aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns7-156/+331
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra49-113/+113
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-27GBP: fixes for l3-out routingNeale Ranns2-1/+32
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion13-96/+140
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27tcp: add cc algo lookup tableFlorin Coras2-7/+17
Change-Id: Ie7be0136c182cdc35193e47dd3249153c2f8d65e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-26FIB: do debug before remvoing last sourceNeale Ranns1-2/+2
Change-Id: I4e1cde754eb4d6406cd6cd51f37d89552bdb6a53 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ADJ: midchain delegate to performing stackingNeale Ranns11-211/+267
this can be used by e.g. tunnels so it doesn't need to be implemented for each tunnel type. Change-Id: I0790f89aa49f83421612b35108cce67693285999 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26IPSEC: more expressive API errorsNeale Ranns3-8/+10
Change-Id: I517a7bdae03abfea58451819e7854974397d77f8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26crypto: add set crypto handler CLIFilip Tehlar3-8/+135
Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie2-5/+24
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-26ipsec: esp-encrypt reworkDamjan Marion7-242/+398
Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-26Convert GRE nodes to new buffer APIs and multiarchBenoît Ganne2-618/+470
Change-Id: I3b3c8333287bb704ac7b0bbc81b3dbb059e8d2ac Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26Simplify adjacency rewrite codeBenoît Ganne4-172/+33
Using memcpy instead of complex specific copy logic. This simplify the implementation and also improve perf slightly. Also move adjacency data from tail to head of buffer, which improves cache locality (header and data share the same cacheline) Finally, fix VxLAN which used to workaround vnet_rewrite logic. Change-Id: I770ddad9846f7ee505aa99ad417e6a61d5cbbefa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26IPSEC: improved policy deleteNeale Ranns1-13/+9
Change-Id: Icdf51b094c34725c079d2e4acbb955744434302d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras2-5/+14
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25IPSEC tests fnd fix or Extended Sequence NumbersNeale Ranns3-15/+14
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25UDP: Fix session registration in lookup tableAloys Augustin1-0/+4
This fixes a bug where packets could be sent but not received when opening an UDP connection. Change-Id: I0993dd806b277374232d551167970ab13a62dbf9 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-03-25Fix unformat proto UDPC / UDP conflictNathan Skrzypczak1-4/+4
Change-Id: I9161959536c37f6f730650c9c0058a41af8e7001 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-23tcp: make default mtu configurableFlorin Coras3-7/+10
Change-Id: I56d8d8d67d5590e24c1ddb54b0c63a2cb03798e1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipv6: vectorized ext header checkDamjan Marion2-10/+35
Change-Id: I454bb01153d1d0536c4a6fe36103e7721aad8cd1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22ADJ: more thorough link up checkNeale Ranns2-7/+22
Change-Id: I04dbfb914706b25fcc3bd6ee0d19cfdc810234ae Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-22tcp: improve handling of snd_nxtFlorin Coras4-124/+91
- avoid changing snd_nxt when doing fast retransmits - use snd_una_max only to keep track of the max seq number sent - simplify future ack testing Change-Id: I3580ad3aefe30128486c3375d0ac3f3f62c04c5e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipsec: fix esn handlingDamjan Marion1-9/+5
Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22IPSEC: test for packet drop on sequence number wrapNeale Ranns1-1/+2
Change-Id: Id546c56a4904d13d4278055f3c5a5e4548e2efd0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21session/fifo: make event unset atomicFlorin Coras1-4/+6
Ensures that fifo cursize loads cannot be speculated to before the event unset. Change-Id: Ia7c20c510d58f26a8e9b82d3982c6d4143a3a4d6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-21BVI InterfaceNeale Ranns8-3/+509
a new dedicated BVI interface as opposed to [re]using a loopback. benefits: - removes ambiguity over the purpose of a loopback interface - TX node dedicated to BVI only functions. Change-Id: I749d6b38440d450ac5b909a28053c75ec9df946a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21error-drop; print interface by nameNeale Ranns1-1/+2
Change-Id: I19736180c1e7e1d13dbb74bcd8f1dfae762b1d25 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21icmp: bug fix of buffer->errorKingwel Xie2-2/+18
Recent changes in icmp4/6 choose to free the original buffer, and make a copy for sending icmp reply back. However, buffer->error will be ignored when the buffer is freed unconditionally. A quick fix can be moving the counter increment code to icmp, but I prefert to enqueue all buffers to 'error-drop' so that they can be handled in a batch rebase, using vlib_buffer_enqueue_to_single_next Change-Id: I9f3028b55f1d5f634763e2410cd91e17f368195e Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-21ipsec: add ipv6 support for ipsec tunnel interfaceKingwel Xie7-147/+415
