Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch adds performacne and functional tests for ip4
outbound traffic policy matching.
Test setup is configurable in startup.conf and though the test
parameters. Cache, fast path, fast path burst mode can be enabled
and disabled,
and performance for different lookup setup can be measured.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
|
|
This patch updates the "show ipsec spd" cli to display
policies maintained by fast path bihash table.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
|
|
Parser can be configured from the level of startup.conf file:
fast path can be enabled and disabled.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
|
|
This patch adds matching functionality for spd fast path
policy matching. Fast path matching has been introduced
for outbound traffic only.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
|
|
This patch introduces ipsec_output.h file. Matching implementation is
moved there. The reason behind is the possibility of unit testing
matching mechanism. Therefore we need to have functions that are in
scope of our intrest there and since these are inline their
implementation needs to be moved to the header file as well.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444
|
|
This patch introduces functions to add and delete fast path
policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0963bae4b56b08c0a9ab4ee1f2738013217e1fb7
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Idc0fdebfea29c241d8a36128241ccec03eace5fd
|
|
Type: docs
Signed-off-by: Pratikshya Prasai <pratikshyaprasai2112@gmail.com>
Change-Id: I729de9e18624c63a72ec415a05c55617cb360c47
|
|
This patch introdcues basic types supporting fast path lookup.
Fast path performs policy matching with use of hash lookup
(particularly bihash tries has been used for that purpose). Fast path
lookup addresses situation where huge number of policies is created
(~100k or more). In such scenario adding/removing a policy
and policy matching is not efficient and poorly scales (for example
adding 500k policies takes a few hours. Also lookup time
increases significantly). With fast path adding and matching up to
1M flows scales up linearly (adding 1M of policies takes about 150s
on the test machine vs many hours in case of original implementation,
also matching time is significantly improved). Fast path will not
deal well with a huge number of policies that are spanning large
ip/port ranges. Large range will be masked out almost entirely leaving
only a few bits for calculating the hash key. Such keys will tend to
gather much more policies than other keys and hash will match most of
the packets anihilating advantages of hashing. Having said that
we also think that it is not the real life scenario.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I600dae5111a37768ed4b23aa18426e66bbf7b529
|
|
Currently 0 has been used as the wildcard representing ANY type of
protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore
it should not be used as a wildcard. Instead 255 is used which is
guaranteed by IANA to be reserved and not used as a protocol id.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
|
|
if when the rx_fifo grows, svm_fifo_enqueue() return -4,
stream_data->app_rx_data_len += rlen type conversion occurs,
Finally,stream->recvstate.data_off calculation is wrong.
Type:fix
Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
|
|
Type: fix
Currently, prometheus exporter may crash because of memory exhaustion
when dumps metrics if the FIB contains large number of routes.
With this fix, increase memory size for prometheus exporter to be able
to handle large number of FIB entries.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ia2b9a665368883c87448deee9bcf8d2ac1168357
|
|
- also add docs-spell to checkstyle-all make target
Type: fix
Fixes: 5f6422db9
Change-Id: I8e9d7d17a03ee7b55f4e1785983459c43af267f7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Added stats for success and failure cases
Fixed Custom app behaviors for the error / drop cases
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
|
|
* apt '—force-yes' is deprecated in the version of apt in Ubuntu 22.04
* several Ubuntu-22.04-specific packages (e.g. python3-virtualenv, libssl-dev, clang clang-format-11)
are needed in the current VPP installation as well
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I96ead90152f692233da812cdc853792bedb47c3c
|
|
- cleaned up the 'build/run VPP' docs
Type: docs
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I9dbddbe1932804b8d507cb2f1631cd7116e59072
|
|
Type: improvement
Change-Id: Ifdbb879d3018996c09f0caf55df11038ead173a2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Id3f45968cd24f53350dce365b2cc9b3191ec836f
|
|
Issue:
Let iperf3 server run via ldp and vcl on top of vpp's host stack. If
iperf3 client connects this iperf3 server with tcp MSS setting option,
iperf3 server will always crash.
Root cause:
When MSS option is specified by iperf3 client, iperf3 server will
recreate the listening socket firstly, then call setsockopt() to set MSS
immediately. Iperf3 code can be referred here:
https://github.com/esnet/iperf/blob/58332f8154e2140e40a6e0ea060a418138291718/src/iperf_tcp.c#L186.
However, in vcl layer vpp_evt_q of this recreated session is not
allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access.
Fix:
Add session vpp_evt_q null pointer check in vcl_session_transport_attr().
Add a vcl test case for this MSS option scenario.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7
|
|
Type: fix
Change-Id: I1e8655baaf09b455f7f0052452402a372f738d0f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9c502a491ff56806a2e631f7a4c18903a2e93ab2
|
|
Type: improvement
Change-Id: I85c73cb940d81d0b249eda0d57de135bcd798418
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I7489327d8b9c5f69b4ceb2159456f00f8a3612df
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ic949e3136a7cf27011d098a50e91920f83226ea9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
When packets were received and processed successfully, increment the
byte/packet counters for the tunnel interface.
Change-Id: I42855607ac6916de641be42aac86c9942cc97140
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
We were not allocating space for the
variable length payload in the response
message.
