aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-07-24ipsec: GCM, Anti-replay and ESN fixessNeale Ranns5-44/+130
Type: fix Several Fixes: 1 - Anti-replay did not work with GCM becuase it overwrote the sequence number in the ESP header. To fix i added the seq num to the per-packet data so it is preserved 2 - The high sequence number was not byte swapped during ESP encrypt. 3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM the others return BAD_HMAC. removed the former 4 - improved tracing to show the low and high seq numbers 5 - documented the anti-replay window checks 6 - fixed scapy patch for ESN support for GCM 7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-24tls: handle engine listen failureFlorin Coras1-1/+12
Type:fix Change-Id: I528b7cfcb7a6aada94ee3649378e6fbe84d2e4e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-24fib: remove unused input parameterZhiyong Yang1-5/+2
Type: style Change-Id: I2a21076fffaeb5726be80356aaffc9fea3d95850 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-23api: binary api cleanupDave Barach13-25/+54
Multiple API message handlers call vnet_get_sup_hw_interface(...) without checking the inbound sw_if_index. This can cause a pool_elt_at_index ASSERT in a debug image, and major disorder in a production image. Given that a number of places are coded as follows, add an "api_visible_or_null" variant of vnet_get_sup_hw_interface, which returns NULL given an invalid sw_if_index, or a hidden sw interface: - hw = vnet_get_sup_hw_interface (vnm, sw_if_index); + hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index); if (hw == NULL || memif_device_class.index != hw->dev_class_index) return clib_error_return (0, "not a memif interface"); Rename two existing xxx_safe functions -> xxx_or_null to make it obvious what they return. Type: fix Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23udp: fix typo in udp connectinon flagsDave Wallace1-1/+1
Type: fix Fixes: 3b726197 Change-Id: Ib515f0995e5c837349ebcad5f63fbd1b2a197e13 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-07-23session: reorganize dispatch logicFlorin Coras3-153/+141
Type:refactor Change-Id: Id796d0103e61e15c35a586d8cbd3d8916487b84d Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23udp: fix connection flagsAloys Augustin1-3/+3
Change-Id: Ib69f9bd7970aeb2ee6a1c114d38dcb7f8698dc6d Type: fix Fixes: c754239 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-23session: avoid postponing closeFlorin Coras1-14/+0
Type: feature Change-Id: I96e850fc15b79349abbb52d91c0314f255d635be Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23tcp: generate closed notifications whenever tcp closesFlorin Coras2-1/+6
Type: fix This gives the session layer a chance to to cleanup events. Change-Id: I7499e94acf06340e2b19a1d91a4c61a63cd66c52 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-23devices: vhost handling VHOST_USER_SET_FEATURESSteven Luong1-0/+1
Some combinations of new qemu (2.11) and old dpdk (16.10) may send VHOST_USER_SET_FEATURES at the end of the protocol exchange which the vhost interface is already declared up and ready. Unfortunately, the process of VHOST_USER_SET_FEATURES will cause the interface to go down. Not sure if it is correct or needed. Because there is no additional messages thereafter, the hardware interface stays down. The fix is to check the interface again at the end of processing VHOST_USER_SET_FEATURES. If it is up and ready, we bring back the hardware interface. Type: fix Change-Id: I490cd03820deacbd8b44d8f2cb38c26349dbe3b2 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-07-22bonding: fix create bond CLIZhiyong Yang1-1/+1
1. "numa-only" is optional and is disabled by default for lacp mode. 2. update lacp doc. Type: fix Change-Id: I6a3a8423ef31ad9980353a796957693cd6205d73 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-22udp: support close with dataFlorin Coras3-19/+41
Also adds connection flags. Type: feature Change-Id: I76f21eb88ab203076149b7c03dc31c22fc0f342e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-22gso: Fix the l3 packet gso segment sizeMohsin Kazmi1-1/+4
Type: fix Ticket: VPP-1721 Change-Id: I7a5d4f1440048ddc9f599ac11d06e5a7df20440e Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-07-19fib: FIB Entry trackingNeale Ranns20-135/+464
Instead of all clients directly RR sourcing the entry they are tracking, use a deidcated 'tracker' object. This tracker object is a entry delegate and a child of the entry. The clients are then children of the tracker. The benefit of this aproach is that each time a new client tracks the entry it doesn't RR source it. When an entry is sourced all its children are updated. Thus, new clients tracking an entry is O(n^2). With the tracker as indirection, the entry is sourced only once. Type: feature Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19session: improve event loggingFlorin Coras4-60/+49
Type:feature Change-Id: I67a52ee48963a66915e2ebd116626eb9c296a9a5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-19bonding: add support for numa-only in lacp modeZhiyong Yang5-3/+56
