Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: docs
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ica576e13953a3c720a7c093af649d1dd380cc2c0
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
|
|
.. as it is going to be removed.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
|
|
Alignment size should be CLIB_CACHE_LINE_BYTES(64)
instead of CLIB_LOG2_CACHE_LINE_BYTES(6)
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If2d5ae324093be64454377866297f5e76ccddc93
|
|
When a buffer in the chain comes with a negative current_data offset,
the conversion to sgl will skip it because of resetting offset to 0.
Moreover, crypto_start_offset is relative to the 1st buffer data pointer
so we should not check it against subsequent buffers anyway.
Type: fix
Change-Id: Id177a90bfda242a5372c7e8836cf6668e98c780e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
local0 exists just to burn sw_if_index=0 so we catch common API errors.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
|
|
Thread assignment to tx queue has always been automatic and there
was no way to modify it. With this patch, it is now possible to use
the cli "set interface tx-queue" to change the thread assignment to
tx queue for vmxnet3 interface, thanks to the new tx infra.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1544e3557f70251d4bd423cc3d9f28ee1d44db4a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
|
|
When enqueuing chained buffer, we must update the descriptor length for
each fragment descriptor in addition to the last.
Type: fix
Change-Id: I9bc95fe557a049eeea4abd41c695153632d52a52
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When switching to the direct verb chain buffer tx path, we must account
for all remaining packets, including the packets that would wrapped
around.
Previously we were using the 'n' counter but ignoring the 'n_wrap'
counter: if some packets would have wrapped around in the default path,
it would be ignored by the chained buffer tx path.
Compute the correct number of remaining packets based on the old and
current txq tail instead.
Also simplify the chained tx function parameters.
Type: fix
Change-Id: If12b41a8f143fda80290342e2904792f7501c559
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The total_length_not_including_first_buffer field must be reset before
being updated otherwise it will quicly grows as stale values are reused.
Type: fix
Change-Id: Ic48c0822660998b0dfc0b5fdeadae6071b2d03f7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I290e4b0dff6afe7ce755074f3aaaf945dbbf3e09
|
|
Type: improvement
There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48
|
|
Type: fix
two problems;
1 - just because anti-reply is not enabled doesn't mean the high sequence
number should not be used.
- fix, there needs to be some means to detect a wrapped packet, so we
use a window size of 2^30.
2 - The SA object was used as a scratch pad for the high-sequence
number used during decryption. That means that once the batch has been
processed the high-sequence number used is lost. This means it is not
possible to distinguish this case:
if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
{
...
if (post_decrypt)
{
if (hi_seq_used == sa->seq_hi)
/* the high sequence number used to succesfully decrypt this
* packet is the same as the last-sequnence number of the SA.
* that means this packet did not cause a wrap.
* this packet is thus out of window and should be dropped */
return 1;
else
/* The packet decrypted with a different high sequence number
* to the SA, that means it is the wrap packet and should be
* accepted */
return 0;
}
- fix: don't use the SA as a scratch pad, use the 'packet_data' - the
same place that is used as the scratch pad for the low sequence number.
other consequences:
- An SA doesn't have seq and last_seq, it has only seq; the sequence
numnber of the last packet tx'd or rx'd.
- there's 64bits of space available on the SA's first cache line. move
the AES CTR mode IV there.
- test the ESN/AR combinations to catch the bugs this fixes. This
doubles the amount of tests, but without AR on they only run for 2
seconds. In the AR tests, the time taken to wait for packets that won't
arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of
these tests from 10-15 to about 5 sceonds.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
|
|
According to RFC 793, the ACK control bit is always sent once
the connection is established.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If585b9c48f67599c56a8c4b4a5139375bc4287f6
|
|
ipsec4_input_node
ipsec_spd_policy_counters are incremented only for matched inbound
PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have
SPD policy counters that should be incremented on match.
This fix increments the counters for inbound BYPASS and DISCARD actions.
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
|
|
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: Icd2fc3cc2d0a0a6060abfb262044cf9e09ab4ba2
|
|
In stress test case, memset may consume a lot of CPU because
vls_epoll_wait is called very frequently.
