summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne3-16/+55
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-30reassembly: avoid race-conditionsKlement Sekera1-12/+26
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-26IF: return VTR attributes for all ifs in dump APIAlexander Chernavin1-20/+20
With this commit, VTR attributes are shown not only for subinterfaces but for all interfaces. Change-Id: I498185d905c0bf48431cddb916165f8e9c841b1f Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion3-4/+22
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-26svm: fifo segment support for chunk allocationFlorin Coras2-2/+26
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto: AES GCM IV length is always 12Damjan Marion2-2/+1
... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25tap: Fix the indirect buffer allocationMohsin Kazmi1-1/+1
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-25session: cleanup segment manager and fifo segmentFlorin Coras10-381/+402
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto_ipsecmb: use pre-expanded keysDamjan Marion1-1/+1
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25session: use teps in accept/connect notificationsFlorin Coras6-48/+40
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25IPSEC; dpdk backend for tunnel interface encryptionNeale Ranns8-57/+94
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-25ipsec: drop runts in esp-decryptDamjan Marion1-0/+8
Change-Id: Id7fcaf8590f9f2dcccdebea0ad31c7ecd1cbc8af Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion11-26/+208
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25Remove dummy_interface_tx nodes from l2tp l2xcrw and nshJohn Lo2-18/+0
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4 Signed-off-by: John Lo <loj@cisco.com>
2019-04-24Add get_endpoint in transport vftAloys Augustin5-13/+88
This allows QUIC & TLS specific logic to be implemented, and meaningfull IP/port to be returned when connection is overridden. Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24ip4_lookup_inline: leverage vlib_get_buffers to improve perfZhiyong Yang1-32/+27
vlib_get_buffers can save at least 1.2 clocks/pkt for ip4_lookup_inline on Haswell. Change-Id: I730fc346cec4d2eb5ca364308e45268bda4d5f89 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24QUIC: Add multi-stream support to internal test appsAloys Augustin6-7/+171
Change-Id: Iab07697ef482529e62c11433cffa1f8f894e5bb7 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-04-24UDPC: Fix open segfault with multiple workersAloys Augustin1-1/+3
Change-Id: Ib4a64f17831e2419f1d6140a6d24649c096bdfa5 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24l2: Add support for arp unicast forwardingMohsin Kazmi6-8/+112
Change-Id: I79fc55f36a9b83957f84619bdf8cef08acc8ec24 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-24session: remove unused fifo allo return valueFlorin Coras3-11/+7
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24ethernet_input_inline: leverage vlib_get_buffersZhiyong Yang1-17/+14
Make full use of well optimized function vlib_get_buffers for ethernet_input_inline. Change-Id: Iee7df570b87fa95c0902895686a62386d730f9a1 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-24Rearrange prefetching in ipsec_output_inlineVratko Polak1-6/+6
Change-Id: I6151e57643ebed42f51b795980db2c52084295ab Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-23API sw_interface_dump: Dump all if index is zeroVratko Polak2-5/+6
This is a temporary measure, to allow CSIT usage of VAT command sw_interface_dump without arguments. Change-Id: Ic40adfcc89d92179e213afc497e4e71bbc0dad83 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-23Fix a ipsec command line typoSimon Zhang1-1/+1
Change-Id: Ic75df36e06a77730ff8764f96d3cf53c4e59923b Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-04-23vnet: clean up calc_checksums()Zhiyong Yang1-7/+8
Remove the duplicated code and unnecessary operations. Change-Id: I78005848d29d3156165627926a79015d590d61a6 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-23ipsec4-output: add pkt header and data prefetchingZhiyong Yang1-2/+9
The graph node running IPsec encap in tunnel mode can be saved from 65.8 to 57.3 clocks/pkt on Haswell platform. The graph node can be saved 10 clockes/pkt on DVN as well in the same case. Change-Id: I4804879c4d489465ee56a8f8317596b7e79b9331 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-22GRE: set gre_tunnel_type init value to zero in APIAlexander Chernavin1-1/+1
Change-Id: I9715b0578852a1ed59d78b7a9e28f32fc763ed3c Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-19Doxygen cleanup.Dave Wallace2-2/+2
- Add subpages definitions in appropriate section (User or Dev docs) for doc files (*.rst, *.md) that being listed at the top level of the generated doc page. - Generate and add API list to RELEASE doc. - Fix list_api_changes script to use HEAD as the endtag so it doesn't need to be changed every release. Change-Id: Iace7b6433359c6b96869cb1db01facbbcb0ac1e6 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 11ee93f6abfaddf5bbd56cf0858c0c6ea0384b65)
2019-04-19IPSEC: IPv6 ESP transport mode incorrect packet length and checksum (VPP-1654)Neale Ranns1-7/+14
Change-Id: Ia3474e5bfea5764eae9b2987bf78296535df6778 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-196rd: fix debug cli short-helpBenoît Ganne1-1/+2
Debug cli short help for 6rd tunnel creation was out-of-date. Change-Id: I06e4d28481470825bf225ba0fd371a3aebd889fa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-19DOCS-ONLY: Fix broken doxygen tag in BVIDave Wallace1-1/+1
