summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-03-26nat: transitory timeout for TCP CLOSED stateKlement Sekera9-118/+329
Wait transitory timeout seconds before moving internal state of TCP session to CLOSED state per RFC 7857. This patch implements this functionality for endpoint-dependent NAT. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I4491d831cd9edf63fae520a516cdbe590bac85db
2020-03-26svm: correct format_fifo_segmentRyujiro Shibuya2-4/+7
Type: improvement Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: Ia8aef3695f12e09b087be79ebe40e758fb8105ad
2020-03-26ikev2: fix wrong usage of BN_bn2bin()Filip Tehlar3-12/+56
This patch fixes 2 different crashes: 1) BN_bn2bin() returns bytes written, not actual key length. Use BN_bn2binpad() instead which adds padding. 2) Initiator may receive multiple sa-init responses for the same ispi which may result in crash. Remember first response and ignore any subsequent ones. Type: fix Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-26ikev2: dead peer detectionFilip Tehlar2-4/+95
Type: feature Change-Id: Ibc65d739583dc11735f993f4c7e7ee6d3c8f5b0a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25ikev2: fix gcm in ike protocolFilip Tehlar1-1/+1
Type: fix Change-Id: I746b94f494d059d2db5f47638c9f4e6bc4eb4045 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras21-103/+150
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-03-25tcp: avoid updating rcv wnd in resetsFlorin Coras1-3/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0884bf63db57b4b4dbccf41ab64c030b3fe4dde2
2020-03-25sr: Change the CLI keyword from address to prefix.Tetsuya Murakami2-3/+3
Change the CLI keyword from address to prefix in sr localsid command. Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Icc3072404a106ab40e829d2d291e5c179a4443a8 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-25ip: Adding IP tables is no MP safeNeale Ranns1-2/+0
Type: fix it was marked MP safe in the CLI (which it shouldn't be) but it it not marked MP safe on the API. Change-Id: I4bdea498a510a8b406d13d62a899b6d03656f7e8 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-25acl: Add CLI additionsNeale Ranns1-0/+254
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I172d3d907f324d8cb21e73aa08ef66da029ed365
2020-03-25avf: fix rx queue refill on buffer alloc failureDamjan Marion1-6/+6
If buffer alloc fails, it may happend that rx queue will be stuck as old code only refills if at least one packet is received. Type: fix Change-Id: I388c4f8a9fb2c208bdc222e31b443cbe6b94af82 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-25nat: fix error countersKlement Sekera4-1/+21
Type: fix Change-Id: I021b1427362f4bdba1c0ebc9863c9143dd6b3cb7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-25map: fix hop limit expiration at brVladimir Ratnikov2-2/+29
Before this patch, packet was dropped in ip4-input, but ip4-map-t node dropped response due to 'security check failed' This patch checkes if hop_limit==1 and sets error and next frame and sends icmp6 response correctly Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I85a6af58205b05754ef8c45a94817bb84f915c85
2020-03-24quic: disable vnet_crypto and batching if no crypto engines are loadedMathiasRaoul3-11/+33
Type: fix Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-03-24vcl: fix ldp recv return on errorFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0875705d3a0c95f2781b0595ef27a30486438aae
2020-03-24vcl: fix ldp writev 0 vecsFlorin Coras1-12/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iec5db8dcf3a019b731e15fd79d0208d6eb10943b
2020-03-24map: fix translation of icmp6 error messagesAlexander Chernavin2-1/+131
Translation of ICMPv6 error messages to ICMP error messages fails because the sender port is not set that leads to securtiy check failure. With this commit, during ICMPv6 error messages translation, get the sender port value from the inner packet. Type: fix Change-Id: I1ee295a3685fab4837172edfb629a699f49afbee Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-24avf: proper promisc handlingDamjan Marion2-7/+27
Type: fix Change-Id: Id20a0fe77372602fd211156ccee01c18d829d8df Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-23tcp: add lost and in flight to byte trackerFlorin Coras2-2/+15
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3b0041d72d835cbb11e803cc56ac4c68a68238a0
2020-03-23ikev2: fix typo in .api descriptionVratko Polak1-2/+1
