Age | Commit message (Collapse) | Author | Files | Lines |
|
Since 3DES has 8 bytes of initialization vector and
code contains hardcode for 16 bytes, check added to
determine if crypto algorythm is 3DES_CBC and set
corresponding iv_len param
Change-Id: Iac50c8a8241e321e3b4d576c88f2496852bd905c
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
|
|
More to the point: fix the Python API binding for the plugins.
The http_static and ct6 plugin setup_message_id_table calls didn't
have "_"'s between message names and CRCs. I would have expected this
to originate in the emacs skeleton, but the skeleton is correct.
Punctuation saves lives: "Let's eat Grandma..." != "Let's eat,
Grandma..." More or less.
Change-Id: Icd87813308701d203cf6f147b2bb90d39d51ddeb
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
When the same worker thread processes packet for encrypt and decrypt,
ie. single worker with bi-directional traffic, given that the queue is
shared results in packets to be decrypted being dropped as the encrypt
always happens first for each main loop.
With this change, each crypto device queue is logically split into two
queues, each half the real size, avoiding the described problem.
Change-Id: Ifd3f15e316c92fbd6ca05802456b10a7f73f85da
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
The vlib init function subsystem now supports a mix of procedural and
formally-specified ordering constraints. We should eliminate procedural
knowledge wherever possible.
The following schemes are *roughly* equivalent:
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
clib_error_t *error;
... do some stuff...
if ((error = vlib_call_init_function (init_runs_next)))
return error;
...
}
VLIB_INIT_FUNCTION (init_runs_first);
and
static clib_error_t *init_runs_first (vlib_main_t *vm)
{
... do some stuff...
}
VLIB_INIT_FUNCTION (init_runs_first) =
{
.runs_before = VLIB_INITS("init_runs_next"),
};
The first form will [most likely] call "init_runs_next" on the
spot. The second form means that "init_runs_first" runs before
"init_runs_next," possibly much earlier in the sequence.
Please DO NOT construct sets of init functions where A before B
actually means A *right before* B. It's not necessary - simply combine
A and B - and it leads to hugely annoying debugging exercises when
trying to switch from ad-hoc procedural ordering constraints to formal
ordering constraints.
Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I4f1b83ae1c746b8f67f2d12a02081702b9553b44
Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
|
|
Change-Id: I01cf5074b5a8b0018de5c3f59c9266d350c22f37
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The unused function nat44_ha_resync() was the only function that
used the error message VNET_API_ERROR_IN_PROGRESS. The error
was the only error code that was positive, and didn't really
play well with the other error codes.
Change-Id: I7d03c2ee915094b635f6efdca7427f71e4d19f2b
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
* Add support for multiple threads
* Replace quicly buffers with fifos
* Fix cleanup of sessions
* Update quicly release version
Change-Id: I551f936bbec05a15703f043ee85c8e1ba0ab9723
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- track fifo segment free and chunk freelist memory
- improve fifo alloc. If there are enough chunks to satisfy a fifo
allocation request but not enough free memory, allocate a multi-chunk
fifo
- add apis to preallocate chunks and fifo headers
- more tests
Change-Id: If18dba7ab856272c9f565d36ac36365139793e0b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Id406eb8c69a89c57305d8f138e8e6730037aa799
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Recent changes removed the function that was incrementing the
tx counters. Increment them in the esp_encrypt functions.
Change-Id: I446333a23ccf66e34893adb2aa49af562cf35507
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ida681d299fd57eba66338444b99d2476bdb3c695
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: Icdf531b3c688c4da6be732ff178316e3757aebb5
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
The unit and code coverage tests are boring. The rest of the patch
involves test and packet-generator infra cleanups.
Teach the "make test-xxx" family of targets to set the api test plugin
path correctly, to make "binary-api <api-message-name> <args>" debug
CLI commands work correctly in the "make test"
environment. Unfortunately involves both the top-level and test
Makefiles.
Add a minor pg cli feature, a CLI to manually set
s->sw_if_index[VLIB_TX].
Consider the case where one configures an interface with both a
device-input and an output feature. To test the output feature using
the pg, it's necessary to inject packets into the interface output
node with both b->sw_if_index[VLIB_TX] and b->sw_if_index[VLIB_RX] set
correctly. For example:
packet-generator new {
name tx
limit 15
size 128-128
interface local0 # rx: device input feature not configured on local0
tx-interface loop0 # tx: output node requires b->sw_if_index[VLIB_TX]
node loop0-output
data {
hex 0x01005e7ffffa000dead0000008000102030405060708090a0b0c0d0e0f0102030405
}
}
Fix a longstanding bug in the packet generator stream setup. Remove
kludges which set b->sw_if_index[VLIB_TX] to ~0 [in multiple places]
instead of using the stream value s->sw_if_index[VLIB_TX], and setting
THAT datum correctly.
Change-Id: I1097a18e8db73661ded6b822c1d718f7e5cf36ed
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
The function dpdk_ol_flags_extract should return u16
instead of u8.
