| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
parameters. If hostname is present, certificate validation is
enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
different path can be provided via startup config
Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
It consists of two main parts. First, add an application transport type
whereby applications can offer transport to other applications. For
instance, a tls app can offer transport services to other applications.
And second, a tls transport app that leverages the mbedtls library for
tls protocol implementation.
Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I7f5a3b8d92ef07d60315bab6e560eba49ea07249
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Memfd backed shared memory segments can only be negotiated over sockets.
For such scenarios, the existing redirect mechanism that establishes
cut-through sessions does not work anymore as the two peer application
do not share such a socket.
This patch adds support for local sessions, as opposed to sessions
backed by a transport connection, in a way that is almost transparent to
the two applications by reusing the existing binary api messages.
Moreover, all segment allocations are now entirely done through the
segment manager valloc, so segment overlaps due to independent
allocations previously required for redirects are completely avoided.
The one notable characteristic of local sessions (cut-through from app
perspective) notification messages is that they carry pointers to two
event queues, one for each app peer, instead of one. For
transport-backed sessions one of the queues can be inferred but for
local session they cannot.
Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- use valloc as a 'central' segment baseva manager
- use per segment manager segment pools and use rwlocks to guard them
- add session test that exercises segment creation
- embed segment manager properties into application since they're shared
- fix rw locks
Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- update segment manager and session api to work with both flavors of
ssvm segments
- added generic ssvm slave/master init and del functions
- cleanup/refactor tcp_echo
- fixed uses of svm fifo pool as vector
Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This does not update api client code. In other words, if the client
assumes the transport is shmem based, this patch does not change that.
Furthermore, code that checks queue size, for tail dropping, is not
updated.
Done for the following apis:
Plugins
- acl
- gtpu
- memif
- nat
- pppoe
VNET
- bfd
- bier
- tapv2
- vhost user
- dhcp
- flow
- geneve
- ip
- punt
- ipsec/ipsec-gre
- l2
- l2tp
- lisp-cp/one-cp
- lisp-gpe
- map
- mpls
- policer
- session
- span
- udp
- tap
- vxlan/vxlan-gpe
- interface
VPP
- api/api.c
OAM
- oam_api.c
Stats
- stats.c
Change-Id: I0e33ecefb2bdab0295698c0add948068a5a83345
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- separate client/server code for both memory and socket apis
- separate memory api code from generic vlib api code
- move unix_shared_memory_fifo to svm and rename to svm_fifo_t
- overall declutter
Change-Id: I90cdd98ff74d0787d58825b914b0f1eafcfa4dc2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I87e3de556910851d16af343bfcbede49500843ff
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I39d21d15677f57e10b69b8842f2cbca277abddf0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- compute session type out of transport and network protos
- make session, session lookup and session queue code network protocol
agnostic
This does not update the session layer to support non-ip network layer
protocols
Change-Id: Ifc2f92845e158b649d59462eb7d51c12af536691
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib644a1840c5f24203b6968561f467fbe5e255055
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This, if such a listener exists.
Change-Id: I974cc858c1e2fee50189c3c67e4abb76be32a98a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I43a7ac5b6c33810a465568d1955f400f4ef08786
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: I326c4472e5da8b6c0737655952d1983c7a0ea996
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie7b795715530e0920763098eb468c55fb17b1a2c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I86b2e2c5a655e53a915fbf62ff04ee23c86de234
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I40f80110f5224b676d60252f9721fd1bc8a10b58
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I86bfe4e8b0a899cc54c9b37eeb5eec701d0baf3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I280fea2610dcfc0b2da84973b9f567daec42f1f6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Iff1a665b6cf9ca2def0fcdacf02d7f8c579c0f4e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I355433e0f07b328c441ed642705b31ca5157fabe
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I04f1b63e66260d99c0dd180b0295a55a9b750df7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I54ced42749432335183ee3085a9ccc5f95a87ae9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I7794d5a0774017da4c1c15f45783a18754994ac8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Applications are now provided the option to select the namespace they
are to be attached to and the scope of their attachement. Application
namespaces are meant to:
1) constrain the scope of communication through the network by
association with source interfaces and/or fib tables that provide the
source ips to be used and limit the scope of routing
2) provide a namespace local scope to session layer communication, as
opposed to the global scope provided by 1). That is, sessions can be
established without assistance from transport and network layers.
