summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns7-135/+229
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-06-29tcp: add ACK flag to RST packetliuyacan1-1/+1
According to RFC 793, the ACK control bit is always sent once the connection is established. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
2021-06-29ipsec: increment SPD policy counters for bypass and discard actions in ↵Zachary Leaf1-0/+20
ipsec4_input_node ipsec_spd_policy_counters are incremented only for matched inbound PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have SPD policy counters that should be incremented on match. This fix increments the counters for inbound BYPASS and DISCARD actions. Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
2021-06-28ipsec: Split the SA add_del API into an separate add and delNeale Ranns2-36/+98
Type: improvement the rationale being that the del only requires the SA's ID, so it's a bit mean to require the client to fill out all the other information as well. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
2021-06-24session: fix session formated str output truncated in cliXiaoming Jiang2-12/+16
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
2021-06-24l2: api cleanupFilip Tehlar4-93/+19
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
2021-06-23virtio: api cleanupFilip Tehlar3-50/+13
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
2021-06-23mpls: api cleanupFilip Tehlar3-59/+10
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
2021-06-23span: api cleanupFilip Tehlar3-59/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
2021-06-22syslog: api cleanupFilip Tehlar3-47/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
2021-06-22tcp: api cleanupFilip Tehlar3-44/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
2021-06-22session: avoid reordering unlisten and connect msgFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
2021-06-22virtio: api cleanupFilip Tehlar2-55/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
2021-06-22misc: punt: api cleanupFilip Tehlar3-49/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
2021-06-22devices: af_packet api cleanupFilip Tehlar2-54/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
2021-06-22qos: api cleanupFilip Tehlar2-55/+11
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
2021-06-22devices: tapv2 api cleanupFilip Tehlar2-50/+12
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a
2021-06-22sr: api cleanupFilip Tehlar3-66/+12
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0bdf870e2e9b0ebc11a3ce252fbd0667a83de4e6
2021-06-22devices: api cleanupFilip Tehlar2-53/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I03f51393a92bae45608d9fc9f53164f3b0add3cd
2021-06-22bonding: api cleanupFilip Tehlar2-59/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I1de45c4db57444d2d2c9fb91b8a66a4f01be699b
2021-06-22ipsec: api cleanupFilip Tehlar3-82/+19
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0db7343e907524af5adb2f4771b45712927d5833
2021-06-22ethernet: api cleanupFilip Tehlar3-52/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iacaefbf04834f000a14f151c4b848f280ac46d63
2021-06-22policer: api cleanupFilip Tehlar3-54/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I5dd30870443a22a7da65f6b5a6d3967991e2aceb
2021-06-22bfd: api cleanupFilip Tehlar3-63/+11
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7a0a189ce635a4a74e63ac4cb133686b8b7ba53a
2021-06-21udp: api cleanupFilip Tehlar3-48/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0994241df94ad7536be323b9d7c48caf38cc4267
2021-06-21feature: api cleanupFilip Tehlar2-42/+6
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I76be91715953c7cbe704961d1a56c48334656e19
2021-06-21pg: api cleanupFilip Tehlar3-50/+10
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Idf0c24c9c8f8f3c267285c6a231c9c1a364a902a
2021-06-21misc: ipfix api cleanupFilip Tehlar3-57/+10
Use autogenerated code. Does not change API definitions. Type: improvement Change-Id: I864979ce490651bf1f5fed107620e9bc4ca4bf93 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-06-21flow: api cleanupFilip Tehlar3-57/+7
Use autogenerated code Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I02f53486723f7ac7e9026ff092b63e86dff13232
2021-06-21gso: api cleanupFilip Tehlar2-43/+6
Use autogenerated code Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id373c7828d77cca0121baf9c7635cfe2c5f938d7
2021-06-21vxlan: api cleanupFilip Tehlar4-163/+27
use autogenerated code Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I163eefa86f3248260481181818d70fa1b6eaa220
2021-06-21classify: api cleanupFilip Tehlar2-69/+6