Change-Id: Ia42e7c93ebe51a36470f1358827451bcb98da433 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-19IPSEC: ESP IPv6 transport mode payload length incorrect (VPP-1653)Neale Ranns1-1/+3
Change-Id: I8977100d7a22b50260858bd1ea9db419b53284ff Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-19FIB: recursion casues path reallocNeale Ranns1-1/+12
Change-Id: Ie9c2954eee90ca1a1fc1aa8280f93b2340b544c1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-18svm: allow indirect fifo data chunksFlorin Coras1-1/+0
Fifos can use multiple memory chunks for simple read/write operations. Adding/removing chunks after assignment not yet supported. Change-Id: I2aceab6aea78059d74e0d3a9993c40d5196d077b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-18GRE: API updateNeale Ranns4-88/+136
Change-Id: I5010cd34123c6498230dedac6ba8dd774a1085f9 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-18tls: allow engines to customize closeFlorin Coras2-18/+26
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-18IPSEC: tunnel rekey fix and test (VPP-1652)Neale Ranns1-21/+24
Change-Id: I1c2b3e40c689bedcdcea7887792b6b6b6aeb48d5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-17session: fix segment manager init conditionFlorin Coras1-1/+1
Change-Id: I0ef3115bd29a11538090c582a4eacdbb7cd86d7a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-17Make sw_interface_dump more compatible with 2.2.0Vratko Polak2-9/+6
+ As old PAPI clients are likely to put zero as the value for sw_if_index, the behavior should not perform index filtering at least when name filtering is enabled (valid). + interface.api version set to 2.3.0, as the new behavior is backward compatible (at least for PAPI with name filter enabled), but not forward compatible. + Minor whitespace cleanup. Change-Id: I315a0eae4004f9d9b6c5f9ecf0f179e669729118 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2019-04-17vcl/session: tx notifications for cut-thru sessionsFlorin Coras3-0/+32
Change-Id: I076c753e419bbb177d2d28609190715e9895b398 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-17api: Add to interface crud - read by sw_if_index.Paul Vinciguerra2-1/+25
Change-Id: I02c857da4cf6da5e0e55c1e48b63716af7ade0a9 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-17Revert "Revert "bond: problem switching from l2 to l3""Steven Luong1-0/+11
This reverts commit 5d0d5494db58422eb528c0f8b39a86ea966505e9. The csit crash was actually due to the test image missing the patch https://gerrit.fd.io/r/#/c/17731/ It was a mistake to revert the original patch https://gerrit.fd.io/r/#/c/15577/ Change-Id: I7fc563981aa13d308d55b25194fee21475ebc57d Signed-off-by: Steven Luong <sluong@cisco.com>
2019-04-17tap: clean-up when linux will delete the tap interfaceMohsin Kazmi2-0/+43
When container is deleted which has tap interface attached, Linux also delete the tap interface leaving the VPP side of tap. This patch does a clean up job to remove that VPP side of tap interface. To produce the behavior: In VPP: create tap On linux: sudo ip netns add ns1 sudo ip link set dev tap0 netns ns1 sudo ip netns del ns1 Change-Id: Iaed1700073a9dc64e626c1d0c449f466c143f3ae Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-17IPSEC: Pass the algorithm salt (used in GCM) over the APINeale Ranns6-10/+16
Change-Id: Ia8cea13f7b937294e6a080a55fb2ceff30063acf Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-17Duplicate pcap tx trace fixNeale Ranns1-3/+0
Change-Id: I0657cb44f58942ef281046dd3841bda669b10589 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16ADJ: crash in format/show (VPP-1648)Neale Ranns1-1/+1
Change-Id: I26279c19b879e59c68fda31426fe42dae62a858d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16IPSEC: SA format; don't print keys when there's no algoNeale Ranns1-7/+8
Change-Id: I4d1d22cb24564896264e77c1810804ea3f54cb37 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-16svm_fifo rework to avoid contention on cursizeSirshak Das11-39/+33
Problems Addressed: - Contention of cursize by producer and consumer. - Reduce the no of modulo operations. Changes: - Synchronization between producer and consumer changed from cursize to head and tail indexes Implications: reduces the usable size of fifo by 1. - Using weaker memory ordering C++11 atomics to access head and tail based on producer and consumer role. - Head and tail indexes are unsigned 32 bit integers. Additions and subtraction on them are implicit 32 bit Modulo operation. - Adding weaker memory ordering variants of max_enq, max_deq, is_empty and is_full Using them appropriately in all places. Perfomance improvement (iperf3 via Hoststack): iperf3 Server: Marvell ThunderX2(AArch64) - iperf3 Client: Skylake(x86) ~6%(256 rxd/txd) - ~11%(2048 rxd/txd) Change-Id: I1d484e000e437430fdd5a819657d1c6b62443018 Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
2019-04-16QUIC: Initial multi stream supportAloys Augustin1-0/+1
To connect a stream, apps should call connect while passing the id of the QUIC connection in the new transport_opts field in session_endpoint_cfg_t. Apps are notified of new streams with their accept callback, which is called each time a peer opens a stream. Change-Id: I0f82ec344db58008d54641553eddec2973768435 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-16Allow sessions to be allocated in app's RX callbacksAloys Augustin1-3/+11
This enables applications to create sessions in their RX callbacks, which can invalidate the session pointer. This is required for the QUIC protocol implementation. Change-Id: I6072c1c368fd9d17a960ec086a788089dd6f54b4 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>