Age | Commit message (Collapse) | Author | Files | Lines |
|
- add option to use test certificate in the ca chain
- add hostname to extended session endpoint fields and connect api
parameters. If hostname is present, certificate validation is
enforced.
- use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A
different path can be provided via startup config
Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Based on https://gerrit.fd.io/r/#/c/10920/
Updates service definition in stats.api with correct reply message names.
Change-Id: I3282bee5304e667e23bc1fab3f43d967a50d880d
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
This reverts commit f7b7fa53b7eaec81d8c00c1023fb7d01f1f9761f.
Change-Id: I87496342943248e94f01ada31459f387c0a3a610
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch adds the possibility to configure some behaviors of the SCTP
stack based on some tunable parameters (mainly ON/OFF). For the time
being, that is limited to the bundling option (multiplexing messages)
and to delaying the SACK message.
Change-Id: I696493e0309e47163c1e119c7d9f82f7d8ee6b87
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
- IPv6 link local table is a per-SW interface array of IPv6 unicast FIBs
- the per-interface ocst is sizeof(fib_table_t) which is small,
w.r.t. the cost of an interface
- FE80::/10 in the 'global' table points to a DPO that performs a lookup in the
input interface's LL fib.
Change-Id: Ice834b25ebeeacb2e929d7c864d7ec8c09918cbe
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I7de987c30b263d43521e6280c5273f30b5f6e11c
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch addresses the need to handle timers timeouts (e.g. sent
chunks not being acked) for both the INIT and SHUTDOWN phases.
The INIT phase requires the handling of two timers the T1-init and
T1-cookie timers whilst the SHUTDOWN phase requires the handling of the
T2-shutdown timer only for the retransmission case.
Left to be implemented is the handling of the DATA chunks retransmission
(e.g. T3-rxtx expiration) but that will be submitted with a separate
patch.
Change-Id: I2b2e13dce11000aea3c7d965f02b27b76c97e605
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I233d02a669b6a0504cd54590c6c8e4fefadc4713
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
While the netlink field is named nl_pid, and typically
contains a process id, setting it to a pid value directly
prevents other modules from also using a netlink socket.
On the other hand, setting it to 0 allows multiple modules
to use a netlink socket by letting the kernel assign the
nl_pid a value.
This allows the verito tap code to interact nicely with
the router plugin's librtnl after, say, tap-inject has
been enabled.
Change-Id: I9771929f34d15497a5f7b8c5fd78dac28e31383b
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I1e3b48dfd21c9dbebdbcc0af0d6e888b416b3ac5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
It consists of two main parts. First, add an application transport type
whereby applications can offer transport to other applications. For
instance, a tls app can offer transport services to other applications.
And second, a tls transport app that leverages the mbedtls library for
tls protocol implementation.
Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
1. When interface create encouners an error (see test below),
the same id cannot be used again.
This is due to hash_set is called too early in the function. After the
hash entry is set, there are different errors may cause the interface
create to be aborted. But we didn't remove the hash entry when error is
encountered. The fix is to move the hash_set call near the end which has
no more "goto error"
DBGvpp# create tap id 1 rx-ring-size 1021 tx-ring-size 1021
create tap id 1 rx-ring-size 1021 tx-ring-size 1021
create tap: ring size must be power of 2
DBGvpp# create tap id 1 rx-ring-size 1024 tx-ring-size 1024
create tap id 1 rx-ring-size 1024 tx-ring-size 1024
create tap: interface already exists
DBGvpp#
2. multiple issues exist with api_format.c with the below command
binary-api tap_create_v2 id 4 hw-addr 90:e2:ba:76:cf:2f rx-ring-size 1024 tx-ring-size 1024
- hw_addr is not taken due to the test for random mac is inverted
- id is an integer, not a string
- integer values were not converted to network format
Change-Id: I5a669d702a80ad158517df46f0ab089e4d0d692e
Signed-off-by: Steven <sluong@cisco.com>
|
|
This patch adds an API to delete a sub-connection following a SRC/DST IP
mapping as required by the RFC4960.
