Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
If a tunnel interface has the crypto alg set on the outbound SA to
IPSEC_CRYPTO_ALG_NONE and packets are sent out that interface,
the attempt to write an ESP trailer on the packet occurs at the
wrong offset and the vnet buffer opaque data is corrupted, which
can result in a SEGV when a subsequent node attempts to use that
data.
When an outbound SA is set on a tunnel interface which has no crypto
alg set, add a node to the ip{4,6}-output feature arcs which drops all
packets leaving that interface instead of adding the node which would
try to encrypt the packets.
Change-Id: Ie0ac8d8fdc8a035ab8bb83b72b6a94161bebaa48
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I01f1cc53efc93b0a7bb588ea6db89a53c971a3f5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- this remove the need to iterate through all state when deleting an SA
- and ensures that if the SA is deleted by the client is remains for use
in any state until that state is also removed.
Type: feature
Change-Id: I438cb67588cb65c701e49a7a9518f88641925419
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
There's no call for an SPI-0 punt reason with UDP encap, since
it's only with UDP encap that the ambiguity between IKE or IPSEC
occurs (and SPI=0 determines IKE).
Enhance the punt API to dum ponly the reason requested, so a client
can use this as a get-ID API
Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
syslog structured data are stored as vectors not null-terminated
C-strings. Use '%v' instead of '%s'.
Type: fix
Fixes: b4515b4be4
Change-Id: Iba224f271c832daca90d4bbccfef45d0f563fe60
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Fixes: f7a55ad74c
Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 231c4696872cb344f28648949603840136c0795d
This reverts commit 231c4696872cb344f28648949603840136c0795d.
Change-Id: I136344555983dd10a31dbc000ee40e2de2c91291
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This reverts commit 9b208ced585d3b4620d6fde586cd047fe2027ecf.
Type: fix
Fixes: 9b208ced585d3b4620d6fde586cd047fe2027ecf
Change-Id: I94a17039b4727bff0877423da5ba6cfceb188b17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:feature
- sample rtt estimation
- report acked+sacked
- report last lost bytes
- use snd_una == snd_nxt to detect 0 bytes in flight
Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Both format_ethernet_arp_ip4_entry() and format_ip6_neighbor_ip6_entry()
used %s to format flags which is a vector and not a null-terminated
C-string.
Introduce format_ip_neighbor_flags() instead.
Type: fix
Fixes: 102ec52bc4
Change-Id: I0c9349fefbeb76471933de358acceb50512a21aa
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I32000cd42b0ab2ce54a159c6727823fd0d113fe4
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: fix
Fixes: 097fa66b
Change-Id: I690e31433b64f11399c08b4a0318762916c2c2f0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:feature
Change-Id: Ic9515c0b11ca6f75503f47ec6b2c58d240afb144
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ib8fb4957f4da9e464e2575c45c8ff3828db89872
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I64e2082bd8ac5b0be21e10407dc29ba4c3f4cab3
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
When removing duplicates in urpf_itfs vector we search for the 1st next
different entry in the vector, but the loop test is in the wrong order:
(urpf->furpf_itfs[i] == urpf->furpf_itfs[j]
&& j < vec_len(urpf->furpf_itfs))
We must check for overflow before checking equality.
Type: fix
Fixes: 3ee44040c66cbe47ff292ac7fb0badccbe2afe6d
Change-Id: I63729aff12057d5abce6c24ec24339cd9cd79494
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type:feature
Change-Id: I687809ebcc759cec8cb1d5c3b2b7e6bc995a7985
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Reduces the vpp image virtual size by multiple gigabytes
Add a "show bihash" command which displays configured and current
virtual space in use by bihash tables.
Modify the .py test framework to call "show bihash" on test tear-down
Type: refactor
Change-Id: Ifc1b7e2c43d29bbef645f6802fa29ff8ef09940c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=',
https://gerrit.fd.io/r/#/c/20406/ set papi to match.
- all f64 api references are now wrapped with
clib_net_to_host_f64 or clib_host_to_net_f64.
IEEE f64 endianess is not defined. If clib_net_to_host_f64 and
clib_host_to_net_f64 are later defined in VPP as big-endian, it is
a single character change in the papi vpp_serializer.
Note: This breaks the api in a manner that would not be detected by
the flag day initiative. The scope is small. This only impacts map.api,
which applied the u64 transformation, while the gbp api uses '='.
The implementation of "=" raises issues for the papi socket implementation
if used between systems of differing endianess. See Vratko's comments.
- Added get_f64_endian_value() to api to allow client to verify endianess of f64's.
Type: fix
Depends-on: https://gerrit.fd.io/r/#/c/20484/
Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
ip4_local_check_src() was overwriting vnet buffer opaque data
on the adjacency for packets with "local" (dpo-receive) destination
addresses.
Retain the dpo receive index in vnet_buffer()->adj_index[VLIB_TX].
This can allow a graph node to distinguish the interface where the
destination address is configured from the interface where the
packet was received. This can be useful in correctly handling
packets that have been sent to an address configured on a loopback
interface.
Change-Id: I52a942e85b5302b338a2d0404a37c5ea1a99e89f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I1369859be0a722ea37e5d3ecb35dee5684fc69f8
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Iafcf85315c73bcd73af20bd84b1ccba030e2065b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
from the draft:
3. Backward Compatibility
VXLAN [RFC7348] requires reserved fields to be set to zero on
transmit and ignored on receive.
