Age | Commit message (Collapse) | Author | Files | Lines |
|
Using random addresses can confuse AddressSanitizer
Type: fix
Change-Id: I44368093f899672ac4d511cc5a01ed87c988e63a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I24aac10a2943151d5b2fe96a0dff1c5beb7340b9
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Ticket: VPP-1836
Type: feature
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I8f7fc011bac435445a8916a4948d130ca9162f67
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2874d3afbf4cc89209b605c35ca4a5bc5b6868b3
|
|
Type: fix
Change-Id: I7299b3b0a6d32c1cbe213dc1aadb8260cdec8062
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I7e7d95a089dd849c1f01ecea84529d8dbf239f21
|
|
Type: refactor
Change-Id: If3d9f16f3a06c10b354f1eef674e8db5f3c44de7
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: feature
Representor devices include a port ID as part of their switch_info struct, and
it is helpful to use that in the interface name.
Signed-off-by: Haggai Eran <haggai.eran@gmail.com>
Change-Id: Id24627e7daf857f8b0e8ace2f592c098678081c7
|
|
Type: feature
Output DPDK switch information to allow finding out which DPDK ports are
associated with which DPDK representor ports.
Signed-off-by: Haggai Eran <haggai.eran@gmail.com>
Change-Id: I612cbd5a97e04787eca13423f53c7283d5945e37
|
|
Type: fix
Change-Id: I75b20db66fb58e1724a212253c51315836079f4b
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
The first translated ICMPv6 packet of a fragmented ICMP message does
not have a IPv6 fragment header. All subsequent have.
With this commit, add a IPv6 fragment header to the first translated
ICMPv6 packet.
Type: fix
Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: refactor
Make sure one tls ctx has one event availble
Thus ctx has the same life time with event, which can simplify the
management.
Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
- Implement our own quic packet allocator to allocate more memory at the end of the
packet to store crypto offloading related data
- 1RTT packets offloading encryption/decryption using vnet crypto
- Add cli to change max packet per key
Type: feature
Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: feature
Change-Id: I32256061b9509880eec843db2f918879cdafbe47
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: feature
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
Change-Id: I5452f8bbd0ff9e2a57f7bd7d134a8824efa5f30a
|
|
- use neutral types in preparation for ARMv8 support
- simplify x86 key extraction support
Type: refactor
Change-Id: I947eb37b8c9d9ee6909bb32ef14c4de192d40a46
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Not in functional state for a long time ...
Type: refactor
Change-Id: I2cc1525a6d49518cbc94faf6afbf0d2d0d515f56
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Both are out of sync for long time...
Type: refactor
Change-Id: I7de3170d35330fc172501d87655dfef91998b8fe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add several more MAP-T BR tests for normal packet flow.
Type: test
Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Type: feature
Change-Id: I7f8e3763d7f8364563a25d0fcc782976b906b325
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
With this commit, ICMP Time Exceeded is sent to sender when TTL
expires at MAP BR.
Type: fix
Change-Id: I8effe163beab32596883127b819308cc355512c3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: refactor
Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Change-Id: I5522e88ee178d0563c246895393e835d125f1b81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When there are no dhcp client interfaces configured, it's not
useful to make periodic / timeout log entries.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
|
|
Avoid rcv wnd probing after zero window advertisments by registering for
tx dequeue notifications and forcing acks that open the rcv wnd.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
|
|
Type: refactor
Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When MTU is not set, ignore_df and mtu check
always returns true and packets are dropped.
This patch puts MTU checks after it was
compared with 0 and set to maximum if not set.
Added trace node.
If MTU is less than the total length value of
the IPv4 packet plus 20, the translator MUST
send an ICMPv4 "Fragmentation Needed" error message
to the IPv4 source address
Type: fix
Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
|
|
Type: feature
Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Steps to reproduce VPP crash:
1. configure localsid End behavior
2. ping the localsid address
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
|
|
Type: feature
plus fixes for gre
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
|
|
Type: refactor
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
|
|
The 'tag' parameter is expected to be a NULL-terminated C-string in
callees:
- make sure it is null-terminated in both API and CLI cases
- do not allocate & copy the string into a non-NULL-terminated vector
in API case
- fix leak in CLI case
Type: fix
Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html
Type: docs
Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
The current feature ordering of NAT44 nodes with respect to the
ACL plugin's IPv4 input/output features is:
ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes
ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes
ACL rules with action permit+reflect can keep track of outbound
flows and allow the replies inbound without an explicit inbound rule.
If ACL permit+reflect rules are configured on an interface that also
has NAT44 configured with output-feature/postrouting translation of
outbound packets, the ACL rules cannot allow inbound packets. The
ACL state that was stored on the outbound flow contains the IP
addresses of the original packet, prior to translation. The inbound
packets are being evaluated by the ACL node using the translated
addresses.
The order of processing inbound needs to be the opposite of what it
was outbound for this to work. Change the NAT44 features on
ip4-output so that they run before outbound ACL nodes. This matches
the existing behavior of the NAT44 nodes which rewrite
source addresses as an input feature instead of an output feature.
This was only done for endpoint dependent mode because the regular
endpoint independent in2out-output node currently selects an
explicit next node rather than using the next node on the feature
arc.
Unit test added to configure both NAT and an ACL and ensure that
out2in packets matching an in2out flow are permitted by the ACL
and translated by NAT.
Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
|
|
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd
But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.
With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.
Type: fix
Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Ticket: VPP-1817
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
|
|
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95
Ticket: VPP-1815
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Type: docs
Change-Id: Ica60b42e64703879c5c229209e4a4fac278bda31
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
This reverts commit 57584d99dd8a8524db90c67c88525d58879d9b8e.
The reasons for reverting:
- the documentation seems "work in progress". Also, 500K of pngs
should probably go on wiki, rather than in the repo. Please
make sure that newly added documentation renders correctly
and sensibly as part of the review/commit process.
- runner.py seems to contain unit tests, so it should
be rewritten in a manner that allows the testing from within
CI (including an unprivileged docker container)
- the above items, especially the testing one, warrant more
work, and at a RC1 milestone time it is probably not
a good idea to include a significant patch without
proper care. I suggest to prepare it so it is ready
for the next release, or cherrypick it for a
20.01.1 release, if having it in stable/2001 is absolute necessity.
- when submitting it, ensure that the commit message
makes sense, especially having "srv6-mobile:" with no further
text should be absolutely avoided.
Change-Id: If81441f7ebf11a6ad5638b1327faf18e8ebe6a35
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
|
|
from threading.thread __init__:
This constructor should always be called with keyword arguments.
If a subclass overrides the constructor, it must make sure to invoke
the base class constructor (Thread.__init__()) before doing anything
else to the thread.
Type: test
Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|