Type: style Change-Id: Ie81eb7e3d872923daaa8ae8dad060a4da85349c5 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-03-23ipsec: Revert "ipsec: fix chained ESP"Florin Coras2-144/+50
This reverts commit c2c1bfd9b72aec88526c06479b128725eb525866. Reason for revert: Seems it's breaking ipsec esp tests Type: fix Change-Id: Iac590eee23cbf92a10c62dafa789aa9c3b2284dd Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-03-23srv6-mobile: Fix the coverity issuesTetsuya Murakami1-33/+39
Fix for the coverity issues. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I6bf8a874a9a94b9b7d62da047a401eda8a448567 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-23sr: srv6 API cleanupJakub Grajciar9-217/+217
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I3c348ad2fca8bb3d9a246af7a2aa9dc9c33f57c3 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-23ipsec: fix chained ESPFilip Tehlar2-50/+144
This fixes a special case when buffer chain enters decrypt node and becomes a single buffer after decryption. Type: fix Change-Id: I1d4da029b952baa97400adb7173aa63fd97d916b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-23ipsec: increment no-tunnel counter in ipsec-tun-inputAlexander Chernavin1-0/+3
If "no-tunnel" error erises, you will not see it in the "show errors" output because the packet will be punted. That fact complicates troubleshooting. Type: improvement Change-Id: Ic08347f81131a4a73a05b66acbfb02797373f5ab Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-03-23virtio: vhost gso checksum error when both indirect and mrg_rxbuf are offSteven Luong1-20/+19
Turn on gso, turn off both indirect and mrg_rxbuf caused traffic received and sent with checksum error. The problem is we are not mapping the hdr correctly in the shared memory address. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I7ef3bc2755544167b0e624365988111b17399e89
2020-03-23tap: fix the numa/queue for buffersMohsin Kazmi1-1/+1
Type: fix Change-Id: Ib320171708bebde6d1dae0b2c665f9bcfc9102db Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-23virtio: improve error handlingMohsin Kazmi1-9/+30
Type: improvement Change-Id: I134465760272ceb29f85486cba838d8687696bbf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-22vppinfra: fix typo in dlmalloc.cDave Barach1-1/+1
Fix libffi package name for Ubuntu 20.04 Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Idc567717494b4c40c307f20a40d5e10cd26b0a46
2020-03-21srv6-mobile: Fix the localsid length issue on vnet/srv6Tetsuya Murakami4-7/+10
Fix the following issue. 1. The localsid length was not stored in sr localsid structure. 2. SRv6 mobile test cases were modified based on the new sr localsid CLI syntax. Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ieb7620c35439e90a599802a7e0dba61a39707349
2020-03-21srv6-mobile: Support GTP4/6.DT and User Plane message mappingTetsuya Murakami10-206/+2119
Support the following new features in srv6-mobile. 1. GTP4.DT 2. GTP6.DT 3. User Plane Message encoding based on draft-murakami-dmm-user-plane-message-encoding-01 4. Add SRv6 mobile test cases Type: feature Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I890e5171bf03513d54b4830f01b9dc7f47fe7c48 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-03-21ipsec: efficient layout of ESP per thread dataRajesh Goel1-3/+4
Type: fix Change-Id: I1ba921503a41ca37ce5c920682893617740571a9 Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
2020-03-21vppinfra: fix minor cuckoo bugs and add cuckoo_16_8Klement Sekera5-26/+170
Type: improvement Change-Id: If1164d2eb81e9d4748436cb1bb8b164857d70565 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-03-21gtpu: encap-vrf-id in show gtpu tunnels commandNick Zavaritsky1-2/+9
Show encap-vrf-id instead of fib-idx. When a tunnel is created, you specify encap-vrf-id, hence it makes sense for the show command to present it the same way. Fib index, on the other hand, is the internal artifact of how IP tables are managed; showing it isn't helpful. Type: improvement Change-Id: I8d1713d6727dd8685d6c10c07f421c18edafa6e0 Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
2020-03-21vlib: leave SIGPROF signal with its default handlerJieqiang Wang3-0/+3
