Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: John DeNisco <jdenisco@cisco.com>
Change-Id: I30e37f7e549083337b11ace95b4ff4f427d9fc8c
|
|
Type: feature
The current feature ordering of NAT44 nodes with respect to the
ACL plugin's IPv4 input/output features is:
ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes
ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes
ACL rules with action permit+reflect can keep track of outbound
flows and allow the replies inbound without an explicit inbound rule.
If ACL permit+reflect rules are configured on an interface that also
has NAT44 configured with output-feature/postrouting translation of
outbound packets, the ACL rules cannot allow inbound packets. The
ACL state that was stored on the outbound flow contains the IP
addresses of the original packet, prior to translation. The inbound
packets are being evaluated by the ACL node using the translated
addresses.
The order of processing inbound needs to be the opposite of what it
was outbound for this to work. Change the NAT44 features on
ip4-output so that they run before outbound ACL nodes. This matches
the existing behavior of the NAT44 nodes which rewrite
source addresses as an input feature instead of an output feature.
This was only done for endpoint dependent mode because the regular
endpoint independent in2out-output node currently selects an
explicit next node rather than using the next node on the feature
arc.
Unit test added to configure both NAT and an ACL and ensure that
out2in packets matching an in2out flow are permitted by the ACL
and translated by NAT.
Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: I402549818ba6e078802e914293304174dc6625c2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: docs
Change-Id: I3bb589d04f15a03166a6d457552ffc316fb02f94
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
|
|
Binary API trace replay with multiple worker threads depends in many
cases on worker thread graph replica maintenance. If we (implicitly)
assert a worker thread barrier at the debug CLI level, all graph
replica changes are deferred until the replay operation completes. If
an interface is deleted, the wheels may fall off.
Type: fix
Ticket: VPP-1824
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
|
|
Type: fix
Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
The crash occured trying to retreive a NULL path list to walk the path
extensions. A walk shoul not be required, because there should be no
extensins, since all paths are removed. The problem is that when the
paths were added, they were not sorted, hence neither were the
extensions and when they were updated, duplicate extensions were added,
and hence a path removal did not remove them all.
Fix is to make sure paths are sorted.
Change-Id: I069d937de8e7bc8aae3d92f588db4daff727d863
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 257749c40946a9269140d322e374d74c3b6eefb8)
|
|
Type: fix
Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd
But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.
With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.
Type: fix
Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Ticket: VPP-1817
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
|
|
Type: fix
Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Currently if user want to set ip4 address to the api, it must convert to ip6
format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201",
it is not acceptable, this fix solved the issue.
Ticket: FDIO-753
Type: fix
Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95
Ticket: VPP-1815
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Return FIB table_id instead of vrf_index to clients
Type: fix
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Change-Id: I76a97bad3ecd3ac8eb045efb1657eaa90c2a57b6
|
|
Recent modificaton to vhost_user APIs for typing which added a sw_if_index
filter to the API sw_interface_vhost_user_dump with the default value -1 to
mean all interfaces. But the default is not set from api_format.c, causing the
binary-api command for sw_interface_vhost_user_dump to display nothing.
Also missing is the proper display on custom dump for the aformentioned API.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I05546e2318165af7531977fbed66ea7224c4a7ce
|
|
Fix minor typo in the quad-loop for swif which may actually causes problem
if swif0 != swif1 or swif2 or swif3.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ib81f323479c7ecbd28d84956cffbc20b1072d2c2
|
|
Type: test
Change-Id: I97e02ebc5989eee794511c1ed6049e300be7d64e
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Traceback (most recent call last):
File "run_tests.py", line 886, in <module>
exit_code, suites = parse_results(results)
File "run_tests.py", line 732, in parse_results
results_per_suite.print_results()
File "run_tests.py", line 683, in print_results
result.get_testcase_names(failed_test_id)
TypeError: 'NoneType' object is not iterable
Type: test
Change-Id: I2c5ae0b9e11be6bfb4490d9ce057db0b0a84c9bf
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I69c245cb0e3f6d599a3270a485fa0a5845cde8eb
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib6d0387076a4bb0b52e4cdfdcd62b6060b704fe6
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7f2233eb9bf3d81a697f76ba985083cf1040e2e9
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5ec3ec4f46d3840c2b3c3005f093b5dddefc289
|
|
Fixing compilation issuues for 32-bit also setting init flag for shm based bihash
Type: fix
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Ic2072c5ba7fc77d061ca9f1b844a71f6e22e58b2
|
|
Two modules in vnet include vpp/app/version.h but there is
no explicit build dependency for this generated file. This
leaves a race condition in the build system that the Coverity
build has recently started triggering.
