Age | Commit message (Collapse) | Author | Files | Lines |
|
Using the source address selection algorithm to determine the best source
of an NS for address resolution risks incompatible behavior.
It may choose a source address that is off-link to the other host.
Which may drop it.
A safer approach is to always use the link-local address as the SA.
It's recommended to pick a source that an application will later use,
as VPP is mostly a router, that rarely applies. And regardlessly we have
no mechanism to signal from an application that triggered address resolutiuon
what source address it intends to use.
Type: fix
Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
When IPFIX flow record generation is enabled on an interface and the
active timer is set, flows will be saved and then exported according to
the active and passive timers. If then disable the feature on the
interface, the flow entries currently saved will remain in the state
tables. They will gradually expire and be exported. The problem is that
the template for them has already been removed. And they will be sent
with zero template ID which will make them unreadable.
A similar problem will occur if feature settings are "changed" on the
interface - i.e. disable the feature and re-enable it with different
settings (e.g. set a different datapath). The remaining flows that
correspond to the previous feature settings will be eventually sent
either with zero template ID or with template ID that corresponds to the
current feature settings on the interface (and look like garbage data).
With this fix, flush the current buffers before template removal and
clear the remaining flows of the interface during feature disabling.
Type: fix
Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
This prevents ipfix flood with the repeating events and allows
to enable nat64 max_session and max_bibs events. Also fix wrong
endian for det44 and nat64 ipfix tests, now should be fine with
extended tests enabled.
Max session per user event @ nat44-ei requires more precise rate
limiter per user address, probably with sparse vec, not handled.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
|
|
Support rewriting the inner packet for ICMP6 error messages.
Type: feature
Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Flushing the neighbor cache was only available through API.
Add CLI command. Either flushes whole table (IP4,IP6)
or all neighbors on specified interface.
Type: improvement
Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Type: improvement
Change-Id: If775b1d145e462346de562a3c893f302e8c7b814
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Now we create tun/tap and then check whether lcp_itf_pair was already
created. Move the check in the beginning.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I848685a9cfdbe92a5e38ecb8e5d5322262b4e384
|
|
When MAC address changes for an interface, address change callbacks are
executed for it. In turn adjacencies register a callback for MAC address
changes to be able to update their rewrite strings accordingly.
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered when address change callbacks are executed. After MAC address
change on the parent interface, packets sent from subinterfaces might
have wrong source MAC address as the result of stale adjacencies. For
example, ARP messages might be sent with the wrong (previous) MAC
address and address resolution will fail.
With this fix, when address change callbacks are executed for an
interface, they will be also executed for its subinterfaces. And
adjacencies will be able to update accordingly.
Type: fix
Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Change-Id: I5aff21b5ca32e7eb84b11cca8387e7ac42fbbe23
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When running unpriviledged sysfs allows reading only first
64 bytes of PCI config space.
Change-Id: I62d18328925a2e4936406c2842154b20182cacb9
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add show npt66 bindings.
Add RX/TX and translation error counters.
Type: improvement
Change-Id: I4513b111f815a15d5a7537ce503f0c084b523aa1
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Be less aggressive with rx events on connect/accept notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
|
|
Currently, L2 flows are exported using L2_IP6 template if L3 or L4
recording is enabled on L2 datapath. That occurs because during feature
enable, L2 template is added and its ID is not saved immediately. Then
L2_IP4 and L2_IP6 templates are added overwriting "template_id" each
time. And in the end, the current value of "template_id" is saved for L2
template. The problem is that "template_id" at that point contains the
ID of L2_IP6 template.
With this fix, save the template ID immediately after adding a template
for all variants (datapaths). Also, cover the case with a test.
Type: fix
Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
List BlueField NICs as a supported PCI devices.
Type: feature
Change-Id: Ida2300df516ab9cd2fcde1f816bbdc081016039a
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
|
|
s->tx_fifo is 0 for the connecting half open session.
Type: fix
Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: I35b3920288269073cdd35f79c938396128d169c9
Signed-off-by: Brian Morris <bmorris2@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id56a101a6350903b00f7c96705fb86039e70e12c
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I97a04ed0417f1a3433665f6aa1a9424138fd54cb
|
|
- Causes per-port-vip testcases to fail when the
uninitialized reserved field in the stack variable
key for the hash lookup was a non-zero stack memory
location.