Change-Id: I7673dd07352557442ffeed6c6c00da274b24953d
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
For ERSPAN encap, both bits in the EN field of the header should
be set to indicate any VLAN tag in the original Ethernet frame is
preserved.
Added SPAN L2 test case where the mirrored packet output is a GRE
ERSPAN tunnel.
Change-Id: Ie7a40992a9278469c24aa6fa9e122b4505797d10
Signed-off-by: John Lo <loj@cisco.com>
|
|
This patch adds an API to add a sub-connection following a SRC/DST IP
mapping as required by the RFC4960.
At the same time, it changes the way the next available sub-connection
is being calculated: rather than having an index in the parent
connection which is prone to many issues at run-time, the next available
sub-connection is being calculated by looking at the state of the set
sub-connections and if marked as DOWN it means that is an available slot
to be used.
Change-Id: I662be6a247bfbbe8bf9aaf3f485183c07ef862fe
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I3425b1533b3d31210166e7b3798685464ad1c489
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The following command sequences cause the crash:
create tap id 0 rx-ring-size 1024 tx-ring-size 1024
create tap id 1 rx-ring-size 1024 tx-ring-size 1024
set interface state tap0 up
set interface state tap1 up
delete tap tap0
delete tap tap1
create tap id 0 rx-ring-size 1024 tx-ring-size 1024
0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46
(vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails
The reason for the crash is because when the tap interface is deleted,
the code does not remove the entry from the device queue. But the interface
is deleted anyway from vnet_main.interface_main.hw_interfaces.
When an interface is created again, it may encounter
the deleted entry in the device queue and crash. Notice create and delete a
single entry does not cause a crash. Need to create and delete 2 interfaces
to create a "hole" in the device queue.
Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f
Signed-off-by: Steven <sluong@cisco.com>
|
|
ouptut
Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4
Signed-off-by: Chaoyu Jin <chjin@cisco.com>
|
|
This patch address the requirement to handle a COOKIE chunk whilst in
SHUTDOWN phase. The COOKIE shouldn't just be dropped but an OPERATION
ERROR chunk shall be sent to the peer to inform about the current
situation.
Change-Id: I1a47652402d49cfee3b0c810304d7902f3a62f40
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
When heavy traffic is running using worker threads, it may crash here
DBGvpp# 0: /home/sluong/vpp3/vpp/build-data/../src/vlib/main.c:1128 (dispatch_pending_node) assertion `f->flags & VLIB_FRAME_PENDING' fails
Thread 1 "vpp_main" received signal SIGABRT, Aborted.
0x00007ffff5d50428 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
No crash was observed if only main thread was used.
Change-Id: I96f8b02ec23accc85c0f1ddecfeff6043b5e3c2b
Signed-off-by: Steven <sluong@cisco.com>
|
|
enabled
Fixed a typo in sctp_push_header(). It was inherited from tcp_output.c
Change-Id: I810fcb4c24cfd3d54f15da72a5184cfc4df24592
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: Iacbf7593ef9c03000db502e68335ac3ae18995d7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
platform. VPP-1129
Change-Id: I954acb56d901e42976e71534317f38d7c4359bcf
Signed-off-by: Adrian Oanca <adrian.oanca@enea.com>
|
|
This patch addresses the requirements depicted in section 5.2.4 of the
RFC 4960. It also takes care of handling the ERROR chunk and obviously
the STALE COOKIE error.
Change-Id: I6b88a9371546b18a52abac22f7c593a5f16be838
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
As per RFC4960 the INIT chunk could be received in unexpected scenarios
and - depending on the state of the internal state-machine - the INIT
chunk requires different treatment.
This patch addresses section 5.2.1 and 5.2.2 of the RFC4960.
Change-Id: Ib23ef490c6a5ca3da6c46a9584b75e7577cb7042
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
vlib_buffer_get_current() should be used for current data offset in ACL.
This is required for output ACL where packets are decoded through a vxlan tunnel rx node.
