Age | Commit message (Collapse) | Author | Files | Lines |
|
The function ip4_neighbor_advertise may be called with NULL addr. In
that case, it looks up addr from fib by calling fib_sas4_get which
returns true or false to indicate whether there is an ip address
associated with the interface or not. But the caller to fib_sas4_get
does not check the return code and blindly assumes there is always an
ip address associated with the interface. As a result, it ends up
sending GARP to the bogus ip address if there is no ip address
associated with the interface.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I776bf797e07bb3cfd0510a4c09d8182edfa193bd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I5f4517c65c37c5d73fcd608dc29dfb1d25d4cd8d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I8337f81fdcd196fcb0e61f8129fec322e9a1e8f1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: I2dd9a18497992ac7e2686c14f5d17eccccda0cda
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
These file are no longer needed
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I34f8e0b7e17d9e8c06dcd6c5ffe51aa273cdec07
|
|
correctly.
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4bc2eb394a8f9d01c5a12de2ce963c22209d5439
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ief06b1509d31b55efc8d1436b6ff9e01c6037a32
|
|
Put plugin init order inside plugin instead of in vnet
Type: improvement
Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com>
Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iacc58d27ac51c8a1c571087f98297e046b3477c2
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If0712f01bdd6f2fc892bcbe4e2cee28affd02520
|
|
Using the cli "set interface tx-queue", it is not possible to assign
tx queue to the last worker thread.
The reason is that vdm->first_worker_thread_index is 1. Adding that
to clib_bitmap_last_set (bitmap) exceeds vdm->last_worker_thread_index
when the CLI specifies the last worker thread.
Also make the threads argument optional to enable user to unbind a queue
from any thread.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I796259c20f571289c8f5a97b9418caf452d0ab3d
|
|
Type: fix
For a TAP device the MTU is set via the ethernet_register for TUN we
need to do it explicitly (like we do for other tunnel types).
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie6a13c795acb35b53f8d99b05c70c3e73a7b428e
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I05be39671a9ed0688d4e006f0f9354aa6560a41b
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4b3427b966f9ff1ba8895fed7db662d56650f3f5
|
|
Type: docs
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ica576e13953a3c720a7c093af649d1dd380cc2c0
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
|
|
.. as it is going to be removed.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
|
|
Type: improvement
local0 exists just to burn sw_if_index=0 so we catch common API errors.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
|
|
Type: improvement
There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48
|
|
Type: fix
two problems;
1 - just because anti-reply is not enabled doesn't mean the high sequence
number should not be used.
- fix, there needs to be some means to detect a wrapped packet, so we
use a window size of 2^30.
2 - The SA object was used as a scratch pad for the high-sequence
number used during decryption. That means that once the batch has been
processed the high-sequence number used is lost. This means it is not
possible to distinguish this case:
if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
{
...
if (post_decrypt)
{
if (hi_seq_used == sa->seq_hi)
/* the high sequence number used to succesfully decrypt this
* packet is the same as the last-sequnence number of the SA.
* that means this packet did not cause a wrap.
* this packet is thus out of window and should be dropped */
return 1;
else
/* The packet decrypted with a different high sequence number
* to the SA, that means it is the wrap packet and should be
* accepted */
return 0;
}
- fix: don't use the SA as a scratch pad, use the 'packet_data' - the
same place that is used as the scratch pad for the low sequence number.
other consequences:
- An SA doesn't have seq and last_seq, it has only seq; the sequence
numnber of the last packet tx'd or rx'd.
- there's 64bits of space available on the SA's first cache line. move
the AES CTR mode IV there.
- test the ESN/AR combinations to catch the bugs this fixes. This
doubles the amount of tests, but without AR on they only run for 2
seconds. In the AR tests, the time taken to wait for packets that won't
arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of
these tests from 10-15 to about 5 sceonds.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
|
|
According to RFC 793, the ACK control bit is always sent once
the connection is established.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
|
|
ipsec4_input_node
ipsec_spd_policy_counters are incremented only for matched inbound
PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have
SPD policy counters that should be incremented on match.
This fix increments the counters for inbound BYPASS and DISCARD actions.
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
|
|
Type: improvement
the rationale being that the del only requires the SA's ID, so it's a
bit mean to require the client to fill out all the other information as
well.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0bdf870e2e9b0ebc11a3ce252fbd0667a83de4e6
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I03f51393a92bae45608d9fc9f53164f3b0add3cd
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1de45c4db57444d2d2c9fb91b8a66a4f01be699b
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0db7343e907524af5adb2f4771b45712927d5833
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iacaefbf04834f000a14f151c4b848f280ac46d63
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5dd30870443a22a7da65f6b5a6d3967991e2aceb
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7a0a189ce635a4a74e63ac4cb133686b8b7ba53a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0994241df94ad7536be323b9d7c48caf38cc4267
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I76be91715953c7cbe704961d1a56c48334656e19
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Idf0c24c9c8f8f3c267285c6a231c9c1a364a902a
|