aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin2-9/+59
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-03vppinfra: fix typo in tw_timer_template.cDave Barach1-1/+1
Fix minor memory leak Type: fix Ticket: VPP-1833 Fixes: 4af9ba1dab Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id10fba70471ca78f73f14146054f6b12c5d4431f
2020-02-03tls: refactor for tls async event handlingYu Ping6-198/+163
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-03virtio: vhost gso is broken in some topologySteven Luong1-2/+8
Recent modification added a call to vnet_gso_header_offset_parser in the beginning of vhost_user_handle_tx_offload. The former routine may set tcp or udp->checksum to 0. While it is appropriate to set it to 0 for the GSO packet, it is broken and causes checksum error if the aformentiooned routine is called by a non-GSO packet. The fix is to not call vhost_user_handle_tx_offload if the buffer does not indicate checksum offload is needed. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I6e699d7a40b7887ff149cd8f77e8f0fa9374ef19
2020-02-03fib: invalid check for adj types.Neale Ranns1-1/+1
Type: fix coverity found invalid logic. Change-Id: Ic9144ac805a4e5a18aa299794fedda044dcb65fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-03fib: refresh adj pointer after fib_walk_sync due to possible reallocSteven Luong2-0/+13
fib_walk_sync may call adj_alloc which may cause adj_pool to expand. When that happens, any previous frame which still use the old adj pointer needs to refresh. Failure to do so may access or update to the old adj memory unintentionally and crash mysteriously. Type: fix Ticket: VPPSUPP-54 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I173dec4c5ce81c6e26c4fe011b894a7345901b24
2020-02-03gre: improve .api descriptionsVratko Polak1-8/+28
+ Remove fields not present in the typedef. + Sort field descriptions by the order in the typedef. + Add descriptions to other messages. + Add comment lines with de-abbreviated enum values. Type: style Change-Id: I2c41e0204ba5c59a53f1cf7b5837118484a16ad0 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-02-03gre: add missing .api editsVratko Polak1-2/+2
The previous edit has added a new field to a typedef. That change is backward-compatible for PAPI users, but not backward compatible for direct binary API users. This change adds two edits that should have been there already: + Copyright year bump. + API version bump. - PAPI users point of view, so bumping minor version only. Type: fix Fixes: e5b94dded0dfd7258d5fd0f4ef897d9ccb48715b Change-Id: Ib85f457254e38a8e5999a078855848e6a5cfda13 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-01-31session: fix chunk batch alloc for large fifosFlorin Coras1-6/+8
Type: fix Change-Id: Ibfac65b516f20d25d91f6d0cf86491353811b8be Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-31quic: quicly crypto offloadingMathiasRaoul4-57/+579
- Implement our own quic packet allocator to allocate more memory at the end of the packet to store crypto offloading related data - 1RTT packets offloading encryption/decryption using vnet crypto - Add cli to change max packet per key Type: feature Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-01-31crypto-native: add ARMv8 AES-CBC implementationDamjan Marion8-367/+762
Type: feature Change-Id: I32256061b9509880eec843db2f918879cdafbe47 Signed-off-by: Damjan Marion <dmarion@me.com>
2020-01-31quic: update quicly to v0.0.10-vppMathiasRaoul1-1/+1
Type: feature Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com> Change-Id: I5452f8bbd0ff9e2a57f7bd7d134a8824efa5f30a
2020-01-30crypto-native: refactor AES codeDamjan Marion4-166/+169
- use neutral types in preparation for ARMv8 support - simplify x86 key extraction support Type: refactor Change-Id: I947eb37b8c9d9ee6909bb32ef14c4de192d40a46 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30misc: deprecate dpdk hqosDamjan Marion11-3355/+0
Not in functional state for a long time ... Type: refactor Change-Id: I2cc1525a6d49518cbc94faf6afbf0d2d0d515f56 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30misc: deprecate netmap and ixge driversDamjan Marion17-6521/+0
Both are out of sync for long time... Type: refactor Change-Id: I7de3170d35330fc172501d87655dfef91998b8fe Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30map: Add several more MAP-T BR testsJon Loeliger1-8/+294
Add several more MAP-T BR tests for normal packet flow. Type: test Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30vppinfra: improve clocks_per_second convergenceDave Barach4-58/+84
