Age | Commit message (Collapse) | Author | Files | Lines |
|
Originally the pool of keys can be expand and cache with pointer for
key can be invalid.
For example in Wireguard during handshake process this pool can be
expand and pointer for these keys in cache can be invalid for workers
or can has incorrect value (poison memory).
The fixes add barrier if the pool needs be to expand to ensure that
cache in function will be valid and avoid situation when cache has
invalid pointer for these keys.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
|
|
Add missing array index so that actual mmapped pages are unmpapped
instead of attempting to unmap array holding those pages.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib8709cce1bcbfb505307c140266834b284af796c
|
|
This patch provides a fix for early-kill of timewait sockets that is based on
rfc's 1122, 6191.
The following commits provided a solution for port re-use. However, they
are not fully compliant with rfc 1122 4.2.2.13 ( Closing a connection )
and rfc 6191 (Reducing the TIME-WAIT State Using TCP Timestamps)
commit b092b77cf238ba ("tcp: Enable TCP timewait port use") introduced
a significant improvement by enabling TCP timewait port re-use.
commit ee1cb469b2dd ("tcp: fix port reuse with multiple listeners") fixed
usage of the wrong value for connection_index when searching for a
listener, by storing the state in tcp.flags.
Implementation details:
When a SYN is received during time-wait state, the code
checks whether all the requirements for accepting the SYN packet are
met. If they aren't, the SYN can't be accepted and the packet is dropped,
otherwise, connection is deleted and a new connection with same port
is opened.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Yuval Caduri <cyuval@marvell.com>
Signed-off-by: Michal Kalderon <mkalderon@marvell.com>
Change-Id: I38a33c6e321c760d45ebec9154399e1c90dd0250
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3c4152219e5307ac0fe773e16d597f0e4b9a7d4c
|
|
Type: fix
Ticket: VPP-1970
Ticket: VPP-1992
Fixes: 9e17887db97bb9f6507270f9fa9923c10816e0df
https://gerrit.fd.io/r/c/vpp/+/33495/7 introduced a bug
where ND responses are inproperly dropped. This fixes that bug.
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Change-Id: Iec4b07646332ced292e2211408c4f7af3088ac28
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibef04947c3a2f4e700233157d581ed54558b51ed
|
|
Type: fix
Change-Id: I2f7579980f081d3b0a8d19baade0a6599d55cf80
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ia6b9d4ac55be2216887bfdb99be4021f6a96f166
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib3fe4f306f23541a01246b74ad0f1a7074fa03bb
|
|
Type: fix
If the walk is triggered when the child is added, then that child is visited in the walk. However, since it is just attahcing to the path-list it may not, or indeed cannot, have all the context it needs to successfully handle the walk.
In the case of MPLS tunnel, it does not have the path extensions ready, and cannot since the path extensions need to resolve on the path-list.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I027af8cf2f522d2f6e37931bea60c767f0cb667d
|
|
When an mfib entry was created with both paths and entry_flags then
the entry flags were being ignored. If there are no paths then the
flags were passed into mfib_table_entry_update, but in the case where
the entry didn't exist and there were paths and flags, the entry was
created within mfib_table_entry_paths_update() which used a default
of MFIB_ENTRY_FLAG_NONE.
Pass the flags through into the mfib_table_entry_paths_update fn. All
existing callers other than the create case will now pass in
MFIB_ENTRY_FLAG_NONE.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
|
|
Type: improvement
This adds a new ip[46]-receive node, sibling
of ip[46]-local. Its goal is to set
vnet_buffer (b)->ip.rx_sw_if_index to the
sw_if_index of the local interface.
In dependant nodes further down the line (e.g.
hoststack) we then set sw_if_idx[rx] to this
value. So that we know which local interface
did receive the packet.
The TCP issue this fixes is that :
On accepts, we were setting tc->sw_if_index
to the source sw_if_index. We should use
the dest sw_if_index, so that packets
coming back on this connection have the
right source sw_if_index. And also setting
it in the tx-ed packet.
Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ie79a2deac03c04c0697e482a649ff151142126ed
|
|
Type: fix
When VPP generates an ICMP echo reply in response to an incoming
echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED
on the buffer. It will prevent ip6-rewrite from decrementing the hop
limit.
