Keep trying even if the interface in question is not "admin-up,
link-up." In real life, it's normal for link autonegotiation to take a
good fraction of a second. The driver layer takes care of packets sent
to an interface which can't transmit at the moment.
Renew address leases at the preferred renewal time, not at the
expiration time.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I68ec1c52cc1f4a8aa256185820748b845e92f7c1
When creating rdma interface without specifying a name, we need to
generate one instead of NULL.
Type: fix
Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03
Signed-off-by: Benoît Ganne <bganne@cisco.com>
APIs for dedicated IPSec tunnels will remain in this release and are
used to programme the IPIP tunnel protect. APIs will be removed in a
future release.
see:
https://wiki.fd.io/view/VPP/IPSec
Type: feature
Change-Id: I0f01f597946fdd15dfa5cae3643104d5a9c83089
Signed-off-by: Neale Ranns <nranns@cisco.com>
Type: fix
Use sid returned by vcl_session_connected_handler instead of trying to
infer it from vpp session handle.
Change-Id: Ic0fbb90ec2bd851b435fc3f2a34265ac9a8ab29f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Raw('\xaf) and Raw(b'\xaf) are two quite different things in python 2 versus 3.
In most cases this didn't make a difference, apart from those cases where length
of payload actually mattered.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I3cba5c1486e436a3ca8aa10a7b393da75aa9f6b9
This patch improves the GCM encrypt and decrypt performance using
the dedicated API provided by intel-ipsec-mb library. This helps
remove the overhead caused by the JOB API.
Type: feature
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I00c9ab3ed9f2660093fb2584feb8bca4979acee8
Commit https://gerrit.fd.io/r/#/c/15525/ breaks 3rd party CI jobs.
This suggests an alternative solution that supports both use cases.
Type: feature
Change-Id: I966210cf4594651735e6a8bffa32dd52b4539a13
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.
- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.
Type: fix
Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
Type: fix
crypto perf test crashes for key size different than 16 bytes.
This patch fixes the issue
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
Type: fix
On multiworker setup when an app client dies, the
vec_reset_length call fails the assert in
clib_mem_is_heap_object. Same thing might happen for
the clib_warnings
Change-Id: I369f9d2dbe60407c84994a4e8d25f6df7848ca93
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: feature
Crypto contexts are a per protocol cache for storing
crypto related connection data. They share a common
interface with generic properties : cert, key, engine
and session refcount.
Change-Id: I8165e05afbcc6ecb3777b6abeab62c369d2fe9ed
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: feature
* vpp echo adds and dels a cert and key pair for each run
* it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls)
Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
quic choice used ckpair is now the one passed to
connect or listen via mq.
The crypto engine is chosen with the value passed to
connect or listen via mq:
* If NONE(0) is provided, we default to quic_main.
default_crypto_engine (picotls at init, can be changed
via debug cli : quic set crypto api [crypto engine])
* If PICTOLS/VPP is provided, use this one
* Other values return an error
Type: feature
Change-Id: Ifab893d6d03c83f202e6c7e7a9936f546a4b1530
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: feature
This patch adds the logic to pass to connect &
listen msg in the mq the following parameters
* ckpair index
* crypto engine (for now only used in quic)
Change-Id: I7213d8b581cb4532a9a6b18c4b3fe021287b7733
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
The 42693521f6 added the timeout
to the child process join + print the name of the offending
child process.
Upon testing the issue furher, appeared the offenders were
always the same - punt tests. The processes running them
were stuck trying to acquire lock, even if all
the user-accessible execution has finished. Some searching
revealed that one needs to tread carefully when dealing
with Thread and Multiprocessing at the same time.
punt tests used threads but did not call thread.join. Somehow
it worked in some cases but not the others. This fix makes
the threads exit cleanly - which also makes the timeouts
waiting for the process to join disappear.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I05d99bb48a9987544bbfe45118755c09d7867aa0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: feature
Along with the port information, we need to validate the IP address details as well.