Apply exponential smoothing to the clock rate update calculation in clib_time_verify_frequency(), with a half-life of 1 minute and a sampling frequency of 16 seconds. Within 5 minutes or so, the calculation converges With each rate recalculation: reset total_cpu_time based on the kernel timebase delta since vpp started, and the new clock rate Improve the "show clock [verbose]" debug CLI command. BFD echo + echo fail tests marked off until the BFD code can be reworked a bit. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I24e88a78819b12867736c875067b386ef6115c5c
2020-01-30tap: fix host mtu configuration settingMohsin Kazmi1-12/+13
host mtu can't be set if tap interface is in namespace. This patch fixes this issue. Type: fix Change-Id: I63811c4b56c708fe708061a8afbaec41994f08ca Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-01-30tap: fix the host mac addressMohsin Kazmi3-20/+11
Tap configuration code sets the host mac address two time. This patch fixes it. Type: fix Change-Id: I7bebb9b7f25352a8a9a98bae6a0636757c0cea9c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-01-30fib: fix typos in doxygenPaul Vinciguerra1-10/+10
cleaned up some trivial typo's while reading through adj.h Type: docs Change-Id: I1b6cd815dc10ed3da8db2024b3e015e076235d50 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-30gre: Tunnel encap/decap flagsNeale Ranns10-103/+329
Type: feature common funcitons across IP-in-IP and GRE tunnels for encap/decap functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I325b66824878d843af167adfe5a7a96b0ab90566
2020-01-30vcl session: propagate cleanup notifications to appsFlorin Coras6-40/+115
Type: feature Change-Id: I7f8e3763d7f8364563a25d0fcc782976b906b325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-30vppapigen: update markdown documentationPaul Vinciguerra1-7/+10
- Add newly added typedefs. - Update string examples. Change-Id: I1e7ee7cbf5901ba97302472521bf1f42a14765ea Type: docs Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger2-2/+279
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: handle ip4 ttl=1 packets in map-tAlexander Chernavin3-10/+20
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30crypto-native: don't expand aes-cbc keys twiceDamjan Marion2-11/+7
Type: refactor Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30bfd: add missing castKlement Sekera1-1/+1
Add missing cast to time conversion function to to deal with arbitrary clocks-per-second values. Type: fix Change-Id: I5075a823e7a95c972c513ac765252337d5f59fbf Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-29tests: add map-t fragmentation verificationsAlexander Chernavin1-10/+36
Type: test Change-Id: I5522e88ee178d0563c246895393e835d125f1b81 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-28dhcp: disable extraneous vlib_log spewDave Barach1-9/+12
When there are no dhcp client interfaces configured, it's not useful to make periodic / timeout log entries. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
2020-01-28session tcp: fix packet tracingFlorin Coras5-13/+15
Type: fix Change-Id: Ib823d016c64998779fb1d00b8aad3acb5e8340be Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-28hsa: proxy rcv wnd update acks after full fifosFlorin Coras1-6/+87
Avoid rcv wnd probing after zero window advertisments by registering for tx dequeue notifications and forcing acks that open the rcv wnd. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
2020-01-28crypto-native: rename crypto_ia32 to crypto_nativeDamjan Marion8-93/+93
Type: refactor Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-28map: ip4-map-t more RFC compliantVladimir Ratnikov1-8/+20
When MTU is not set, ignore_df and mtu check always returns true and packets are dropped. This patch puts MTU checks after it was compared with 0 and set to maximum if not set. Added trace node. If MTU is less than the total length value of the IPv4 packet plus 20, the translator MUST send an ICMPv4 "Fragmentation Needed" error message to the IPv4 source address Type: fix Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
2020-01-27crypto-ia32: add VAES support for AES-CBCDamjan Marion6-50/+250
Type: feature Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27sr: fix possible null-pointer dereferenceIgnas Bacius2-10/+27
Steps to reproduce VPP crash: 1. configure localsid End behavior 2. ping the localsid address Type: fix Signed-off-by: Ignas Bacius <ignas@noia.network> Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
2020-01-27vppinfra: use CPUID provided base frequency if availableDamjan Marion1-0/+32