Albeit, zero/local-host ip addresses must still be provided in session
establishment messages due to existing application idiosyncrasies. This
mode of communication uses shared-memory fifos (cut-through sessions)
exclusively.
If applications request no namespace, they are assigned to the default
one, which at its turn uses the default fib. Applications can request
access to both local and global scopes for a namespace. If no scope is
specified, session layer defaults to the global one.
When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY)
binds are converted to binds to the requested interface.
Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: If7fd125989c90240de12953658d10007b9eb4f07
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- Increment rcv_nxt for fin packets
- Call tcp_segment_rcv only if buffer has data
- Parse rcv opts before deleting half-open connection
- Fix initial rcv_wnd
- Improved event logging
Change-Id: I9b83c04f432c4cec832c480b03e534deff02c3b1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- limit minimum rto per connection
- cleanup sack scoreboard
- switched svm fifo out-of-order data handling from absolute offsets to
relative offsets.
- improve cwnd handling when using sacks
- add cc event debug stats
- improved uri tcp test client/server: bugfixes and added half-duplex mode
- expanded builtin client/server
- updated uri socket client/server code to work in half-duplex
- ensure session node unsets fifo event for empty fifo
- fix session detach
Change-Id: Ia446972340e32a65e0694ee2844355167d0c170d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I034efb9fc3ebb846c0aef07b18c1f110b8cbf3e3
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I6a566d1dc9531b790bdcb00edc73516f86daeb72
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- add option to preallocate fifos in a segment
- track active fifos with doubly linked list instead of vector
- update udp redirect test code to read fifo pointers from API call
instead of digging them up from fifo segment header
- input-node based active-open session generator
Change-Id: I804b81e99d95f8690d17e12660c6645995e28a9a
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I83a1b02a73fd159f14cca04fed3993f571475a00
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I9664214652229b663c3e3ba7406b4ede96bfb123
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic5467df16e870b49c49678b1dbb40f4a2390b3c9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Among others:
- Moved app event queue to shared memory segment
- Use private memory segment for builtin apps
- Remove pid from svm fifo
- Protect session fifo (de)allocation
- Use fifo event for session disconnects
- Have session queue node poll in all wk threads
Change-Id: I89dbf7fdfebef12f5ef2b34ba3ef3c2c07f49ff2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I19dcc3fcf85c63dc7a7f35e023f6269c9f233d3b
Signed-off-by: flyingeagle23 <wang.hui56@zte.com.cn>
|
|
Major refactoring of the session layer api
- Add attatch api for application binding to the the session layer
- Simplify listen/connect calls
- Update application CLI
- Add transport endpoint to accept callback
- Associate segment manager to application and allow for multiple
binds/connects per app
Additional:
- svm fifo cleanup
- add fifo free, format fns
- add fifo offset enqueue unit test
Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- builtin test echo server
- fix SYN-ACK retransmit canceling
- avoid sending spurious ACK if in LAST_ACK
- improved client dummy test app
- renamed tx fifo dequeuing and sending functions to avoid confusion
- improved RST handling
Change-Id: Ia14aad3df319540dcf6e6a4e18a9f8d423a4b83b
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- Add CLI/API to enable session layer, by default it's disabled
- Improve rcv wnd computation
- Improvements to tx path
- URI code cleanup
- Builtin test tcp server
- Improve src port allocation
Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
Florin Coras
Dave Wallace
Milan Lenco
Dave Barach
Dave Barach
Damjan Marion
flyingeagle23