| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The lisp|one show eid-table command's help msg does not display the
available options. This patch fixes that.
show lisp eid-table [local|remote|eid <eid>]
show one eid-table [local|remote|eid <eid>]
Type: fix
Signed-off-by: Onong Tayeng <otayeng@cisco.com>
Change-Id: Id39148db2ff291a7fe859830c1488b69ccd15c05
|
|
Type: fix
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
|
|
Type: improvement
Change-Id: Ib64c9b8207776986656e5a26c13a221edc6cc950
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Avoid situations where promisc mode is chaged while avf process
is suspended in the middle of adminq operation.
Type: fix
Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
|
|
device pool my grow during suspemd which will cause crash in avf process
after it exits from suspend.
Type: fix
Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I1b4f52e186165b04db5bd5f11058dc77b647bc94
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: Ic07d0ae313b32e420ba93693cb75960a86f752a9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
It may happen that process node is suspended while it waits for response
from adminq and during that time CLI or API process can call
avf_delete_if. When avf process node resumes, it may happen that device
is not there anymeore.
This patch delegates interface deletion to process node, so CLI/API
process just sends signal instead of deleting device instance itself.
Type: fix
Change-Id: I7f12e12df3071650f6e60ad7eb5af23b7acfe335
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Static analysis identified a possible null pointer dereference. It
was introduced by a recent patch which expanded the DMAC comparison
on inbound packets on a BVI interface to include any secondary MAC
addresses which were added to an interface.
Check if the pointer is null before dereferencing.
Change-Id: Ic2afe2b062eda32977e05bf3f98d82c1fe64620c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
- make sure everything is freed on cleanup
- reuse already allocated vectors where possible
Type: fix
Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: Ic51ba3450b3d0722ebff4280127f526b5a9934b1
|
|
vpp-20.05 on up-to-date Centos 7.8 host with enforcing SELinux fails to
create a host-interface due to two missing SELinux-permissions:
vpp_t self:packet_socket { read write }
This simple patch adds these two permissions. Tested successfully on
local installation.
The steps to reproduce:
$ ip link add vpeer-host type veth peer name vpeer-vpp
vpp# create host-interface name vpeer-vpp
create host-interface: Permission denied (errno 13)
[...]
$ semodule -i vpp-packet-socket.pp
vpp# create host-interface name vpeer-vpp
host-vpeer-vpp
Type: fix
Ticket: VPP-1931
Change-Id: I2b3d92b27b9a9f26aa1c85af2946b15e83e27944
Signed-off-by: Martin Millnert <martin@millnert.se>
|
|
VAT crashes when the one_add_del_local_eid api is invoked with mac
address as eid.
Type: fix
Signed-off-by: Onong Tayeng <otayeng@cisco.com>
Change-Id: I29e246f6cad4b350fec52d54e94dbed586d488c4
|
|
Type: fix
Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
|
|
With packet trace on, VPP crashes when an arp packet arrives. This patch
fixes the crash and also ensures that the packet trace displays the eid
info.
Type: fix
Signed-off-by: Onong Tayeng <otayeng@cisco.com>
Change-Id: Iaad09a5e2b33e931ab9bd7bc3d4573b5ed5e4bfd
|
|
Type: docs
Change-Id: If8602d4b73cc1f04e42d19b8df60a05f67aa90c9
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: improvement
Change-Id: I13517bff4129497644e0efc3495d0ee7897fe5a7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: docs
Change-Id: I5f20ac0232c5cdc3cf64015185b0d0fc5c4a3100
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: docs
Change-Id: I1a37450261e0bcedf90685243b14027f3cf23704
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
VRRP cannot be used on a BVI interface currently because packets sent
to the virtual mac address of the VR fail the destination mac check in
l2_to_bvi().
Apparently people want to use VRRP on BVI interfaces, so update the
check in l2_to_bvi() so that it will check any secondary mac addresses
which have been added to the ethernet interface if the destination mac
address does not match the primary mac address for the interface.
An equivalent check is already done in ethernet_input_inline() for L3
interfaces which are in promiscuous mode.