Type: fix
Change-Id: I345102f4555f66c5632ab0882ca1dd178e98eb7b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
If ip4_neighbor_probe (or any other) is sending packet to a deleted interface,
ASSERT trips and dataplane crashes. Example:
create loopback interface instance 0
set interface ip address loop0 10.0.0.1/32
set interface state GigabitEthernet3/0/1 up
set interface state loop0 up
set interface state loop0 down
set interface ip address del loop0 10.0.0.1/32
delete loopback interface intfc loop0
set interface state GigabitEthernet3/0/1 down
set interface state GigabitEthernet3/0/1 up
comment { the following crashes VPP }
set interface state GigabitEthernet3/0/1 down
This sequence reliably crashes VPP:
(gdb)p n->name
$4 = (u8 *) 0x7fff82b47578 "interface-3-output-deleted”
If the interface doesn't exist, return ~0 and be tolerant of this in the
two call sites of counter_index()
Type: fix
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I90ec58fc0d14b20c9822703fe914f2ce89acb18d
|
|
Adding support for the SRv6 TEF (Timestamp, Encapsulation and Forward) behavior defined in
draft-filsfils-spring-path-tracing (https://datatracker.ietf.org/doc/draft-filsfils-spring-path-tracing/).
Type: feature
Change-Id: I7f38b593147daf8d27af9c983448cf82947e5bed
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
|
|
Type: fix
Currently, neighbor adjacencies on a wg interface are converted into a
midchain only if one of the peers has a matching allowed prefix
configured. If create a route that goes through a wg interface but the
next-hop address does not match any allowed prefixes, an ARP/ND request
will try to be sent via the wg interface to resolve the next-hop address
when matching traffic occurs. And sending an ARP request will cause VPP
to crash while copying hardware address of the wg interface which is
NULL. Sending an ND message will not cause VPP to crash but the error
logged will be unclear (no source address).
With this fix, convert all neighbor adjacencies on a wg interface into a
midchain and update tests to cover the case. If there is no matching
allowed prefix configured, traffic going such routes will be dropped
because of "Peer error". No changes if there is matching allowed prefix
configured.
Also, fix getting peer by adjacency index.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia66c12e1da126d0d8d101b645e6dc8454c3826d6
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic68627bbca676cc78b0be05bc1fa0f386f5d27fa
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I646ac946d0b07929dfdd1966a4f4a3b697768040
|
|
The flow_report_process_send() function always allocates a frame.
However, when no template_send is needed, template_bi is ~0.
When this happens, no vectors are placed in the frame. When
the frame is then "put", a check for n_vectors == 0 prevents
the frame from actually being placed back on the free list.
Fix that by using a direct call to vlib_frame_free() when
there are no frame vctors.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c573641bd95fe899823b66f6c59a2525a18d293
|
|
Type: fix
reported stats seem to have mixed up used and total counters
Signed-off-by: Leland Krych <leland.krych@gmail.com>
Change-Id: I221c7b114c0da2ed53171d7f047a4bda07ee6cb2
|
|
https://docs.python.org/3/library/stdtypes.html
"if concatenating bytes objects, you can similarly use bytes.join() or io.BytesIO, or you can do in-place concatenation with a bytearray object. bytearray objects are mutable and have an efficient overallocation mechanism"
Type: improvement
Signed-off-by: Viktor Velichkin <avisom@yandex.ru>
Change-Id: Id20d337f909cce83fcd9e08e8049bb0bf5970fbc
|
|
Allows features to update their data structures after change in number
of worker threads.
Type: improvement
Change-Id: Icd4d197e28608f5bbb1edd13eb624cd98e33cafe
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When failing to match an ip address, we should not reset the ip address
that could have been initialized by a previous match.
Type: fix
Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
A packet passing through nat44-ei-in2out-output,
has its ttl value validated in earlier nodes.
"ip4-input" node checks ttl for locally generated packets.
"ip4-rewrite" node validates ttl in forwarded packets.
Thus for example, the ED counterpart disables ttl checks
in its "nat44-ed-in2out-output" node.
This patch updates nat44 EI conditions for ttl checks to
those currently used in nat44 ED case, meaning no extra ttl
validation for in2out when output-feature is enabled.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
|
|
This patch updates the go-api-files logic for supporting go1.18.
Notable changes are that `go get ...` changed to `go install`
and that we need to bump the govpp binapigen version to integrate
a go1.18 fix.
This patch also simplifies the cli execution syntax
Type: fix
Change-Id: I1d8aac65490fe3ea4c1965a4775b6bf8d5c05d26
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- python3 pip module is missing on a new Ubuntu installation
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I5a9886cd5f9226dc0a968c2f70a7c436a06ddf50
|
|
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
|
|
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
|
|
- update wordlist and fix typos so that 'make docs-spell' passes
- sort spelling_wordlist.txt
- update docs maintainers list
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
|
|
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia1f2a8006edb8e57545a04a16edfb9704c3e904e
|
|
This patch makes the `make docs` directive incremental
avoiding re-running the siphon when the source hasn't
changed, and leveraging sphinx internal cache.
It adds a `make rebuild-docs` directive for cases where
this caching logic might break, e.g. in CI.
The virtualenv doesn't also get recreated on each build,
which might be enough when writing docs, provided
automated process leverage its rebuild counterpart.
Type: improvement
Change-Id: Ie90de3adebeed017b249cad81c6c160719f71e8d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Serveral IPSec SPD cases re-use the same test class name,
leads to test error when do parrallel test with TEST_JOBS=16,
change the test class names to unique values.
Type: fix
Fixes: 7cd35f5d688d9e3bddf66602655274dae944b086
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ia5768654ddb6274531222761cc82b226d97325a9
|
|
When running tests via run.sh, default setting of None would cause
failed directory symlink to appear in vpp workspace with an ugly name.
This patch places the symlink in temporary directory.
Type: fix
Fixes: b23ffd7ef216463c35b75c831e6a27e58971f4ec
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ic1715eba7ac1f82f71855e2aeb9b659d27bbb3af
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4679acbe4fd4400d57c0a79b0a6c74c8f1639703
|