Use autogenerated code. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id7d4d23e4fe707f7049828fec44df7ff0419d23c
2021-06-21bier: api cleanupFilip Tehlar2-84/+39
use autogenerated code Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I86459d918ac46bed523e847db9f9c7179147d022
2021-06-18session: improve ct locking with multiple workersFlorin Coras5-165/+239
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id91c3be57d49745cb3db6c768a8d5d14133f899e
2021-06-18session: udp accept session state should be updated by appjxm1-2/+0
Type: fix Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I6fb2620e7076e1e38a2ab85a70febe614b079e67
2021-06-17session: optimize ct fifo segment allocationsFlorin Coras4-84/+359
Allocate per app pair segments with space for more than one fifo. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib96fe12b899cb14ff20c0be607814011e2c3fc6a
2021-06-17tls: increase engine bits room in handle to support custom engine typejxm1-1/+1
Type: improvement Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I80a51e841f9727b68d1de713b6b6d51675ef53c5
2021-06-17fib: changing parsing order to avoid corner caseArthur de Kerhor1-3/+3
mfib interface flags are parsed before the interface name. For some specific names, this creates a bug when adding routes. ex: ip route add 10.0.2.0/24 via FortyGigabitEthernetd8/0/0 The 'F' at the beginnig of the interface name is parsed as the "Forward" flag. Because of that, the interface name parsed is "ortyGigabitEthernetd8/0/0" which results in a parsing error. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Ib76c2f86416455841f910f7b466b467001072b70
2021-06-17mpls: CLI to show the MPLS forwarding state of an interfaceNeale Ranns1-0/+69
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I28b98154bbff36e8391a09a2b30302dda4349946
2021-06-16fib: copy the path extentions when creating fib src rr entryStanislav Zaikin1-0/+11
Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Ib4957bfc03b0dfc90fd28689d5b32cc3d82e7b74
2021-06-15ipsec: fix length check when adding footer+icvBenoît Ganne1-1/+2
Length check must also take current_data into account. Type: fix Change-Id: I7a1b1752868892d40f59490d05452ef24565cca6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-15tcp: prevent timer handler being called frequentlyliuyacan4-6/+18
In the current implement, tcp would start or up an one tick retransmit timer for that connection if vlib_buffer_alloc() return 0. Now the tick is 0.1ms, this means that if VPP is in a buffer shortage state, there would be a large number of burst timer expirations. This commit limits the minimum interval of the retransmission timer to 100ms. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: Ia11d693fe46119c5dc16b24ca93c30c31109057a
2021-06-14linux-cp: Add tests for tun devicesNeale Ranns3-0/+46
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iec69d8624b15766ed65e7d09777819d2242dee17
2021-06-14pg: A Tunnel mode variant of a pg interfaceNeale Ranns5-24/+127
Type: feature this allows VPP to simulate linux tun devices. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3adf38b49a254804370f78edd5d275d192fd00a6
2021-06-12session: fix listener ct transport retrieval on acceptFlorin Coras1-6/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ied2608e7a28c59c908803ca676abbe93072fadb8
2021-06-12tcp: fix proto in port reuse checkFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I338e61654a62ed6308ecd8bb15e1a8b13cd859b9
2021-06-11session: half-open free only on main threadFlorin Coras1-4/+3
TCP and (D)TLS clean up half-opens on main without a lock/barrier so cleanup initiated from first worker, e.g., cut-throughs, can corrupt the session pool. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2e5162831c0e201b22454f17fe55bfac44b85fa9
2021-06-11gso: fix the gro re-ordering for packets with PSHMohsin Kazmi1-25/+54
Type: fix This prevents reordering when a push flag is received. GRO appends the segment with the push flag to the existing flow and flushes it immediately. Change-Id: I61b36209b3381f340594a9cb3ed816d43b02bdff Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-06-09l2: fix vrrp prefix mac comparisonTianyu Li1-2/+2
VRRP prefix length is 5 bytes, doesn't make sense to compare with 6 bytes mac address Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I70a9c9ca769f34a81cd568f9e6b9a3538e6ec710
2021-06-08fib: make sure dpo is valid even when path pool expandsBenoît Ganne1-8/+22
The path pool can expand during in fib_path_attached_next_hop_get_adj() when calling adj_nbr_add_or_lock(). If dpo points to a path->fp_dpo, its reference becomes stale. Use a temporary copy instead. Type: fix Change-Id: Ie966cb5f3f7b416425964dca12f1f586bfc2010c Signed-off-by: Benoît Ganne <bganne@cisco.com>