This is very useful in the case port re-use scenario
Signed-off-by: Srikanth Akula <srakula@cisco.com>
Change-Id: I11e1ebcd3e56aae47ac235a89606a83c928aa6bb
The CI gate will fail if there are typos in the docs.
writing output... [ 21%] events/Summits/OpensourceSummit...
writing output... [ 22%] events/Summits/UKNO/2017_04_30_...
featuresbyrelease/vpp16.06.rst:34:Rasberry:vpp16.06
writing output... [100%] usecases/vppinazure
Spelling checker messages written to /vpp/docs/_build/html/output.txt
Warning, treated as error:
Found 1 misspelled words
Makefile:31: recipe for target 'html' failed
make[1]: *** [html] Error 2
make[1]: Leaving directory '/vpp/docs'
If you introduce a term that is not recognized,
please add it to custom dictionary at
docs/spelling_wordlist.txt.
Type: feature
Change-Id: Id49be4fbee617f544f1ab8e78e7de8a4df36448b
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
DPDK have bug which will be fixed in 19.11.
Type: fix
Change-Id: I6c0058928e5991d61b3c5fcba706f35e6886b0f2
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: feature
fts and trex rely on yaml config files. Verify
that they are valid, so comitters can catch
errors early.
Change-Id: Ide0bb276659119c59bdbbc8b8155e37562a648b8
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Type: fix
As udp_session.opaque is qctx index, qctx free
needs to happen after session cleanup. This patch
also introduces
* assert timer stop on ctx free
* debug cli for listing quic ctx
Change-Id: I3a58d226b094a0bbdf090b4f3eccbc2e11c6329b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type:feature
For cases when proxy is in use IPv6 flow label received in origin pkt needs to be added
to ipv6 header of outgoing pkts from proxy to original destination and vice versa.
Signed-off-by: Tarun Gupta <tarungup@cisco.com>
Change-Id: I143f7e67237c0f865333078628a016b50ad5e630
Signed-off-by: Tarun Gupta <tarungup@cisco.com>
Type: fix
Since CentOS 8, RPM build script doesn't accept '#!/usr/bin/env python'
as a valid shebang line. It requires scripts to explicitly chose
between python2 or python3.
Change all to use python3 as suggested by Paul Vinciguerra.
Depends-On: https://gerrit.fd.io/r/23170
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Ie72af9f60fd0609e07f05b70f8d96e738b2754d1
The 'make doxygen' component has this cool vpp specific customization called siphon.
This updates the siphon component so that 'make doxygen' works with python3.
Needed-By: https://gerrit.fd.io/r/23159
Type: docs
Change-Id: Ie29f1602bf3460b637058acbb0a2f19b128a8824
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Type: fix
if the packet is about to be fragmented, then don't call any of the
actions that expect the rewrite to have been written.
1) don't double count packets thru the adjacency (original & fragments)
2) don't double decrement the TTL for fragments
3) return to ip4-midchain post ip-frag if that's where we started.
4) only run midchain/mcast fixups if not fragmenting (if no errors)
Change-Id: Ib2866787a42713ee5871b87b597d8f74b901044b
Signed-off-by: Neale Ranns <nranns@cisco.com>
Log the random seed used when running tests and provide means to re-use
it in a later run.
Type: feature
Change-Id: I18d2a36ee802b901d4cca5577df41cec07f09cc0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
In parallel test, the single process is spawning
a bunch of child processes running the tests,
and communicates to them. When the child process
signals that it has finished, the parent calls
child.join(). Sometimes this join never returns.
The result is a lot of defunct python processes,
and the test run just hangs.
I have seen this failure intermittently a fair bit
in a busy containerized environment, and by chance,
consistently reproduced it on a Thinkpad X280
with 8G of RAM and Ubuntu 19.04, which allowed
to diagnose it.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: If0a3110fc2d23e73d77c310d61c3ea90a2b53610
Make sure packet is big enough before processing it.
Policy matching is done speculatively but is discarded if packet is too
short.
Type: fix
Change-Id: I647db2c4e568b0d9bf2cfd5056e1b1c2e25132fe
Signed-off-by: Benoît Ganne <bganne@cisco.com>
