Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I6b5984df176688f0722a2888e73f05d8ed8b9310
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
DHCP additions:
1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default.
2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default
3) Remove the version 2 API since it's now the same as version 1.
4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API)
5) DHCP proxy dump via API
Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I133c55bce46d40ffddabbbf8626cbd3d072522d4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Extended sw_interface_dump to provide 802.1ah (pbb) tag rewrite info if
present.
Extended log "l2-output" to provide raw data to display result of
prospetive pbb tag rewrite. Tracing is moved after l2output_vtr to show
these changes.
Change-Id: I8b7cb865dc67ce21afab402cc086dac35f7c0f07
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Now that the M() and S() macros accept a message parameter, there
is no longer a need to introduce a new block structure around the
CONTROL_PING messages just to have a new unbound "mp" variable.
Instead, just use one named "mp_ping" directly.
Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Instead, have them accept and assign a return paramter leaving
the return control flow up to the caller. Clean up otherwise
misleading returns present even after "NOT REACHED" comments.
Change-Id: I0861921f73ab65d55b95eabd27514f0129152723
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than rely on an unbound variable, explicitly introduce
the timeout variable within the 'do { ... } while (0)' construct
as a block-local variable.
Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than blindly assume an unbound, fixed message parameter
explicilty pass it as a paramter to the S() macro.
Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Rather than maintain (?) an unused second parameter, t, and pull
an unbound message pointer, mp, out of context, explicitly list
the message pointer as the second parameter.
Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Remote mapping and locator set binary APIs uses zero length arrays
defined as 'u8 array[0]' in .api file.
This path will change such cases to form 'type_t array[count];'
in order to enhance maintainability.
Change-Id: I98d0252b441020609c550d48186ed0d8338a3f2d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
expressive (and might appease coverity)
Change-Id: Ie3c9b2896a487a0302903bfbdd6348f6f091c67d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add vxlan-bypass feature which can be enabled on the IP6 underlay
interface which receive VXLAN packets to accelerate VXLAN decap
processing. The CLI to enable/disable it is:
set interface ip6 vxlan-bypass <interface> [del]
The vxlan-bypass feature is already supported on the IP4 underlay
interface. The CLI to enable/disable it is:
set interface ip vxlan-bypass <interface> [del]
Move vxlan-bypass API/CLI support code from decap.c to vxlan.c.
Also fixed two issues in the VXLAN decap path in the vxlan-input node:
1. Add verification of VXLAN packet FIB index with the encap-vrf-id
of the VXLAN tunnel.
2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the
IP6 mcast VXLAN tunnel.
Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: Ie7f51643fd3522a0fa8df8d0309305481c211f5f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Build Cryptodev IPsec support by default when DPDK is enabled but only build
hardware Cryptodev PMDs.
To enable Cryptodev support, a new startup.conf option for dpdk has been
introduced 'enable-cryptodev'.
During VPP init, if Cryptodev support is not enabled or not enough cryptodev
resources are available then default to OpenSSL ipsec implementation.
Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I422a3f168bd483e011cfaf54af022cb79b78db02
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I81f33f5153d5afac94b66b5a8cb91da77463af79
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
To simplify system configuration. Converted existing code to use an
argument structure, instead of [one or two too many] discrete
parameters.
Change-Id: I3eddfa74eeed918c1b04a6285fba494651594332
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Iba076fc13e3f870c49fc5ca971dc7b8799188a27
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
includes Fix for VPP-584 with API change to remove prefix length from LL programming
Change-Id: If860751c35e60255fb977f73bc33e8c2649e728e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If2541be803a0303401b013390e117c26fd1d9739
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|