aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-03-29ipsec: esp-decrypt reworkDamjan Marion4-210/+306
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29IPSEC: tunnel fragmentationNeale Ranns2-0/+13
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29tcp: remove sent rcv wnd 0 flagFlorin Coras3-13/+2
Change-Id: If6c672d1caa8884eb5d819311606a79a3de81200 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-29dhcp: only register UDP ports that are neededMatthew Smith3-12/+21
When configuring a DHCP client, both the UDP ports for DHCP client and server are registered. Packets to the server port end up being dropped unless you have also configured a DHCP proxy. This breaks a common home/office gateway use case where the WAN interface gets configured using a DHCP client and devices attached to a LAN interface attempt to configure themselves using DHCP. If you try to punt to an external DHCP daemon to handle the LAN client requests, the packets never make it to the external daemon because of the server port being registered. Modify dhcp_maybe_register_udp_ports() to accept a parameter that controls which ports get registered. For a DHCP client, only the client port is registered. For a DHCP proxy, both client and server ports are registered. Change-Id: I2182d9827e4c7424b03ebb94952c3d2dc37abdb6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-03-29tcp: improve updating of rcv wndFlorin Coras1-10/+7
Change-Id: I0b8a311979d3ccd15f3854e7ac44ca9951dc6ce4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28crypto: add vnet_crypto_op_init (...)Damjan Marion4-6/+14
Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESNDamjan Marion8-14/+14
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28Punt InfraNeale Ranns4-9/+45
A punt/exception path that provides: 1) clients that use the infra 2) clients can create punt reasons 3) clients can register to recieve packets that are punted for a given reason to be sent to the desired node. 4) nodes which punt packets fill in the {reason,protocol} of the buffere (in the meta-data) and send to the new node "punt-dispatch" 5) punt-dispatch sends packets to the registered nodes or drops Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28ipsec: anti-replay code cleanupDamjan Marion4-171/+143
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28session: remove unused tx context fieldFlorin Coras1-1/+0
Change-Id: I4a119937842eb188f5e5a7706cbe70e91ae4def8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28Add RDMA ibverb driver pluginBenoît Ganne2-10/+13
RDMA ibverb is a userspace API to efficiently rx/tx packets. This is an initial, unoptimized driver targeting Mellanox cards. Next steps should include batching, multiqueue and additional cards. Change-Id: I0309c7a543f75f2f9317eaf63ca502ac7a093ef9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-28session: cap max burst to a constantFlorin Coras1-17/+2
Change-Id: I1919d3844936486f04f2bfde24dc7e0d9121927a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28VXLAN-GBP: format flags in encap traceNeale Ranns1-2/+3
Change-Id: I561fd187b4865345f3bff86b3d6e67b0f0e97557 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28tcp: remove unused buffer flagsFlorin Coras2-23/+0
Change-Id: I86e71f32dee3cc48f680e6432a96caef0a7f66a1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28IPSEC: 4o6 and 6o4 for tunnel interfacesNeale Ranns1-2/+4
Change-Id: I4d3ba18ab5205317219989de55b6e50d3b1d8a79 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28IPSEC: fix build breakage from ships in the night mergesNeale Ranns1-2/+6
Change-Id: Iec7da9adc970d005cd7d3d42839b5e51b0b5f5c3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns7-156/+331
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra49-113/+113
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-27GBP: fixes for l3-out routingNeale Ranns2-1/+32
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion13-96/+140
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27tcp: add cc algo lookup tableFlorin Coras2-7/+17
Change-Id: Ie7be0136c182cdc35193e47dd3249153c2f8d65e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-26FIB: do debug before remvoing last sourceNeale Ranns1-2/+2
Change-Id: I4e1cde754eb4d6406cd6cd51f37d89552bdb6a53 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ADJ: midchain delegate to performing stackingNeale Ranns11-211/+267
this can be used by e.g. tunnels so it doesn't need to be implemented for each tunnel type. Change-Id: I0790f89aa49f83421612b35108cce67693285999 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26IPSEC: more expressive API errorsNeale Ranns3-8/+10
Change-Id: I517a7bdae03abfea58451819e7854974397d77f8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26crypto: add set crypto handler CLIFilip Tehlar3-8/+135
Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie2-5/+24
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-26ipsec: esp-encrypt reworkDamjan Marion7-242/+398
Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-26Convert GRE nodes to new buffer APIs and multiarchBenoît Ganne2-618/+470
Change-Id: I3b3c8333287bb704ac7b0bbc81b3dbb059e8d2ac Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26Simplify adjacency rewrite codeBenoît Ganne4-172/+33
Using memcpy instead of complex specific copy logic. This simplify the implementation and also improve perf slightly. Also move adjacency data from tail to head of buffer, which improves cache locality (header and data share the same cacheline) Finally, fix VxLAN which used to workaround vnet_rewrite logic. Change-Id: I770ddad9846f7ee505aa99ad417e6a61d5cbbefa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26IPSEC: improved policy deleteNeale Ranns1-13/+9
Change-Id: Icdf51b094c34725c079d2e4acbb955744434302d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras2-5/+14
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25IPSEC tests fnd fix or Extended Sequence NumbersNeale Ranns3-15/+14
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25UDP: Fix session registration in lookup tableAloys Augustin1-0/+4
This fixes a bug where packets could be sent but not received when opening an UDP connection. Change-Id: I0993dd806b277374232d551167970ab13a62dbf9 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-03-25Fix unformat proto UDPC / UDP conflictNathan Skrzypczak1-4/+4
Change-Id: I9161959536c37f6f730650c9c0058a41af8e7001 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-23tcp: make default mtu configurableFlorin Coras3-7/+10
Change-Id: I56d8d8d67d5590e24c1ddb54b0c63a2cb03798e1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipv6: vectorized ext header checkDamjan Marion2-10/+35
Change-Id: I454bb01153d1d0536c4a6fe36103e7721aad8cd1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22ADJ: more thorough link up checkNeale Ranns2-7/+22
Change-Id: I04dbfb914706b25fcc3bd6ee0d19cfdc810234ae Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-22tcp: improve handling of snd_nxtFlorin Coras4-124/+91
- avoid changing snd_nxt when doing fast retransmits - use snd_una_max only to keep track of the max seq number sent - simplify future ack testing Change-Id: I3580ad3aefe30128486c3375d0ac3f3f62c04c5e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipsec: fix esn handlingDamjan Marion1-9/+5
Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22IPSEC: test for packet drop on sequence number wrapNeale Ranns1-1/+2
Change-Id: Id546c56a4904d13d4278055f3c5a5e4548e2efd0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21session/fifo: make event unset atomicFlorin Coras1-4/+6
Ensures that fifo cursize loads cannot be speculated to before the event unset. Change-Id: Ia7c20c510d58f26a8e9b82d3982c6d4143a3a4d6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-21BVI InterfaceNeale Ranns8-3/+509
a new dedicated BVI interface as opposed to [re]using a loopback. benefits: - removes ambiguity over the purpose of a loopback interface - TX node dedicated to BVI only functions. Change-Id: I749d6b38440d450ac5b909a28053c75ec9df946a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21error-drop; print interface by nameNeale Ranns1-1/+2
Change-Id: I19736180c1e7e1d13dbb74bcd8f1dfae762b1d25 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21icmp: bug fix of buffer->errorKingwel Xie2-2/+18
Recent changes in icmp4/6 choose to free the original buffer, and make a copy for sending icmp reply back. However, buffer->error will be ignored when the buffer is freed unconditionally. A quick fix can be moving the counter increment code to icmp, but I prefert to enqueue all buffers to 'error-drop' so that they can be handled in a batch rebase, using vlib_buffer_enqueue_to_single_next Change-Id: I9f3028b55f1d5f634763e2410cd91e17f368195e Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-21ipsec: add ipv6 support for ipsec tunnel interfaceKingwel Xie7-147/+415
Change-Id: I6a76907dc7bed2a81282b63669bea2219d6903c9 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2019-03-20crypto: add hmac truncate optionDamjan Marion2-1/+2
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52. Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20IPSEC: Tunnel SA not deletedNeale Ranns1-3/+6
p is overwritten by hash_unset so an incorrect value is passed to ipsec_sa_del Change-Id: I97300dd4421c62d7cfa47b8e7e9789becb2370e9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-20ipsec: keep crypto data inside SADamjan Marion8-58/+65
Change-Id: Ie8986bd3652d25c4befe681cea77df95aba37ebc Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20ipsec: bug fix ipsec-init sequenceKingwel Xie1-2/+0
ipsec_tunnel_if_init might be called before ipsec_init this memset in ipsec-init therefore zero the memory allocated by ipsec_tunnel_if_init Change-Id: Ie889f1bf624c76842ef77e5a51ed1d41fed4758d Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-20tcp: disable cc elog debuggingFlorin Coras1-2/+2
Change-Id: Iffed748a15b9f01b985f9a6a9574a7bc42ab55aa Signed-off-by: Florin Coras <fcoras@cisco.com>