Age | Commit message (Collapse) | Author | Files | Lines |
|
APIs for dedicated IPSec tunnels will remain in this release and are
used to programme the IPIP tunnel protect. APIs will be removed in a
future release.
see:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Use sid returned by vcl_session_connected_handler instead of trying to
infer it from vpp session handle.
Change-Id: Ic0fbb90ec2bd851b435fc3f2a34265ac9a8ab29f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I402f4c88dee70fbb0b3b61dc4e0a4034d24d8b56
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I38ee9efd23774cce7790565825527cca9ba6f200
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: style
Change-Id: If28a4959c1d60ab1caf22dbc8b72d9adf7060bd4
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Raw('\xaf) and Raw(b'\xaf) are two quite different things in python 2 versus 3.
In most cases this didn't make a difference, apart from those cases where length
of payload actually mattered.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I3cba5c1486e436a3ca8aa10a7b393da75aa9f6b9
|
|
This patch improves the GCM encrypt and decrypt performance using
the dedicated API provided by intel-ipsec-mb library. This helps
remove the overhead caused by the JOB API.
Type: feature
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I00c9ab3ed9f2660093fb2584feb8bca4979acee8
|
|
Type: feature
Change-Id: I5bbf37969c9c51e40a013d1fc3ab966838eeb80d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.
- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.
Type: fix
Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Type: fix
crypto perf test crashes for key size different than 16 bytes.
This patch fixes the issue
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
|
|
Type: fix
Change-Id: I6f7df0d358f57f7feadb9b7a3fcffb99558b2af8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
On multiworker setup when an app client dies, the
vec_reset_length call fails the assert in
clib_mem_is_heap_object. Same thing might happen for
the clib_warnings
Change-Id: I369f9d2dbe60407c84994a4e8d25f6df7848ca93
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
Crypto contexts are a per protocol cache for storing
crypto related connection data. They share a common
interface with generic properties : cert, key, engine
and session refcount.
Change-Id: I8165e05afbcc6ecb3777b6abeab62c369d2fe9ed
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
* vpp echo adds and dels a cert and key pair for each run
* it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls)
Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
quic choice used ckpair is now the one passed to
connect or listen via mq.
The crypto engine is chosen with the value passed to
connect or listen via mq:
* If NONE(0) is provided, we default to quic_main.
default_crypto_engine (picotls at init, can be changed
via debug cli : quic set crypto api [crypto engine])
* If PICTOLS/VPP is provided, use this one
* Other values return an error
Type: feature
Change-Id: Ifab893d6d03c83f202e6c7e7a9936f546a4b1530
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
This patch adds the logic to pass to connect &
listen msg in the mq the following parameters
* ckpair index
* crypto engine (for now only used in quic)
Change-Id: I7213d8b581cb4532a9a6b18c4b3fe021287b7733
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: I57b3c76515544ba3655690b37e0dacb47734ba6d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ie50625271d257da814445ce13c2e6cd98986d523
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
Change-Id: I5e0eb7024d208040d79e9d6db863f41e2ecf4ee6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: feature
Along with the port information, we need to validate the IP address details as well.
This is very useful in the case port re-use scenario
Signed-off-by: Srikanth Akula <srakula@cisco.com>
Change-Id: I11e1ebcd3e56aae47ac235a89606a83c928aa6bb
|
|
The CI gate will fail if there are typos in the docs.
writing output... [ 21%] events/Summits/OpensourceSummit...
writing output... [ 22%] events/Summits/UKNO/2017_04_30_...
featuresbyrelease/vpp16.06.rst:34:Rasberry:vpp16.06
writing output... [100%] usecases/vppinazure
Spelling checker messages written to /vpp/docs/_build/html/output.txt
Warning, treated as error:
Found 1 misspelled words
Makefile:31: recipe for target 'html' failed
make[1]: *** [html] Error 2
make[1]: Leaving directory '/vpp/docs'
If you introduce a term that is not recognized,
please add it to custom dictionary at
docs/spelling_wordlist.txt.
Type: feature
Change-Id: Id49be4fbee617f544f1ab8e78e7de8a4df36448b
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
DPDK have bug which will be fixed in 19.11.
Type: fix
Change-Id: I6c0058928e5991d61b3c5fcba706f35e6886b0f2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
fts and trex rely on yaml config files. Verify
that they are valid, so comitters can catch
errors early.
Change-Id: Ide0bb276659119c59bdbbc8b8155e37562a648b8
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
As udp_session.opaque is qctx index, qctx free
needs to happen after session cleanup. This patch
also introduces
* assert timer stop on ctx free
* debug cli for listing quic ctx
Change-Id: I3a58d226b094a0bbdf090b4f3eccbc2e11c6329b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type:feature
For cases when proxy is in use IPv6 flow label received in origin pkt needs to be added
to ipv6 header of outgoing pkts from proxy to original destination and vice versa.