If numa-only is set, Only slaves on local numa node transmit pkts if have at least one, otherwise the bond interface works as usual. CLI change: create bond mode lacp [load-balance { l2 | l23 | l34 } {numa-only}] [hw-addr <mac-address>] [id <if-id>] The new member "u8 numa_only;" is also added to bond_create_if_args_t. Type: feature Change-Id: Icdccedafb0738d8c9d4a5acce909ce562428c071 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-19session: Use parent_handle instead of transport_optsNathan Skrzypczak4-6/+6
Type: feature This is mostly used for quic in the case of a stream creation (i.e. connect on an already established QUIC session). We want do default parent_handle to INVALID to be able to distinguish it from parent_handle = 0 Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-19ipsec: register for port 4500 at INITNeale Ranns1-13/+5
Type: fix Fixes: 41afb33 Change-Id: Iceb99ead32f1858a5b4f85911d7cb2b39cc9add5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19ip: admin change affects intf IPv4 addr routesMatthew G Smith1-7/+53
Type: feature When admin status is changed on an interface, add or delete the routes for the IPv4 addresses configured on that interface. This is already being done for IPv6 interface addresses. Change-Id: Ib1e7dc49c499921dd287e075640243520ffa5589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-18tap: fix memory errors with create/delete APIBenoît Ganne1-7/+9
CLI allocates vectors consumed by tap_create_if(), whereas API pass null-terminated C-strings allocated on API segment. Do not try to be too clever here, and just allocate our own private copies. Type: fix Fixes: 8d879e1a6bac47240a232893e914815f781fd4bf Ticket: VPP-1724 Change-Id: I3ccdb8e0fcd4cb9be414af9f38cf6c33931a1db7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-18vlib: convert frame_index into real pointersAndreas Schultz3-4/+4
The fast path almost always has to deal with the real pointers. Deriving the frame pointer from a frame_index requires a load of the 32bit frame_index from memory, another 64bit load of the heap base pointer and some calculations. Lets store the full pointer instead and do a single 64bit load only. This helps avoiding problems when the heap is grown and frames are allocated below vm->heap_aligned_base. Type: refactor Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-17tcp: add node with no 6-tuple lookupVladimir Kropylev1-22/+96
Type: feature Add new node in TCP stack where TCP 6 tuple lookup is not required. In new node, packet metadata contains connection-index which can be used to retrieve the TCP connection. The new node will be used by proxy. Change-Id: I3aa0268946898912f4176d5c8c5903e06657479d Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
2019-07-17session: move constants definitionFlorin Coras2-2/+3
Type:refactor Change-Id: Ie4a89ae603cd365b28795c92daa08d5943e692ea Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-17session: use llist in session node evt handlingFlorin Coras3-66/+145
Type: refactor Change-Id: I24159e0a848f552b4e27acfb5fe6f2cd91b50a19 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-17session: grab mq lock until ctrl event is enqueuedFlorin Coras1-2/+1
Type: fix Change-Id: I26a6af7f92316f7a8a5309047b3b3605b87ca327 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-16session: fix node enable sequenceVladimir Kropylev1-1/+1
Type: fix Change the sequence to first allocate session_manager and then enable the session-nodes. During “session enable”, sometimes an issue was seen when in some cases POLLING node calls transport_update_time -> tcp_update_time -> tcp_set_time_now which access tcp_main.wrk_ctx before tcp_main_enable allocates the wrk_ctx. 0 0x00007ffff73f7778 in tcp_set_time_now (wrk=<optimized out>) at src/vnet/tcp/tcp.h:953 1 tcp_update_time (now=11.059735140000001, thread_index=<optimized out>) at src/vnet/tcp/tcp.c:1192 2 0x00007ffff75a75de in transport_update_time (time_now=11.059735140000001, thread_index=thread_index@entry=1 '\001') at src/vnet/session/transport.c:740 3 0x00007ffff75a0f4c in session_queue_node_fn (vm=0x7fff74913480, node=0x7fff75e7d5c0, frame=<optimized out>) at src/vnet/session/session_node.c:873 Change-Id: Id2288dd05ba179af2ff22c58bac1331fc21a1c7d Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
2019-07-16ipsec: handle UDP keepalivesNeale Ranns8-38/+227
Type: feature Change-Id: I87cc1168466f267e8c4bbec318401982f4bdf03a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-16ipsec: coverity found c-n-p errorNeale Ranns1-1/+1
Type: fix Fixes: 4b0b0d4 Change-Id: Ibd37c9099f9847ed23fa8357fd8e57ee516e52ab Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-15ipsec: rewind missing from dual loopNeale Ranns1-4/+9
Type: fix Fixes: a6bee0a1 Change-Id: I1959e28b82825d7928d471d3dfa827ea4cdd74b7 Signed-off-by: Giles Heron <giheron@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-15interface: fix issue that pcap rx/tx trace not available when there are ↵Wei CHEN2-8/+10
worker threads Type: fix Change-Id: Ie9a3a78b45b53344a0a5d7e2027c0e0354a49ebe Signed-off-by: Wei CHEN <weichen@astri.org>
2019-07-15session: allow transports to generate closed notificationsFlorin Coras6-27/+44
In contrast to the closing notification, whereby a transport informs the session layer that is beginning the closing procedure, this allows transports to notify the session layer of the fact that the transport is "fully" closed, i.e., it expects no more data. Also: - adds app closed state for sessions - changes tcp to have it notify when an active close has finished Type: feature Change-Id: I13c738006c03f85015e05ab82843a33a69382aaf Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-14api: add DSCP definitions to ip_types.apiPaul Vinciguerra1-0/+46
