Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: feature
First cut implementation with limited testing. The feature is not
enabled by default and the expectation is that cc algorithms will enable
it on demand.
Change-Id: I92b70cb4dabcff0e9ccd1d725952c4880af394da
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Also reformats and fixes some of the tests.
Change-Id: I074c677fd9b28e192f72a2db32f6f2dbda9a314f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I9a5c2abfd0c5444b31d9020cea918f9cd28f1ac2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type:refactor
Change-Id: I114fea3a54258797e961d8627a99ba2098674d20
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Print the SPI in hexadecimal and decimal.
Type: feature
Change-Id: I012e94f9147058064e06c6bb4622ab6b6507957d
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
|
|
requested alogrithm.
Type: feature
Change-Id: I19a9c14b2bb52ba2fc66246845b7ada73d5095d1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
This was causing issues in QUIC when an app client & the protocol
app compete for the worker msg_queue. Might not be ideal performance-
wise.
Change-Id: I629892253d5b5d968f31ad1d56f18463e143d6b4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: Ia3d9a47679202c2a47cd3746b50e86c6b8627ef6
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
-Migrate tests to api and cleanup:
'# FIXME this should be an API call' in tests.
Type: feature
Change-Id: I715f9f8acc0f2af9c974ea221b2aea46692a6218
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type:feature
Change-Id: I0b72954a6ae6a05abe0761cb4f227072863f127b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The copying of the first segment copied too small amount of data.
The copying of the second and subsequent segments used the wrong
data offset - for the case of GSO enabled it starts from 12 bytes
earlier.
Change-Id: I3adc532c175babc1ca1e121c7e12e6cafbdb9974
Type: fix
Ticket: VPP-1700
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: refactor
Change-Id: Id68c5ae6d57df0fc556bbf583a66e538e641ffb1
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Return VNET_API_ERROR_INVALID_VALUE intead of 1.
Type: fix
Change-Id: Ie5465cad9ca07b9147306a808e8b13d0c4867913
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Fixes: 8389fb9
Change-Id: I31076db78507736631609146d4cca28597aca704
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
This patch adds support to configure host mtu size using
api, cli or startup.conf.
Type: feature
Change-Id: I8ab087d82dbe7dedc498825c1a3ea3fcb2cce030
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Change-Id: I492b6e88acadf0ab0e4d7b1c0c5d1cab84c1726f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: style
Change-Id: I81c281c7277dbaea499f3072e01e7f59bf646825
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Use proper length for copying l2 layer in ah encrypt code. Previously
code assumed that there is alywas just one ethernet header preceding IP
header, which might not be true always.
Change-Id: I176fd93b25cf1b9d9c2dc4e420ad48a94d5f4fb8
Ticket: VPP-1539
Type: fix
Fixes: N/A
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
ASSERT (b[0]->current_length > 0) fails in single loop of
function vnet_interface_output_node_inline_gso.
Under 'do_segmentation' condition, there are two places in code
which execute "continue" in while-loop without incrementing the
pointer to next buffer which is wrong behavior. In fact, at one
place, current buffer is also freed. In which case, during next
iteration buffer ptr still points to free buffer which current
length is 0 and triggers the above assert.
Type: fix
Change-Id: Ic9d540748c1d00a54e18acc2b0f23730728d7460
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
rw_len (MPLS rewrite string length) is declared as unsigned but is used
as -rw_len with vlib_buffer_advance(), resulting in a wrong, huge
offset.
Type: fix
Fixes: 734d430f37251bc7e71d507983ee640ae1625fbe
Ticket: VPP-1705
Change-Id: I7357249f7e50b7d30fd61f5be4858a26e43df85d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
dequeue_notify callback at app-layer needs to know available space in fifo,
so, session_dequeue_notify should be called after svm_fifo_dequeue_drop
Change-Id: I136675d29ec32bea9b33a05deb6710f72ce8d5b1
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|
|
Type: feature
Change-Id: If9804d3685d2a52efa06e412ae1ebb39c6a44b8b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
please consult the new tunnel proposal at:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Enhance the route add/del APIs to take a set of paths rather than just one.
Most unicast routing protocols calcualte all the available paths in one
run of the algorithm so updating all the paths at once is beneficial for the client.
two knobs control the behaviour:
is_multipath - if set the the set of paths passed will be added to those
that already exist, otherwise the set will replace them.
is_add - add or remove the set
is_add=0, is_multipath=1 and an empty set, results in deleting the route.