Type: fix Change-Id: Ifb007207be97119e07c3a0eba4714eb519de043c Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27vppinfra: add x86 CPU definitionsDamjan Marion1-0/+8
Type: feature Change-Id: I9d1f9f00ac011a93709850186dcf4cf5ea3bf88a Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27classify: pcap / packet trace debug CLI bugsDave Barach2-1/+5
"classify filter trace ... " and "classify filter pcap ..." are mutually exclusive. vnet_pcap_dispatch_trace_configure needs to check for set->table_indices == NULL. Type: fix Ticket: VPP-1827 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I43733364087ffb0a43de92e450955033431d559d
2020-01-27interface: Add missing ip4 udp->checksum = 0 prior to computing checksumSteven Luong1-1/+4
For ip4 tcp, ip6 tcp, and ip6 udp packet, we set checksum = 0 prior to computing the checksum. We missed ip4 udp case. This oversight requires all clients to set udp->checksum = 0 if ip4 udp checksum offload is needed. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic608811e82099f3bec469e123671e9b281f38d76
2020-01-27ipip: Multi-point interfaceNeale Ranns22-143/+522
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
2020-01-27tunnel: Common types for IP tunnelsNeale Ranns21-233/+324
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
2020-01-27map: api: fix tag overflow and leakBenoît Ganne2-4/+6
The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-27bfd: reset peer discriminator on timeoutKlement Sekera1-0/+13
More RFC compliance. Ticket: VPP-1816 BFD: peer discriminator not reset on timeout Type: fix Change-Id: I68063c18097d282b3527e3fb485c1d0d1fd1b0c8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-27fib: Reload the adj after possible realloc (VPP-1822)Neale Ranns1-0/+1
Type: fix Fixes: 418b225931634f6d113d2971cb9550837d69929d Change-Id: Ia5f4ea24188c4f3de87e06a7fd07b40bcb47cfc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-27devices: vhost: fix data offset on inputBenoît Ganne1-11/+1
Regardless of whether the virtio_net_hdr is sent as a separate descriptors or in the same descriptor as the data, we always want to skip the header length - maybe moving to the next descriptor along the way. Type: fix Change-Id: Iaa70aeb310e589639b20f8c7029aaa8d3ce5d307 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-27docs nat: fix nat-ha ascii artPaul Vinciguerra1-0/+2
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html Type: docs Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-24session: fix node runtime in pre-input queue handlerFlorin Coras1-0/+1
Call session queue node with the right node runtime instead of the pre-input node runtime. Type: fix Change-Id: I43d20bed4930fc877b187ce7ecdce62034b393c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-24nat: in2out-output nodes work with acl reflectMatthew Smith2-2/+107
Type: feature The current feature ordering of NAT44 nodes with respect to the ACL plugin's IPv4 input/output features is: ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes ACL rules with action permit+reflect can keep track of outbound flows and allow the replies inbound without an explicit inbound rule. If ACL permit+reflect rules are configured on an interface that also has NAT44 configured with output-feature/postrouting translation of outbound packets, the ACL rules cannot allow inbound packets. The ACL state that was stored on the outbound flow contains the IP addresses of the original packet, prior to translation. The inbound packets are being evaluated by the ACL node using the translated addresses. The order of processing inbound needs to be the opposite of what it was outbound for this to work. Change the NAT44 features on ip4-output so that they run before outbound ACL nodes. This matches the existing behavior of the NAT44 nodes which rewrite source addresses as an input feature instead of an output feature. This was only done for endpoint dependent mode because the regular endpoint independent in2out-output node currently selects an explicit next node rather than using the next node on the feature arc. Unit test added to configure both NAT and an ACL and ensure that out2in packets matching an in2out flow are permitted by the ACL and translated by NAT. Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-01-23vcl: always report EPOLLHUP/EPOLLRDHUP on closeFlorin Coras1-4/+0
Type: fix Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-23vcl session: udp session migration notificationsFlorin Coras4-1/+70
Type: feature Change-Id: I402549818ba6e078802e914293304174dc6625c2 Signed-off-by: Florin Coras <fcoras@cisco.com>