- also adds ecn definitions. Type: feature Change-Id: Id98d9ae57289425fcfed367f426442173ef4e882 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-12quic: fix show session verboseAloys Augustin2-4/+5
Proprely display quic connections in show session verbose, and add a small fix for UDPC listeners and UDP sessions formatting. Change-Id: I33f83e77bf357347623d87ad23c483aba60a9bb2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-12tls quic: reduce default segment sizesAloys Augustin1-1/+1
This reduces the memory required by tls and quic, allowing to run them (and their tests) in more constrained environments by default. Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: fix
2019-07-12session: add thread index to all formattersAloys Augustin5-2/+9
Add a thread_index argument to half-open and listener session formatters because QUIC can have listeners and half-open sessions in any thread. Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-12ipsec: drop outbound ESP when no crypto alg setMatthew Smith4-5/+162
Type: fix If a tunnel interface has the crypto alg set on the outbound SA to IPSEC_CRYPTO_ALG_NONE and packets are sent out that interface, the attempt to write an ESP trailer on the packet occurs at the wrong offset and the vnet buffer opaque data is corrupted, which can result in a SEGV when a subsequent node attempts to use that data. When an outbound SA is set on a tunnel interface which has no crypto alg set, add a node to the ip{4,6}-output feature arcs which drops all packets leaving that interface instead of adding the node which would try to encrypt the packets. Change-Id: Ie0ac8d8fdc8a035ab8bb83b72b6a94161bebaa48 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-07-12ip: Trace the packet from the punt nodeNeale Ranns1-7/+14
Type: feature Change-Id: I01f1cc53efc93b0a7bb588ea6db89a53c971a3f5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12ipsec: Reference count the SAsNeale Ranns9-166/+155
- this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12ip ipsec: Remove IPSec SPI-0 punt reasonNeale Ranns5-31/+31
Type: fix There's no call for an SPI-0 punt reason with UDP encap, since it's only with UDP encap that the ambiguity between IKE or IPSEC occurs (and SPI=0 determines IKE). Enhance the punt API to dum ponly the reason requested, so a client can use this as a get-ID API Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12syslog: fix syslog structured data formattingBenoît Ganne1-1/+1
syslog structured data are stored as vectors not null-terminated C-strings. Use '%v' instead of '%s'. Type: fix Fixes: b4515b4be4 Change-Id: Iba224f271c832daca90d4bbccfef45d0f563fe60 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-11ip: Punt node does not free iovecsNeale Ranns3-11/+22
Type: fix Fixes: f7a55ad74c Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-11ipsec: Revert "IPSEC: remove byte swap operations in DP during SPD classify"Neale Ranns5-27/+26
Type: fix Fixes: 231c4696872cb344f28648949603840136c0795d This reverts commit 231c4696872cb344f28648949603840136c0795d. Change-Id: I136344555983dd10a31dbc000ee40e2de2c91291 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-11ipsec: Revert "IPSEC: remove double byte swap of IP addresses"Neale Ranns1-10/+18
This reverts commit 9b208ced585d3b4620d6fde586cd047fe2027ecf. Type: fix Fixes: 9b208ced585d3b4620d6fde586cd047fe2027ecf Change-Id: I94a17039b4727bff0877423da5ba6cfceb188b17 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-10tcp: improve rate estimateFlorin Coras2-9/+22
Type:feature - sample rtt estimation - report acked+sacked - report last lost bytes - use snd_una == snd_nxt to detect 0 bytes in flight Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-10ip: fix show ip neigh vector read overflowBenoît Ganne3-38/+30
Both format_ethernet_arp_ip4_entry() and format_ip6_neighbor_ip6_entry() used %s to format flags which is a vector and not a null-terminated C-string. Introduce format_ip_neighbor_flags() instead. Type: fix Fixes: 102ec52bc4 Change-Id: I0c9349fefbeb76471933de358acceb50512a21aa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-10misc: fix buffer issue in geneve_inputZhiyong Yang1-10/+8
Type: fix Change-Id: I32000cd42b0ab2ce54a159c6727823fd0d113fe4 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-10fib: fib_entry_flags_update takes a vector of pathsNeale Ranns1-5/+1
Type: fix Fixes: 097fa66b Change-Id: I690e31433b64f11399c08b4a0318762916c2c2f0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-09session: notify app of session and transport cleanupFlorin Coras5-3/+39
Type:feature Change-Id: Ic9515c0b11ca6f75503f47ec6b2c58d240afb144 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-09udp: UDPC handle open failNathan Skrzypczak1-6/+9
Type: fix Change-Id: Ib8fb4957f4da9e464e2575c45c8ff3828db89872 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-09tcp: remove warning for multi-seg scnario.Simon Zhang1-1/+0
Type: fix Change-Id: I64e2082bd8ac5b0be21e10407dc29ba4c3f4cab3 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>