Age | Commit message (Collapse) | Author | Files | Lines |
|
(VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
epoll was supposed to not sleep when timeout
is less than 1ms, but a typo made it not sleep
any time the requested timeout is lower than
1000 seconds (in practice, never...).
This patch replaces "1e3" with "1e-3", which
represents 1ms.
Change-Id: I731851b27a6bf6ab8e41586e017e94b962b09bf3
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: I1cd649e1d4582792f75d0db60a9524471fc76a9f
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
To line up with "show interface placement," recently added. Otherwise,
"show int" refers only to "show interface placement," which tends to
annoy the cash customers...
Change-Id: Iea9e3681aeb051e2b0e1ecbf06706d98af9a3abf
Signed-off-by: Dave Barach <dave@barachs.net>
(cherry picked from commit 13ad1f02922858177915b1cb1450041d2e4d85de)
|
|
Change-Id: I1eab03525f234139ceefbc9b9895a35a03a56910
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
- use the counters in a private struct rather than node error counters
- ensure the timer for the non-idle connections is restarted
- fix the deletion of conn at the current tail the list
Change-Id: I632f63574d2ced95fb75c5e7fb588c78fb3cce1c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I3f67d32d5d76069a27176deef6cba0c1a194b7ec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
af_packet driver must check that VLIB_BUFFER_NEXT_PRESENT flag is set
when walking vlib_buffer_t next_buffer chain on transmit.
On buffer allocation:
- next_buffer is not and may contain a stale invalid value that
should be ignored if not overwritten by a valid value.
- VLIB_BUFFER_NEXT_PRESENT flag is cleared and only set
if a valid value is written to next_buffer.
Change-Id: Iebf76ce8eea24a0d63c7bf749e672d6a232c80e7
Signed-off-by: Jim Gibson <gibson+fdio@cisco.com>
|
|
Change-Id: Id3398bd4b7a56c168aaab37942b92715e19d4025
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- Fixed three coverity issues
- Linked SRv6 docs
- Moved sample plugin to examples folder
- Fixed bug with hash. Now everything is using mhash. Potentially in the future we want to do bihash.
Change-Id: Ie03a13c8fecb1e315e67d0596cbd23220779aaf2
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: If1c68fc63fa71fab198f2bf4f79bdd7a9841c2e8
Signed-off-by: shwethab <shwetha.bhandari@gmail.com>
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: I4c2a1a818f28d4c6cf52af45f3b7dbfa41d77ccb
Signed-off-by: Ole Troan <ot@cisco.com>
(cherry picked from commit afaa85f873a7bff1cf1e32c22f909af3018ccfee)
|
|
Allow non-static MACs in the L2FIB which is associated with an
interface or a bridge domain (BD) be flushed. MAC flush are
initiated automatically when an interface is removed from a BD
or when a BD is deleted. MAC flush can also be invoked manually
via the following CLI:
l2fib mac-flush interface <if-name>
l2fib mac-flush bridge-domain <bd-id>
Change-Id: Ie33243622834810a765f48ebcd22bdb8e8fc87a4
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I6b1dd6bdf03fa506c4b114d15800d9fe03e36395
Signed-off-by: Ole Troan <ot@cisco.com>
(cherry picked from commit 9f81d4fe5cfab856e23926bfdb11c03c04838478)
|
|
Double committing to 17.04 as its a bug-fix.
Change-Id: I94539812191ad0eb8abe78e2dad25ab96c780f30
Signed-off-by: AkshayaNadahalli <anadahal@cisco.com>
|
|
Change-Id: I204a6125615accaa96b94657e7f76b243c9305d1
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I94c06b07a39f07ceba87bf3e7fcfc70e43231e8a
Signed-off-by: Damjan Marion <damarion@cisco.com>
Co-Authored-By: Milan Lenco <Milan.Lenco@pantheon.tech>
|
|
Change-Id: I9f7f9f840c3c1aad5e8c9a4fa1ba7a58a85cfd9e
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I5bd0721b70dfc240fa9225df3704774f6b0ede81
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I88b322a5d602f3d6d3310e971479180a89430e0e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3c1d3a2db56487473123e6fec2b076a063473313
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I7040c1ecc8b6e5e883420c1c81aa8b70e56263e5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
usage:
env EXTERN_PLUGINS=/path/to/plugins make test
Change-Id: I8eece726dfafeff1cffd921c1e18cd3eb7eb64ed
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
env EXTERN_TESTS="/path/to/extra/tests" make test
causes to run the default test set and tests collected from
test_*.py files under subtree specified in EXTERN_TESTS.
Change-Id: I58c5471dd6010730278a5b47d4318737d920bc28
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I3e3bf786ab3c7672ff2cc7acd221421072e3ac8b
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
|
|
vhost currently supports only polling mode. This patch is to add
interrupt mode. When the interface is configured for interrupt
mode, our input node does not get called unless there is a packet
in the vring.
If a particular CPU has one interface configured for polling mode
and another in interrupt, the input node is set to polling for
that CPU.
This diffs also includes two crashes in vlib's dispatch_node. One is
included in https://gerrit.fd.io/r/#/c/5516. The other crash is in
the ASSERT. The ASSERT can become true when the caller of
dispatch_node is in a loop. The first call converted the node
to polling. The second call thereafter will hit the ASSERT.
Change-Id: If17b6d48b20d7d8605c6a161459828637173cd32
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I8187b43129b80fadd90ea493afb922064f79abbe
Signed-off-by: Martin <magalik@cisco.com>
|
|
Change-Id: Id53131e8cd32bfd35739a7bd7cdbadf3a9f4d941
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
This is needed for iOAM export for NSH.
