summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-04-07nat: don't drop packet for expired sessionKlement Sekera3-6/+4
If session is expired, the packet which we just received might be a one, which legitimely creates a new session, process it in slow path instead to decide the outcome. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
2020-04-07ikev2: make liveness params configurableFilip Tehlar7-4/+130
Introduce new cli for setting liveness check period and max retries for a peer to consider its partner dead. ikev2 set liveness <period-in-seconds> <max-retires> Type: improvement Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-07sr: Support uSID function.Tetsuya Murakami5-561/+3
1. Add uSID function in VNET SRv6 2. Add test case for uSID Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I354fc687192ed713ceb81fccc9f7b69b6777f6f6 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-04-06vcl session: enforce full dgram reads/writesFlorin Coras1-8/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4a3861e31ca42faf0b59f8f09393fb10413bf3af
2020-04-06session udp: shared local endpointsFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7102355b95eefb233ec7d146e61819051a7bf07
2020-04-06misc: fix python sonarcloud BLOCKER level issuesPaul Vinciguerra2-4/+7
Fix of the top 11 python issues flagged as BLOCKER. Ticket: VPP-1856 Type: fix Change-Id: Icf4691e62f4a69d6ee196b6d6e2ab52d961b5c76 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-06ikev2: fix wrong index computationFilip Tehlar1-1/+1
Type: fix Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-04misc: strcpy be goneDave Barach4-6/+8
Causes static analysis "vulnerability" warnings Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I272fa69251d70f62178e6dff0423c16f99937af1
2020-04-04session tls: support tls deschedulingFlorin Coras4-27/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
2020-04-04session tls: improve app transports tx schedulingFlorin Coras3-17/+17
Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
2020-04-04misc: sprintf be goneDave Barach6-28/+39
Along with related static analysis warnings... Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2c6949c7a2250b8f76a63508c7c210daecfe0f91
2020-04-03session: improve error reportingFlorin Coras10-37/+39
Type: improvement Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-04-03session udp: fix transport flags and migrationFlorin Coras2-5/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I840d43e79b1f826380bd56485441510e45bdfc7f
2020-04-03session: remove obsolete apisFlorin Coras1-1/+0
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia14800710aca7c1bc315b6da3c69d623f79a5b63
2020-04-03ip: remove vl_api_address_family_t byte order swapJakub Grajciar1-4/+4
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I8074db3623ee4b37ac70ce8ea0d1912b97e5c059
2020-04-02dpdk: VM VHOST tests with rxq>1 failingSteven Luong1-0/+1
DPDK recently added a check in the virtio driver to make sure that rxmode->mq_mode == ETH_MQ_RX_NONE. We were passing ETH_MQ_RX_RSS and the device initialization was not accepted. The reason for the change in DPDK was that there is no controls (algorithm, redirection table, hash function). So they thought ETH_MQ_RX_NONE was the best choice for the value of mq_mode. Type: fix Ticket: VPP-1853 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ifa0fc4206cedc56a851f94f6434a2a7500bbd419
2020-04-02tcp: move features to separate filesFlorin Coras1-0/+1
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia477b8dba9266f47907967e363c11048e5cd95ab
2020-04-01session udp: support connect on listenersFlorin Coras1-1/+1
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6aaaec20a2b6d4c6ddfbe659d9402acc1be2f7e2
2020-03-31nat: fix unknown proto translation out2in_edAlexander Chernavin1-2/+2
An unknown proto packet can be processed as UDP with destination port rewriting which breaks the original packet. With this commit, stop processing unknown proto packets after nat44_ed_out2in_unknown_proto() execution. Type: fix Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-31ikev2: fix crash during peer live checkFilip Tehlar1-1/+8
Fix crash when peer tries to build INFO req before key exchange which results using NULL key pointers for crypto operations. Type: fix Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-31rdma: print device info from PCI VPD in 'show hardware' outputDamjan Marion1-0/+14
Type: improvement Change-Id: I275bbca17c5a0263b3e017b48aa6ccd8f59bc7c3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-30session udp: flag for connected udpFlorin Coras1-2/+4
Type: improvement This can be used as alternative to udpc Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic3f7efe6728b25d4a8a0b61ddb36de66b4672c4f
2020-03-27quic: Check quicly version tag at compile timeMathiasRaoul2-27/+33
- updates the quicly version to 0.1.0-vpp - adds workaround for quicly_send()/assert_consistency() failure Type: feature Change-Id: I4c7e0ffc720ad9a685b89046a83646d59febd6cd Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-03-27acl: API cleanupJakub Grajciar14-985/+1124