Change-Id: Id0b08b04c93598818f9a2eee5a88733900320dfa
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: Ib8cb19361c42e38e3f68d7147358378fff161eb1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Default chunk is no longer embedded into the fifo and on free is
returned to its respective chunk list.
Change-Id: Ifc5d214eaa6eca44356eb79dd75650fb8569113f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Example / unit-test in .../src/plugins/unittest/bihash_test.c
Change-Id: I23fd0ba742d65291667a755965aee1a3d3477ca2
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
"make test" fails with invalid instruction on non-AESNI platform,
so do not register the ipsec-mb crypto backend in this case.
Change-Id: I61887e40ce3d39880e7da534b9dee00fd677d8fd
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I2313932bdc41a4702585aa338f22df3f6e4e23d7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: I9dc746b8c62c3e7ee2f65e34a1a1dca243ed4bd9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: Idc050e469a5b697ca5587ddd4e87ac2d48d15658
Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn>
|
|
Change-Id: Iac0c8218abc8d144d93a955e948a48a732b63107
Signed-off-by: lijianpeng <li.jianpeng@zte.com.cn>
|
|
Change-Id: Ie519683bb90aae6fb95f2a09e251cded1890ed41
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
As opposed to growing, this is not a bulk operation, instead dependent
on how the producer/consumer advance head and tail, the fifo will shrink
in one or multiple steps.
Only once the fifo's nitems and size are reduced to their appropriate
values, equal or larger to what was requested, can the fifo chunks be
collected by the owner. Chunk collection must be done with the segment
heap pushed.
Change-Id: Iae407ccf48d85320aa3c1e0304df56c5972c88c1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
If head/tail are stored as "absolute" values that are normalized to [0,
fifo_size] interval, when fifo is shrunk/grown the consumer and producer
have to independently update to the new fifo size and fix head and tail,
respectively.
If the head and tail are stored as normalized values, under the right
conditions, they don't need to be fixed when fifo size changes.
This reverts one of the changes in gerrit 18223.
Change-Id: I55a908828afe90925cf7c20186a940b25e5805f9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Make plugin descriptions more consistent
so the output of "show plugin" can be
used in the wiki.
Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Iaa5cd89791b0dfdb56a75009c564581d10696d83
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ie76c69641c8598164d0d00fd498018037258fd86
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
These were introduced with the switch to unbound tail/head size, so they
only affect master. Added unit tests to avoid future surprises.
Change-Id: I83b6c9efbe31d8092ba59b8e2ed46f4da97f35db
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code
- fixes GCM unit tests
- GCM IV is constructed out of simple counter, per RFC4106 section 3.1
Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In endpoint dependent mode, when a session at the head of a user
LRU is reused, if the IP protocol for that session was unknown (any
other than tcp, udp, or icmp), the attempt to delete the session
mapping from the in2out bihash was not using the same key that was
used when the mapping was added. This would cause the deletion of
the mapping to fail. If packets arrive later which match the original
session, the search for the session key would succeed when it should
have failed and the session, which is now associated with a different
pair of endpoints, may end up being updated when it should not be.
Update the key generation when reallocating an existing session to
do the right thing if the session is for an unknown protocol.
Also update format_nat_session() for unknown protocols so that
'vppctl show nat44 session detail' will display the protocol
correctly. In endpoint dependent mode, the IP protocol is stored in
the port field on a session if the protocol is unknown. The value
is stored in host byte order, but the format function was swapping
the bytes before writing the protocol.
Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When you create two identical NAT44 static mappings using interface
name as external address and only local or ext port is different,
VALUE_EXIST will be raised but when-resolved static mapping will
remain.
vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443
vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443
nat44 add static mapping: Mapping already exist.
vpp# show nat44 static mappings
NAT44 static mappings:
tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0
tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1
tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1
With this commit, when-resolved static mapping is not created if the
translation only differs in local or ext port.
Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
"break;" will never be run after "return;"
Change-Id: I4fdfd10406fdf61897078746d28fa1ee32fb0081
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
... at least for use cases we are interested in
Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Both firefox and chrome seem happy to browse a hugo-generated site
Change-Id: Id216ad9c781643df42ac4fbce598eb2afa600f4d
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Idc3763c38f5aa638d4f290f4d4730577601d78b8
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This reverts commit 7f2d57b69ea031cc6110b3a1f4c1ef1c35b67181.
Change-Id: I23c3b4d2dab6e13cc8fbbf0ac9d0cfd8af3241c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4
Signed-off-by: John Lo <loj@cisco.com>
|
|
This allows QUIC & TLS specific logic to be implemented, and meaningfull
IP/port to be returned when connection is overridden.
Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Change-Id: Ia092a93a7ac0cbf9338f9d4a5db8b94b23549a13
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I65e7188c6893acca67455ff37f2dfbd0bedd5c09
Signed-off-by: Damjan Marion <damarion@cisco.com>
|