Change-Id: I98544907894f1a6eba9595a37c3c88322905630e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
improve the tracing from:
00:00:01:259665: pg-input
stream pcap3, 42 bytes, 3 sw_if_index
current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:259690: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
00:00:01:259702: arp-input
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:259710: error-drop
rx:pg2
00:00:01:259717: drop
null-node: blackholed packets
to
00:00:01:283323: pg-input
stream pcap3, 42 bytes, 3 sw_if_index
current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283348: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
00:00:01:283360: arp-input
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283369: arp-disabled
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283374: error-drop
rx:pg2
00:00:01:283380: drop
arp-disabled: ARP Disabled on this interface
Change-Id: I49b915b84cf56d6c138dedd8a596c045c150c4fb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Removed sctp buffer metadata from vnet/buffer.h, added it to the
plugin. Add registration APIs for plugin-based vlib_buffer_opaque /
opaque2 decoders, used by "pcap dispatch trace ..." for display in the
wireshark dissector.
Type:refactor
Not actively maintained.
Change-Id: Ie4cb6ba66f68b3b3a7d7d2c63c917fdccf994371
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: feature
Change-Id: Icb3c574100cde95ab5be4923c8739889cf7e48c6
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|
|
Type: feature
Notify cc algos that new data is sent on a connection that was
apparently idle.
Change-Id: I892e5e9bb5b88d791265ffbbefce6f9694d01970
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type:feature
Change-Id: Iedefe87555f0a0033abed8569bc2995c8f523d7e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type:feature
Change-Id: Ibe1a4c555b55fb929d55b02599aaf099ed522cdf
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: style
Change-Id: Ia50867a853388d9f69571815ddcdaadfc47206bc
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: fix
Ticket: VPP-1649
Change-Id: I93a393eca80065c379035478500e75e855f39b12
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Add SESSION_IO_EVT_RX handling in session_send_evt_to_thread to allow
internal apps to send rx events ("tx notifications") to quic.
Add a call to quic_send_packets in quic_custom_app_rx_callback to
ensure QUIC ACKs are sent if there is no other activity on the
connection.
Type: fix
Change-Id: I885e01e6475e5b0274f274e9dd34d4a771719e69
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
whole route
Type: fix
Fixes: 097fa66b
Change-Id: I017ab5797670eb278c27c6e306cd8cadaacddf9d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
So far, GBP l3-out packets classification & policy relied on programmed
EP. All traffic to/from l3-out must go through a known EP.
This patch introduces a new feature where l3-out next-hops are only
known by their subnets (l3-out prefixes). As there are no longer known
EPs to program, an interface must be configured as external anonymous
l3-out. Packets classification & policy on this interface will rely on
the external subnets programmed in the BD VRF.
Note that contrary to all other interfaces in a GBP BD, external
anonymous l3-out interfaces have BD L2 learning turned on and rely on
ARP/ND.
Type: feature
Change-Id: Ieedb29dff4e967d08c4301e82d06bff450a63e5f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I678f523f058165030572d9cd395802b772db9ed7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Reported by coverity.
Change-Id: Ic84ac8c373c4c834bfddbf3ca08e2cfa2152e2ae
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
When looking for a connected fib entry matching the ARP destination,
there can be other DPO interposed prior to the connected one.
Type: fix
Change-Id: I9b4ab387fb08acf9879d5fda3791e6572a099492
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type:fix
Fixes: cb54e3c
Change-Id: I3120eaabdc00a6c1248cf7eb81f2075983836dfd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
00:00:00:814640: pg-input
stream pcap0-sw_if_index-1, 42 bytes, 1 sw_if_index
is changed to:
00:00:00:814640: pg-input
stream pcap0-sw_if_index-1, 42 bytes, sw_if_index 1
Type: style
Change-Id: I9bb32494c9c1d08bc7588f088ed67a60ed3236dd
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Memory is dirt cheap. But there is no need to throw it away.
Type: fix
Change-Id: I155130ab3c435b1c04d7c0e9f54795b8de9383d9
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: refactor
Change-Id: I651db44acdcb666a9c63e1037352cf88c68795b5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
* structure alignment and padding issues
Type: fix
Change-Id: Ic7c2a8cb5a5526902463f3b4d2d93284b454ab6f
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
|
|
Type: refactor
Change-Id: I791cc63e989df049104420faf74fc28f965b6648
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:fix
Change-Id: Iab2c308739f7733dbf70953e0ea87dcc404c60da
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I9e0e1bb933c38b17ac9fb8bf11b81e2fed021bf8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Iede83a4e72b88fd55bf56ec0ca71c9196ce743cd
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
If the host interface name is not specified at creation, host_if_name
was wrongly set to a stack-allocated variable. Make sure it always
points to a heap allocated vector.
At deletion time, we must free all allocated vectors.
Type:fix
Change-Id: I17751f38e95097998d51225fdccbf3ce3c365593
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I7f476f4f81994c9c6cc2e8091de08adff4bcbc77
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|
|
Type: feature
By default sctp is disabled to avoid wasting cycles.
Change-Id: I1e2f764c7168b5c15062efbe5895de93dcc2614e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I4e0afc206e4871596c2ed8a6ca00914a379f1526
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|