Change-Id: I8e2bb32feeb16e1bdd8efb0d2633cfdba60f51aa
Type: fix
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I935a28d96078629607b23ce9c2aecec47e88b0b1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
By aligning vnet_buffer_opaque.ip.save_rewrite_length and
vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow
virtual reassembly code from overwrite save_rewrite_length, allowing
other features down the pipe to rely on this value.
A static assert is added to guard this alignment.
Type: fix
Fixes: f126e746fc01c75bc99329d10ce9127b26b23814
Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e
|
|
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: I3b8755831d762abf51e1cbe1b57024f9297de9a4
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Type: fix
Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get
truncated but according to RFC 4443 2.4 only ICMPv6 error messages
(type < 128) need to be truncated.
With this commit, truncate only ICMPv6 error messages.
Type: fix
Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: docs
Change-Id: Ica60b42e64703879c5c229209e4a4fac278bda31
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
This reverts commit 57584d99dd8a8524db90c67c88525d58879d9b8e.
The reasons for reverting:
- the documentation seems "work in progress". Also, 500K of pngs
should probably go on wiki, rather than in the repo. Please
make sure that newly added documentation renders correctly
and sensibly as part of the review/commit process.
- runner.py seems to contain unit tests, so it should
be rewritten in a manner that allows the testing from within
CI (including an unprivileged docker container)
- the above items, especially the testing one, warrant more
work, and at a RC1 milestone time it is probably not
a good idea to include a significant patch without
proper care. I suggest to prepare it so it is ready
for the next release, or cherrypick it for a
20.01.1 release, if having it in stable/2001 is absolute necessity.
- when submitting it, ensure that the commit message
makes sense, especially having "srv6-mobile:" with no further
text should be absolutely avoided.
Change-Id: If81441f7ebf11a6ad5638b1327faf18e8ebe6a35
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
|
|
from threading.thread __init__:
This constructor should always be called with keyword arguments.
If a subclass overrides the constructor, it must make sure to invoke
the base class constructor (Thread.__init__()) before doing anything
else to the thread.
Type: test
Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Add new functions in SRv6 Mobile Plug-in
GTP4.DT and GTP6.DT
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I573a0c27bd463dd56a4d11b940941b8a8c826e08
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
|
|
Type: refactor
currently vnet_classify.h is included in ip.h where it's not required.
Change-Id: Id55682637601655aa2edda681536a979c8e323bd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
n_retry was never decremented and so never enforced.
Type: fix
Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: style
and add some indent offs.
Change-Id: I31cf3ab9ff9b64d2cd1f2034dcedd4a9c453efb4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9
|
|
Type: docs
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I11db583650bc051f88f38358b877410f355b110f
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
TAP tests require root access, which breaks
the testing in unprivileged scenario.
Disable the test until we find consensus on how
to deal with it.
Type: test
Change-Id: I66ee2b130723233682d858cad0b6e424ab0b2383
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5
Signed-off-by: Yu Ping <ping.yu@intel.com>
|
|
Change-Id: I365696bfcf11fcc74a698f764dec62e470fc7853
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: docs
|
|
Type: fix
Fixes: be2286b0
This patch does following:
- If terminating frame has consecutive packets with same source IP, this patch
avoids fib lookup for those packets in ip4-local node. This drops cycle count
for ip4-local node on both ARM and x86. It being done by enabling dead code in
else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions.
- In case all packets in terminating frame have unique source IP (e.g:
incrementing), ip4-local is costlier by 2 cycles (broadwell)
Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3
Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
|
|
Type: docs
Change-Id: I64743c9f5ad7eef21855e883e1a00f355fddf3ee
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|