libepoll-shim has some hacks to enable functionality, one of these
redefines close as a macro. This conflicts with a close call back. On
FreeBSD undefine this macro at point of use.
Type: improvement
Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2
Signed-off-by: Tom Jones <thj@freebsd.org>
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
Set last thread id and last packet position in TRACE_DUMP_REPLY.
To enable collection of traces from multiple workers using iterator.
Type: fix
Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
Type: fix
Attempting to create a host-interface with an invalid af_packet name
causes a crash, as we attempt to read the contents of a null ptr.
Change-Id: Ia31ae21684c2b66baa1ceaadf29e19fae33c4ed4
Signed-off-by: hsandid <halsandi@cisco.com>
Add/del functions can be used from external modules.
Type: improvement
Change-Id: I267bcfacd58970bcacae13744d8acc690b87d2fc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA,
establish a new equivalent IKE SA with the peer to whom the old
IKE SA is shared using a CREATE_CHILD_SA within the existing IKE
SA. An IKE SA so created inherits all of the original IKE SA's
Child SAs, and the new IKE SA is used for all control messages
needed to maintain those Child SAs.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
Set the flag in tls framework as opposed to tls engines. This is similar
to passive close.
Type: improvement
Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Added vl_api_lcp_itf_pair_add_del_v3_t_handler method, it can return
vif_index in reply. Also added vl_api_lcp_itf_pair_get_v2_t_handler
methods, this method is able to dump only one lcp pair or dump all
lcp pairs via stream_msg.
Type: improvement
Change-Id: I1d25344ee57f8fac8b857bb3a9a03116230b4d2c
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
Introduce a dump api for LLDP plugin
Type: improvement
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: If67dedd329cced59227187284646d147ef6ef92c
Type: make
memif.h file is independent code which can be used outside of
VPP. Hence it uses its own cacheline size MACRO. This patch
sets the value of MEMIF_CACHELINE_SIZE in the cmake file for
memif plugin to VPP_CACHE_LINE_SIZE.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8185e78897f4571f1a0430dd7e758816e127444c
Normally af_packet sets next0 = next_index on each cycle. It works for the most cases.
But if vlib_validate_buffer_enqueue_x1() changes the next_index (from NEXT_ETHERNET to NEXT_DROP for example)
then the following next0 will have the wrong value, and the correct packet will be dropped.
AF_PACKET_IF_MODE_IP handles this case, but AF_PACKET_IF_MODE_ETHERNET doesn't.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ic742043e8b10a2abe56b314bb584277151a9c5eb
Type: improvement
This patch implements support to check the host interface offload
capabilities.
NOTE: this check is only done once when interface is being created.
Any changes to the cap of host interface after that will not reflect
changes to af_packet interface in VPP.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ibc9953131f64f3fb3e601d34036b9f453913692a
Signal when consuming a batch of netlink messages, in order to inhibit
lcp_sync from generating new netlink messages. This avoids link up/down
state changess from triggering an infinite loop.
Do this in the regular case of nl_route_process_msgs()
and in the special case of re-synchronizing in lcp_nl_recv_dump_replies().
Type: fix
Change-Id: I419d3f9aa350c119b3778b644c65165cb4cc1bef
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Add an urpf_interface_dump() API call, with optional sw_if_index.
If either a mode or a table is specified in any given interface
address family and direction, return it in a list, otherwise omit
it.
