summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-04-02lisp: use crypto lib instead of openssl directlyFilip Tehlar1-25/+43
Change-Id: I9667ed16939dede55b24959045737742d1c7c449 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-04-02IPSEC: tunnel scaling - don't stack the inbould SANeale Ranns4-19/+15
Change-Id: I0b47590400aebea09aa1b27de753be638e1ba870 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-02IPSEC: remove pointless feature orderingNeale Ranns1-4/+2
Change-Id: Ic1b657794d23cb4d1664fc749ad2468339e376df Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29SPAN: Add pending frame on current thread, not on mainIgor Mikhailov (imichail)1-6/+5
Previously, all frames were put for next node on the main thread, even if the execution was happening on a worker thread. Also, refactor to use API function vnet_get_main() Change-Id: Ibefb1b3871563a78aa30352a37b9216537e15bf7 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2019-03-29Minor bug fixesDave Barach1-7/+21
Drop the session reader lock across vlib_process_suspend(...) calls. Fix the debug CLI command. Change-Id: Ic0266dda1fdfa90971f2cb935248941317c01205 Signed-off-by: Dave Barach <dave@barachs.net>
2019-03-29IPSEC-GRE: fixes and API update to common types.Neale Ranns18-158/+139
Change-Id: Icdcbac7453baa837a9c0c4a2401dff4a6aa6cba0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29Integrate first QUIC protocol implementationNathan Skrzypczak6-3/+31
Currently supports on single stream exposed through standard internal APIs Based on libquicly & picotls by h2o Change-Id: I7bc1ec0e399d1fb02bfd1da91aa7410076d08d14 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-29BVI: coverity error fixNeale Ranns1-1/+1
Change-Id: Idc1e1747035638777240b7ea9afcf675b22be7f1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29ipsec: esp-decrypt reworkDamjan Marion4-210/+306
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29IPSEC: tunnel fragmentationNeale Ranns2-0/+13
Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-29tcp: remove sent rcv wnd 0 flagFlorin Coras3-13/+2
Change-Id: If6c672d1caa8884eb5d819311606a79a3de81200 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-29dhcp: only register UDP ports that are neededMatthew Smith3-12/+21
When configuring a DHCP client, both the UDP ports for DHCP client and server are registered. Packets to the server port end up being dropped unless you have also configured a DHCP proxy. This breaks a common home/office gateway use case where the WAN interface gets configured using a DHCP client and devices attached to a LAN interface attempt to configure themselves using DHCP. If you try to punt to an external DHCP daemon to handle the LAN client requests, the packets never make it to the external daemon because of the server port being registered. Modify dhcp_maybe_register_udp_ports() to accept a parameter that controls which ports get registered. For a DHCP client, only the client port is registered. For a DHCP proxy, both client and server ports are registered. Change-Id: I2182d9827e4c7424b03ebb94952c3d2dc37abdb6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-03-29tcp: improve updating of rcv wndFlorin Coras1-10/+7
Change-Id: I0b8a311979d3ccd15f3854e7ac44ca9951dc6ce4 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28crypto: add vnet_crypto_op_init (...)Damjan Marion4-6/+14
Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESNDamjan Marion8-14/+14
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28Punt InfraNeale Ranns4-9/+45
A punt/exception path that provides: 1) clients that use the infra 2) clients can create punt reasons 3) clients can register to recieve packets that are punted for a given reason to be sent to the desired node. 4) nodes which punt packets fill in the {reason,protocol} of the buffere (in the meta-data) and send to the new node "punt-dispatch" 5) punt-dispatch sends packets to the registered nodes or drops Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28ipsec: anti-replay code cleanupDamjan Marion4-171/+143
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28session: remove unused tx context fieldFlorin Coras1-1/+0
Change-Id: I4a119937842eb188f5e5a7706cbe70e91ae4def8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28Add RDMA ibverb driver pluginBenoît Ganne2-10/+13
RDMA ibverb is a userspace API to efficiently rx/tx packets. This is an initial, unoptimized driver targeting Mellanox cards. Next steps should include batching, multiqueue and additional cards. Change-Id: I0309c7a543f75f2f9317eaf63ca502ac7a093ef9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-28session: cap max burst to a constantFlorin Coras1-17/+2
Change-Id: I1919d3844936486f04f2bfde24dc7e0d9121927a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28VXLAN-GBP: format flags in encap traceNeale Ranns1-2/+3
Change-Id: I561fd187b4865345f3bff86b3d6e67b0f0e97557 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28tcp: remove unused buffer flagsFlorin Coras2-23/+0
Change-Id: I86e71f32dee3cc48f680e6432a96caef0a7f66a1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-28IPSEC: 4o6 and 6o4 for tunnel interfacesNeale Ranns1-2/+4