Type: fix
Change-Id: I56afa15e7df60bc2340514f2c7ce5e71a9cb47a9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2ea821e0499a3874c4579f5480ea86f30ebe615f
|
|
Type: fix
Fixes: 08600ccfa
Change-Id: I53ba0d96507b55ab7cd735073d6c4cf20a3cc948
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
- pass buffer pool name trough va
- make buffers naturaly aligned
- fix calculation of total number of buffers
Type: improvement
Change-Id: I6aebf249ebd67823b4632ac08905bfa3aa7d1ee5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Session input node handles rx notifications even if session not fully
accepted/connected
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6560c45db8f8e0b7f0dc3bdd0939f13ca2f43f15
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4a2e8f864df7269ec5a3c4fd4d8785a67b687d58
|
|
If builtin apps refuse connections, they should be cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
|
|
Type: feature
this patch adds a hash config field to cnat translation
to use it in load balancing instead of always using default one
Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
|
|
This patch changes config to run containers on Ubuntu 22.04.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3be48099cb48d2c4a04526c15780244614bef3d4
|
|
Type: fix
Fixes: 40f4810
Change-Id: Idf51462c8154663de23154f17a894b7245c9fbf0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
This patch makes the port range used by the transport layer
configurable in the manner of sysctl's ip_local_port_range.
Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
When custom-packaging the VPP artifacts, it can be useful to exclude
some of the core plugins from packaging/testing, for some reasons.
A removal of a plugin(s) from the worktree needs to be tracked as
a separate change, and thus is tricky from the maintenance
point of view.
This change adds the ability to "pretend they do not exist" -
plugins which are added to the comma-separated environment
variable "VPP_EXCLUDED_PLUGINS" will not be added to the build
process and not packaged.
The tests do not have the 1:1 relationship as plugins,
so they might need to be modified separately. This change
includes some of these modifications as an example.
Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
|
|
foreach_int(x, 1, 3, 5, 7)
{
fformat(stdout, "x is %u\n", x);
}
Type: improvement
Change-Id: Idc355f4a284f421b150e3acb7a3a57bcede408c7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I4b00b3a6ff63fc8b313c89217ccdea356c0783a3
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Two similar CLI paths in nat66 plugin cause
unexpected behavior. Bug fix following [1] fix.
[1] https://gerrit.fd.io/r/c/vpp/+/35859
Change-Id: I771dd230fa6edb6bab3936652770a388d6e41a3f
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
There are cases where default port for prometheus exporter is not
available e.g. when multiple vpp are running on single node.
Type: improvement
Change-Id: I39701486f9dfaf4dc9f08aab56e88126687b507a
Signed-off-by: Fahad Khan <fahadnaeemkhan@gmail.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
|
|
This patch adds support for using l2tpv3 as RSS type
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
|
|
From GCC 12, march=armv9-a option is supported, which includes the sve
and crc options needed. Furthermore, VPP L3Fwd benchmark results on N2
based servers show that N_PREFETCH set to 6 gives the best performance.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9c4fcad84d4db1189d956dabab22b26d020fbfd6
|
|
The VPP is crashing when specify a very big prefix length, like
ip route add 1.1.1.1/55 via 2.2.2.2
Type: fix
Signed-off-by: Gavril Florian <gflorian@3nets.io>
Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
|
|
Update my email address in maintainer document.
Type: improvement
Change-Id: I8ba518fa4c9cb414342383e1461f3f94b661ac33
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
|
|
This patch provides minor improvements to the logic governing dequeuing
from the ring. Previously whenever a frame was dequeued
we've been trying to dequeue from the ring another one till
inflight == 0. Now threshold is set for 8 frames pending in the cache
to be consumed by the vnet. This threshold has been chosen based on
cache ring stats observation in the system under load.
Some unnecessary logic for setting deq_tail has been removed.
Also logging has been corrected, and cache ring logic simplied.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
|
|
List Mellanox ConnectX-6LX and ConnectX-7 as a supported PCI devices.
Type: feature
Change-Id: Ieeca3f214d08f29238c387354055ac1320cab75f
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
|
|
Type: improvement
Change-Id: I02846a2420637470cb0f9472c86471b6a3421a75
Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>
|
|
Type: feature
This patch update the Intel IPsec-MB lib to v1.4
Remove v0.54 and v0.55 support, as the compatible IMB APIs
are deprecated in v1.4
Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com>
Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
|
|
Next drop node should be related to payload protocol.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
|
|
Four packets are batched after 696e88da9799056036f329676213f3c0c0a1db9c,
so prefetch is required for the next 4-7 packets, not for 2-5.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
|
|
Change-Id: I4c3144794dd0bd7de6150929e53f6d305c496b17
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7b0c2c2dec5e867970599b8f2f2da17f2ff0b17c
|