Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
|
|
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
|
|
Use udp transport refcnt instead of local port refcnt when accepting new
connections.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
|
|
Type: improvement
Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tuntap requires porting on FreeBSD, only build on Linux for now.
Type: improvement
Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tap requires some porting on FreeBSD, while we wait for those changes
only build tap on Linux.
Type: improvement
Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Fix instances where timers are reset after programming fin.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
|
|
UDP transport port refcount is incremented even if port is shared. So
decrement it, by unregistering, whener udp connections are cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
|
|
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
__unused is a clang keyword, this struct member will trip the build when
using clang. Instead call the unused padding 'pad' which should be clear
to the purpose if not the usage.
Type: improvement
Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Add vlib_worker_wait_one_loop prior to invoking dpo_reset
upon uninstalling a fib entry to avoid contention with DP.
Type: fix
Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
show udp transport ports
Dumps list of ports registered by udp transport, as opposed to udp
local, and their refcount.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
|
|
Session lookup tables could be allocated from workers, e.g., connects
are done from first worker. Make sure consumers are not affected by
stopping workers.
Type: fix
Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Set the flag in tls framework as opposed to tls engines. This is similar
to passive close.
Type: improvement
Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
the error node is set to ip6_input in the inline funcition
associated with ip6_rewrite. Thus, error counters defined
for node ip6 rewrite are never used.
Type: fix
Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0afd1b9ddbc17825aab3bfa3e5f9c6c0fbc561ca
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
|
|
Avoid situations when notifications are delayed for long enough for
transports to start closing/cleaning up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
|
|
debug+asan build will fail on initialisation when loglevel==debug
Type: fix
Fixes: 1cd0e5dd533f4209dde453eaa43215e52cd42985
Change-Id: I2005ebf9b95ec3b753c4e6d29337be460c77ffed
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
|
|
Type: fix
Change-Id: Icdc9d1c8b7b29827ce17920dae64a365bb8a4e40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I9c48b163f174b824df1a76e75c272dc985386bf2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
One less pointer chase when accepting sessions.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
|
|
Adds support for connectionless listener port reuse. Until now, cl
listeners had fifos allocated to them and therefore only one app worker
could ever listen, i.e., a session cannot have multiple fifos.
To circumvent the limitation, this separates the fifos from the listener
by allocating new cl sessions for each app worker that reuses the app
listener. Flows are hashed to app worker cl sessions but, for now, this
is not a consistent/fixed hash.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia98556e7ae61547cf153c78ec085cd4248bee74a
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0bb6aba26f1cd974d6bb3b5fe6234aacfee0d30c
|
|
Incase the ack for the fin is lost twice or want to dup ack
packets with incorrect ack/seq # at different times and
session state is already closed, this fifo event is set for
the first ack that went out and prevents queuing of further events.
Type: fix
Change-Id: I102019fca26918a51e055a751db7209011bd43ad
Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
|
|
Change-Id: Ia9fa6fab6288b4d0876022e72bf4f49bd00a19d2
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch allows the formatting of deleted Load-balancer
objects. This is needed in the case a trace references a DPO
that went away in the interim.
Type: improvement
Change-Id: I6d67519b8d62f69aafde3c8fe3065bc85a7adbde
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
In the API there is a difference between enum and enumflags.
The latter one allowing multiple set entitires, while enum
only allows one.
Type: fix
Change-Id: I5db88c15c85fc6c7130b7b35febcd1ea02ef8f76
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Type: improvement
Change-Id: Iebf9ee8275a92e962679e3d0d22d33ed0bd8b3ab
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0e58bb970d371818217390d451cf26925b04970f
|
|
Change-Id: I7ac5693ca547fe7249e7b6297bade70a6052b169
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
If ho cleans up on first worker before owner of established session
receives connected notification, the ho session is prematurely cleaned
up.
Wait for established ctx to be allocated before freeing ho.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
|
|
Type: feature
Change-Id: I7b29c71d3d053af9a53931aa333484bf43a424ca
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Signed-off-by: BenoƮt Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I7972f595444eacdb020f3fa2a60331c40766fc0b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch prevents the sw interfaces format
function to fail when the interface was deleted.
It also prints the swifindex alongside the 'DELETED'
keyword.
Printing deleted swifindex should not happen, but it is still
helpful to have these safeguards for troubleshooting in the case
invariants get corrupted (e.g. fib entry refcounts, ...)
Type: improvement
Change-Id: I66711049db2eebe0ad17e37c3a260ac81d1e5134
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The hit_count does not implement the corresponding processing logic, and here the missing is fixed
Type: fix
Fixes: missing
Change-Id: I04a8e11d6b48c2a15c371cbeb2467fa89a9d82bb
Signed-off-by: yanlong <dyl_wlc@163.com>
|
|
Type: improvement
Change-Id: I2acab04ddb6a46a637ed17c683fb37ed7bce3df6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Coverity report.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3ce06634b30688d2a9581b50d462092daa8b4cac
|
|
Type: fix
Change-Id: I982ef624226807d7c263e3ff83c108f7d31f61f1
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
|
Checkstyle also forces the new indentation.
Type: fix
Fixes: ddf6cec37027547ff7cc61e15bb8080664d41514
Change-Id: Ife96928d6ca30ba94e1c423d557d6ed9d68eca2b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
With socket api, applications should not expect reply after worker del
msg. VCL in particular closes the socket after it enqueues the message.
Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
|
|
We might have less than 1 mss when attempting write but more after
write, as application could be actively enqueuing more data. Relax
assert.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I54a83c4460f8e022a88758f0ebd7828df711dbb9
|
|
Type: fix
Fixes: 38c6191
Change-Id: I7760947986dc56236f2494fb1c8c238321489ef6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|