Change-Id: I4d3ba18ab5205317219989de55b6e50d3b1d8a79 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28IPSEC: fix build breakage from ships in the night mergesNeale Ranns1-2/+6
Change-Id: Iec7da9adc970d005cd7d3d42839b5e51b0b5f5c3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28IPSEC: run encrpyt as a feautre on the tunnelNeale Ranns7-156/+331
Change-Id: I6527e3fd8bbbca2d5f728621fc66b3856b39d505 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra49-113/+113
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-27GBP: fixes for l3-out routingNeale Ranns2-1/+32
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion13-96/+140
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27tcp: add cc algo lookup tableFlorin Coras2-7/+17
Change-Id: Ie7be0136c182cdc35193e47dd3249153c2f8d65e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-26FIB: do debug before remvoing last sourceNeale Ranns1-2/+2
Change-Id: I4e1cde754eb4d6406cd6cd51f37d89552bdb6a53 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26ADJ: midchain delegate to performing stackingNeale Ranns11-211/+267
this can be used by e.g. tunnels so it doesn't need to be implemented for each tunnel type. Change-Id: I0790f89aa49f83421612b35108cce67693285999 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26IPSEC: more expressive API errorsNeale Ranns3-8/+10
Change-Id: I517a7bdae03abfea58451819e7854974397d77f8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26crypto: add set crypto handler CLIFilip Tehlar3-8/+135
Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-26ip6-rewrite: bug fix buffer->error in dual loopKingwel Xie2-5/+24
error should be recorded in buffer so that process-error-punt can handle them correctly Per Damjan's comments, move counter to under else clause of last error0==NONE check. Both v4 and v6 are changed. Change-Id: I707c7877ccb12589337155173fc4a5200b42ee93 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-03-26ipsec: esp-encrypt reworkDamjan Marion7-242/+398
Change-Id: Ibe7f806b9d600994e83c9f1be526fdb0a1ef1833 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-26Convert GRE nodes to new buffer APIs and multiarchBenoît Ganne2-618/+470
Change-Id: I3b3c8333287bb704ac7b0bbc81b3dbb059e8d2ac Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26Simplify adjacency rewrite codeBenoît Ganne4-172/+33
Using memcpy instead of complex specific copy logic. This simplify the implementation and also improve perf slightly. Also move adjacency data from tail to head of buffer, which improves cache locality (header and data share the same cacheline) Finally, fix VxLAN which used to workaround vnet_rewrite logic. Change-Id: I770ddad9846f7ee505aa99ad417e6a61d5cbbefa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26IPSEC: improved policy deleteNeale Ranns1-13/+9
Change-Id: Icdf51b094c34725c079d2e4acbb955744434302d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25tls: make first segment and fifo size configurableFlorin Coras2-5/+14
Change-Id: I6169ebdd3ac2d5d77fd2e12068c8aab6d8072c03 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-25IPSEC tests fnd fix or Extended Sequence NumbersNeale Ranns3-15/+14
Change-Id: Iad6c4b867961ec8036110a4e15a829ddb93193ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-25UDP: Fix session registration in lookup tableAloys Augustin1-0/+4
This fixes a bug where packets could be sent but not received when opening an UDP connection. Change-Id: I0993dd806b277374232d551167970ab13a62dbf9 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-03-25Fix unformat proto UDPC / UDP conflictNathan Skrzypczak1-4/+4
Change-Id: I9161959536c37f6f730650c9c0058a41af8e7001 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-23tcp: make default mtu configurableFlorin Coras3-7/+10
Change-Id: I56d8d8d67d5590e24c1ddb54b0c63a2cb03798e1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipv6: vectorized ext header checkDamjan Marion2-10/+35
Change-Id: I454bb01153d1d0536c4a6fe36103e7721aad8cd1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22ADJ: more thorough link up checkNeale Ranns2-7/+22
Change-Id: I04dbfb914706b25fcc3bd6ee0d19cfdc810234ae Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-22tcp: improve handling of snd_nxtFlorin Coras4-124/+91
- avoid changing snd_nxt when doing fast retransmits - use snd_una_max only to keep track of the max seq number sent - simplify future ack testing Change-Id: I3580ad3aefe30128486c3375d0ac3f3f62c04c5e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-22ipsec: fix esn handlingDamjan Marion1-9/+5
Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-22IPSEC: test for packet drop on sequence number wrapNeale Ranns1-1/+2
Change-Id: Id546c56a4904d13d4278055f3c5a5e4548e2efd0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-21session/fifo: make event unset atomicFlorin Coras1-4/+6
Ensures that fifo cursize loads cannot be speculated to before the event unset. Change-Id: Ia7c20c510d58f26a8e9b82d3982c6d4143a3a4d6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-21BVI InterfaceNeale Ranns8-3/+509
a new dedicated BVI interface as opposed to [re]using a loopback. benefits: - removes ambiguity over the purpose of a loopback interface - TX node dedicated to BVI only functions. Change-Id: I749d6b38440d450ac5b909a28053c75ec9df946a Signed-off-by: Neale Ranns <nranns@cisco.com>