| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code
- fixes GCM unit tests
- GCM IV is constructed out of simple counter, per RFC4106 section 3.1
Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
In endpoint dependent mode, when a session at the head of a user
LRU is reused, if the IP protocol for that session was unknown (any
other than tcp, udp, or icmp), the attempt to delete the session
mapping from the in2out bihash was not using the same key that was
used when the mapping was added. This would cause the deletion of
the mapping to fail. If packets arrive later which match the original
session, the search for the session key would succeed when it should
have failed and the session, which is now associated with a different
pair of endpoints, may end up being updated when it should not be.
Update the key generation when reallocating an existing session to
do the right thing if the session is for an unknown protocol.
Also update format_nat_session() for unknown protocols so that
'vppctl show nat44 session detail' will display the protocol
correctly. In endpoint dependent mode, the IP protocol is stored in
the port field on a session if the protocol is unknown. The value
is stored in host byte order, but the format function was swapping
the bytes before writing the protocol.
Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When you create two identical NAT44 static mappings using interface
name as external address and only local or ext port is different,
VALUE_EXIST will be raised but when-resolved static mapping will
remain.
vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443
vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443
nat44 add static mapping: Mapping already exist.
vpp# show nat44 static mappings
NAT44 static mappings:
tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0
tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1
tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1
With this commit, when-resolved static mapping is not created if the
translation only differs in local or ext port.
Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
"break;" will never be run after "return;"
Change-Id: I4fdfd10406fdf61897078746d28fa1ee32fb0081
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
... at least for use cases we are interested in
Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Both firefox and chrome seem happy to browse a hugo-generated site
Change-Id: Id216ad9c781643df42ac4fbce598eb2afa600f4d
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Idc3763c38f5aa638d4f290f4d4730577601d78b8
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This reverts commit 7f2d57b69ea031cc6110b3a1f4c1ef1c35b67181.
Change-Id: I23c3b4d2dab6e13cc8fbbf0ac9d0cfd8af3241c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4
Signed-off-by: John Lo <loj@cisco.com>
|
|
This allows QUIC & TLS specific logic to be implemented, and meaningfull
IP/port to be returned when connection is overridden.
Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Change-Id: Ia092a93a7ac0cbf9338f9d4a5db8b94b23549a13
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I65e7188c6893acca67455ff37f2dfbd0bedd5c09
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If23a04623a7138c9f6c98ee9ecfa587396618a60
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ic4e882b784e5773198e55bd97b1bbd3d6dda888a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I638facf6e2128334c3d1a5a8494f378505831e1b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Change-Id: Icf0cff122dfbd260a2865b6c83531f4a8c726132
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Handle the case where buffer overflows.
Then SOCK_SEQPACKET assumption that multiple API messages
are not returned by recv() is broken. Use SOCK_STREAM for
API exchanges instead.
Add support for running tests over sockets.
make test SOCKET=1
Change-Id: Ibe5fd69b1bf617de4c7ba6cce0a7c2b3f97a2821
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Ifeaf93c98e4af92da9409fa5a2114b577e8c0937
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This reverts commit bed1421b9f1b3643d93384084972337b596aec73.
/vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’:
/vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div]
#define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0]))
^
/vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’
rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1);
^~~~~~~~~
Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
The memory areas storing vlib_buffer_t and ip4|6_and_esp_header_t
are not prefetched. The patch help dpdk_esp_encrypt to reduce 18
clocks/pkt from 149 to 131 on Haswell when running IPsec in tunnel
mode.
Change-Id: I4f4e9e2b3982a4b7810cab8ed828a5e4631f8f8c
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I6934beaf5c08bae2d4f0bd3a6bb811810407c1f9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Add subpages definitions in appropriate
section (User or Dev docs) for doc files
(*.rst, *.md) that being listed at the top
level of the generated doc page.
- Generate and add API list to RELEASE doc.
- Fix list_api_changes script to use HEAD
as the endtag so it doesn't need to be
changed every release.
Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
|
|
Change-Id: Iac9ac9f5a6873aae1882316af4f6c919788a0cef
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Avoid creating per PPPoE session interface output/tx nodes
which are not used.
Change-Id: I065aa4f9bda6d2557c630bd45e888c999f2f9130
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: Ia56cad89b85b7a99ab4bfb85318a45a71381fb53
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Some GBP debug cli short help and commands were not in sync anymore with
GBP API.
Change-Id: I224bec51fbacd8a3685b70d4e7a52b5803fd3ad4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Fifos can use multiple memory chunks for simple read/write operations.
Adding/removing chunks after assignment not yet supported.
Change-Id: I2aceab6aea78059d74e0d3a9993c40d5196d077b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Remove duplicate error check
Change-Id: I64463c7f606e198fe8553efea294f0e09bd8dbc3
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I65b1af5fa0cec4f9789f91f720d1396d06fa0206
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: I670d7899bcc63a419daf481167dc445a6386cce8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
As DVN has fewer DTLB entries supported for 2M page, default numbers of
RX/TX descriptors are changed to 512 if nums of RX/TX descriptors are not
specified by VPP users.
Change-Id: I076493b802b15d12750a5b49d1554da4d19ad460
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I51f61a399e3eace93011f9431cbd7968e9be627c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Good enough to serve the vpp sphinx and doxygen docs. Knows about
html, css, and javascript files.
Change-Id: Ib18c19f07f35f91ba935ea26ed7be406dacf2205
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Problems Addressed:
- Contention of cursize by producer and consumer.
- Reduce the no of modulo operations.
Changes:
- Synchronization between producer and consumer changed from cursize
to head and tail indexes
Implications: reduces the usable size of fifo by 1.
- Using weaker memory ordering C++11 atomics to access head and tail
based on producer and consumer role.
- Head and tail indexes are unsigned 32 bit integers. Additions and
subtraction on them are implicit 32 bit Modulo operation.
- Adding weaker memory ordering variants of max_enq, max_deq, is_empty
and is_full Using them appropriately in all places.
Perfomance improvement (iperf3 via Hoststack):
iperf3 Server: Marvell ThunderX2(AArch64) - iperf3 Client: Skylake(x86)
~6%(256 rxd/txd) - ~11%(2048 rxd/txd)
Change-Id: I1d484e000e437430fdd5a819657d1c6b62443018
Signed-off-by: Sirshak Das <sirshak.das@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
|
|
To connect a stream, apps should call connect while passing the id of the QUIC
connection in the new transport_opts field in session_endpoint_cfg_t.
Apps are notified of new streams with their accept callback, which is called
each time a peer opens a stream.
Change-Id: I0f82ec344db58008d54641553eddec2973768435
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I48cd8052f9509efdf13f64ab279edb66a2d4a0a9
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Change-Id: I832e780b00955e01871874544f3d0afc553b75f7
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Algorithm from CLRS, Introduction to Algorithms 3rd Edition, Ch. 13
Change-Id: I5bc2c507593770939cd5584f21dacf36ebd2b4c1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
Damjan Marion
Matthew Smith
Alexander Chernavin
Florin Coras
Zhiyong Yang
Dave Barach
Simon Zhang
Neale Ranns
John Lo
Aloys Augustin
Filip Varga
Paul Vinciguerra
Ole Troan
Ole Trøan
Dave Wallace
Benoît Ganne
Mohsin Kazmi
Sirshak Das