Change-Id: I6a76907dc7bed2a81282b63669bea2219d6903c9 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2019-03-20crypto: add hmac truncate optionDamjan Marion2-1/+2
This reverts commit 785368e559dbdf50676f74f43f13423c817abb52. Change-Id: I782ac2be4e161790c73ccd4b08492e2188a6d79d Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20IPSEC: Tunnel SA not deletedNeale Ranns1-3/+6
p is overwritten by hash_unset so an incorrect value is passed to ipsec_sa_del Change-Id: I97300dd4421c62d7cfa47b8e7e9789becb2370e9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-20ipsec: keep crypto data inside SADamjan Marion8-58/+65
Change-Id: Ie8986bd3652d25c4befe681cea77df95aba37ebc Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-20ipsec: bug fix ipsec-init sequenceKingwel Xie1-2/+0
ipsec_tunnel_if_init might be called before ipsec_init this memset in ipsec-init therefore zero the memory allocated by ipsec_tunnel_if_init Change-Id: Ie889f1bf624c76842ef77e5a51ed1d41fed4758d Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-20tcp: disable cc elog debuggingFlorin Coras1-2/+2
Change-Id: Iffed748a15b9f01b985f9a6a9574a7bc42ab55aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-20tests: implement crypto tests per RFC2202Filip Tehlar1-0/+1
Change-Id: I18b30d5ee8aa60c34d52b7716b5feb7225cb0d59 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-19crypto: introduce crypto infraDamjan Marion13-233/+589
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-19add default NONE flag for bd_flagsMichal Cmarada1-0/+1
Change-Id: I316bcc3d0244cf89bd1e2fc8a08cfac6aad0b22c Signed-off-by: Michal Cmarada <mcmarada@cisco.com>
2019-03-19IPSEC: remove byte swap operations in DP during SPD classifyNeale Ranns5-46/+35
Change-Id: I4bfde738f9585b045cb5ba62cf51b141d639b1b2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-19IPSEC: tidy the policy typesNeale Ranns6-78/+102
Change-Id: I5e981f12ff44243623cfd18d5e0ae06a7dfd1eb8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-18session: add session flagsFlorin Coras5-24/+17
- use flag instead of enqueue_epoch for enqueueing rx events. - use flag for proxy sessions Change-Id: Iec3eee55a68d02536ece6329348a3369c7c7412e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-18vnet: disable the expansion of the heap allocated for classifier tablesAndrew Yourtchenko1-0/+2
Classifier data structures assume the contiguous chunk of memory within the heap. Default heap flags for dlmalloc allow for heap growth. When that happens, the memory becomes discontiguous. This results in symptoms that are more cryptic than necessary. Disabling the expand makes the session allocation behavior of the classifier the same for dlmalloc as for the legacy allocator. Change-Id: I2f725b5f78a31a8eaa5f5a20dfdd7e1129662f6a Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-03-15Revert "API: Cleanup APIs interface.api"Ole Trøan9-212/+180
This reverts commit e63325e3ca03c847963863446345e6c80a2c0cfd. Allow time for CSIT to accommodate. Change-Id: I59435e4ab5e05e36a2796c3bf44889b5d4823cc2 Signed-off-by: ot@cisco.com
2019-03-15API: Cleanup APIs interface.apiJakub Grajciar9-180/+212
Use of consistent API types for interface.api Change-Id: Ieb54cebb4ac96b432a3f0b41596718aa2f34885b Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2019-03-14tcp: drop anything but fins in TIME_WAITFlorin Coras1-0/+4
Change-Id: I8414c2ed8bda59504330aad5f1a80dfe08dd85de Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-14Update documentation for src/vnet/interface.api sw_interface_dumpPaul Vinciguerra1-1/+7
Change-Id: Idcb15632ffe45ec269f2482be2ada967f41f19be Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-14IGMP: typo and doc fix (no behaviour change)Neale Ranns1-1/+1
Change-Id: I1c870f90a8e0d14b972593e72242b430c13d3bf2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-13session rule cli add udp session failzhanglimao1-0/+1
current session rule cli can not add session rule of proto is udp. because vnet_session_rule_add_del function's paramter does not include transport_proto element in args struct, but session rule type on the basis of input args's transport_proto when create session rule with vnet_session_rule_add_del function, so just add transport_proto element to vnet_session_rule_add_del function's args that to solve this problem Change-Id: If1a5942b4a0b006d73376e0cb01b97e84c593493 Signed-off-by: zhanglimao <zhanglimao0017@gmail.com>
2019-03-13VPP-1576: fix a set of coverity warningsDave Barach2-3/+3
Change-Id: Ifd34aed8692d5acaa370d4976d974ac573e43705 Signed-off-by: Dave Barach <dave@barachs.net>
2019-03-13vhost-user: restart vpp may cause vhost to crashSteven Luong1-1/+1
Fix a typo in vhost_user_rx_discard_packet which may cause txvq->last_avail_idx to go wild. Change-Id: Ifaeb58835dff9b7ea82c061442722f1dcaa5d9a4 Signed-off-by: Steven Luong <sluong@cisco.com> (cherry picked from commit 39382976701926c1f34191c1311829c15a53cb01)
2019-03-13Move the punt/drop nodes into vlibNeale Ranns1-286/+91
The core VLIB library now has a means to dispoe of buffers. the vlib punt/drop node counts node errors. the vnet punt/drop node counts interface errors. speed up both nodes with the usual reciepe. before: error-drop 8.33e1 after: drop 4.51e1 error-drop 6.81e0 Change-Id: If2e919458a3f2e9d71dbf9c6f1352dafb186a05b Signed-off-by: Neale Ranns <nranns@cisco.com>