Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo
Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: Ic720d56a6f8901efde2a58519bc9aa553205a9a6
Signed-off-by: Gary Boon <gboon@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Multiple API message handlers call vnet_get_sup_hw_interface(...)
without checking the inbound sw_if_index. This can cause a
pool_elt_at_index ASSERT in a debug image, and major disorder in a
production image.
Given that a number of places are coded as follows, add an
"api_visible_or_null" variant of vnet_get_sup_hw_interface, which
returns NULL given an invalid sw_if_index, or a hidden sw interface:
- hw = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index);
if (hw == NULL || memif_device_class.index != hw->dev_class_index)
return clib_error_return (0, "not a memif interface");
Rename two existing xxx_safe functions -> xxx_or_null to make it
obvious what they return.
Type: fix
Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This code should handle the 3 following cases:
- Active close
quic_proto_on_close sets state to ACTIVE_CLOSING
send packets eventually returns an error, calling
quic_connection_closed which deletes the connection
- Passive close
quic_on_closed_by_peer -> set state to PASSIVE_CLOSING
"race" between app confirmation (calling quic_proto_on_close) and
quicly signalling that it's done (triggers call to
quic_connection_closed).
If quic_connection_closed is called first, it sets the state to
PASSIVE CLOSING QUIC CLOSED, then when quic_proto_on_close is called
it frees the connection.
If quic_proto_on_close is called first, it sets the state to PASSIVE
CLOSING APP CLOSED, then when quic_connection_closed is called it frees
the connection
- Error close (reset)
quic_connection_closed is called in state READY. This means a timeout
or protocol error happened. This calls session_transport_reset_notify,
the app should confirm the deletion and quic_proto_on_close will be
called to delete the connection.
Change-Id: I3acbf9b079ed2439bdbb447197c428c78915d8c0
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
Encoding the vpp node index into the vlib_error_t as a 10-bit quantity
limits us to 1K graph nodes. Unfortunately, a few nodes need 6 bit
per-node error codes. Only a very few nodes have so many counters.
It turns out that there are about 2K total error counters in the system,
which is (approximately) the maximum error heap index.
The current (index,code) encoding limits the number of interfaces to
around 250, since each interface has two associated graph nodes and we
have about 500 "normal, interior" graph node
This patch adds an error-index to node-index map, so we can store
error heap indices directly in the vlib_buffer_t.
Type: refactor
Change-Id: I28101cad3d8750819e27b8785fc0cf71ff54f79a
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: fix
Change-Id: Ie5befde2f23caffb033b3b9f35ac1535c1224925
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
1. "numa-only" is optional and is disabled by default for lacp mode.
2. update lacp doc.
Type: fix
Change-Id: I6a3a8423ef31ad9980353a796957693cd6205d73
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Update quicly to latest version that includes our upstreamed patch.
Change-Id: I0b26c72e49bce81daf4fb069b5818defd6cf25b9
Type: feature
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: fix
Change-Id: I1e1c39452edd94712455d102a6faad58bc7f66ff
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Instead of all clients directly RR sourcing the entry they are tracking,
use a deidcated 'tracker' object. This tracker object is a entry
delegate and a child of the entry. The clients are then children of the
tracker.
The benefit of this aproach is that each time a new client tracks the
entry it doesn't RR source it. When an entry is sourced all its children
are updated. Thus, new clients tracking an entry is O(n^2). With the
tracker as indirection, the entry is sourced only once.
Type: feature
Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
This is mostly used for quic in the case of a stream
creation (i.e. connect on an already established QUIC
session). We want do default parent_handle to INVALID
to be able to distinguish it from parent_handle = 0
Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
* Adds the concept of a "connectable listener" : a session that
can be both connected and accepted on.
* vppcom_session_is_connectable_listener (fd) that tells if the fd
is a connectable listener
* vppcom_session_listener (fd) that gives you the listener's fd
that accepted the session (if any)
* vppcom_session_n_accepted (fd) that gives the number
of sessions a listener accepted.
Change-Id: Id89d67d8339fb15a7cf7e00a9c5448175eca04fc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I885d9d2af1674f705339e3e96f87ff766965c9e5
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The fast path almost always has to deal with the real
pointers. Deriving the frame pointer from a frame_index requires a
load of the 32bit frame_index from memory, another 64bit load of the
heap base pointer and some calculations.
Lets store the full pointer instead and do a single 64bit load only.
This helps avoiding problems when the heap is grown and frames are
allocated below vm->heap_aligned_base.
Type: refactor
Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: refactor
Change-Id: I01329385684f4a4f477cb046079b554ae3024ded
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
This is needed for VCL patch in the case the Qsession
handle we connect to is 0. A better way to do this
would be to add a u16 header to the transport_opts,
as session_handles are :
<u16 unused><u16 thread_id><u32 session_index>
But this requires modifying all clients.
Change-Id: If171bcf982eba3bd705b586c9fd4a6c2ad0e114b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Fixes: 1d6d9f021c5a169dedca55b46451ab54728e3ee8
Change-Id: I3912c8bb78d678170bdd86821d2ead3ae0396841
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I740f15a5ef959d31e94e59d652aa9f691db1f289
Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
|
|
Type: feature
Change-Id: I21511c1abea703da67f1a491e73342496275c498
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: If99c1d8a7ec97a726430a927eab0d3b57222af1f
Signed-off-by: John Lo <loj@cisco.com>
|
|
Proprely display quic connections in show session verbose, and add a
small fix for UDPC listeners and UDP sessions formatting.
