Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Several Fixes:
1 - Anti-replay did not work with GCM becuase it overwrote the sequence
number in the ESP header. To fix i added the seq num to the per-packet
data so it is preserved
2 - The high sequence number was not byte swapped during ESP encrypt.
3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM
the others return BAD_HMAC. removed the former
4 - improved tracing to show the low and high seq numbers
5 - documented the anti-replay window checks
6 - fixed scapy patch for ESN support for GCM
7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo
Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:fix
Change-Id: I528b7cfcb7a6aada94ee3649378e6fbe84d2e4e6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: style
Change-Id: I2a21076fffaeb5726be80356aaffc9fea3d95850
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Multiple API message handlers call vnet_get_sup_hw_interface(...)
without checking the inbound sw_if_index. This can cause a
pool_elt_at_index ASSERT in a debug image, and major disorder in a
production image.
Given that a number of places are coded as follows, add an
"api_visible_or_null" variant of vnet_get_sup_hw_interface, which
returns NULL given an invalid sw_if_index, or a hidden sw interface:
- hw = vnet_get_sup_hw_interface (vnm, sw_if_index);
+ hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index);
if (hw == NULL || memif_device_class.index != hw->dev_class_index)
return clib_error_return (0, "not a memif interface");
Rename two existing xxx_safe functions -> xxx_or_null to make it
obvious what they return.
Type: fix
Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: fix
Fixes: 3b726197
Change-Id: Ib515f0995e5c837349ebcad5f63fbd1b2a197e13
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type:refactor
Change-Id: Id796d0103e61e15c35a586d8cbd3d8916487b84d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ib69f9bd7970aeb2ee6a1c114d38dcb7f8698dc6d
Type: fix
Fixes: c754239
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: feature
Change-Id: I96e850fc15b79349abbb52d91c0314f255d635be
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
This gives the session layer a chance to to cleanup events.
Change-Id: I7499e94acf06340e2b19a1d91a4c61a63cd66c52
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Some combinations of new qemu (2.11) and old dpdk (16.10) may
send VHOST_USER_SET_FEATURES at the end of the protocol exchange
which the vhost interface is already declared up and ready.
Unfortunately, the process of VHOST_USER_SET_FEATURES will cause
the interface to go down. Not sure if it is correct or needed.
Because there is no additional messages thereafter, the hardware
interface stays down.
The fix is to check the interface again at the end of processing
VHOST_USER_SET_FEATURES. If it is up and ready, we bring back
the hardware interface.
Type: fix
Change-Id: I490cd03820deacbd8b44d8f2cb38c26349dbe3b2
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
1. "numa-only" is optional and is disabled by default for lacp mode.
2. update lacp doc.
Type: fix
Change-Id: I6a3a8423ef31ad9980353a796957693cd6205d73
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Also adds connection flags.
Type: feature
Change-Id: I76f21eb88ab203076149b7c03dc31c22fc0f342e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Ticket: VPP-1721
Change-Id: I7a5d4f1440048ddc9f599ac11d06e5a7df20440e
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Instead of all clients directly RR sourcing the entry they are tracking,
use a deidcated 'tracker' object. This tracker object is a entry
delegate and a child of the entry. The clients are then children of the
tracker.
The benefit of this aproach is that each time a new client tracks the
entry it doesn't RR source it. When an entry is sourced all its children
are updated. Thus, new clients tracking an entry is O(n^2). With the
tracker as indirection, the entry is sourced only once.
Type: feature
Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:feature
Change-Id: I67a52ee48963a66915e2ebd116626eb9c296a9a5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
If numa-only is set, Only slaves on local numa node
transmit pkts if have at least one, otherwise the bond
interface works as usual.
CLI change:
create bond mode lacp [load-balance { l2 | l23 | l34 } {numa-only}]
[hw-addr <mac-address>] [id <if-id>]
The new member "u8 numa_only;" is also added to bond_create_if_args_t.
Type: feature
Change-Id: Icdccedafb0738d8c9d4a5acce909ce562428c071
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: feature
This is mostly used for quic in the case of a stream
creation (i.e. connect on an already established QUIC
session). We want do default parent_handle to INVALID
to be able to distinguish it from parent_handle = 0
Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Fixes: 41afb33
Change-Id: Iceb99ead32f1858a5b4f85911d7cb2b39cc9add5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
When admin status is changed on an interface, add or delete the
routes for the IPv4 addresses configured on that interface.
This is already being done for IPv6 interface addresses.
Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
CLI allocates vectors consumed by tap_create_if(), whereas API pass
null-terminated C-strings allocated on API segment.
Do not try to be too clever here, and just allocate our own private
copies.
Type: fix
Fixes: 8d879e1a6bac47240a232893e914815f781fd4bf
Ticket: VPP-1724
Change-Id: I3ccdb8e0fcd4cb9be414af9f38cf6c33931a1db7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The fast path almost always has to deal with the real
pointers. Deriving the frame pointer from a frame_index requires a
load of the 32bit frame_index from memory, another 64bit load of the
heap base pointer and some calculations.
Lets store the full pointer instead and do a single 64bit load only.
This helps avoiding problems when the heap is grown and frames are
allocated below vm->heap_aligned_base.
Type: refactor
Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: feature
Add new node in TCP stack where TCP 6 tuple lookup is not required.
In new node, packet metadata contains connection-index which can be used
to retrieve the TCP connection. The new node will be used by proxy.
Change-Id: I3aa0268946898912f4176d5c8c5903e06657479d
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|
|
Type:refactor
Change-Id: Ie4a89ae603cd365b28795c92daa08d5943e692ea
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I24159e0a848f552b4e27acfb5fe6f2cd91b50a19
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I26a6af7f92316f7a8a5309047b3b3605b87ca327
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change the sequence to first allocate session_manager and
then enable the session-nodes.
