Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: refactor
Change-Id: I6933205cfb04bc31cabe6e3b1a8044cace93f84c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Per rfc793, in window syns for established connections should lead to
connection resets. As a mitigation for blind reset attacks, rfc5961
requests that such syns be replied to with challange acks.
Change-Id: I75e4972bbb515e48d9cf1bda32ea5d9891d670f0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: Ia8af6a62a2be2265bc42955d90e8c2222bdb8f50
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I54521078cf96e459d041c86297c6ca80045bf0a3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Idf0b2e16b2e7d126940bb38c7983d6784b5bfdc8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib489922af246b7dc3e770a57e51b87a2568a014d
Type: fix
Fixes: b71fa75d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
2.77e1 v. 2.81e1
Type: performance
Change-Id: I896ec77818603f17aaa622073dafc626570326f1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.
the set_key functions were untested.
Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0036c216b79afb66b982b1b6a7e81f738f3b61dc
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Id6b2c2321c5f1d56e7cfab24a7c1641b38e94e19
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Support an adjacency with lookup_next_index of IP_LOOKUP_NEXT_MIDCHAIN
so tunnel interfaces can have BFD configured on them.
Also, check if the interface a session is configured on is up
and skip assembling the packet and calculating the checksum if
the interface is down.
Change-Id: I44f76478d0fc1592e3491dd9368819a5c957e74a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
redirect
Change-Id: I2a3ba2a3d73ea8511e3a511855b041432328f0a8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib4cdbe8a6a1d10a643941c13aa0acbed410f876c
Type: Feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib9f98fba5a724480ca95f11a762002c53e08df70
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Fixes: 1197449
Change-Id: Icdda3c667ba76542ea3af5d66cc7c3fb10ade1ca
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Fixes: c59b9a2
Change-Id: I6021e67196a4d31ab11d4e3cfbda34b678150701
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: b4fff3a
Change-Id: I2552cbc0a02e7445825a5a4ce290cde3d10c5f0b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I9de63cebfcef8898d0ea4c9c2b7451b168b06c2c
Signed-off-by: mu.duojiao <mu.duojiao@zte.com.cn>
|
|
- all packets input on interface X are load-balanced over the set of
paths provided.
Change-Id: Ic27cb88c4cd5d6d3462570632daff7a43d5a652d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I45618347e37440263270baf07b2f82f653f754a5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
add a UT for the API
Change-Id: I93fb6ec2c5f74b991bf7f229250a30c0395b8e24
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
plugins:
- ipfixcollector
vnet:
- geneve
- vxlan_gpe
- vxlan
Change-Id: I69a8b4017ee6990f2b4874fe3e94c4520bde7101
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Because of the initialisation of the end of the range, the command show ipsec spd
on an ipv4 SPD didn't work correctly.
Change-Id: I3582382197bb6edef4fb077aac1e927ef4581cbf
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
|
|
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8e4592734cd8343cd95b32ad8617fed4aec3f590
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
- arp-input, registered with the ethernet protocol dispatcher, performs
basic checks and starts the arc
- arp-reply; first feature on the arc replies to requests and learns
from responses (no functional change)
- arp-proxy; checks against the proxy DB
arp-reply and arp-proxy are enabled when the interface is appropriately
configured.
Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icd76769d841792eb2d59ffc23c557dcca9ddc580
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer
check, about three lines after it was needed.
Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add tooling for feature metadata configuration files.
The main tool is in src/scripts/fts.py
make checkfeaturelist to validate against schema.
make featurelist to dump all feature lists to stdout.
Example feature definition:
name: IP in IP tunnelling
maintainer: Ole Troan <ot@cisco.com>
features:
- IPv4/IPv6 over IPv4/IPv6 encapsulation:
- Fragmentation and Reassembly
- Configurable MTU
- Inner to outer Traffic Class / TOS copy
- Configurable Traffic Class / TOS
- ICMPv4 / ICMPv6 proxying
- 6RD (RFC5969):
- Border Relay
description: "Implements IP{v4,v6} over IP{v4,v6} tunnelling as
described in RFC2473. This module also implement the border relay of
6RD (RFC5969)."
state: production
properties: [API, CLI, STATS, MULTITHREAD]
missing:
- Tunnel PMTUD
- Tracking of FIB state for tunnel state
- IPv6 extension headers (Tunnel encapsulation limit option)
JSON schema is embedded in fts.py
Example markdown: https://github.com/otroan/scratch/blob/master/features.md
Change-Id: I903b4ee6b316a9378c259e86dc937092e5d4b7da
Type: make
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch enables bonding numa awareness on multi-socket
server working in active-backeup mode.
