| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
please consult the new tunnel proposal at:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Enhance the route add/del APIs to take a set of paths rather than just one.
Most unicast routing protocols calcualte all the available paths in one
run of the algorithm so updating all the paths at once is beneficial for the client.
two knobs control the behaviour:
is_multipath - if set the the set of paths passed will be added to those
that already exist, otherwise the set will replace them.
is_add - add or remove the set
is_add=0, is_multipath=1 and an empty set, results in deleting the route.
It is also considerably faster to add multiple paths at once, than one at a time:
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11
100000 routes in .572240 secs, 174751.80 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12
100000 routes in .528383 secs, 189256.54 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13
100000 routes in .757131 secs, 132077.52 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14
100000 routes in .878317 secs, 113854.12 routes/sec
vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14
100000 routes in .900212 secs, 111084.93 routes/sec
Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Previous use of strndup() required user to remember to call free().
Now return a vector pointing directly to the API message string.
Of course user must remember to copy the string out if lifetime
is longer than API message lifetime.
Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This change is made fix a crash, because is_feature flag semantics turn
out to be different from "custom app code" semantics. Introduce a flag
which custom plugins/apps can use to instead of tying that code to
is_feature flag.
Change-Id: Ief5898711e68529f9306cfac54c4dc9b3650f9e3
Ticket: N/A
Type: fix
Fixes: 21aa8f1022590b8b5caf819b4bbd485de0f1dfe5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Two codes diverged in the packet processor
And sorry I could not use them both
Long I stood being but one developer
And studied one as far as I could
To where the code said bitwise OR
Then took the other, as just could see,
And having perhaps the better bit,
Because it followed the RFC
And used the cryptic XOR in C,
Had run them both a fair bit.
And both equally ran that morning
With packets dropped and flowing.
Oh, I flagged the first for dropping!
Yet knowing bug leads to debuging
I hoped I'd never be returning.
I shall be commiting this with a sigh
Somewhere ages and ages hence:
Two codes diverged by a bit, and I,
I made the packets flow on by,
And that has made all the difference.
Type: fix
Change-Id: If2698726d5501fde76211994f8efc37119345352
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
An SA can be used only for ESP or AH nver both, so it needs only one
coresponding DPO.
Type: refactor
Change-Id: I689060f795ee352245a0eaed0890a6b234c63d71
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
rather than SRC/DST address error which is not so helpfull
Type: fix
Fixes: af3f0783
Change-Id: Ie2143e4e29de87d93e79bd96284c041bdbffd98e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Change-Id: I97fa59a0ba0b6b7a98698926020ffffcf6ae6ba3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Fixes: 8d7c502002
Change-Id: Ia6de250f20200c17937d9d7b2aab17ccd81d7823
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
encapped SPI-0 packets
Type: fix
Fixes: b71fa75d48
Change-Id: I2d81b373f7659e702759939c096b315afa36f621
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 6407ba56
Change-Id: I6d3ce68962986921e04aa00c989d8afa157ebcb8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 999c8ee6d6
Change-Id: Idcdddbe45f2e0adfd375b07199bb30f77c28702d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
vpp would fail 'tcp_in_fastrecovery (tc)' if tcp_connection_get returns 0.
Change-Id: I512cba5234b3777f1737bec9451940e7e7975f15
Signed-off-by: Guoao Sun <guoao.sun@intel.com>
|
|
This patch refactors AH decrypt node in such way that it calls crypto
backend only once per node call.
Type: refactor
Change-Id: I0dc72ff699042a151e64d44f76f791c5136ec009
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I421750147a8a821bd0b522daf6c2b7239e551f12
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Use tcp_available_cc_snd_space instead of sack scoreboard
last_delivered_bytes to estimate available space when retransmitting
with no sack support
Change-Id: I938c637279eaf8c5634c4e97f0633fa2d0054fac
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ia73cbe2fba0a364d966daed0b5d5d2ac7499f86d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I83e21b508a19df1beb207d961c8f2b52347deca0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I6933205cfb04bc31cabe6e3b1a8044cace93f84c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Per rfc793, in window syns for established connections should lead to
connection resets. As a mitigation for blind reset attacks, rfc5961
requests that such syns be replied to with challange acks.
Change-Id: I75e4972bbb515e48d9cf1bda32ea5d9891d670f0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: Ia8af6a62a2be2265bc42955d90e8c2222bdb8f50
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I54521078cf96e459d041c86297c6ca80045bf0a3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Idf0b2e16b2e7d126940bb38c7983d6784b5bfdc8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib489922af246b7dc3e770a57e51b87a2568a014d
Type: fix
Fixes: b71fa75d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
2.77e1 v. 2.81e1
Type: performance
Change-Id: I896ec77818603f17aaa622073dafc626570326f1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.
the set_key functions were untested.
Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0036c216b79afb66b982b1b6a7e81f738f3b61dc
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Id6b2c2321c5f1d56e7cfab24a7c1641b38e94e19
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Support an adjacency with lookup_next_index of IP_LOOKUP_NEXT_MIDCHAIN
so tunnel interfaces can have BFD configured on them.
Also, check if the interface a session is configured on is up
and skip assembling the packet and calculating the checksum if
the interface is down.
Change-Id: I44f76478d0fc1592e3491dd9368819a5c957e74a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
redirect
Change-Id: I2a3ba2a3d73ea8511e3a511855b041432328f0a8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib4cdbe8a6a1d10a643941c13aa0acbed410f876c
Type: Feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ib9f98fba5a724480ca95f11a762002c53e08df70
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Fixes: 1197449
Change-Id: Icdda3c667ba76542ea3af5d66cc7c3fb10ade1ca
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Fixes: c59b9a2
Change-Id: I6021e67196a4d31ab11d4e3cfbda34b678150701
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: b4fff3a
Change-Id: I2552cbc0a02e7445825a5a4ce290cde3d10c5f0b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I9de63cebfcef8898d0ea4c9c2b7451b168b06c2c
Signed-off-by: mu.duojiao <mu.duojiao@zte.com.cn>
|
|
- all packets input on interface X are load-balanced over the set of
paths provided.
Change-Id: Ic27cb88c4cd5d6d3462570632daff7a43d5a652d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I45618347e37440263270baf07b2f82f653f754a5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
add a UT for the API
Change-Id: I93fb6ec2c5f74b991bf7f229250a30c0395b8e24
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
plugins:
- ipfixcollector
vnet:
- geneve
- vxlan_gpe
- vxlan
Change-Id: I69a8b4017ee6990f2b4874fe3e94c4520bde7101
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Because of the initialisation of the end of the range, the command show ipsec spd
on an ipv4 SPD didn't work correctly.
Change-Id: I3582382197bb6edef4fb077aac1e927ef4581cbf
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
|
|
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I8e4592734cd8343cd95b32ad8617fed4aec3f590
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
- arp-input, registered with the ethernet protocol dispatcher, performs
basic checks and starts the arc
- arp-reply; first feature on the arc replies to requests and learns
from responses (no functional change)
- arp-proxy; checks against the proxy DB
arp-reply and arp-proxy are enabled when the interface is appropriately
configured.
Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Icd76769d841792eb2d59ffc23c557dcca9ddc580
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer
check, about three lines after it was needed.
Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add tooling for feature metadata configuration files.
The main tool is in src/scripts/fts.py
make checkfeaturelist to validate against schema.
make featurelist to dump all feature lists to stdout.
Example feature definition:
name: IP in IP tunnelling
maintainer: Ole Troan <ot@cisco.com>
features:
- IPv4/IPv6 over IPv4/IPv6 encapsulation:
- Fragmentation and Reassembly
- Configurable MTU
- Inner to outer Traffic Class / TOS copy
- Configurable Traffic Class / TOS
- ICMPv4 / ICMPv6 proxying
- 6RD (RFC5969):
- Border Relay
description: "Implements IP{v4,v6} over IP{v4,v6} tunnelling as
described in RFC2473. This module also implement the border relay of
6RD (RFC5969)."
state: production
properties: [API, CLI, STATS, MULTITHREAD]
missing:
- Tunnel PMTUD
- Tracking of FIB state for tunnel state
- IPv6 extension headers (Tunnel encapsulation limit option)
JSON schema is embedded in fts.py
Example markdown: https://github.com/otroan/scratch/blob/master/features.md
Change-Id: I903b4ee6b316a9378c259e86dc937092e5d4b7da
Type: make
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This patch enables bonding numa awareness on multi-socket
server working in active-backeup mode.
The VPP adds capability for automatically preferring slave
with local numa node in order to reduces the load on the
QPI-bus and improve system overall performance in multi-socket
use cases. Users doesn't need to add any extra operation as
usual.
Change-Id: Iec267375fc399a9a0c0a7dca649fadb994d36671
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
before and after:
ip4-load-balance 1.54e1
ip4-load-balance 1.36e1
p.s. Quad loops were not beneficial
Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
and document scaling
Change-Id: I65d8999e65616d77e525963c770d91e9b0d5e593
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
Neale Ranns
Neale Ranns
Ole Troan
Klement Sekera
Jon Loeliger
Nathan Skrzypczak
Guoao Sun
Filip Tehlar
Florin Coras
Matthew G Smith
Damjan Marion
mu.duojiao
Jakub Grajciar
Guillaume Solignac
Zhiyong Yang
Dave Barach