Change-Id: I6f739f251c3eb0d59ee4ae0da97aa04ddf667468
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Change-Id: I7b2f52b2b2ce13f27bddc8750b8fc564bf6ab73e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1d3ede2b043e1fd4abc54f540bb1d3ac9863016e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I28cfa7f7f5e4938146478c4a5cc5ad18612aadaa
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
A bug was found when multiple SCTP connections were being opened to the
same SCTP server. This patch addresses that problem, removing the use of
the 'parent' pointer approach for sub-connection and saving instead
within the sub-connection itself the ID representing its position. That
facilitates pointer-arithmetic to be computed in the
get_connection_from_transport().
Change-Id: Iaa1f4efc501590be1c93e42fd6fe3d6e02f635eb
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Fixes a small bookkeeping oversight where the VXLAN instance
numbers were being freed erroneously by their device_instance
number rather than the correct user_instance number.
Change-Id: I08f6b2089c7a14cc8a8cb91f04f850f60ecec43b
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: Ieb6b7a75fa23c8142ae15f42cd3a703253f39e10
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Directly allocate and carve cache-line-aligned chunks of virtual
memory. To a first approximation, bihash wasn't using
clib_mem_free(...).
We eliminate mheap object header/trailers, which improves space
efficiency. We also eliminate the 4gb bihash table size limit. An 8_8
bihash w/ 100 million random entries uses 3.8 Gbytes.
Change-Id: Icf925fdf99bce7d6ac407ac4edd30560b8f04808
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
This patch adds some missing information in various debugging messages
which can help with debugging state-machine and connection-tracking.
It also renames some internal variable names for better code
readibility.
Change-Id: I68503fc0214300032f7514426c8b5b2b12edf11a
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
... you'd think I'd have leanred by now...
Change-Id: I65c54feb2ec016baa07ed96c81ab8f60277c3418
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
The dot1q_vlans & dot1ad_vlans should be reset to 0 when main interface
is deleted. Otherwise, VPP will crash if the same interface index is reused
without attaching the sub interface on it.
Change-Id: I484d4a8892ff4241a3a32b22189746193d5f2594
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
This patch addresses the requirements depicted by section 7.1.1 and
7.1.2 of the RFC 4960. Specifically, it implements the Slow-start and
Congestion-avoidance policies.
The patch also took care of correctly implementing some 'formatting'
functions required - for instance - in packet(s) tracing.
Change-Id: I68eade1b30345de3acb3ac8a653a5ef76eb6d2ac
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I6511110d0472203498a4f8741781eeeeb4f90844
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Also it removes ethernet_frame_is_any_taged implemebntation
which seems to be equally costly compared to two
invocations of ethernet_frame_is_tagged.
Change-Id: If1c95f8267cd34b807ec07e0d675cbd0db2fdf9f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I373f429c53c6f66ad38322addcfaccddb7761392
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Register new type (for use from puglins)
- Memory for delegate is provided by delegate provider
Change-Id: I5ece86b1fe84e3028a5c853871476c4ba015b2eb
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
This patch addresses the SCTP requirement for multiple sub-connections
to implement the so called 'multi-homed' scenario.
Change-Id: Ibce18f216e9d2bebe318992c441bf278e16aad17
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I85602b0178315023bb512babdd5b7dd4263a322d
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
and update glean address on local interface MAC change
Change-Id: I530826d60c7e9db2b0fa2d45754139d82c5ea807
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I62a2a6524b72115a4239fbd7dc9ac8fdc35e20ed
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: Ibc5b1149f3fbbe3dfe1f069ab69bfed7de660582
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This reverts commit 8b30e471df4d42214619e1d6c50cc8298426b45f.
Change-Id: I99edb236eb0a7f8ba3fba333c3481a710ebcb59c
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This reverts commit a44b015aa012d3b07ed873925d47c6d5955b7dd2.
Change-Id: I2d76bc0844f58e5ddf3f3a4326b86076f46e3751
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I19390f87343bacea84b49fc5d08af38875fdafdd
Signed-off-by: Ole Troan <ot@cisco.com>
|