| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Make it easier to integrate with external IKE daemon.
IPsec interfaces can have one or both SAs replaced after
creation. This allows for the possibility of setting a
new child SA on an interface when rekeying occurs. It also
allows for the possibility of creating an interface ahead
of time and updating the SA when parameters that are
negotiated during IKE exchange become known.
Change-Id: I0a31afdcc2bdff7098a924a51abbc58bdab2bd08
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Implement recvfrom(MSG_PEEK) by returning data in the provided buffer
without moving the read pointer
Change-Id: Idc1b22632d78e8a499cce7d48c15e8bab0b0bf88
Signed-off-by: Steven <sluong@cisco.com>
|
|
When lldp interface is set, it's better to check valid interface index.
Change-Id: I0db0ab6483ad73d28c69893576aa9b719c3b087c
Signed-off-by: Steve Shin <jonshin@cisco.com>
|
|
Change-Id: If8fb5484b64a5b1c04e34573490fedcf63feabc9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Icaf7d7ad47284aea7a56e8006b69f45874d64202
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This fixes compilations on arm platforms.
The call to the function itself was protected, and used clib_xxhash instead.
Only the header protection was missing.
Change-Id: I9fac252a5732e1a9808cf7de93fa3d5f07bcebe6
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Dynamically calculate the required buffer size to pack into based on
message definition. Also add input parameter length checking.
Change-Id: I7633bec596e4833bb328fbf63a65b866c7985de5
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Use a single physical interface in order to accomplish NAT44/NAT64.
Change-Id: I0c8138953a7a4075df306172e125abad771315e4
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Add support for getsockopt, sendto, and recvfrom. Not all options
for the system calls are supported yet. Only the options used by
curl and wget are supported for now.
Change-Id: I2e0ed7349a0273616b3831c201e7c117725ca287
Signed-off-by: Steven <sluong@cisco.com>
|
|
- CID 178225: Constant expression result
- CID 178220: Logically dead code
- CID 178222: Logically dead code
- CID 178227: Logically dead code
- CID 178223: Same on both sides
- CID 178226: Same on both sides
Change-Id: Ie0c80edb41390cf2308e54938be85d865e292138
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- Move VCL & VCL-LDPRELOAD source into src/vcl
- Statically link vppcom into libvcl-ldpreload.so
Change-Id: I778300b37e8b06640d9dbc01caf297edf7a6edb7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I5c1df59bce7c9654101672a12981e5bd62e9adc4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- Global variables declared in header files without
the use of the 'extern' keword will result in multiple
instances of the variable to be created by the compiler
-- one for each different source file in which the
the header file is included. This results in wasted
memory allocated in the BSS segments as well as
potentially introducing bugs in the application.
Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I1075e5d2a1b6dfe3a443b40b41b8458a30505680
Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
Signed-off-by: Jakub.Grajciar@pantheon.tech <Jakub.Grajciar@pantheon.tech>
|
|
Change-Id: I2e7e08e1de20ab57e3f899b080b90a3082219ae5
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ie49ee865b197e8fe7bba170c115a4ccbf1013e5f
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
Change-Id: Id8578321381d14f9de827767ef0acf627f1535e4
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- filter verbose debug output with VCOM_DEBUG > 2
- clean up nomenclature, renaming vppcom_*() functions to
vcom_session_*()
- fix vppcom_select crash with NULL maps.
Change-Id: I6e416a096d6fd800aa26991c2439e24e8fc38cc5
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Ic531d820b1846ff7363e5c396ac0b1176e87b401
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Any u8* variable created by format() is NOT null-terminated.
Add the null terminating byte with vec_terminate_c_string().
If that variable is used by (at least) hash_get_mem(), then it needs to
be null-terminated, as it will go through string_key_sum() which makes a
call to strlen.
