| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When adding an IPsec SA, ipsec_check_support_cb() is called. This
invokes a callback for AH and a callback for ESP to check if the
algorithms are supported.
When using AES-GCM on an ESP SA with the DPDK IPsec backend selected,
the AH callback fails. The DPDK IPsec backend has no AH support,
so the callback for the default OpenSSL backend is invoked. This
checks whether the crypto algorithm is AES-GCM and returns failure.
Only invoke the callback to check support for the IPsec protocol
of the SA - either AH or ESP rather than doing both.
Change-Id: Ic10be6a17b580d06ffb7e82ef5866e53a4f8b525
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I99c0737dfeeec2db267773625ddc9b55324fd237
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If2bbfbc52994f5de0879763e0b7a7864498debb6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Allows app to push data. Additionally, ensure reset/close replies are
not sent unless vcl closes the session.
Change-Id: Icbbf933cf57b55cfbcc7b802af0f83919a066f65
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
In addition to that, a bit of refactoring.
Change-Id: Iea1eabc2167bcdef185ec53bc09bae087c5398e6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: If538bb9d6fb489906099b727a7bfdb9d9af29402
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ia2241e963cf45765d8d17c65eea781edbf74d4f9
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie4cb08f5d9f7fd025f1a8ae610cebb0b0c315d9f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ic112180e53a55993b06ba18102202d6ac5854def
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
syn/fin are no longer added to seq_end so they must be considered
individually in each state.
Change-Id: I5e3047194101c4fca2db9f9ad29a4a6468c397ab
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
this is the case when the ADJ fib is in the non-forwarding trie
Change-Id: I7bcda475b3b1e142d16363147dba3a1e2c5a07f9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I90056176194cb2a144d49a3cb283653d8d30f051
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I21bdd8982d5f357590af8a2a0219bdebbaee4e74
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
coverity complains about fd leaking inside the if statement because there is
a goto which bypasses the statement close (fd).
The fix is to close (fd) immediately after it is no longer used.
Change-Id: Ic5035b07ec1f179ff3db77744843e47aa8067a3c
Signed-off-by: Steven <sluong@cisco.com>
|
|
- use http sessions to track communication with peer (as opposed to
using the raw sessions)
- for static server send ok message prior to sending data
- static server can now handle GET requests spread over multiple
packets. Good for testing http/tcp implementation.
Change-Id: I767a790de9a42e7087db5ce8eefd8efaf598c695
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5c1bc498f7299e175070eb288e40f8d037c9be3a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Also add the closed-waiting session state wherein the session still
allows the transport to send oustanding data.
Change-Id: Ic47807379906ef2010934381ff0b9e53c7e631d8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I4a811672b27c70bf0e9652c175c7f4168ec40ed7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I28e8a99b980ad343a4209e673201791b91ceab4e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id912bc570f42b1709596a917ecf5e56c237ce192
Signed-off-by: cohu <cong.hu@tieto.com>
|
|
Change-Id: Iaa39aea990bc04147f6a049215e990a567d30106
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I1f42644f143bb65ee764c0f869b402595126adac
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Iba7c08c9edcf76ea24d00d5ea9e0586e9f94df4e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This mostly adds explicit drops or resets for state and flag
combinations that would've been otherwise dropped with a warning
message.
It also adds some valid RST handlers.
Change-Id: Ib0d19a0939fe275befeb29cf072b87b1a79937ce
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Disconnect transport even if tx fifo is not empty and have transport
deal with the problem. In case of tcp, add timer to fin_wait_1. If it
expires and we're still in established state, cleanup but only after
waiting for session tx events to cleanup.
Change-Id: I45759a3c43dd096bb2c03daf5372416c30678d62
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ic35bbf55851087d70bfacc1eab4dea4285f98c86
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Also cleanup session table when transport closes and app didn't reply to
the close notification.
Change-Id: Ie3d518e3afff73437561561b46dbf695c24632ad
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I8dc261e40b8398c5c8ab6bb69ecebbd0176055d9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change the definition of vl_api_mac_address_t to an aliased type.
Change-Id: I1434f316d0fad6a099592f39bceeb8faeaf1d134
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: If109d6772cbd58f4f2a56ae7ec593639d1fa1b96
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ia8b2a077ba4897ddd15cf33221b191cd7a3f1d33
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I945d1644a23b6a3d50c9beaffc732d2b6facd974
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Iecdf0e5767115ef0570e9ea7212dc4644cf4afbd
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Also further improves reset handling.