Change-Id: I702934b2cde8b1c07ec5c299d5fcd98dce94c62c
Signed-off-by: Vengada <venggovi@cisco.com>
|
|
L3 path support, L2+L3 unified processing node, skip IPv6 EH support.
Change-Id: Iac37a466ba1c035e5c2997b03c0743bfec5c9a08
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I399cac46d279e020ba33459ef759d9d29d3ac716
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
System timer of ARMv8 runs at a different frequency than the CPU's.
The frequency is fixed, typically in the range 1-50MHz. It can be
read at CNTFRQ special register.
Change-Id: I6a21a6a9e2df783559df0caec63d5525c2258227
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
This change adds two new debug CLI command:
- "show interface placmenet" to display which
thread (main or worker) is responsible for processing
interface rx queue
vpp# show interface placement
Thread 0 (vpp_main):
node af-packet-input:
host-vpp1 queue 0
Thread 1 (vpp_wk_0):
node af-packet-input:
host-virbr0 queue 0
Thread 2 (vpp_wk_1):
node af-packet-input:
host-vpp2 queue 0
host-lxcbr0 queue 0
- "set interface placmenet" to assign thread (main or worker)
which process specific interface rx queue
vpp# set interface placement host-vpp1 queue 0 main
Change-Id: Id4dd00cf2b05e10fae2125ac7cb4411b446c5e9c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
With DPDK 17.02, bonded interface device_index does not start
from 0 and may vary depends on the existence of other interfaces.
Implement instance number for bonded interface so the interface
name can make use of instance number starting from 0.
Change-Id: Ia8eb7bd530446faa02ee7c7d1f6abdc22ac60b62
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I6424a083ec889961ba4d0cd1df8348f20436be14
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: If882adb9c937f57223c524ed87453f3053f616ed
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I53433e89d06fbc95e160887517acafc1544e81b5
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
In DPDK 17.02 bonded PMD name is changed from rte_bond_pmd
to net_bonding.
Change-Id: I1a57a16b0ae68b5fa56a561a4f75981112228572
Signed-off-by: Alexander Popovsky (apopovsk) <apopovsk@cisco.com>
|
|
after:
TenGigabitEthernet5/0/1-output active 107522 17375708 0 7.22e0 161.60
TenGigabitEthernet5/0/1-tx active 107522 17375708 0 6.93e1 161.60
ip4-input-no-checksum active 107522 17375708 0 2.52e1 161.60
ip4-lookup active 107522 17375708 0 3.10e1 161.60
ip4-rewrite active 107522 17375708 0 2.52e1 161.60
before
TenGigabitEthernet5/0/1-output active 433575 110995200 0 6.95e0 256.00
TenGigabitEthernet5/0/1-tx active 433575 110995200 0 7.14e1 256.00
ip4-input-no-checksum active 433575 110995200 0 2.66e1 256.00
ip4-lookup active 433575 110995200 0 3.29e1 256.00
ip4-rewrite active 433575 110995200 0 2.59e1 256.00
Change-Id: I46405bd22189f48a39f06e3443bb7e13f410b539
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Drop comes before lookup when enabled. is_first_or_last is not required when setting a feature, the anchor is added in find_config_with_features().
Don't make the PG interfaces automatically L3 enabled, this way we can have tests that check the L3 protocol disbaled behaviour.
Change-Id: Icef22a920b27ff9cec6ab2da6b05f05c532cb60f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - Quad loop lookup and label imposition.
2 - optimise imposition for the 1 label case
3 - input gets TTL from header directly (no byte swap)
Change-Id: I59204c9e5d134b0df75d7afa43e360f946d1ffe7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5c510cde1227a131ddda58d090cd5dbf112ce1fb
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
dispatch_node may be invoked from vlib main or worker threads. The call to
ELOG_DATA in dispatch_node passes the parameter &vm->elog_main. It works fine
when dispatch_node is invoked from the main thread. It does bad thing when it
is invoked from the worker thread.
While we are at it, make two additional enhancements to the same area.
1. Use ELOG_TRACK_DATA instead of ELOG_DATA to enhance g2 viewer presentation.
2. Since ELOG_DATA is in the data path, it could get very chatty. Make the call
to ELOG_TRACK_DATA conditional compile.
Change-Id: I80ca0eea10bc1e5d0d5549f9844dd9a34dbb65a2
Signed-off-by: Steven <sluong@cisco.com>
|
|
node_index memeber from the rewrite for space - this is only used for formtting
before:
ip4-rewrite * * * * 2.66e1 256.00
after:
ip4-rewrite * * * * 2.40e1 256.00
Change-Id: Ic397150727cad38811564777419ad6bd26b8a3a6
Signed-off-by: Neale Ranns <nranns@wasa-ucs-11.cisco.com>
|
|
Change-Id: I3d64ddb248478accd4d9b3124f018c9aab63a60f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3fa2f35056b74e479288bb956f2713f727a81c72
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
%py2_install is required by vpp-api-python and is not available on
bare CentOS/RHEL install, causing 'fg: no job control' error.
Added 'epel-rpm-macros' to the list of EPEL dependencies
Change-Id: I1e09d7d825d9d8db06e7385d2b8d5579c8ce748b
Signed-off-by: Alexander Popovsky (apopovsk) <apopovsk@cisco.com>
|
|
Change-Id: I9b6ed9741fae89bdefa6f601398eb63a21155069
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Return an error if the ip6_interface_first_address decides to return NULL.
Change-Id: Iea0184382b8fbe2af81a781c3671687a1fbb5b32
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|