Type: improvement
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I9b4e1d6e1c4d7217cf0b2529d8efed792dea7b40
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3d208f8ef4638e7557929f4b2bca4d640af85baa
|
|
Type: improvement
the rationale being that the del only requires the SA's ID, so it's a
bit mean to require the client to fill out all the other information as
well.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
|
|
Type: test
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie691b1c8841f5e195525bfff990f12ab918ba394
|
|
If an IPv6 Link Layer Address is missing from an interface,
treat it as a down interface. While this fails to send a
VRRP multicast group join, it also prevents a seg fault.
Type: fix
Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
|
|
Puts return statements back inside code blocks under the lock
Type: fix
Change-Id: I76d426f336200035026b92bcb0ffe2b472a3142d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
This reverts commit d70777aa60a87001f323f3b226d7e5cee2cd23d8.
Reason for revert: wrong fix
Type: fix
Change-Id: Ibff1b977eae8d2cc85888165ebf83c42eb661698
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Ie5c197f6ec0d41d5e405b22662701d83ad94d29e
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
|
|
Type: fix
Outbound packets which arrive on tun/L3 interfaces use a default
adjacency for the interface & address family from the corresponding
interface pair. However, there are entries in the linux-cp adj table
that are created for them. Managing these entries might cause a
segfault because the rewrite data might exceed the reserved space for
it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6).
With this change, stop creating adjacencies for tun/L3 interfaces in
the linux-cp adj table and delegating them.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
|
|
==283032==AddressSanitizer CHECK failed: compiler-rt/lib/asan/asan_mapping.h:366
"((AddrIsInMem(p))) != (0)" (0x0, 0x0)
#0 0x49c128 in __asan::AsanCheckFailed
#1 0x4ae8dc in __sanitizer::CheckFailed
#2 0x495dec in __asan::ShadowSegmentEndpoint::ShadowSegmentEndpoint
#3 0x495e48 in __asan_unpoison_memory_region
#4 0xfffff4e851f8 in svm_map_region /home/vpp/src/svm/svm.c:611:7
#5 0xfffff4e86d9c in svm_region_init_internal /home/vpp/src/svm/svm.c:797:8
#6 0xfffff4e87ce4 in svm_region_init_args /home/vpp/src/svm/svm.c:880:3
#7 0xfffff7f30d30 in vlibmemory_init /home/vpp/src/vlibmemory/memory_api.c:974:3
#8 0xfffff4fd5368 in vlib_main /home/vpp/src/vlib/main.c:1986:16
svm_global_region_base_va 0x200000000000 is not in the aarch64 mapping range,
leading check failure and vpp cannot start.
aarch64 asan mapping
|| `[0x201000000000, 0xffffffffffff]` || HighMem ||
|| `[0x041200000000, 0x200fffffffff]` || HighShadow ||
|| `[0x001200000000, 0x0411ffffffff]` || ShadowGap ||
|| `[0x001000000000, 0x0011ffffffff]` || LowShadow ||
|| `[0x000000000000, 0x000fffffffff]` || LowMem ||
x86 asan mapping
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem ||
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I55ddbdcd361d66d4cfaf6459b2fa20fd8b64af37
|
|
Applications like curl will poll the fd after a non-blocking
connect, so we need to avoid returning the wrong event.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I7ea146fc954fda631b3d88b46bb80adfbcdf137c
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
|
|
Type: improvement
Allow callbacks to be registered which will be called when an
interface pair is added or deleted.
Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
|
|
Type: fix
Fixes: bf55e9931ce203049385fbf55dde291ead556679
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I5410a7a5a8cdc1d41abcc42fe5b42e6e2991dc06
|
|
If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.
Fix ICMP checksum computations.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
|
|
Type: improvement
Set port type and supported flow actions on 2.5G Intel NICs which are
managed by the igc PMD.
Change-Id: Id144eaa158e24a3f10effb6b517d1c62fba0d2e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
|
|
ASan poison/unpoison vectors based on the vector length, but _vec_len()
bypass ASan annotations, contrary to vec_set_len().
Type: fix
Change-Id: I5265a5adcddef1aa11c77e0c3827346b1a66c306
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When copying sessions from parent on fork, we should validate vep handle
in order to EPOLL_CTL_DEL in vcl_session_cleanup correctly when child
exit.
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I7696ecd898460c9a296d2800e46c7140e2218ed7
|
|
Main process may enter sighandler with a lock, such as lock in localtime
or in mspace_free, and child wrk cleanup may try to get such locks and
cause deadlock.
The patch move cleanup to vls_epoll_wait to wait app's next call.
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I9b208038a0f49b0ace44684189234aeac9d94730
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a
|