During “session enable”, sometimes an issue was seen when in some cases
POLLING node calls transport_update_time -> tcp_update_time -> tcp_set_time_now
which access tcp_main.wrk_ctx before tcp_main_enable allocates the wrk_ctx.
0 0x00007ffff73f7778 in tcp_set_time_now (wrk=<optimized out>)
at src/vnet/tcp/tcp.h:953
1 tcp_update_time (now=11.059735140000001, thread_index=<optimized out>)
at src/vnet/tcp/tcp.c:1192
2 0x00007ffff75a75de in transport_update_time (time_now=11.059735140000001, thread_index=thread_index@entry=1 '\001')
at src/vnet/session/transport.c:740
3 0x00007ffff75a0f4c in session_queue_node_fn (vm=0x7fff74913480, node=0x7fff75e7d5c0, frame=<optimized out>)
at src/vnet/session/session_node.c:873
Change-Id: Id2288dd05ba179af2ff22c58bac1331fc21a1c7d
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|
|
Type: feature
Change-Id: I87cc1168466f267e8c4bbec318401982f4bdf03a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 4b0b0d4
Change-Id: Ibd37c9099f9847ed23fa8357fd8e57ee516e52ab
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: a6bee0a1
Change-Id: I1959e28b82825d7928d471d3dfa827ea4cdd74b7
Signed-off-by: Giles Heron <giheron@cisco.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
worker threads
Type: fix
Change-Id: Ie9a3a78b45b53344a0a5d7e2027c0e0354a49ebe
Signed-off-by: Wei CHEN <weichen@astri.org>
|
|
In contrast to the closing notification, whereby a transport informs
the session layer that is beginning the closing procedure, this allows
transports to notify the session layer of the fact that the transport is
"fully" closed, i.e., it expects no more data.
Also:
- adds app closed state for sessions
- changes tcp to have it notify when an active close has finished
Type: feature
Change-Id: I13c738006c03f85015e05ab82843a33a69382aaf
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- also adds ecn definitions.
Type: feature
Change-Id: Id98d9ae57289425fcfed367f426442173ef4e882
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Proprely display quic connections in show session verbose, and add a
small fix for UDPC listeners and UDP sessions formatting.
Change-Id: I33f83e77bf357347623d87ad23c483aba60a9bb2
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
This reduces the memory required by tls and quic, allowing to run them
(and their tests) in more constrained environments by default.
Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: fix
|
|
Add a thread_index argument to half-open and listener session formatters
because QUIC can have listeners and half-open sessions in any thread.
Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: feature
|
|
Type: fix
If a tunnel interface has the crypto alg set on the outbound SA to
IPSEC_CRYPTO_ALG_NONE and packets are sent out that interface,
the attempt to write an ESP trailer on the packet occurs at the
wrong offset and the vnet buffer opaque data is corrupted, which
can result in a SEGV when a subsequent node attempts to use that
data.
When an outbound SA is set on a tunnel interface which has no crypto
alg set, add a node to the ip{4,6}-output feature arcs which drops all
packets leaving that interface instead of adding the node which would
try to encrypt the packets.
Change-Id: Ie0ac8d8fdc8a035ab8bb83b72b6a94161bebaa48
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I01f1cc53efc93b0a7bb588ea6db89a53c971a3f5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- this remove the need to iterate through all state when deleting an SA
- and ensures that if the SA is deleted by the client is remains for use
in any state until that state is also removed.
Type: feature
Change-Id: I438cb67588cb65c701e49a7a9518f88641925419
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
There's no call for an SPI-0 punt reason with UDP encap, since
it's only with UDP encap that the ambiguity between IKE or IPSEC
occurs (and SPI=0 determines IKE).
Enhance the punt API to dum ponly the reason requested, so a client
can use this as a get-ID API
Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
syslog structured data are stored as vectors not null-terminated
C-strings. Use '%v' instead of '%s'.
Type: fix
Fixes: b4515b4be4
Change-Id: Iba224f271c832daca90d4bbccfef45d0f563fe60
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Fixes: f7a55ad74c
Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 231c4696872cb344f28648949603840136c0795d
This reverts commit 231c4696872cb344f28648949603840136c0795d.
Change-Id: I136344555983dd10a31dbc000ee40e2de2c91291
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This reverts commit 9b208ced585d3b4620d6fde586cd047fe2027ecf.
Type: fix
Fixes: 9b208ced585d3b4620d6fde586cd047fe2027ecf
Change-Id: I94a17039b4727bff0877423da5ba6cfceb188b17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:feature
- sample rtt estimation
- report acked+sacked
- report last lost bytes
- use snd_una == snd_nxt to detect 0 bytes in flight
Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Both format_ethernet_arp_ip4_entry() and format_ip6_neighbor_ip6_entry()
used %s to format flags which is a vector and not a null-terminated
C-string.
Introduce format_ip_neighbor_flags() instead.
Type: fix
Fixes: 102ec52bc4
Change-Id: I0c9349fefbeb76471933de358acceb50512a21aa
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: I32000cd42b0ab2ce54a159c6727823fd0d113fe4
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: fix
Fixes: 097fa66b
Change-Id: I690e31433b64f11399c08b4a0318762916c2c2f0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type:feature
Change-Id: Ic9515c0b11ca6f75503f47ec6b2c58d240afb144
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ib8fb4957f4da9e464e2575c45c8ff3828db89872
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I64e2082bd8ac5b0be21e10407dc29ba4c3f4cab3
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|