Outbound IPv4 echo replies also get this flag set.
Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
This is an attempt to make the cnat tests more
readable by hiding the scapy packet generation
under a common context concept.
This in order to add tests covering a wider range
of scenarios. As of now, only VIP, snat & DHCP
being covered
Change-Id: Ia84868984506bbb652fe974e9a6f54f7a3cc0bd9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6b89c4158d10d4928c8418312180dbeba7d70ab2
|
|
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong
results. Fix this error by correctly calculating IPv6 addresses with
different increased ranges and grouping ip4/ip6 prefix calculation
functionality into two functions.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If954876301ca2095f9331799a086f75db936f246
|
|
Type: test
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I5d44a6ea24e4aa0842024a0961f1fb22c6e6419a
|
|
Type: test
Change-Id: I185725c0f94084d08c8514642a84a04da62398e1
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
nat44-ed core configuration improvements & fixes [0-5] adjusted
for nat44-ei plugin.
Improvements:
* repeating code converted to functions
* simplified functions used for pool address, static mapping
and interface configuration.
Clean up:
* remove obsolete code and logic persisted after plugin
separation from old SNAT plugin.
Fixes:
* [0] return correct API behavior changed in [5]
Type: improvement
[0] https://gerrit.fd.io/r/c/vpp/+/33622
[1] https://gerrit.fd.io/r/c/vpp/+/33431
[2] https://gerrit.fd.io/r/c/vpp/+/33337
[3] https://gerrit.fd.io/r/c/vpp/+/33249
[4] https://gerrit.fd.io/r/c/vpp/+/32796
[5] https://gerrit.fd.io/r/c/vpp/+/32951
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: Ie197faa576cb49acb3d218f14e00cb7d13ad9342
|
|
This patch fixes issue with NAT_API_IS_TWICE_NAT and
NAT_API_IS_ADDR_ONLY flags. Because of control plane
code change - move from boolean parameters to flags
in https://gerrit.fd.io/r/c/vpp/+/32796 patch these
api flags weren't correctly set.
Type: fix
Change-Id: Ieec5fe6bdcca314da027f2d23e3a24f174391a6f
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Currently, auth activation CLI command
"bfd upd session auth activate ... conf-key-id <cki> bfd-key-id <bki>"
allows to change both key-ids to new values at once.
But if only bfd-key-id should be corrected, e.g. as a result of mistyping,
we can't do that in a single operation, and have to deactivate auth first
and then reactivate it with a correctly entered pair of ids.
Currently, backend's bfd_auth_activate() function returns immediately,
with no action, if it finds that submitted conf-key-id matches the
current record. No check on bfd-key-id value is made.
With this fix, bfd_auth_activate() checks if session's bfd-key-id has to
be changed to a new value, and if so, it updates and logs appropriately.
Change-Id: I3b915a936cb1721707860bb503f70e7dd29e0ddd
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: fix
Currently, the change in desired_min_tx value initiated locally
doesn't result in actual update of the transmission interval.
bfd_session_t structure has two fields for each of protocol's
local time parameters
desired_min_tx, required_min_rx
In a case of a parameter update,
"config_" prefixed fields store new values sent to remote
bs.config_desired_min_tx_nsec,
bs.config_required_min_rx_nsec
Those prefixed "effective_", keep old values, still in charge,
until new ones are being negotiated between peers:
bs.effective_desired_min_tx_nsec,
bs.effective_required_min_rx_nsec
Currently, upon termination of the Poll Sequence (negotiation) only
bfd_set_effective_required_min_rx()
is called to update effective RX value. TX value remains unchanged.
With this fix, add a call to
bfd_set_effective_desired_min_tx()
to set new, acknowledged TX value in effect.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I80b6746533839c9572598f1ad9dabb33e621a525
|
|
While looking at a coverity warning it was discovered that it's caused
by return value modified by pd msg handlers. As these are legacy, it's
a good time to remove them and also fix the warning this way.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic72ab8b2b7a2e55188d1c31cfd18a74b7cf82c43
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
|
|
We should compute offloads in interface_ouput.c
in the case when any of the UDP, TCP or IP
offload flags is not present in the interface
capabilities.
e.g. if the interface supports IP cksum offload
but not tcp/udp we should still compute cksums
here.
