Age | Commit message (Collapse) | Author | Files | Lines |
|
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload
to enable stronger guarantees of forward secrecy.
When the KEi payload is included in the CREATE_CHILD_SA request,
responder should reply with the KEr payload and complete the key
exchange, in accordance with the RFC.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
|
|
Type: fix
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: Icbd452b43ecaafe46def1276c98f7e8cbf761e51
|
|
Zero-initialize the temporary struct.
Type: fix
Change-Id: I6f7a35ace6002aa75dc986c7c7eca614c9c5c3ed
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add a missing null check
Type: fix
Change-Id: Id1b27341480c9d62185496ae1d832360119ec198
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add a missing null check.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ie6234804e2b89adc918ef9075f9defbb1fd35e44
|
|
We validate each descriptor via memif_validate_desc_data and set
desc_status to non-zero for the corresponding descriptor when
the descriptor is bad. However, desc_status is not propagated back to
xor_status in memif_validate_desc_data which eventually sets
ptd->xor_status.
Not setting ptd->xor_status causes us to treat all descriptors as
"simple". In that case, when we try to copy also the bad descriptors to
the buffers, it results a crash since desc_data is not set to point
to the correct memory in the descriptor.
The fix is to set xor_status in memif_validate_desc_data such that if
there is a bad descriptor in the frame, "is_simple" is set to false and
we have to selectively copy only the good descriptors to the buffers.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I780f51a42aa0f8745edcddebbe02b2961c183598
|
|
Type: fix
After peers roaming support addition, FIB entry tracking stopped
working. For example, it can be observed when an adjacency is stacked on
a FIB entry by the plugin and the FIB entry hasn't got ARP resolution
yet. Once the FIB entry gets ARP resolution, the adjacency is not
re-stacked as it used to. This results in endless ARP requests when a
traffic is sent via the adjacency.
This is broken because the plugin stopped using "midchain delegate" with
peers roaming support addition. The reason is that "midchain delegate"
didn't support stacking on a different FIB entry which is needed when
peer's endpoint changes. Now it is supported there (added in 36892).
With this fix, start using "midchane delegate" again and thus, fix FIB
entry tracking. Also, cover this in tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iea91f38739ab129e601fd6567b52565dbd649371
|
|
Type: improvement
Currently, once an adjacency is stacked on a FIB entry via
adj_midchain_delegate_stack(), "midchain delegate" is created for the
adjacency and the FIB index is stored there. And all further calls to
adj_midchain_delegate_stack() even passing another FIB index will cause
the function to still use the stored one. In other words, there is
currently no way to stack an adjacency on another FIB index if "midchain
delegate" already exists for it.
Being able to stack on another FIB index is needed for the wireguard
plugin. As per the protocol, peers can roam between different external
endpoints. When an authenticated packet is received and it was sent from
a different endpoint than currently stored, the endpoint needs to be
updated and all futher communication needs to happen with that endpoint.
Thus, the corresponding to that peer adjacencies need to be stacked on
the FIB entry that corresponds to the new endpoint.
With this change, add adj_midchain_delegate_remove() that removes
"midchain delegate". When stacking on another FIB entry is needed,
existing "midchain delegate" can be removed and then, a new one created
with a new FIB index via adj_midchain_delegate_stack().
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
|
|
In several NAT submodules, the number of available ports (0xffff - 1024)
may not be divisible by the number of workers, so port_per_thread is
determined by integer division, which is the floor of the quotient.
Later when a worker index is needed, dividing the port with port_per_thread
may yield an out-of-bound array index into the workers array.
As an example, assume 2 workers are configured, then port_per_thread
will be (0xffff - 1024) / 2, which is 32255. When we compute a worker
index with port 0xffff, we get (0xffff - 1024) / 32255, which is 2,
but since we only have 2 workers, only 0 and 1 are valid indices.
This patch fixes the problem by adding a modulo at the end of the division.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ieae3d5faf716410422610484a68222f1c957f3f8
|
|
we need cancel vrrp_vr_timer when deleting vrrp vr
Type: fix
Signed-off-by: luoyaozu <luoyaozu@chinatelecom.cn>
Change-Id: I8ea01f1943d6e3e60c4990c5be945de613bc8b53
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18b9d0d67f5fe4c1714427259df29026153d8dd1
|
|
like tcp punt
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifda8ca8d26912c750a77d2ca889e1638ca83d85a
|
|
Type: improvement
If a tun/L3 interface is paired with a multipoint tunnel interface,
pass packets arriving from the host to ip[46]-lookup instead of
cross-connecting them to the tunnel interface. Adjacencies are used
to drive the rewrite for Multipoint tunnel interfaces, so the generic
adjacency used with a P2P tunnel will not work correctly.
Change-Id: I2d8be56dc5029760978c05bc4953f84c8924a412
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
API and internal flags do not match 1:1.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
|
|
Type: fix
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I11b6107492004a45104857dc2dae01b9a5a01e3b
|
|
Type: improvement
This method allows the assignment of a severity to the error.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8907fecde6d48f5362f0f91372d5a9a1bba6f931
|
|
Type: feature
With this change, peers are able to roam between different external
endpoints. Successfully authenticated handshake or data packet that is
received from a new endpoint will cause the peer's endpoint to be
updated accordingly.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c
|
|
Type: feature
With this change, if being under load a handshake message with both
valid mac1 and mac2 is received, the peer will be rate limited. Cover
this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Id8d58bb293a7975c3d922c48b4948fd25e20af4b
|
|
Type: feature
stats of the like from:
https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-arp-yang-model-03#section-4
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icb1bf4f6f7e6ccc2f44b0008d4774b61cae96184
|
|
Change-Id: I42a138628b06a412b8fce7fb4fc500caf9057169
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
This change implement a flavour of vlib_validate_buffer_enqueue_x1 with
aux data support
Change-Id: I2ecf7af49cf15ecd23b12d8acd57fe90546c1af7
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Change-Id: I2f3163a7a158afa8e2debc6f545c3d1a2a12ac1d
Type: fix
Fixes: 3414977152ae6362277158dc732e6b9958a6e618
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Change-Id: I6bed66f740b34673a4883eda1c7f7310c57e131b
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
With this change:
- if the number of received handshake messages exceeds the limit
calculated based on the peers number, under load state will activate;
- if being under load a handshake message with a valid mac1 is
received, but mac2 is invalid, a cookie reply will be sent.