Change-Id: I6e517632f700f181761726b965134e0c217eb06d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I00d7b38bd99e81e3921ce08cce50d613f11de36e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I7a48890c075826fbd8c75436dfdc5ffff230a693
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ibd7b1b13da0861f67e5e9e73bf6539199b3c82ea
Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
|
|
Change-Id: I6af2c8552aeafe0abc8b8c3e5af1a05640e95919
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Ib5a20bff7d8a340ecf50bcd4a023d6bf36382ba3
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I529c34235ad2b0e4c730959bb1b8c9d50a83738c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
[84/597] Building C object vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o
FAILED: ccache /usr/lib/ccache/cc -DWITH_LIBSSL=1 -Dvnet_EXPORTS -I/vpp/src -I. -Iinclude -march=corei7 -mtune=corei7-avx -g -O2 -DFORTIFY_SOURCE=2 -fstack-protector -fPIC -Werror -fPIC -Wno-address-of-packed-member -Wall -MMD -MT vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o -MF vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o.d -o vnet/CMakeFiles/vnet.dir/ip/ip_types_api.c.o -c /vpp/src/vnet/ip/ip_types_api.c
/vpp/src/vnet/ip/ip_types_api.c: In function 'ip_address_union_encode':
/vpp/src/vnet/ip/ip_types_api.c:70:13: error: incompatible type for argument 1 of 'memcpy'
memcpy (out->ip6, &in->ip6, sizeof (out->ip6));
^
In file included from /usr/include/string.h:635:0,
from /vpp/src/vppinfra/string.h:55,
from /vpp/src/vppinfra/mem.h:55,
from /vpp/src/vppinfra/vec.h:42,
from /vpp/src/vppinfra/error.h:53,
from /vpp/src/vppinfra/hash.h:41,
from /vpp/src/vnet/ip/ip.h:43,
from /vpp/src/vnet/ip/ip_types_api.h:23,
from /vpp/src/vnet/ip/ip_types_api.c:16:
/usr/include/x86_64-linux-gnu/bits/string3.h:50:42: note: expected 'void * restrict' but argument is of type 'vl_api_ip6_address_t {aka struct _vl_api_ip6_address}'
__NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
^
/vpp/src/vnet/ip/ip_types_api.c:72:13: error: incompatible type for argument 1 of 'memcpy'
memcpy (out->ip4, &in->ip4, sizeof (out->ip4));
^
In file included from /usr/include/string.h:635:0,
from /vpp/src/vppinfra/string.h:55,
from /vpp/src/vppinfra/mem.h:55,
from /vpp/src/vppinfra/vec.h:42,
from /vpp/src/vppinfra/error.h:53,
from /vpp/src/vppinfra/hash.h:41,
from /vpp/src/vnet/ip/ip.h:43,
from /vpp/src/vnet/ip/ip_types_api.h:23,
from /vpp/src/vnet/ip/ip_types_api.c:16:
/usr/include/x86_64-linux-gnu/bits/string3.h:50:42: note: expected 'void * restrict' but argument is of type 'vl_api_ip4_address_t {aka struct _vl_api_ip4_address}'
__NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
^
/vpp/src/vnet/ip/ip_types_api.c: At top level:
cc1: error: unrecognized command line option '-Wno-address-of-packed-member' [-Werror]
cc1: all warnings being treated as errors
[84/597] Building C object vnet/CMakeFiles/vnet.dir/ip/ip4_forward.c.o
ninja: build stopped: subcommand failed.
Makefile:691: recipe for target 'vpp-build' failed
make[1]: *** [vpp-build] Error 1
make[1]: Leaving directory '/vpp/build-root'
Makefile:394: recipe for target 'test' failed
make: *** [test] Error 2
DBGvpp# show cpu
Model name: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz
Microarchitecture: Haswell (Crystalwell)
Flags: sse3 ssse3 sse41 sse42 avx avx2 aes invariant_tsc
Base frequency: 2.49 GHz
DBGvpp# show version verbose
Version: v19.01-rc0~447-g3be662f
Compiled by: vagrant
Compile host: vpp
Compile date: Mon Dec 10 14:55:24 PST 2018
Compile location: /vpp
Compiler: GCC 5.4.0 20160609
Current PID: 14104
Change-Id: I6ff03bc5ad1c3517256e244b6986e9a1507a3349
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Change-Id: I6f877be6b3a1ef7100607560d430400bb824b6ba
Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
|
|
Change-Id: I7219a8d315b312812acafd9d2709fba8b4a2a679
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ifc0584d781efc30904069ea17c0afbb68c49c442
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
For tcp this means that the last enqueued data goes out with a psh bit
set.
Change-Id: I29d357ecae6f02e748b59a7b799150ec73d14ba2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I0470b4b13095583fe018f565f100342fab45715e
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Reverse the polarity on test to determine if old SA session
deletion succeeded. 0 == success, not failure.
Change-Id: I499cb04c7f13165e6c92367d4385057b77fe3836
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
ipsec4-output and ipsec6-output were conflicting with ipsec
interface names ("ipsec<id>") and vnet/interface.c autogenerated
output node ("<ifname>-output").
Changing feature names seems to be the less invasive option.
This patch also changes "input" feature names for consistency.
Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
This patch adds a configuration parameter to IPSec tunnels, enabling
custom FIB selection for encapsulated packets.
Although this option could also be used for policy-based IPSec,
this change only enables it for virtual-tunnel-interface mode.
Note that this patch does change the API default behavior regarding
TX fib selection for encapsulated packets.
Previous behavior was to use the same FIB after and before encap.
The new default behavior consists in using the FIB 0 as default.
Change-Id: I5c212af909940a8cf6c7e3971bdc7623a2296452
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: I7893a8fd5b3e15063675597c0e9bd1cd0b49ef0e
Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
|
Matthew Smith
Klement Sekera
Damjan Marion
Florin Coras
Neale Ranns
Steven
cohu
Ole Troan
Pavel Kotucek
Paul Vinciguerra
jackiechen1985
Zhiyong Yang
Pierre Pfister