behavior of the NAT44 nodes which rewrite
source addresses as an input feature instead of an output feature.
This was only done for endpoint dependent mode because the regular
endpoint independent in2out-output node currently selects an
explicit next node rather than using the next node on the feature
arc.
Unit test added to configure both NAT and an ACL and ensure that
out2in packets matching an in2out flow are permitted by the ACL
and translated by NAT.
Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I402549818ba6e078802e914293304174dc6625c2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: docs
Change-Id: I3bb589d04f15a03166a6d457552ffc316fb02f94
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
|
|
Binary API trace replay with multiple worker threads depends in many
cases on worker thread graph replica maintenance. If we (implicitly)
assert a worker thread barrier at the debug CLI level, all graph
replica changes are deferred until the replay operation completes. If
an interface is deleted, the wheels may fall off.
Type: fix
Ticket: VPP-1824
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
|
|
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|