summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-04-14session: drop lock on segment allocation error VPP-1644Florin Coras1-12/+9
Change-Id: Ib346570daa3e40f4f53100a05e9355ce60d533a4 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit bbf923fb52e8a9062ef4d740288cf5547c4dbde4)
2019-04-14IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns3-7/+6
hard code IV and key lengths based on cipher. Init IV from random data, use AES instruction to rotate. Change-Id: I13a6507d12267b823c528660a903787baeba47a0 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 21ada3bd7e9bc5cca7c2c8399adcbaa044bf8103)
2019-04-10crypto: Intel IPSEC-MB engineNeale Ranns2-2/+13
A plugin to use Intel IPSec MB library as a VPP crypto engine This changes uses concepts from: https://gerrit.fd.io/r/#/c/17301/ hence that author's work is acknowledge below Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-10ethernet: fix packet tracingBenoît Ganne1-1/+1
Node tracing condition was wrongly reversed by commit "5ecd5a5d15 Move pcap rx/tx trace code out of the dpdk plugin". This prevented packet tracing in ethernet-input node and also impacted performance in the no tracing case. Change-Id: I345a11191d027c6c4ec474a2901995338050680a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-10IPSEC: for each engine and algorithm testsNeale Ranns1-1/+1
refactor the IPSEC tests a bit so we can parameterise the setup. Change-Id: I777e5eb8f29ca1dce3dd273ebd05dae5846790af Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-10session: binary api app names as vectorsFlorin Coras1-2/+2
Change-Id: Iae358365de8ccbc0441b14f21ba6b365cbfec09a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-10API: Fix shared memory only action handlers.Ole Troan6-195/+86
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-10IPSEC: remove double byte swap of IP addressesNeale Ranns1-18/+10
Change-Id: I8c03c4aa90fb0056e11e0f234999c25d7839d759 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-10Make tcp/udp/icmp compute checksum safer for buffer-chain caseJohn Lo2-2/+2
Change-Id: I046e481a67fbeffdaa8504c8d77d232b986a61ee Signed-off-by: John Lo <loj@cisco.com>
2019-04-09session: fix session flagsFlorin Coras2-5/+2
Change-Id: I681169b82c661b7f0bf19f09d07d76ac1d3ed173 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-08fixing typosJim Thompson32-45/+45
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-04-08virtio: Fix the coverity warningsMohsin Kazmi1-6/+11
Change-Id: I7c6e4bf2abf08193e54a736510c07eeacd6aebe7 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-08IPSEC TEST: various hash alogrithmsNeale Ranns1-1/+1
Change-Id: I925aa5bf9472e81f98072d63df499b19e6ddf43d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-08host stack: update stale copyrightFlorin Coras28-28/+28
Change-Id: I33cd6e44d126c73c1f4c16b2041ea607b4d7f39f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-08minor spelling errors (both in comments)Jim Thompson2-2/+2
Change-Id: I9282a838738d0ba54255bef347abf4735be29820 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion12-150/+272
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-07http_server: add timer wheel for session cleanupFlorin Coras1-29/+141
Change-Id: I494a6a7f4818a224376ec9150cff3872a3aec659 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-07crypto: coverity issuesDamjan Marion1-1/+1
Change-Id: I9db1b74097c9df587b9265b14a969d347bcb731a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-06Pipe: fix double count on TX (TX counting is done in interface-output)Neale Ranns1-11/+1
Change-Id: I550313a36ae02eb3faa2f1a5e3614f55275a00cf Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-05session: fix app name formattingFlorin Coras1-2/+2
Change-Id: Iea88ce5f6628e131e507ba45a3dbb2de7e6c1498 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-05fix pcap_trace cli output issueJack Xu1-2/+4
Change-Id: Ia2be56e198c960788430705b356170f8cc12c450 Signed-off-by: Jack Xu <jack.c.xu@ericsson.com>
2019-04-05IPSEC: punt reasons; SPI=0, no-tunnelNeale Ranns5-13/+155
Change-Id: If76992e283a27fa193a6865257ab3aa764066e48 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-05tcp: do not delete session on establish popFlorin Coras5-31/+59
Also: - force reset if wait close pops in fin-wait-1 with unsent data - adds more event logging. Change-Id: I4ddada046214fa71e17514cdec57b3026f84a283 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-04session: fix http server rpc to mainFlorin Coras1-8/+9
Change-Id: I3e3820da5a9de97070bceecd3ea53b5351654319 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-04tcp: properly validate acks between snd_nxt and una_maxFlorin Coras1-2/+4
Change-Id: I37af3cb5fe3fe8556acbf8350f88663dca9ca8a9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-04ipsec: trunc_size -> icv_sizeDamjan Marion9-15/+15
Change-Id: Idb661261c2191adda963a7815822fd7a27a9e7a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04crypto: pass multiple ops to handlerDamjan Marion1-6/+41
Change-Id: I438ef1f50d83560ecc608f898cfc61d7f51e1724 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04tcp: shorten wait in fin-wait-1 with fin rcvdFlorin Coras3-9/+18
Change-Id: Ifddc32ab3da0e691ac3df74ff26e19f6fa00fef7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-03lacp: passive mode support [VPP-1551]Steven Luong1-1/+28