When profiling VPP with MAP (a software profile suite on Arm CPUs, see details in https://www.arm.com/products/development-tools/server-and-hpc/forge/map) on Arm servers, VPP will receive SIGPROF signal because MAP uses SIGPROF signal to drive its sampler to do profiling on VPP. However, the default action of SIGPROF signal handler in VPP such as unix_signal_handler() is process termination. To profile VPP with MAP, the SIGPROF handler should be left as default, and MAP sampler will overwrite it with its own implementation. Type: feature Change-Id: Ie14e513d35ec27a66e95067689408bad8ed1ad6b Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-03-21vlib: allow using core 0 as a last resortVladimir Isaev1-15/+12
Right now even following configuration fails: cpu { corelist-workers 0 } I think we should allow user to use CPU 0 if he explicitly configured it or as the last automatically assigned core. Type: improvement Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I041c30349bace558c673475e9a0cffccae5821f7
2020-03-21vlib: complain if workers are configured twiceVladimir Isaev1-1/+10
Right now following configuration leads to crash: cpu { corelist-workers 2 workers 2 } because threads count will be set to 2, but we have only one core in coremask. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Ia93b892733971e7c8ddfceaaec5f4eb8bf9063ac
2020-03-21ikev2: fix l2 interfaceFilip Tehlar1-2/+4
Type: fix Change-Id: Ic6457da31846721e334f144f15d404575eeb73e5 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21virtio: fix link up/down flagMohsin Kazmi1-3/+9
Type: fix "set int state <interface> down" puts the virtio device link down. It will not put the link in "UP" state, when "set int state <interface up>" will be used again to change the interface admin up. This patch fixes it. To test: create tap set int state tap0 up set int state tap0 down sh hardware sh int set int state tap0 up sh int sh hardware Change-Id: I3c0e31539f8a2a1e40220e7fb57eedecf408f067 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-21ikev2: add support for custom ipsec-over-udp portFilip Tehlar12-15/+193
Type: feature Change-Id: Ifee2b3dca85ea915067b9285e3636802bf0c19a8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-21virtio: fix the out of order descriptors in txMohsin Kazmi4-8/+102
Type: fix Some vhost-backends give used descriptors back in out-of-order. This patch fixes the native virtio to handle out-of-order descriptors. Change-Id: I57323303349f6a385e412ee22772ab979ae8edbf Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-03-21vlib: fix error when creating avf interface on SMP systemJieqiang Wang1-1/+13
On SMP architecture, '/sys/bus/pci/devices/<devices id>/numa_node' file will return -1 as a valid value if it does not have any NUMA node information. Using -1 as a valid node id to access data structures will cause memory issue. Fix the error by setting the value of numa_node to 0 if '/sys/bus/pci/devices/ <devices id>/numa_node' returns -1 and it is a SMP system. Type: fix Change-Id: Ib60e79c3656fe5b17e08fd9011122683e8b08b6f Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-03-20tcp: avoid spurious retransmit attemptFlorin Coras1-4/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6ce6fb0fe0ceb8a70b6a13e6a72fdb842bfded7a
2020-03-20rdma: ring db only once per vector on txBenoît Ganne2-28/+62
Type: improvement Change-Id: I09b017d60bc38ff8a4a7a73aff42b27611bd8955 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-03-20session: export session_alloc_for_connectionAndreas Schultz2-1/+3
Type: refactor Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Change-Id: I45c6f434065ab0ad8ada3184b5a875a32a1b3faa
2020-03-20ip: provide extern declaration for ip punt nodesJawahar Santosh Gundapaneni2-0/+2
Type: fix Signed-off-by: Jawahar Santosh Gundapaneni <jgundapa@cisco.com> Change-Id: Ife0f7749a72cc834a3d811f8cf6b5a0840157014
2020-03-20ip: ip API types coverity fixJakub Grajciar1-1/+0
Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I6b2c7550ae5918c27b02b1173533d2042c6c15c7
2020-03-19tcp: move accept init to separate reusable functionFlorin Coras3-102/+107
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5120eb321e9e2050eb64dca9e2dfb6256ff2b62d
2020-03-19tcp: force deschedule if no send space availableFlorin Coras8-23/+38
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iae9f118f710153b6c0e390265039db7434e67ed8
2020-03-19session tcp udp: consolidate transport snd apisFlorin Coras11-103/+175
Type: improvement Use only one api to retrieve transport send parameters. Additionally, allow transports to request postponing and descheduling of events. With this, tcp now requests descheduling of sessions when the connections are stuck probing for zero snd_wnd Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I722c974f3e68fa15424c519a1fffacda43af050c