Age | Commit message (Collapse) | Author | Files | Lines |
|
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs
are no longer required/tracked. This is more friendly to peers and
accounts for lost packets and retransmits.
This change also means that all traffic is translated and forwarded
while in transitory timeout, which helps delivering e.g. retransmitted
FINs, FINACKs and other messages.
Also support reopening a session in transitory timeout after seeing both
FINs by seeing both SYNs again. This helps quick connection
reestablishment if the peers want to.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
|
|
Originally cryptodev doesn't support chacha20-poly1305 with aad length
0.
This patch add support in cryptodev for chacha20-poly1305 with aad
length 0. This length is using in Wireguard.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
|
|
Type: fix
policer_add_del does not free "clib_error_t*" when it is not null.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I00ad8e53797e46adeb1819856262bb9f3c068c63
|
|
Remove dead code. Pool element cannot be NULL.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7812efdcdc414af8352474c4e527c878d2e2c459
|
|
Restructure code to avoid NULL dereference.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: If3a4319f1b93af272b7b315a9b15ba4ee1f8e7ae
|
|
Type: fix
Change-Id: I2bc58a711c9429d7989bfd0bfccd289d43fc35d0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If9d6153ddce836ec34842fb5e581b2f4565e33df
|
|
Instead of constantly scanning all transport vfts for update time
functions, build list at transport enable time.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id5c07cc03ee1fdd072ebbbd40119d1a440a5e3b1
|
|
Originally wireguard doesn't support async mode for decryption packets.
This patch add async mode for decryption in wireguard.
In addition, it contains some performance improvement such as
prefetching packet header and reducing the number of current time
function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieba6ae0078f3ff140c05b517891afb57232b3b7d
|
|
Originally wireguard doesn't support async mode for encryption packets.
This patch add async mode for encryption in wireguard and also adds
support chacha20-poly1305 algorithm in cryptodev for async handler.
In addition it contains new command line to activate async mode for wireguard:
set wireguard async mode on|off
and also add new command to check active mode for wireguard:
show wireguard mode
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7c80d75ca511e1905fa73db48d329f7e1fa86ff
|
|
Type: fix
Change-Id: Idefded3443b383ba916a66051b003aac106af8e8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Originally wireguard does packet by packet encryption and decryption.
This patch adds burst mode for encryption and decryption packets. In
addition, it contains some performance improvement such as prefetching
packet header and reducing the number of current time function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I04c7daa9b6dc56cd15c789661a64ec642b35aa3f
|
|
Type: fix
Change-Id: Ic5b74fb7a8e479e8cdccbb6a564ff3fdd299455c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Basic HTTP/1.1 server side implementation.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I06bddaf7f11e28db802b4cd7ef8160c78cb019b6
|
|
In addition to returning the number of bytes also update the number of
segments to reflect the number used.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia87dc2aa62cea38b18dfa83df94dc2abe29d5121
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9953d9bf04e708ac8ea475127e3d2f606cc1c8d9
|
|
Also improve logging....
Type: fix
Change-Id: I3d3aee52cd45e59ecd6ce13bd516c66559638fec
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I1031c6ce80d90814edda7b52b11039874b95714f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I8ea0193ebb2a721a0582451ffd64c4063ac6d233
|
|
Found by coverity as defect id 243763
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Type: fix
Change-Id: Idbada5528a1f2625f6498072d538edf306268b6d
|
|
Type: fix
During the interface creation time, (by default) admin-up
flag is locally set for tap and virtio interfaces.
While, in VPP the state of these interfaces are still
admin-down. User needs to explicitly call
'set interface state <interface-name> up' to admin-up the
newly created tap or virtio interface(s) in VPP. So, this
behavior is inconsistent.
This patch fixes the issue to have consistent behavior
for given interface between local and global administration
state.
Change-Id: Ifd8904a09fbdbe7b386874ac3231dc0527064518
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I35c36401ce3ab59900be59a9abddba66f6399978
|
|
Type: improvement
Change-Id: I3659de6599f402c92e3855e3bf0e5e3388f2bea0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output.
This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this:
...
00:00:01:111710: ip4-midchain
tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[]
stacked-on:
[@1]: dpo-drop ip4 flow hash: 0x00000000
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111829: local0-output
ipsec0
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 5858585858585858585858585858585858585858585858585858585858585858
00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0
00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664
00:00:01:112017: error-drop
rx:pg1
00:00:01:112034: drop
local0-output: interface is down
although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop.
This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed.
The resulting drop is:
...
00:00:01:111504: ip4-midchain
tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[]
stacked-on:
[@1]: dpo-drop ip4 flow hash: 0x00000000
00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858
00000020: 58585858585858585858585858585858585858585858585858585858
00:00:01:111533: ip4-drop
ICMP: 172.16.2.2 -> 1.1.1.1
tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN
fragment id 0x0001
ICMP echo_request checksum 0xecf4 id 0
00:00:01:111620: error-drop
rx:pg1
00:00:01:111640: drop
null-node: blackholed packets
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
|
|
- per hw-interface-class handlers
- ethernet set_mtu callback
- driver can now refuse MTU change
Type: improvement
Change-Id: I3d37c9129930ebec7bb70caf4263025413873048
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Decouples vnet return values from API return codes.