The VPP adds capability for automatically preferring slave
with local numa node in order to reduces the load on the
QPI-bus and improve system overall performance in multi-socket
use cases. Users doesn't need to add any extra operation as
usual.
Change-Id: Iec267375fc399a9a0c0a7dca649fadb994d36671
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
before and after:
ip4-load-balance 1.54e1
ip4-load-balance 1.36e1
p.s. Quad loops were not beneficial
Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
and document scaling
Change-Id: I65d8999e65616d77e525963c770d91e9b0d5e593
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I07681d94301e19389dda0caacd5a93b21d9aff1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Use explicit types vl_api_address/prefix in ipip.api.
Change-Id: Ib3133cebdbe4437742924efd49cde4009c4cc31b
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Iab27b405fb3ca7aed94ae974d57c286c41298c3a
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
For tunnel mode, after decryption the buffer length was being adjusted
by adding (iv length + esp header size). Subtract it instead.
Required for BFD to work on an IPsec tunnel interface. BFD verifies
that the amount of received data is the expected size. It drops the
packet if the buffer metadata says that the packet buffer contains
more data than the packet headers say it should.
Change-Id: I3146d5c3cbf1cceccc9989eefbc9a59e604e9975
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I363a4444f4d296f04371acd65c702b1a1ce70913
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: Ib9297b712ff7d08bf085fb0b6c9e6ffd83c5fa57
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: fix
Fixes: 47feb11
Change-Id: I6b3b97cd361eef19c910c14fd06edb001a4c191b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch helps save 4.1 clocks/pkt from 62.9 to 58.8
clocks/pkt on Skylake.
Change-Id: I749a88a8fa6c78243441a89d6afcd04f106af3da
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I2e48eb772dc44912192d0684b8ee631d8d975e9e
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
call crypto backend only once per node call
Change-Id: I0faab89f603424f6c6ac0db28cc1a2b2c025093e
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
- add to the Punt API to allow different descriptions of the desired packets: UDP or exceptions
- move the punt nodes into punt_node.c
- improve tests (test that the correct packets are punted to the registered socket)
Change-Id: I1a133dec88106874993cba1f5a439cd26b2fef72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add a minimal ip6 hbh header processing test.
ioam plugin: use ip6_local_hop_by_hop_register_protocol() in
udp_ping_init().
Please test the ioam plugin udp_ping path AYEC, so I can
publish the patch.
Change-Id: I74e35276d6c38c31022026cfd238fad5e4a54485
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Id5c0f420e32e0504cea660fed2013f3ad28088aa
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
In tap tx routine, virtio_interface_tx_inline, there used to be an
interface spinlock to ensure packets are processed in an orderly fashion
clib_spinlock_lock_if_init (&vif->lockp);
When virtio code was introduced in 19.04, that line is changed to
clib_spinlock_lock_if_init (&vring->lockp);
to accommodate multi-queues.
Unfortunately, althrough the spinlock exists in the vring, it was never
initialized for tap, only for virtio. As a result, many nasty things can
happen when running tap interface in multi-thread environment. Crash is
inevitable.
The fix is to initialize vring->lockp for tap and remove vif->lockp as it
is not used anymore.
Change-Id: I82b15d3e9b0fb6add9b9ac49bf602a538946634a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
(cherry picked from commit c2c89782d34df0dc7197b18b042b4c2464a101ef)
|
|
Change-Id: Ia0cadebab8b800e34e9574601cdebee5ca90cc6a
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I3906adf9aa20b4221eeb7a8b5b353c6f0cb32d04
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I527b7e43dfba05eab12591e193f07f5036e33f56
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: Ida6a8f96bd858246e993250087bed45e7084ede1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|