Also, cover these with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
|
|
Type: fix
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I065bd5c26055d863d786023970e7deeed261b31c
|
|
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode()
returns an error it actually returns success. This has been changed to
return a clib_error_return() value.
Type: fix
Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522
Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
|
|
Type: improvement
This patches makes the make json-api-files
run in parallel in the same python runtime.
Default number of workers is 8, and run time
goes from ~20s to ~2s on average.
Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Change-Id: I0abbe925d6b9d3dd7196cd8beaf4f471beb45bd6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
May cause pointers point to unexpected non-zero addresses if not
validate vec
Type: fix
Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829
Signed-off-by: GaoChX <chiso.gao@gmail.com>
|
|
Type: feature
Currently, if a handshake message is sent and a cookie message is
received in reply, the cookie message will be ignored. Thus, further
handshake messages will not have valid mac2 and handshake will not be
able to be completed.
With this change, process received cookie messages to be able to
calculate mac2 for further handshake messages sent. Cover this with
tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I6d51459778b7145be7077badec479b2aa85960b9
|
|
This patch fixes followig coverity issues:
CID 274739 Out-of-bounds read
CID 274746 Out-of-bounds access
CID 274748 Out-of-bounds read
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9bb6741f100a9414a5a15278ffa49b31ccd7994f
|
|
Fix parse problem with per-prefix settings (e.g. valid-lifetime)
in ip6 ra.
Type: fix
Signed-off-by: me@hrntknr.net
Change-Id: I2a00bf5b9621ebc16211227d70e376fc2f61bae1
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I39e3e007da2b99321bebf3e1c1ebb1d87547f532
|
|
Type: fix
Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right
Signed-off-by: liangrq <liangrq@efly.cc>
Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
|
|
format_base10 reads 64b but is fed 32b values at the callsite; change
to u64 consistently. The function has only one call site in
interface/monitor.c which has a few additional bugs (spurious
character, and ambiguous 'bits' versus 'bytes' in the output).
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
|
|
If an API methos is specified as "autoendian" it should use macros with
_END at the end.
Type: fix
Change-Id: I73b7b4f6996b30631c4355ace156ed0665c4b8ad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
|
|
Sometimes VPP rejects application connection requests
due to various reasons. Some errors application can
retry to get a successful connection.
In a non-blocking session, VCL sends EPOLLHUP.
An application can call a new API
vppcom_session_get_error to find the details and retry
depending on the error.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: If0e21a8e25701f66a190a2799b2209e0c31f897c
|
|
namespace is a keyword for c++ compilers
Type: fix
Change-Id: Ia8fc9ef1cc15fe9d0e40b3f543f9e8f411203b89
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
|
|
This change adds loops per second in the stats segment.
Applications using the stats segment to monitor VPP
can use this for better monitoring
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: I53081f40ee918eec9763513a639b9d8a02488b20
|
|
With thousands of UDP sessions,
Sometimes VPP needs more time to grab the MQ lock for a session.
So increased tries from 5 to 75.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
|
|
Type: fix
A user had trouble compiling C++ code to work with the linux-cp APIs
because some messages contain a field called namespace, which is a
reserved word for C++. We wish to rename those fields so the messages
which are affected are being set to in_progress.
Change-Id: I3bd1dc898c146a9980161a562b2b453313bb58fd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Build vpp with MLX DPDK PMD,
make DPDK_MLX4_PMD=y DPDK_MLX5_PMD=y DPDK_MLX5_COMMON_PMD=y build-release
With no-multi-seg in startup.conf,
Mellanox NIC init failed with following message,
rte_eth_rx_queue_setup[port:2, errno:-12]: Unknown error -12
mlx5_net: port 2 Rx queue 0: Scatter offload is not configured and
no enough mbuf space(2176) to contain the maximum RX packet length(2065)
with head-room(128)
In Mellanox NIC PMD driver, 'di.max_rx_pktlen' is returned as 65536,
and 'di.max_mtu' is returned as 65535, which makes
the driver_frame_overhead logic not suitable for Mellanox NICs.
So skip the logic code if MAX_MTU is returned as 65535.
Type: fix
Fixes: 1cd0e5dd533f ("vnet: distinguish between max_frame_size and MTU")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I027b76b8d07fb453015b8eebb36d160b4bc8df9c
|
|
With this patch fast path for ipv6 policy lookup is enabled.
This impelentation scales and outperforms original implementation when
the number of defined flows is higher thatn 100k.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
|
|
Type: fix
Fixes: 5b4b4c0
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If4bd8f30cd23d862109cab665251ad89804b1734
|
|
Included statistic bundles (all NODE type):
- Instructions and CPU cycles, including IPC
- Data cache access/refills/%
- Data TLB cache access/refills/%
- Instruction cache access/refills/%
- Instruction TLB cache access/refills/%
- Memory/Bus accesses, memory errors
- Branch (mis)predictions, architecturally & speculatively executed
- Processor frontend/backend stalls (stalled cycles)
Type: feature
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7ea4a27c8df8fc7222b743a98bdceaff727e4112
|