Change-Id: I4e51e1b6668f557e53af3bb897cd281598eedbc0
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Change-Id: I78215041588014e9e5c3599c60471ced610735bb
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- Fix vppcom_select crash when n_bits == 0
- Enhance debug output
- Remove port byte-swapping during accept
Change-Id: I6ccd1040ceb82908d924220f558df803ab5eea30
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Vat supports setting value for the parameter, but
'not_last' is ignored by ip_add_del_route handler,
so can be removed.
This patch
- updates ip.api,
- removes vat handlers
- updates vpp_papi_provider.py
(also mpls_route_add_del with unused not_last)
Change-Id: Ife15de123db4bc8247103a29b90bce1988e46534
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
Use a proper u16 * vector to capture node indices, since vpp w/
plugins now exceeds 255 graph nodes
Change-Id: Ic48cad676fa3a6116413ddf08c083dd9660783f1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ib6b52917af717d3341429163fb9ecc903cf717fb
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Ief8c3d3bec116e9f884981fb52af528f98b5f6ff
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This plugin provides per-ip address to interface punting.
When at least one rule is defined, the plugin receives all packets
which destination is one of VPP's address but which was not processed
by VPP (e.g., a TCP packet on a port that is not open, or a packet
for a protocol which is not attached).
Based on the set of configured rules, the destination address of each
packet is used to send the packet on the associated interface.
This plugin allows multiple containers to use
VPP's TCP stack (or other features provided by VPP) while still
being able to receive additional packets.
Change-Id: I3e69bb7d98183bf5163cb9ecb564cb482de252ce
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: I0c1671f3eaf2dad084e3ac9fb124c9ed78273f50
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Ubuntu 17.04, gcc version 6.3.0 20170406 (Ubuntu 6.3.0-12ubuntu2),
"make build" fails with the few of the errors below:
error: suggest parentheses around comparison in operand of ‘|’
[-Werror=parentheses]
is_aead = (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 |
Solution: use the logical rather than the bitwise or.
Change-Id: Iffcc1ed2e68b14b248159cb117593d32c623c553
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
We need to push/pop the rx pthread's heap without affecting other
thread(s).
Search clib_per_cpu_mheaps, locate an unused slot. Duplicate the main
thread heap pointer in that slot, and set __os_thread_index
appropriately.
Miscellaneous cleanups. Print exec_inband results as a vector, instead
of as a format string. Don't bail out of vpp_api_test with results
pending, e.g. at the end of a vpp_api_test script. Even though vpp
will eventuallly garbage-collect them, We don't want to leave
allocated reply messages lurking in the api message allocation
rings...
Change-Id: I0e8a25d1ff0d3700249dc330d079db16c2fcbc55
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I54ced42749432335183ee3085a9ccc5f95a87ae9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: Ic3a0c51e5408921051deaf2e50372d9654574b27
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I5974e5545d74af53c27938c8cdbae12745c38a54
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
|
|
Change-Id: I7794d5a0774017da4c1c15f45783a18754994ac8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I193832a0cd0557fffc034a1223f67fa64a4d45ae
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- Cache intermediate CNAME records
- Bug fixes
Change-Id: I06dcb558212fc5e9434281493c872577cf9b83e1
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I198f58a84c4692408f9205052af24ee22df7aeaa
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Java bindings use get_message_id from jvpp-common
to detect if messages known at compile time
are avaliable at runtime.
In case of missing entry, Java exception is propagated
via JNI using (*env)->ThrowNew.
But this function does not end code execution so,
in order to prevent unexpected behaviour
(e.g. calling vl_msg_api_set_handlers with id == 0),
get_message_id caller should do it manually.
Change-Id: I2edb5013fd3658dcdd77a867b5cdf62e559ee071
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
* (vip - lbm->vips) is u64; change format from [%u] to [%lu]
* vip->plen is u8, but format looks for u32; add exlicit cast
(this cast was done implicitely)
On ARM platforms, these prevent a loop in the second call to
format_white_space() which would get an invalid (huge) indent value;
the result *looked like* an infinite loop.