Change-Id: I33f83e77bf357347623d87ad23c483aba60a9bb2
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
This reduces the memory required by tls and quic, allowing to run them
(and their tests) in more constrained environments by default.
Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: fix
|
|
Add a thread_index argument to half-open and listener session formatters
because QUIC can have listeners and half-open sessions in any thread.
Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
Type: fix
Fixes: d48e9763bfc39106eca954a28223b72261bf1aeb
Change-Id: I9af222f4083a82592058fd42950db1c97caf647e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: Id818f86164acabcb732e9a65d0e284d68e747a7b
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
- this remove the need to iterate through all state when deleting an SA
- and ensures that if the SA is deleted by the client is remains for use
in any state until that state is also removed.
Type: feature
Change-Id: I438cb67588cb65c701e49a7a9518f88641925419
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
tag should be added at the end of the reply message instead of
overwriting the original data.
Type: fix
Fixed: dd1e3e780c
Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I9d3a73a6a6048fa0189f7fa6306a638279977fcd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I6f94f7ef5ffbd938457c9356a5a11f3d1afeb0a2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Ibaa272b57f36b092897a99a65ca28f9d4caf29a7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type:feature
- sample rtt estimation
- report acked+sacked
- report last lost bytes
- use snd_una == snd_nxt to detect 0 bytes in flight
Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I7a99b72276878625017c73dff8402f3e7fa7c33f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Some users tend to call registration routine long before they need
that service - which triggers an immediate initialization of
the ACL heap, which is rather big. This commit defers this process
by keeping the registrations in the global heap.
Change-Id: I5825871bd836851942b55184b6ee2657c7a9cc33
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: feature
Change-Id: Ibb60d5b46aafe109a81a8604712a917f6e246eaf
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the
loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong.
This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required.
The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface.
The hash table maps from sw_if_index to pool index.
Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
If the corresponding vpp plugin is absent, return a non-zero
clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The
vat plugin calls dlclose on the vat plugin, and it disappears.
Depending on the plugin configuration, this can reduce the vpp virtual
size by several gigabytes.
Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up
boilerplate vat_plugin_register() implementations. Fixed a number of
non-standard vat_plugin_register methods.
Type: refactor
Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: refactor
Change-Id: Ie54a77252e9f58a90f9e1f9595b9ede354952f70
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=',
https://gerrit.fd.io/r/#/c/20406/ set papi to match.
- all f64 api references are now wrapped with
clib_net_to_host_f64 or clib_host_to_net_f64.
IEEE f64 endianess is not defined. If clib_net_to_host_f64 and
clib_host_to_net_f64 are later defined in VPP as big-endian, it is
a single character change in the papi vpp_serializer.
Note: This breaks the api in a manner that would not be detected by
the flag day initiative. The scope is small. This only impacts map.api,
which applied the u64 transformation, while the gbp api uses '='.
The implementation of "=" raises issues for the papi socket implementation
if used between systems of differing endianess. See Vratko's comments.
- Added get_f64_endian_value() to api to allow client to verify endianess of f64's.
Type: fix
Depends-on: https://gerrit.fd.io/r/#/c/20484/
Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: test
Change-Id: I0a58cc19bdfb73eabadbf6eb49b57e8db96959b5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Refactor both policy and policy-dpo nodes so they share the same code
for contract & acl lookup and for tracing.
This should help to implement new policy schemes.
Type: refactor
Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Removed sctp buffer metadata from vnet/buffer.h, added it to the
plugin. Add registration APIs for plugin-based vlib_buffer_opaque /
opaque2 decoders, used by "pcap dispatch trace ..." for display in the
wireshark dissector.
Type:refactor
Not actively maintained.
Change-Id: Ie4cb6ba66f68b3b3a7d7d2c63c917fdccf994371
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: fix
Fixes: cfc7a107e6cb8be6e7c53a08e23a146c431c8e90
Change-Id: I341cbc94271ab89c3c643756a9c04b790cef8591
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change gbp-ext-itf API to create anonymous ext-itf through the same API
as non-anonymous instead of a new API
Type: refactor
Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
- Fix typo
- Use same prefix on all error messages
- Fix time arg parsing
Type: fix
Change-Id: I27334ada47d8512d2b43ce770a55f87081af2a1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Ticket: VPP-1649
Change-Id: I93a393eca80065c379035478500e75e855f39b12
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add SESSION_IO_EVT_RX handling in session_send_evt_to_thread to allow
internal apps to send rx events ("tx notifications") to quic.
Add a call to quic_send_packets in quic_custom_app_rx_callback to
ensure QUIC ACKs are sent if there is no other activity on the
connection.
Type: fix
Change-Id: I885e01e6475e5b0274f274e9dd34d4a771719e69
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: feature
Change-Id: Ice8fc0da6450d2aa8ba63ca1277393ac3605aa2c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I04be003bd86f828ec387dd0309bebcbf0a041e3a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
- make sure that chunks and the rbtree are initialized if fifo segment
allocates multiple chunks for the fifo.
- ensure head/tail chunks are updated on all enqueue/dequeue events,
including when dropping data.
- more unit tests
Also fixes dequeue drop updates of head chunk.
Change-Id: I77f3550bc4e8b4e077f80ea87fe82b83ed013aeb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
An anonymous l3-out subnet is a locally attached l3-out subnet, and
differs from regular l3-out subnets in the way adjacencies are managed.
It is required for the anonymous l3-out external interfaces to correctly
classify locally attached l3-out hosts.
Type: feature
Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|