Change-Id: I7c5bf624dafda8744fea236c704e8e17e5f53b35
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: docs
Change-Id: I91a954abf77335e1ddcbd1468633d9d7980bbac2
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ia9cd71ce12584cd8ef90bfe357cf762dd7653f71
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
also, remove a duplicate 17.01.1 section and wrong page tag for 20.09
Change-Id: Ia2cc77faa75cccab38972ad46517762cb7456466
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: feature
The main information about plugin you can see in README.md
vpp# wireguard ?
wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key]
wireguard delete wireguard delete <interface>
wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval]
wireguard peer remove wireguard peer remove <index>
Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Jim Thompson <jim@netgate.com>
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
This patch updateds cryptodev engine uses new DPDK Cryptodev
API planned to be upstreamed in DPDK 20.11.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com>
Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
|
|
This patch adds the RSS steering queues set interface, and it's
implementation in DPDK device:
/* Interface to set rss queues of the interface */
typedef clib_error_t *(vnet_interface_rss_queues_set_t)
(struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi,
clib_bitmap_t *bitmap);
This patch also introduces a command line to set the RSS queues:
set interface rss queues <interface> <list <queue-list>>
To display the rss queues, use "show hardware-interfaces"
Below is the example to configure rss queues for interface Gig0:
vpp# set interface rss queues Gig0 list 0,2,4-7
vpp# show hardware-interfaces brief
Name Idx Link Hardware
VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0
Link speed: unknown
RSS queues: 0 2 4 5 6 7
local0 0 down local0
Link speed: unknown
vpp#
Users can also configure the rss queues on a dpdk interface in
startup.conf:
dpdk {
dev 0000:18:01.0 {
rss-queues 0,2,5-7
}
}
Type: feature
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
|
|
Type: fix
Signed-off-by: Rajesh Goel <rajegoel@cisco.com>
Change-Id: Ib37802f4270fe894a31e871c7fbb12b5a1cdf058
|
|
Type: fix
Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com>
Change-Id: If5a8313262da828616db8b1d9ef831d42b11d952
|
|
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
|
|
- These were displaying blank, apparently dpdk extended stat strings
must be within the heap so they are identified as vectors by
format_c_identifier even though they are not.
Type: fix
Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all
three error counters to avoid the problem.
Type: fix
Change-Id: I99a69c8816326682745785ecd30e18a131ac2969
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Type: fix
- Document that ooo dequeues with ooo lookups cannot be done in
combination with in order dequeues.
- Added assert to capture this scenario and de-initialized rbtrees for
cut-through tx fifo
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
|
|
Not all ESP crypto algorithms require padding/alignment to be the same
as AES block/IV size. CCM, CTR and GCM all have no padding/alignment
requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet
alignment requirement) should be used unless TFC (traffic flow
confidentiality) has been requested.
CTR: https://tools.ietf.org/html/rfc3686#section-3.2
GCM: https://tools.ietf.org/html/rfc4106#section-3.2
CCM: https://tools.ietf.org/html/rfc4309#section-3.2
- VPP is incorrectly using the IV/AES block size to pad CTR and GCM.
These modes do not require padding (beyond ESPs 4 octet requirement), as
a result packets will have unnecessary padding, which will waste
bandwidth at least and possibly fail certain network configurations that
have finely tuned MTU configurations at worst.
Fix this as well as changing the field names from ".*block_size" to
".*block_align" to better represent their actual (and only) use. Rename
"block_sz" in esp_encrypt to "esp_align" and set it correctly as well.
test: ipsec: Add unit-test to test for RFC correct padding/alignment
test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well
- Scapy is also incorrectly using the AES block size of 16 to pad CCM,
CTR, and GCM cipher modes. A bug report has been opened with the
and acknowledged with the upstream scapy project as well:
https://github.com/secdev/scapy/issues/2322
Ticket: VPP-1928
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
|
|
Add the ability to configure the pp2 rx and tx queue sizes in the CLI.
Type: improvement
Signed-off-by: Christian E. Hopps <chopps@chopps.org>
Change-Id: I6a824f92e22fa47fec3d84525cc2d82524ddf639
|
|
Type: fix
Calling vlib_get_node_by_name via the VPE api
doesn't work due to hash weirdness. Haven't
gotten around the real cause of this. But this
fixes it.