Change-Id: I675ef2f98e4ba3d9e8aef12022d38b1d22981da8
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Add support for getpeername and getsockname system calls
Change-Id: Ie22787b967bb2a5fead0f5fcffd779e4f39b3302
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I20ce799c9dd57332c06003b466ee7c36169bce98
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ia31b978c6c1619c3e0075a84fcbbb6ccbf1c0076
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
This reverts commit f9342023c19887da656133e2688a90d70383b0c5.
Reverting to unblock master. No idea why jjb +1ed this patch! On closer inspection it looks like it -1ed it and subsequently changed opinion. CSIT tests should be fixed before re-merging.
Change-Id: I26608912a962c52083073e16c7c9d2cc44a3cc8d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I2446c646de7f227f9438dd7ef93a455ba5af0102
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This follows commit d3c008d108aa2187d1a2afe2833b4de25ca2c2ab by
Christophe Fontaine.
Change-Id: I0c4df40df44be2ac0ab25817fa050a1f619eca4d
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
There was already a CLI command and a libvnet function
to set the keys on an existing IPsec tunnel interface.
Expose this via the API.
Change-Id: I226a9616f680fc022f04447177a2e8232690657f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I5d5d4f22b6369d504455a644f73076d772fbcfb4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
With heavy traffic, tx code path may crash due to memory corruption
Thread 5 "vpp_wk_2" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff3995c700 (LWP 2505)]
0x00007ffff73675e8 in vhost_user_if_input (vm=0x7fffb5f5bf9c,
vum=0x7ffff7882a40 <vhost_user_main>, vui=0x7fffb65570c4, qid=0,
node=0x7fffb6577dac, mode=VNET_HW_INTERFACE_RX_MODE_POLLING)
at /home/sluong/vpp-master/vpp/build-data/../src/vnet/devices/virtio/vhost-user.c:1610
1610 bi_current = (vum->cpus[thread_index].rx_buffers)
[vum->cpus[thread_index].rx_buffers_len];
(gdb) p vum->cpus[thread_index].rx_buffers_len
$2 = 793212607
(gdb)
Apparently, some code accidentally wrote the bad value in rx_buffers_len.
rx_buffers_len should never be greater than 1024 since that is how many buffers
we request each time.
After debugging many hours, I discovered that the memory corruption happens
in the tx code path right here on line 2176.
{
vhost_copy_t *cpy = &vum->cpus[thread_index].copy[copy_len];
copy_len++;
cpy->len = bytes_left;
cpy->len = (cpy->len > buffer_len) ? buffer_len : cpy->len;
cpy->dst = buffer_map_addr;
cpy->src = (uword) vlib_buffer_get_current (current_b0) +
current_b0->current_length - bytes_left;
(gdb) p cpy
$3 = (vhost_copy_t *) 0x7fffb554077c
(gdb) p copy_len
$4 = 1025
(gdb) p &vum->cpus[3].rx_buffers_len
$8 = (u32 *) 0x7fffb5540784
copy_len is picking up the index entry 1024 before it was incremented. copy array has only
1024 members (0 - 1023 are valid).
The assignment here in cpy surely causes memory corruption. It is only discovered later
when the memory location that it corrupted is used.
The condition for the crash is to transmit jumbo frames under heavy volume. Since ring
size is 1024, with one packet taking up one index for frame size (less 2048), it does
not cause overflow. With jumbo frames, it requires multiple indices for one packet,
it can cause the overflow under heavy traffic.
The fix is to do copy out when we have 1000 entries in the array to avoid
overflow.
Change-Id: Iefbc739b8e80470f1cf13123113f8331ffcd0eb2
Signed-off-by: Steven <sluong@cisco.com>
|
Matthew Smith
Steven
Steve Shin
Dave Wallace
Damjan Marion
Gabriel Ganne
Ole Troan
Andrew Yourtchenko
Matus Fabian
Neale Ranns
Jakub Grajciar
Eyal Bari
Keith Burns (alagalah)
Dave Barach
Klement Sekera
Marek Gradzki
Filip Tehlar
Pierre Pfister
Marco Varlese
Florin Coras
Florin Coras