Signed-off-by: Tarun Gupta <tarungup@cisco.com>
Change-Id: I143f7e67237c0f865333078628a016b50ad5e630
Signed-off-by: Tarun Gupta <tarungup@cisco.com>
|
|
Type: fix
Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python'
as a valid shebang line. It requires scripts to explicitly chose
between python2 or python3.
Change all to use python3 as suggested by Paul Vinciguerra.
Depends-On: https://gerrit.fd.io/r/23170
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
|
|
- packaging issue
- yaml deprecation
- yaml formatting
Type: fix
Change-Id: Ia8808cbc83271a3067164f2db2418f071b35607a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Ticket: VPP-1798
Type: fix
Change-Id: I42f02d5824575720e95b9fc99cfa864252221a82
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: Ic1c3e1f7987702cd88972acc34849dc1f585d5fe
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
if the packet is about to be fragmented, then don't call any of the
actions that expect the rewrite to have been written.
1) don't double count packets thru the adjacency (original & fragments)
2) don't double decrement the TTL for fragments
3) return to ip4-midchain post ip-frag if that's where we started.
4) only run midchain/mcast fixups if not fragmenting (if no errors)
Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Change-Id: Ib59bf664d8da20516d8f16d716c5e8698675da4b
|
|
Type: fix
Change-Id: I732be02d2e2b854eb589c3fa10f980ef2dbe8dfc
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Make sure packet is big enough before processing it.
Policy matching is done speculatively but is discarded if packet is too
short.
Type: fix
Change-Id: I647db2c4e568b0d9bf2cfd5056e1b1c2e25132fe
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I710d00e4a6c4356d0f00f7592bf14b55596ec6ae
|
|
- session_transport_delete_notify() is called before
and inside quic_connection_delete()
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5c79a3269e36c4aab5aa99fdfdac06c1334f0f6f
|
|
This reverts commit 0d75f783644a24b219ed79d9f9c17387783f67ca.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iaf33301201897e6646eba2b4157e2a45f5fd30f2
|
|
Type: fix
Change-Id: I81ab3dcd03f397b3d275da6cfa094e048ad92f95
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This reverts commit 9654a37fac7fe2b425576eb0237b8d24ae44e1b1.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I93ed5a48303421de43f5494c11db2be9a3c8ce57
|
|
- vlib_node_add_next_with_slot was not cleaning the old next node
references to the given slot when replacing it with new next node. This mostly
worked until one tried to set the slot to a previously (but not currently) used
next node for that slot.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I7ee607625da874e320158b80f12ddc16e377f8e9
|
|
The number of paths on the mpls tunnel returned through the bapi is
always zero. Doing a ntohl on a uint32 and poking it into a uint8 causes the problem.
Type: fix
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Change-Id: I4135ad43a891e7818ca673c8067ef1f11cb34530
|
|
Type: fix
Fixes: 22921
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I4fecce96d027c0ee1797d9d84cfab94b1ecdc02b
|
|
Otherwise, <api-name>.api_enum.h and <api-name>.api_types.h files are
unavailable. If plugin B needs to send an API message to plugin A,
it's out of luck.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I25fdb904b5cf57727d6196fa2c0c71be68f207ed
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Change-Id: Ifb6ead644c0273b84a5647f7923053f1db7c5a76
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Improves fairness for sessions that are snd space or pacer constrained.
Change-Id: Ida5f523090f1dcbfb17bf5116bc7917747ac8593
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Dump the entire CLI, mp-safe commands, non-mp-safe commands, commands
which have been executed. Optionally, clear the hit counters.
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ie38fc664b7deaabc35ca35be68db7e159272f551
|
|
When CLIB_DEBUG is enabled, vlib_foreach_main macro asserts that
vlib_main it currently looks at is safely parked in barrier, by
checkling that vlib_main->parked_at_barrier is not 0.
Unfortunately, the check is racy - workers first increment the
atomic counter to indicate that they have reached the barrier
and _then_ set this_main->parked_at_barrier to 1. For the last
worker to suspend this opens the race - main thread is free
to execute and assert immediately after atomic counter has been
incremented, before worker gets to write to own parked_at_barrier.
Fix this by simply swapping the order of two operations.
Type: fix
Signed-off-by: Alexnader Kabaev <kan@FreeBSD.org>
Change-Id: Iae47abd6ca0be1c5413f5ecaefabc64cd7eac2ed
|
|
Type: fix
Fix tso did not properly check the 'enable-tcp-udp-checksum' option issue
Add description of 'tso' and 'enable-tcp-udp-checksum' in startup.conf
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Id659067a9fa9e1db6c3f8dc533a2e90351b86831
|
|
- Fix cli / config fifo size to only accept u32
size input.
- Make cli / config fifo-size input type handling
to be the same as vpp hoststack
- Update external transfer tests to use new
syntax with different fifo sizes for
vpp_echo client/server and vpp.
Type: fix
Change-Id: Ia5ddb2b8d3d9908ab502352819eebeec8ac0971d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Change-Id: Ibbb25bc530fdeaa3083c9b833a286a5d40e93c1e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|