Age | Commit message (Collapse) | Author | Files | Lines |
|
(VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
|
|
Change-Id: I97e03d98758a08b1f75a9a1f35f0181385a10ae8
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- update default flags
- add missing flag learn
Change-Id: I50a1a001848769836468838775b59d3414d27710
Signed-off-by: Choonho Son <choonho.son@gmail.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
when tunnel is deleted reply should include the tunnel's sw_if_index
instead of ~0
Change-Id: Ie5e04f4feab9cf2c90f0e155ec0fb9ca839a956d
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I0a6989c6963956f3e60e8c50835c57845fccef8c
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Make BFD ARP-aware when sending out packets.
Fix a few one-liner bugs discovered while integrating with cisco
nexus. Enhance CLI view to better observe session state.
Change-Id: I266c29492f351207b84328ab665d9d697969da9c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id15b401223aabe7dacb7566c871ebefc17fbb1fc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 7fd3f513c7df198c45204eba0a3e9a3abe509593)
|
|
Change-Id: I935620798d6fe82b99b6bd564749e20a189b4ae3
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: Ic7128d4f8a13c021e0fd4731a717193d050431d2
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
Change-Id: Ib83baf6ddec4ac192f6b4123d9eb599fb370fd0c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I190696da5555c05074ee0eee32eb914bd16e38fb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Refactors the GRE node to work with both IPv4 and IPv6 transports.
Note that this changes the binary configuration API to support both
address families; each address uses the same memory for either
address type and a flag to indicate which is in use.
The CLI and VAT syntax remains unchanged; the code detects whether
an IPv4 or an IPv6 address was given.
Configuration examples:
IPv4 CLI: create gre tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 CLI: create gre tunnel src 2620:124:9000::1 dst 2620:124:9000::2
IPv4 VAT: gre_add_del_tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 VAT: gre_add_del_tunnel src 2620:124:9000::1 dst 2620:124:9000::2
Change-Id: Ica8ee775dc101047fb8cd41617ddc8fafc2741b0
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
|
|
Change-Id: Ic5bd7da08f8a46b548d56516e4633f0b8badf2a1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I16606757176649e61f0a51895329586311144766
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic2d33b31ba88f6d9602a22439865637d98cf4a33
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ibc293aa1305126920c0b2c44df1f7a7d5ae9ea9d
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I24577bd32ae23fbe8515cc8d960eab5448ce3b5c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I48bf6c46d78773669e76dc4749be3b1af80782f4
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Increased time intervals mean longer test runs, but also reduce
the chance of getting annoying (especially in gerrit) random failures.
Now that tests are split into `basic' and `all', the increased runtime
of BFD tests (of which majority doesn't run in basic case) doesn't
matter too much..
Change-Id: I4a15bb4facad634f123bc9cc6f45eddbf4976fd1
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Create an elog_merge utility, extracted from test_elog.
Change-Id: Ide137b4858c88b3a2885583b7fbb15ddc4963af9
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Iee6016757e45c832e8868f0bdcfd4192dd3380c8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I844ec53b55ceaa1e00996f5cf8a018537ea8b481
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I4bf32bc12c7417f7c19b23287a2b2899eb8fb02d
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I2a1246061e57c4caae0a1a1b861c459d115860cd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I316862e1d33e5d10c058317cc4827304e55ceba4
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I03195a86c69f84a301051c6b3ab64456bbf28645
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- added persist timer
- update rcv_las whenever sending an ack
- moved fifo size to its own cache line
- improved session and builtin client debugging
Change-Id: Ia649cf942cf0c061a713e8b67f0eb6974a6cd55b
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Allows easy running of test(s) in a loop with configurable
action (e.g. git pull) run between test runs and possible
email notification on failure.
Usage:
test-loop.sh [-p <pre-exec-cmd>] [-m <email>] -- <make test options>
Example:
Run 'make test-debug' in a loop until a failure is encountered,
upon which an email is fired to ksekera@cisco.com. In between test
runs, update the workspace using via 'git pull' and if anything changed,
perform 'git clean' before running another 'make test-debug':
test/scripts/test-loop.sh -p test/scripts/git_pull_or_clean.sh \
-m ksekera@cisco.com -- test-debug
Change-Id: I114321c6c152d2c7e181e915fc8c51aab1ff3693
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Added new CLI command
- create bridge-domain <bridge-domain-id>
- create bridge-domain <bridge-domain-id> del
Change-Id: I1a7d632c7daa3c37b7f424a184e8fabd489518e9
Signed-off-by: Choonho Son <choonho.son@gmail.com>
|
|
fixed arp registration without allocating the event
added protection against identical ND registrations
Change-Id: I4e2db4913b35d895d8686ada1f0818920f276ad6
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Fix a decade-old ridiculous qsort function bug. Managed to subtract
floating-point numbers as if they were integers, leading to
manufactured time-paradoxes. That completely confuses g2, leading to
the summary disappearance of entire tracks' worth of data at high zoom
levels.
Add a manual alignment tweak parameter to elog_merge, users can
dial-out time paradoxes caused by NTP-grade clock synchronization.
The event-logger has a precision of O(100ns), whereas NTP
synchronization is O(1ms).
Change-Id: I69dedabaa314f69f9df74ec9ee66e21e6c87f703
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
1) 16-8-8 stride. Reduce trie depth walk traded with increased memory in the top PLY.
2) separate the vector of protocol-independent (PI) fib_table_t with the vector of protocol dependent (PD) FIBs. PD FIBs are large structures, we don't want to burn the memory for ech PD type
3) Go straight to the PD FIB in the data-path thus avoiding an indirection through, e.g., a PLY pool.
Change-Id: I800d1ed0b2049040d5da95213f3ed6b12bdd78b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I3ed2834a326eac50a7cb4faa592f42fd06325d5a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I6ff7b65a400734a47bc0a7d03faf86ef1cf4f8c8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4dbd0dbd1e24bbf7c66fb9a2c055c8bc11d3817d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1aa25ef11dc75002cb9b6aac0981af00026e57ce
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Make sure pid field in these API messages is stored in network
order (it is also kept and used by VPP in network order).
Change-Id: Id5d08e7a45b7e49d4b840a337458d99414d0b949
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I4467f26da5bdcfd76e5914e0124a83b659757947
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- use the counters in a private struct rather than node error counters
- ensure the timer for the non-idle connections is restarted
- fix the deletion of conn at the current tail the list
Change-Id: I632f63574d2ced95fb75c5e7fb588c78fb3cce1c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 097051a3bd1f63a177c0728f15375afd84a68918)
|
|
Change-Id: I86089e9bb604adfc260a111685001be1c897ce53
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If1c68fc63fa71fab198f2bf4f79bdd7a9841c2e8
Signed-off-by: shwethab <shwetha.bhandari@gmail.com>
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: I1eab03525f234139ceefbc9b9895a35a03a56910
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Fix the bug and add the unit test to start with ping test coverage
Change-Id: Ibeacbed1f1660e677faa2dbb2ebe386216693e96
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I6081a38af3817f0957a2faf0e3e41afa4a74f3a4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
we should not suppress arps on remote interface instead we should flood them to the local one
used shg != 0 to identify packets from remote interfaces and disable arp term l2 input feature for them
Change-Id: I701537c05df7451a25ccb5bfc9e2b03ea70cff20
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I19b16d3e04a187ffe736fae868941957c70edf62
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I0e86f8eb6d62c6a109876b5bf35cc62ab617608e
Signed-off-by: Thomas F Herbert <therbert@redhat.com>
|