Age | Commit message (Collapse) | Author | Files | Lines |
|
If session is expired, the packet which we just received might be a one,
which legitimely creates a new session, process it in slow path instead
to decide the outcome.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I45628f52d37ae9dee5e8aa58171ff0b86f91f5dd
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2057ebb4b6a4af3ef8fd9b73aadfa00d63bae618
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4f0628b0484e32facbeb163993cc25d637167936
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ida8f9e759b4990ea6e34e71dc45bdb3b5eabc27f
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6b750bef5df0f8544e05177ccd480f87a020832d
|
|
Introduce new cli for setting liveness check period and max retries for
a peer to consider its partner dead.
ikev2 set liveness <period-in-seconds> <max-retires>
Type: improvement
Change-Id: Iadae1de245d34fe3ee85e09b570f9df8c401772b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Change-Id: Ib25e5324e4ba360cd91b92abc78c994f86148148
Signed-off-by: Ignas Bacius <ignas@noia.network>
|
|
1. Add uSID function in VNET SRv6
2. Add test case for uSID
Type: feature
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I354fc687192ed713ceb81fccc9f7b69b6777f6f6
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ia46f865082dcf0cf06af99a7c958c4a5b02193ce
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4a3861e31ca42faf0b59f8f09393fb10413bf3af
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7102355b95eefb233ec7d146e61819051a7bf07
|
|
Add GSO support, configurable from the CLI.
Type: feature
Ticket: VPP-1820
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I65885a071b24c74437e6cfe5eff237b01bc1744b
(cherry picked from commit a06f68556e506a6ff7f31a617a036614c84f71c0)
|
|
Fix of the top 11 python issues flagged as BLOCKER.
Ticket: VPP-1856
Type: fix
Change-Id: Icf4691e62f4a69d6ee196b6d6e2ab52d961b5c76
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Change-Id: Ia7b07b4ec9e5681946f3f5c01c230c1f814e2cf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9d25129fbf1ea880121b281f41750155286fb489
|
|
Causes static analysis "vulnerability" warnings
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I272fa69251d70f62178e6dff0423c16f99937af1
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
|
|
Type: improvement
- allow apps to request rescheduling of tx events via
SESSION_F_CUSTOM_TX flag
- limit max burst per session custom tx dispatch
In tls
- use the new infra to reschedule tx events
- use max burst bytes as upper limit to number of bytes to be encrypted
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
|
|
Along with related static analysis warnings...
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2c6949c7a2250b8f76a63508c7c210daecfe0f91
|
|
- Updated comment to indicate the original
intermittent test failure still occurs when
running make test with TEST_JOBS > 1.
- The original workaround has been retained
until the root cause can be determined to
avoid test failures in the LF CI infra
with patches containing non-vcl code changes.
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I2645acd4bf2b16fbb2b0e297c8c2919fc6199c13
|
|
Type: improvement
Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idc9b1423846edb46755a255ecc14070e9250d192
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I840d43e79b1f826380bd56485441510e45bdfc7f
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia14800710aca7c1bc315b6da3c69d623f79a5b63
|
|
Type: docs
Change-Id: I0d75c7673d85c5bd8ae10f48e7189ee28a31240e
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I8074db3623ee4b37ac70ce8ea0d1912b97e5c059
|
|
DPDK recently added a check in the virtio driver to make sure that
rxmode->mq_mode == ETH_MQ_RX_NONE. We were passing ETH_MQ_RX_RSS
and the device initialization was not accepted.
The reason for the change in DPDK was that there is no controls
(algorithm, redirection table, hash function). So they thought ETH_MQ_RX_NONE
was the best choice for the value of mq_mode.
Type: fix
Ticket: VPP-1853
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifa0fc4206cedc56a851f94f6434a2a7500bbd419
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I06120d43c15b2fa3f437ef235bf5f83ec2beb45e
|
|
Type: improvement
When IPsec SAs are dumped, include the index that can be used to
find byte & packet counters for the SA in the stat segment.
Removed the field total_data_size from the details since it was not
being populated and put the stat index field in its place.
Change-Id: If73efc230542a11944551b6e710b57b575450da3
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
One actual bugfix.
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Icef25167f97a70cc795c0a481174de319ed79ad5
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia477b8dba9266f47907967e363c11048e5cd95ab
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib4bc2ce781887a84055a4d5cdb7f453fc7d52c79
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If22bad96a9102bc4058d52fc8565bd6a14c3c66c
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I921adae4ad797bf80cfcdb05d2a89ace9183a89a
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6aaaec20a2b6d4c6ddfbe659d9402acc1be2f7e2
|
|
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I72cacfb5696dca74335f31415c0df795467615a5
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2a0fdced6a3ae262b30cda6a51f1fa96c1d44665
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ica1d4e149f4750517e0bd3ccf2572f6f15f63622
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2180e8d5cae6f94a256f3b62950cf66b6ee0e59a
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I822ed0596944a554595eb62a45841d216d1ab611
|
|
This prevents a crash with quic listeners, and enables the display
of udp fifo status.
Change-Id: Ib9f48818ee3e51a3fa43ad8ab175e8aa7750df8f
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: fix
this is mainly cosmetic, assuming users use the symbolic names,
since VPP's API types encode/decode functions corrected the values
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iecbb8102aee64b2565a3fc89a30cad73a935269d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3f34011ca61ded310d0411e7b50548982bd164ac
|
|
An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.
With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.
Type: fix
Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
The data populated into an ipsec_tunnel_protect_details message includes
an outbound SA and a list of inbound SAs for a tunnel interface. These
are populated with SA indices. The values used by an API client
to refer to an SA in other messages is the SA id rather than the index.
Use the SA id instead of the index.
Change-Id: Ifaad32801092a7f87bd0dcf19de418d36613f8dd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fix crash when peer tries to build INFO req before key exchange which
results using NULL key pointers for crypto operations.
Type: fix
Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This fixes a special case when buffer chain enters decrypt node
and becomes a single buffer after decryption.
Type: fix
Change-Id: Id5da9e8a074f83ec3561949631ce613f35528312
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I1a60809a8bbbbb8ac8b65ab990d51aae1229647f
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
Type: improvement
Change-Id: I275bbca17c5a0263b3e017b48aa6ccd8f59bc7c3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Now UDP enacapsulation doesn't work in transport mode with crypto
algorithms that have iv_sz=8 like AES GCM or 3DES CBC. That happens
because the inserted UDP header overlaps with the old IP header and
gets filled before the information from the old IP header can be
copied to a new IP header. The result is a broken packet:
00:03:39:620863: esp4-encrypt-tun
esp: sa-index 3 spi 3464048590 (0xce792fce) seq 31 sa-seq-hi 0
crypto aes-gcm-128 integrity none udp-encap-enabled
00:03:39:620867: adj-midchain-tx
...
00:03:39:620868: ip4-rewrite
...
00:03:39:620869: GigabitEthernet0/8/0-output
GigabitEthernet0/8/0
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
00:03:39:620870: GigabitEthernet0/8/0-tx
GigabitEthernet0/8/0 tx queue 0
...
IP4: 08:00:27:a9:6b:d6 -> 08:00:27:5a:dd:0c
UDP: 10.255.0.10 -> 10.255.0.20
version 0, header length 0
tos 0x80, ttl 63, length 0, checksum 0x653e (should be 0xffff)
dscp CS4 ecn NON_ECN
fragment id 0x0000
UDP: 128 -> 0
length 0, checksum 0x0000
With this commit, fill UDP header after copying the IP headers in
transport mode.
Type: fix
Change-Id: Ie9a6e562aa05a8378114329d6a9ff395189fa6a8
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|