By definition, passive mode means the node does not start sending lacp pdu until it first hears from the partner or remote. - Rename ptx machine's BEGIN state to NO_PERIODIC state. - Put periodic machine in NO_PERIDOIC state when the interface is enabled for lacp. ptx machine will transition out of NO_PERIODIC state when the local node hears from the remote or when the local node is configured for active mode. - Also add send and receive statistics for debugging. Change-Id: I747953b9595ed31328b2f4f3e7a8d15d01e04d7f Signed-off-by: Steven Luong <sluong@cisco.com>
2019-04-03IPSEC: correctly size per-thread dataNeale Ranns1-1/+1
Change-Id: Idfc05cd0e09b50a26eaf747b7c49f720b009159a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-03virtio: Add support for multiqueueMohsin Kazmi7-88/+493
Change-Id: Id71ffa77e977651f219ac09d1feef334851209e1 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-03IPSEC: show CLI improvementsNeale Ranns4-31/+208
Change-Id: I48a4b0a16f71cbab04dd0955d3ec4001074b57ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-03GBP: iVXLAN reflection checkNeale Ranns3-4/+26
packets should not egress on an iVXLAN tunnel if they arrived on one. Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-03session: fix cli for sessions in created stateFlorin Coras1-1/+2
Change-Id: Ie154afdc20000b905ff71e39823154db4d23eea4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-03session: do not enable pre-input node with 0 workersFlorin Coras1-0/+3
Change-Id: I5c9e27b664ff1a8a74a6c1388f98af63571db7a5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02session: remove session logic from io rx evt senderFlorin Coras1-6/+1
Change-Id: I54fff6986ea6455aff25e0cf1b83117860859e10 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02session: use app cb function wrappersFlorin Coras6-20/+19
Change-Id: I77ad9eb4d4c7699397aa4be6a973ef37c60db4c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02tcp: improve rcv process ack processingFlorin Coras6-69/+87
- Avoid doing cc in closing states. - Rest connections closed with unread data Change-Id: I97d46b0459f03ea5439eeb0f233b6c17d3e06dfd Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02lisp: use crypto lib instead of openssl directlyFilip Tehlar1-25/+43
Change-Id: I9667ed16939dede55b24959045737742d1c7c449 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-04-02IPSEC: tunnel scaling - don't stack the inbould SANeale Ranns4-19/+15
Change-Id: I0b47590400aebea09aa1b27de753be638e1ba870 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-02IPSEC: remove pointless feature orderingNeale Ranns1-4/+2
Change-Id: Ic1b657794d23cb4d1664fc749ad2468339e376df Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29SPAN: Add pending frame on current thread, not on mainIgor Mikhailov (imichail)1-6/+5
Previously, all frames were put for next node on the main thread, even if the execution was happening on a worker thread. Also, refactor to use API function vnet_get_main() Change-Id: Ibefb1b3871563a78aa30352a37b9216537e15bf7 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2019-03-29Minor bug fixesDave Barach1-7/+21
Drop the session reader lock across vlib_process_suspend(...) calls. Fix the debug CLI command. Change-Id: Ic0266dda1fdfa90971f2cb935248941317c01205 Signed-off-by: Dave Barach <dave@barachs.net>
2019-03-29IPSEC-GRE: fixes and API update to common types.Neale Ranns18-158/+139
Change-Id: Icdcbac7453baa837a9c0c4a2401dff4a6aa6cba0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29Integrate first QUIC protocol implementationNathan Skrzypczak6-3/+31
Currently supports on single stream exposed through standard internal APIs Based on libquicly & picotls by h2o Change-Id: I7bc1ec0e399d1fb02bfd1da91aa7410076d08d14 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-29BVI: coverity error fixNeale Ranns1-1/+1
Change-Id: Idc1e1747035638777240b7ea9afcf675b22be7f1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29ipsec: esp-decrypt reworkDamjan Marion4-210/+306
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29IPSEC: tunnel fragmentationNeale Ranns2-0/+13
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29tcp: remove sent rcv wnd 0 flagFlorin Coras3-13/+2
Change-Id: If6c672d1caa8884eb5d819311606a79a3de81200 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-29dhcp: only register UDP ports that are neededMatthew Smith3-12/+21
When configuring a DHCP client, both the UDP ports for DHCP client and server are registered. Packets to the server port end up being dropped unless you have also configured a DHCP proxy. This breaks a common home/office gateway use case where the WAN interface gets configured using a DHCP client and devices attached to a LAN interface attempt to configure themselves using DHCP. If you try to punt to an external DHCP daemon to handle the LAN client requests, the packets never make it to the external daemon because of the server port being registered. Modify dhcp_maybe_register_udp_ports() to accept a parameter that controls which ports get registered. For a DHCP client, only the client port is registered. For a DHCP proxy, both client and server ports are registered. Change-Id: I2182d9827e4c7424b03ebb94952c3d2dc37abdb6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>