New vnet_error() creates vnet_error_t whicgh contains both vnet function
return value and return string.
vnet_api_error() converts vlib_error_t constructed with vnet_error() to
API return value.
Type: improvement
Change-Id: I17042954d48c010150fc1dfc5fce9330e8149e87
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: I7fa113e924640f9d798c1eb6ae64b9c0a9e2104c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I1ef5cb250ac1e35b9a5003597eda3d54d2e5ca73
|
|
Type: improvement
Change-Id: I9772088bca176fd0fdb162677ec55c59aa8f3adf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: 65105c95f
Change-Id: I8dee4b560a49891f954d7eb8e79ea535cedeaa88
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Do burst of connects with barrier held.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7e6dcf097022b56d6880de0cba7b8492a938077b
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iada49493635a9c3db8b725ca367d0d4ca5007357
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e60d83644878f7d267582c2497d785e0f6facc1
|
|
Type: feature
This patch bumps dpdk version from 21.08 to 21.11
Change-Id: Id37fdba75f1ea4f4eac3c92226f3b1c539e1daca
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: If61d7409ff14b9f771c1dc8ec9f35e179cea7a28
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ib2c55dd2a246a690b2089f5c0b88508f732281f2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1025cccd784f80b557847f69c3ea1ada5c9de60d
|
|
Change the skipping bundle message to debug
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I942ff72bd9c26ccad923442fdedddf22ba75e117
|
|
This prevents crash due to worker tread accessing device data
while device vector is growing.
Type: fix
Change-Id: I5cf9f53ddbe97fe52db8fd431ea7c0e480f3d4bc
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I2cd37f0c1a1ed33438bfa4b7590e5609e5094fc8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Also change the way how we dig function pointer so it works with dpdk
21.11+
Type: improvement
Change-Id: I38d5909eea9c2893651710bd45057b1635aa7b37
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
*** CID 243670: Memory - illegal accesses (OVERRUN)
/src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk()
CID 243670: Memory - illegal accesses (OVERRUN)
Overrunning array "res->eh" of 4 4-byte elements at
element index 5 (byte offset 23) using index "i" (which evaluates to 5).
Type: fix
Fixes: 03092c1
Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Change-Id: I7aa172e58c970c4971db6ef2ff5b199b7f3c0b99
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
|
|
This fix adds check that will omit loop iteration
in case dequeue handler is zero.
Type: fix
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I7526e3fe7d8c8da9662b4e9204efd5e2d8be1908
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30ec7af3baf56d74a5050ea9335053e6e12de630
|
|
Part 1 -- notes in https://ipng.ch/s/articles/2021/08/13/vpp-2.html
Add the ability for VPP to copy out (sync) its state from the dataplane
to Linux Interface Pairs, when they exist. Gated by a configuration
flag (linux-cp { lcp-sync }), and by a CLI option to toggle on/off,
synchronize the following events:
- Interface state changes
- Interface MTU changes
- Interface IPv4/IPv6 address add/deletion
In VPP, subints can have any link state and MTU, orthogonal to their
phy. In Linux, setting admin-down on a phy forces its children to be
down as well. Also, in Linux, MTU of children must not exceed that of
the phy. Add a state synchronizer which walks over phy+subints to
ensure Linux and VPP end up in the same consistent state.
Part 2 -- notes in https://ipng.ch/s/articles/2021/08/15/vpp-3.html
Add the ability for VPP to autocreate sub-interfaces of existing Linux
Interface pairs. Gated by a configuration flag
(linux-cp { lcp-auto-subint }), and by a CLI option to toggle on/off,
synchronize the following event:
- Sub-interface creation (dot1q, dot1ad, QinQ and QinAD)
A few other changes:
- Add two functions into netlink.[ch] to delete ip4 and ip6 addresses.
- Remove a spurious logline (printing MTU) in netlink.c.
- Resolve a TODO around vnet_sw_interface_supports_addressing()
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I34fc070e80af4013be58d7a8cbf64296cc760e4e
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia77b26db61b6f58b4ff659f09192b4ea93ed50b4
|
|
Type: fix
total len not including first buffer is in vlib_buffer_t second cacheline.
It is not reset after the buffer has been consumed. It leads to printing
garbage in packet trace for subsequent use of this buffer. This patch
fixes the issue to only print when VLIB_BUFFER_NEXT_PRESENT flag is set.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ied72308bdb907a5e1ca16d181f2add062807e968
|
|
Type: improvement
Change-Id: Ibf43aa483548e6055e4b851ad893371d7af3b018
Signed-off-by: Damjan Marion <damarion@cisco.com>
|