Change-Id: I89f95dba2bcd9573b8f1f435e063e9dd57f9ca93
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: docs
Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Otherwise, the debug CLI command is unusable in a script because it
will eat (and complain about) subsequent lines in the script. Missing
this guitar lick, etc:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
|
|
Type: fix
Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
|
|
Type: refactor
tap, virtio and vhost use virtio/vhost header files from linux
kernel. Different features are supported on different kernel
versions, making it difficult to use those in VPP. This patch
removes virtio/vhost based header dependencies to local header
files.
Change-Id: I064a8adb5cd9753c986b6f224bb075200b3856af
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
The ARP/ND feature nodes reply to requests for a VR virtual IP address
when a VR is in the master state. If the VR is in the backup state, the
request is passed to the next node on the feature arc.
This can cause an incorrect response to be sent. If some other feature
(e.g. NAT) causes a virtual IP address to be configured as a "local"
address on the system, a later node on the feature arc may respond to
an ARP/ND request with the real MAC address of the interface.
RFC 5798 says that a router must respond to ARP/ND requests for VR
virtual IP addresses with the VR virtual MAC address. And it says a
router must not respond to ARP/ND requests for VR virtual IP addresses
when the VR is in the backup state. Ensure that ARP/ND requests for
VR virtual IP addresses are dropped when in the backup state rather
than allowing them to continue on the feature arc where another node
may end up responding.
In order to do this, enable/disable the feature nodes when leaving
or entering the init state instead of the master state.
Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Adjust buffer allocation so it always have odd number of cache lines.
That should result in better distribution of cachelines among cache sets.
Type: improvement
Change-Id: I0d39d4cf01cff36ad6f70a700730823a96448c22
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for
dpdk crypto rather than create a one-time process to do the same.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
|
|
Type: fix
Change-Id: Ic6e2b7e05b50945a8e2222019c2942a6ee52e465
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Fix the shown crypto inflight counts which were reversed. Also improve a
couple error descriptions to tell them apart when viewed.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
|
|
The issue is not easily hit. When GRE_teb packets are received the post
crypto processing adjusts the l2.l2_len value in the vnet_buffer opaque
data. This is overwriting the ipsec opaque data. Later the trace code
fetches the sa_index from the ipsec opaque data. It's just an accident
that this currently works, if the ipsec data is changed so that the
sa_index moves around it will be overwritten by the l2_len modification.
Indeed, this was found b/c local development changes had moved the
sa_index so it was over-lapping with the l2_len memory space, and the UT
failed.
Type: fix
Change-Id: Iaecfa750cf0b36653fd9e75b4d799f323a14d932
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
Add missing cli options for setting IPsec SA flags, inbound,
use-anti-replay, and use-esn.
Type: fix
Change-Id: Ia7a91b4b0a12be9e4dd0e684be3e04d8ccafb9d4
Signed-off-by: Christian Hopps <chopps@labn.net>
|
|
This patch aims to improve decap performance by reducing expensive
hash_get callings as less as possible using AVX512 on XEON.
e.g. vxlan, vxlan_gpe, geneve, gtpu.
For the existing code, if vtep4 of the current packet match the last
vtep4_key_t well, expensive hash computation can be avoided and the
code returns directly.
This patch improves tunnel decap multiple flows case greatly by
leveraging 512bit vector register on XEON accommodating 8 vtep4_keys.
It enhances the possiblity of avoiding unnecessary hash computing
once hash key of the current packet hits any one of 8 in the 512bit
cache.
The oldest element in vtep4_cache_t is updated in round-robin order.
vlib_get_buffers is also leveraged in the meanwhile.
Type: improvement
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
|
|
The protocol value was changed to 50 and 51 (rather than 0 and 1), but
the custom_dump function wasn't updated to reflect this. Also the is_add
value wasn't being shown. Fix both these issues.
Type: fix
Change-Id: I429b4616d6c7937f73308b644154370fab32eaae
Signed-off-by: Christian Hopps <chopps@labn.net>
|
Onong Tayeng
Chenmin Sun
Damjan Marion
Vladimir Isaev
Benoît Ganne
Filip Varga
Matthew Smith
Aloys Augustin
Martin Millnert
Artem Glazychev
Mohammed Hawari
Nathan Skrzypczak
Andrew Yourtchenko
Fan Zhang
Rajesh Goel
Ryujiro Shibuya
Christian Hopps
Christian Hopps
Florin Coras
Christian E. Hopps
Dave Barach
MathiasRaoul
Mohsin Kazmi
Zhiyong Yang