TESTED:
create loopback interface instance 0
create loopback interface instance 1
create loopback interface instance 2
create loopback interface instance 3
ip6 table add 8298
set urpf ip4 rx loose loop1
set urpf ip6 tx off loop2 table 8298
API call urpf_interface_dump(sw_if_index=~1) returns:
[
urpf_interface_details(_0=658, context=2, sw_if_index=2, is_rx=True, mode=<vl_api_urpf_mode_t.URPF_API_MODE_LOOSE: 1>, af=<vl_api_address_family_t.ADDRESS_IP4: 0>, table_id=0),
urpf_interface_details(_0=658, context=2, sw_if_index=3, is_rx=False, mode=<vl_api_urpf_mode_t.URPF_API_MODE_OFF: 0>, af=<vl_api_address_family_t.ADDRESS_IP6: 1>, table_id=8298)
]
Type: improvement
Change-Id: I1ded5c445dc07dab73ea41b817b5827b72ca79d4
Signed-off-by: pim@ipng.nl
One less pointer chase when accepting sessions.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
Currently, when flowprobe_export_send() calls vlib_time_now(), a pointer
to the main thread's vlib_main_t is always passed (the one cached in
flow_report_main). However, that code can also be executed from a worker
thread. And passing a pointer to the main thread's vlib_main_t to
vlib_time_now() from a worker thread may cause time synchronization
issues. Also, running a debug binary will cause an assertion failure in
vlib_time_now() in this case.
With this fix, flowprobe_export_send() passes the pointer to the current
thread's vlib_main_t to vlib_time_how().
This doesn't allow to remove @tag_fixme_vpp_workers from the unit tests
yet as they will be failing for other multi-worker related problems.
Type: fix
Change-Id: Ia35e3a4176777b88cf8ca8af8af7c42c495cbc6a
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Quic does not seed random value, so if the plugin is loaded
separately RAND_bytes will fail.
Type: fix
Change-Id: If600cbde1fef30afb6316fc1a355261b008c3191
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
This merge request adds the feature to manipulate localsids and policies for SRv6 mobile via API.
Type: feature
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Change-Id: Ibb46bf71ae1d9d4591ce2c8ccf66f520887dad70
The _v3 was not handling endianness on flags (e.g. mode).
Marking _v3 as deprecated, but keeping it
as there might be users who learned to preprocess their flag values.
+ Also, format PCI product_name as a vector, not a string.
Type: fix
Change-Id: I50c4b44f3570f02518dbd9a43239c1a37612d24a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Even if the device name is specified in the startup config it may
be appended to if the device is a switch domain member. This leads
to unexpected device naming if an explicit device name was requested.
Type: fix
Change-Id: Ib56b4ac41c17008db55dc69497721e3cb7d540c1
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
This patch introduces a fix for correcting a counter for the number
of processed vectors in the crypto-dispatch node.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Icaeb925a352a9ac766652f43c4e752f6727cdeb9
Use the correct string type for vlib_get_node_by_name. Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I679d27050487e013e3320a4c558d78fa60c5e98a
First genaration of AVF APIs we currently use doesn't support more...
Type: improvement
Change-Id: I1ae27f322403a2b455fcad8b028fa2004b449789
Signed-off-by: Damjan Marion <damarion@cisco.com>
The previous fix was adding the sentinel before refilling rx,
which gave the NIC time to overwrite it with a new descriptor.
Ticket: VPP-2087
Type: fix
Fixes: 8b4d474abd
Change-Id: I32bde4a763a62fb66c5c3871d9f10af6066e2d47
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
This is because mlx5_pci is also compatible with another
series of NICs such as ConnectX-5 and ConnectX-6.
Type: fix
Change-Id: I10f0468bbe36ab61c72fb3dc0aa898f8e2f9e88c
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
DHCPv4 aka BOOTP is somewhat awkward. A DHCP client
on an interface must receive DHCP packets to
the broadcast address or to a unicast address.
Apparently before it's been assigned to itself.
Add this new API to allow external DHCP clients
enable the DHCP client detect feature per interface.
Type: improvement
Change-Id: If55aac03f25a045496be483940e4f5e7e18885b9
Signed-off-by: Ole Troan <otroan@employees.org>
The recent TX flows generation fix introduced "l3_hdr_offset" which
represents the offset of the IP header in the buffer's data. The problem
is that it is erroneously defined as a 16-bit unsigned integer. If the
calculated offset is negative, "l3_hdr_offset" will get a value close to
UINT16_MAX. And the code will search the IP header somewhere beyond the
buffer's data. For example, this will occur in the case when an ICMP
error is being sent in response to a received packet.
With this fix, make "l3_hdr_offset" a signed integer.
Type: fix
Change-Id: I6f1283c7ba02656d0f592519b5863e68348c5583
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