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I09fa6c1b6917936351bd376b56c414ce24488095 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-27dpdk: enable DPDK iAVF PMDChenmin Sun3-0/+23
This patch adds support for the DPDK iAVF PMD Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I7bb0f621774e4c55b9b7309462e6591ce1b88fb6
2020-03-26acl: revert acl: api cleanupOle Trøan14-1122/+900
This reverts commit aad1ee149403994194cf37cef4530b042ba7df3a. Reason for revert: Verify failure. Doesn't build. Type: fix Change-Id: I91b1b26ac43edde4853e4561a0083d0b3a06efee Signed-off-by: Ole Troan <ot@cisco.com>
2020-03-26acl: API cleanupJakub Grajciar14-900/+1122
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: If90d753f129312400c4c3669bb86289d0c3e0d99 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-26nat: transitory timeout for TCP CLOSED stateKlement Sekera9-118/+329
Wait transitory timeout seconds before moving internal state of TCP session to CLOSED state per RFC 7857. This patch implements this functionality for endpoint-dependent NAT. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar3-12/+56
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: dead peer detectionFilip Tehlar2-4/+95
Type: feature Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25ikev2: fix gcm in ike protocolFilip Tehlar1-1/+1
Type: fix Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras5-18/+14
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-03-25sr: Change the CLI keyword from address to prefix.Tetsuya Murakami1-2/+2
Change the CLI keyword from address to prefix in sr localsid command. Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Icc3072404a106ab40e829d2d291e5c179a4443a8 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-03-25avf: fix rx queue refill on buffer alloc failureDamjan Marion1-6/+6
If buffer alloc fails, it may happend that rx queue will be stuck as old code only refills if at least one packet is received. Type: fix Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-25nat: fix error countersKlement Sekera4-1/+21
Type: fix Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov2-2/+29
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24quic: disable vnet_crypto and batching if no crypto engines are loadedMathiasRaoul3-11/+33
Type: fix Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin1-1/+80
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-24avf: proper promisc handlingDamjan Marion2-7/+27
Type: fix Change-Id: Id20a0fe77372602fd211156ccee01c18d829d8df Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-23ikev2: fix typo in .api descriptionVratko Polak1-2/+1
Type: style Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-03-23srv6-mobile: Fix the coverity issuesTetsuya Murakami1-33/+39
Fix for the coverity issues. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I6bf8a874a9a94b9b7d62da047a401eda8a448567 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-23sr: srv6 API cleanupJakub Grajciar2-82/+47
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-21srv6-mobile: Fix the localsid length issue on vnet/srv6Tetsuya Murakami3-2/+4
Fix the following issue. 1. The localsid length was not stored in sr localsid structure. 2. SRv6 mobile test cases were modified based on the new sr localsid CLI syntax. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ieb7620c35439e90a599802a7e0dba61a39707349
2020-03-21srv6-mobile: Support GTP4/6.DT and User Plane message mappingTetsuya Murakami9-206/+2112
Support the following new features in srv6-mobile. 1. GTP4.DT 2. GTP6.DT 3. User Plane Message encoding based on draft-murakami-dmm-user-plane-message-encoding-01 4. Add SRv6 mobile test cases Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I890e5171bf03513d54b4830f01b9dc7f47fe7c48 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-21gtpu: encap-vrf-id in show gtpu tunnels commandNick Zavaritsky1-2/+9
Show encap-vrf-id instead of fib-idx. When a tunnel is created, you specify encap-vrf-id, hence it makes sense for the show command to present it the same way. Fib index, on the other hand, is the internal artifact of how IP tables are managed; showing it isn't helpful. Type: improvement Change-Id: I8d1713d6727dd8685d6c10c07f421c18edafa6e0 Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
2020-03-21ikev2: fix l2 interfaceFilip Tehlar1-2/+4
Type: fix Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21ikev2: add support for custom ipsec-over-udp portFilip Tehlar7-4/+165
Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-20rdma: ring db only once per vector on txBenoît Ganne1-28/+44
Type: improvement Change-Id: I09b017d60bc38ff8a4a7a73aff42b27611bd8955 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-03-19ip: change ip API enums address_family and ip_proto size to u8Jakub Grajciar1-2/+8
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I73d27520726543d6375caad76a841339f68c3533 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>