Age | Commit message (Collapse) | Author | Files | Lines |
|
Crypto algorithms have different requirements on key length. As we do
not support key stretching (eg. PBKDF2), user must provide the exact
key length used by the algorithm.
Failing that means low-level crypto functions might read garbage (eg.
aes128_key_expand() will read 16-bytes, regardless of the key provided
by the user).
Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
With this commit, VTR attributes are shown not only for subinterfaces
but for all interfaces.
Change-Id: I498185d905c0bf48431cddb916165f8e9c841b1f
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
- nonce construction out of salt and iv is ipsec specific so it should be
handled in ipsec code
- fixes GCM unit tests
- GCM IV is constructed out of simple counter, per RFC4106 section 3.1
Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
... at least for use cases we are interested in
Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id7fcaf8590f9f2dcccdebea0ad31c7ecd1cbc8af
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4
Signed-off-by: John Lo <loj@cisco.com>
|
|
This allows QUIC & TLS specific logic to be implemented, and meaningfull
IP/port to be returned when connection is overridden.
Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
vlib_get_buffers can save at least 1.2 clocks/pkt for ip4_lookup_inline
on Haswell.
Change-Id: I730fc346cec4d2eb5ca364308e45268bda4d5f89
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: Iab07697ef482529e62c11433cffa1f8f894e5bb7
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: Ib4a64f17831e2419f1d6140a6d24649c096bdfa5
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Change-Id: I79fc55f36a9b83957f84619bdf8cef08acc8ec24
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Make full use of well optimized function vlib_get_buffers
for ethernet_input_inline.
Change-Id: Iee7df570b87fa95c0902895686a62386d730f9a1
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I6151e57643ebed42f51b795980db2c52084295ab
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This is a temporary measure, to allow CSIT usage
of VAT command sw_interface_dump without arguments.
Change-Id: Ic40adfcc89d92179e213afc497e4e71bbc0dad83
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: Ic75df36e06a77730ff8764f96d3cf53c4e59923b
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Remove the duplicated code and unnecessary operations.
Change-Id: I78005848d29d3156165627926a79015d590d61a6
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
The graph node running IPsec encap in tunnel mode can be saved
from 65.8 to 57.3 clocks/pkt on Haswell platform.
The graph node can be saved 10 clockes/pkt on DVN as well in the
same case.
Change-Id: I4804879c4d489465ee56a8f8317596b7e79b9331
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Change-Id: I9715b0578852a1ed59d78b7a9e28f32fc763ed3c
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
- Add subpages definitions in appropriate
section (User or Dev docs) for doc files
(*.rst, *.md) that being listed at the top
level of the generated doc page.
- Generate and add API list to RELEASE doc.
- Fix list_api_changes script to use HEAD
as the endtag so it doesn't need to be
changed every release.
Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
(cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
|
|
Change-Id: Ia3474e5bfea5764eae9b2987bf78296535df6778
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Debug cli short help for 6rd tunnel creation was out-of-date.
Change-Id: I06e4d28481470825bf225ba0fd371a3aebd889fa
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: Ia42e7c93ebe51a36470f1358827451bcb98da433
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ie9c2954eee90ca1a1fc1aa8280f93b2340b544c1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Fifos can use multiple memory chunks for simple read/write operations.
Adding/removing chunks after assignment not yet supported.
Change-Id: I2aceab6aea78059d74e0d3a9993c40d5196d077b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I5010cd34123c6498230dedac6ba8dd774a1085f9
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1c2b3e40c689bedcdcea7887792b6b6b6aeb48d5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0ef3115bd29a11538090c582a4eacdbb7cd86d7a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
+ As old PAPI clients are likely to put zero as the value
for sw_if_index, the behavior should not perform
index filtering at least when name filtering is enabled (valid).
+ interface.api version set to 2.3.0,
as the new behavior is backward compatible
(at least for PAPI with name filter enabled),
but not forward compatible.
+ Minor whitespace cleanup.
Change-Id: I315a0eae4004f9d9b6c5f9ecf0f179e669729118
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: I076c753e419bbb177d2d28609190715e9895b398
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I02c857da4cf6da5e0e55c1e48b63716af7ade0a9
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
This reverts commit 5d0d5494db58422eb528c0f8b39a86ea966505e9.
The csit crash was actually due to the test image missing the patch
https://gerrit.fd.io/r/#/c/17731/
It was a mistake to revert the original patch
https://gerrit.fd.io/r/#/c/15577/
Change-Id: I7fc563981aa13d308d55b25194fee21475ebc57d
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
When container is deleted which has tap interface attached,
Linux also delete the tap interface leaving the VPP side of
tap. This patch does a clean up job to remove that VPP side
of tap interface.
To produce the behavior:
In VPP:
create tap
On linux:
sudo ip netns add ns1
sudo ip link set dev tap0 netns ns1
sudo ip netns del ns1
Change-Id: Iaed1700073a9dc64e626c1d0c449f466c143f3ae
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Change-Id: Ia8cea13f7b937294e6a080a55fb2ceff30063acf
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0657cb44f58942ef281046dd3841bda669b10589
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I26279c19b879e59c68fda31426fe42dae62a858d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4d1d22cb24564896264e77c1810804ea3f54cb37
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Problems Addressed:
- Contention of cursize by producer and consumer.
- Reduce the no of modulo operations.
Changes:
- Synchronization between producer and consumer changed from cursize
to head and tail indexes
Implications: reduces the usable size of fifo by 1.
- Using weaker memory ordering C++11 atomics to access head and tail
based on producer and consumer role.
- Head and tail indexes are unsigned 32 bit integers. Additions and
subtraction on them are implicit 32 bit Modulo operation.
- Adding weaker memory ordering variants of max_enq, max_deq, is_empty
and is_full Using them appropriately in all places.
Perfomance improvement (iperf3 via Hoststack):
iperf3 Server: Marvell ThunderX2(AArch64) - iperf3 Client: Skylake(x86)
~6%(256 rxd/txd) - ~11%(2048 rxd/txd)
Change-Id: I1d484e000e437430fdd5a819657d1c6b62443018
Signed-off-by: Sirshak Das <sirshak.das@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
|
|
To connect a stream, apps should call connect while passing the id of the QUIC
connection in the new transport_opts field in session_endpoint_cfg_t.
Apps are notified of new streams with their accept callback, which is called
each time a peer opens a stream.
Change-Id: I0f82ec344db58008d54641553eddec2973768435
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
This enables applications to create sessions in their RX callbacks, which can
invalidate the session pointer. This is required for the QUIC protocol
implementation.
Change-Id: I6072c1c368fd9d17a960ec086a788089dd6f54b4
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|