Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Change-Id: I45cef390c72f2102c8c3d94f49bed7d0e0e0d7b2
|
|
Change-Id: I0eeccfc5739276d58a81a6552a043c6c105fe67a
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I833151c077bf054de6b09fff1180570e32a1ecaa
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.
This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.
Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <vifino@posteo.net>
|
|
Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.
Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
The unformat type for "%d" should be u32 or int.
Type: fix
Signed-off-by: Ted Chen <znscnchen@gmail.com>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
|
|
Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
- fixing endianess
Type: improvement
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
|
|
Some components, like dhcp, log constantly changing strings which in
turn forces elog string table to grow unbound.
To avoid this, as a workaround, only turn on elog logging if requested.
Actual fix that adds configuration for logging subclasses should come in
a later patch.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6
|
|
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
|
|
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.
Type: fix
Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.
Type: fix
Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
|
|
The time wheel should not be started in the loop while processing expired events.
can be set p->stop_timer_handle = ~0 to solve.
Type: fix
Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.
Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.
Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.
If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().
After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.
Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Change-Id: I4f05a0435825cd23b8ad8a6f8f1397e60c522319
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
|
|
Type: improvement
Change-Id: I5703728f680f0c8431e4099b398827bd094b60df
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
|
|
support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
|
|
Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit
field on initialization, so this jump corrupts registers and causes segfault.
There I add clib_warning and abort if longjmp context hasn't been set.
Type: fix
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202
|
|
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I66af84257fa0692d9be3445d49b52fb7ca810d27
|
|
Type: docs
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I1e28c6858a986d6ede1c7a6d06055400fdc0196b
|
|
Type: improvement
Change-Id: Ie9661792ec68d4ea3c62ee9eb31b455d3b2b0a42
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I56c57de180e44c888458e4f4020802ce9b4a6b8b
|
|
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
|
|
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
|
|
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
|
|
- crypto code moved to vppinfra for better testing and reuse
- added 256-bit VAES support (Intel Client CPUs)
- added AES_GMAC functions
Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
|
|
RPM build errors:
error: Installed (but unpackaged) file(s) found:
/usr/bin/test_infra
Add NO_INSTALL tag in CMakeLists to avoid installing test binary.
Type: fix
Fixes: c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b
|
|
Type: fix
Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Handle a variable length array of fixed strings.
Like:
fixed_string = VPPType("fixed_string", [["string", "data", 32]])
s = VPPType("string_vla", [["u32", "length"], ["fixed_string", "services", 0, "length"]])
Previously instead of packing and unpacking as strings, exception packed as u8 instead
of list.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I501a8a4755828042e1539fd5a54eacec21c5e364
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
|
|
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
|
|
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|
|
Type: refactor
Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
|
|
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I967e91e4ea97edff427013c92376b388d6ce5d85
|
|
Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd
|