It is also considerably faster to add multiple paths at once, than one at a time:
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.11
100000 routes in .572240 secs, 174751.80 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.12
100000 routes in .528383 secs, 189256.54 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.13
100000 routes in .757131 secs, 132077.52 routes/sec
vat# ip_add_del_route 1.1.1.1/32 count 100000 multipath via 10.10.10.14
100000 routes in .878317 secs, 113854.12 routes/sec
vat# ip_route_add_del 1.1.1.1/32 count 100000 multipath via 10.10.10.11 via 10.10.10.12 via 10.10.10.13 via 10.10.10.14
100000 routes in .900212 secs, 111084.93 routes/sec
Change-Id: I416b93f7684745099c1adb0b33edac58c9339c1a
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Previous use of strndup() required user to remember to call free().
Now return a vector pointing directly to the API message string.
Of course user must remember to copy the string out if lifetime
is longer than API message lifetime.
Change-Id: Ib5e2b3d52d258e1a42ea9ea9a9e04abbe360e2bf
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
This change is made fix a crash, because is_feature flag semantics turn
out to be different from "custom app code" semantics. Introduce a flag
which custom plugins/apps can use to instead of tying that code to
is_feature flag.
Change-Id: Ief5898711e68529f9306cfac54c4dc9b3650f9e3
Ticket: N/A
Type: fix
Fixes: 21aa8f1022590b8b5caf819b4bbd485de0f1dfe5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Two codes diverged in the packet processor
And sorry I could not use them both
Long I stood being but one developer
And studied one as far as I could
To where the code said bitwise OR
Then took the other, as just could see,
And having perhaps the better bit,
Because it followed the RFC
And used the cryptic XOR in C,
Had run them both a fair bit.
And both equally ran that morning
With packets dropped and flowing.
Oh, I flagged the first for dropping!
Yet knowing bug leads to debuging
I hoped I'd never be returning.
I shall be commiting this with a sigh
Somewhere ages and ages hence:
Two codes diverged by a bit, and I,
I made the packets flow on by,
And that has made all the difference.
Type: fix
Change-Id: If2698726d5501fde76211994f8efc37119345352
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
An SA can be used only for ESP or AH nver both, so it needs only one
coresponding DPO.
Type: refactor
Change-Id: I689060f795ee352245a0eaed0890a6b234c63d71
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
rather than SRC/DST address error which is not so helpfull
Type: fix
Fixes: af3f0783
Change-Id: Ie2143e4e29de87d93e79bd96284c041bdbffd98e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: refactor
Change-Id: I97fa59a0ba0b6b7a98698926020ffffcf6ae6ba3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Fixes: 8d7c502002
Change-Id: Ia6de250f20200c17937d9d7b2aab17ccd81d7823
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
encapped SPI-0 packets
Type: fix
Fixes: b71fa75d48
Change-Id: I2d81b373f7659e702759939c096b315afa36f621
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 6407ba56
Change-Id: I6d3ce68962986921e04aa00c989d8afa157ebcb8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 999c8ee6d6
Change-Id: Idcdddbe45f2e0adfd375b07199bb30f77c28702d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
vpp would fail 'tcp_in_fastrecovery (tc)' if tcp_connection_get returns 0.
Change-Id: I512cba5234b3777f1737bec9451940e7e7975f15
Signed-off-by: Guoao Sun <guoao.sun@intel.com>
|
|
This patch refactors AH decrypt node in such way that it calls crypto
backend only once per node call.
Type: refactor
Change-Id: I0dc72ff699042a151e64d44f76f791c5136ec009
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: refactor
Change-Id: I421750147a8a821bd0b522daf6c2b7239e551f12
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Use tcp_available_cc_snd_space instead of sack scoreboard
last_delivered_bytes to estimate available space when retransmitting
with no sack support
Change-Id: I938c637279eaf8c5634c4e97f0633fa2d0054fac
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ia73cbe2fba0a364d966daed0b5d5d2ac7499f86d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I83e21b508a19df1beb207d961c8f2b52347deca0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I6933205cfb04bc31cabe6e3b1a8044cace93f84c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Per rfc793, in window syns for established connections should lead to
connection resets. As a mitigation for blind reset attacks, rfc5961
requests that such syns be replied to with challange acks.
Change-Id: I75e4972bbb515e48d9cf1bda32ea5d9891d670f0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: Ia8af6a62a2be2265bc42955d90e8c2222bdb8f50
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I54521078cf96e459d041c86297c6ca80045bf0a3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Idf0b2e16b2e7d126940bb38c7983d6784b5bfdc8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib489922af246b7dc3e770a57e51b87a2568a014d
Type: fix
Fixes: b71fa75d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
2.77e1 v. 2.81e1
Type: performance
Change-Id: I896ec77818603f17aaa622073dafc626570326f1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
there's no use case to just change the key of an SA. instead the SA
should be renegociated and the new SA applied to the existing SPD entry
or tunnel.
the set_key functions were untested.
Type: refactor
Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0036c216b79afb66b982b1b6a7e81f738f3b61dc
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: Id6b2c2321c5f1d56e7cfab24a7c1641b38e94e19
Type: refactor
Signed-off-by: Ole Troan <ot@cisco.com>
|