Type: fix
Change-Id: Ibaa3a56dbc92938dca45311c38f079d040052194
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
memif descriptors table may have more than one shared memory region.
To see whether a descriptor's memory address is valid or not, it
is beneficial to also display the descriptor's region. While at it,
fix the truncation problem for the offset field.
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ia3b7062ac0323c39ade6f3a58333c6405889148f
|
|
Added topdown level 2 support on sapphire rapids,
including ability to indentify a sapphire rapids cpu.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I9f99a92fa0886b98bb5185cff32bebd5a094f329
|
|
The Intel Icelake uArch supports measuring up to 12 counters,
comprised of 4 fixed and 8 general counters.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I68369ea55a0c95d6a4a280a464e69502bbf5474f
|
|
The restriction of vlsh_bit_val only effect select/pselect, so move the
check to select/pselect function.
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I3585c83cfc2f0a2fd834450be650dccda67e3faa
|
|
Initialise variable used in tracing code in case of early error so that
tracing doesn't use this uninitialised variable.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I6b1cef07e1f126cee56e1116606869dd667274d2
|
|
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
|
|
Add a missing return statement in case there are no parameters supplied
to 'set ip6 nd proxy' CLI to avoid calling code with uninitialised
parameters.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ie4fdb4df5d1af49471c421e5e7a6c2f885d2e8d2
|
|
Fix coverity warnings by initialising variables and removing dead code.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I0254b81020cdc3d7075df003309065438526918f
|
|
Remove non-null check for a pointer which cannot be null to avoid dead
code warning.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I5ff40a4f80db7bb0dff9928c90ff757b763902fd
|
|
Type: docs
Change-Id: I5b6c388332bdd3a29777d728c3357816c8411ea2
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This patch refactors the VPP sphinx docs
in order to make it easier to consume
for external readers as well as VPP developers.
It also makes sphinx the single source
of documentation, which simplifies maintenance
and operation.
Most important updates are:
- reformat the existing documentation as rst
- split RELEASE.md and move it into separate rst files
- remove section 'events'
- remove section 'archive'
- remove section 'related projects'
- remove section 'feature by release'
- remove section 'Various links'
- make (Configuration reference, CLI docs,
developer docs) top level items in the list
- move 'Use Cases' as part of 'About VPP'
- move 'Troubleshooting' as part of 'Getting Started'
- move test framework docs into 'Developer Documentation'
- add a 'Contributing' section for gerrit,
docs and other contributer related infos
- deprecate doxygen and test-docs targets
- redirect the "make doxygen" target to "make docs"
Type: refactor
Change-Id: I552a5645d5b7964d547f99b1336e2ac24e7c209f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: improvement
Change-Id: I7e821cce1feae229e1be4baeed249b9cca658135
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Fix coverity warning by initialising proto variable to a dummy value.
This value is never used because consuming function uses this
parameter value only if is_addr_only flag is not set and this flag is
always set if proto value is not provided by user.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9b5e8c08346bea1e2b460bb09e962c4b8d3b6947
|
|
Type: improvement
Change-Id: If453321785b04f9c16e8cea36fb1910efaeb2c59
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: Ie3b25a86b99098d2b3a21a11fc73234c8ed589d6
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: Ibebd2d47a4268189f11601d004073e4858548f25
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I0094ea8627cd8bcd5ea119c2fd48f077c8e2e4bb
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c77066cc9f1d3063373cc9559cc5b369906cc24
|
|
Adding a nat44 static mapping during startup on a DHCP interface leads
to a segv via this path:
- dhcp_client_acquire_address
- ip4_add_del_interface_address
- ip4_add_del_interface_address_internal
- nat44_ed_add_del_interface_address_cb
- nat44_ed_add_static_mapping
- ip4_interface_first_address
Type: fix
Signed-off-by: Joshua Roys <roysjosh@gmail.com>
Change-Id: I38dac8a096b052550f2b87b4e13a950d2cd868b0
|
|
unformat_init_vector() expects a vector, not a NULL-terminated C-string.
Type: fix
Change-Id: I20a266243f63d94b0c6fe24e25ee8346c08c8ff2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5ecb73009c6ebb00b5d9e14bd09b4b3e80ab5601
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4f37c6601ace08ae886b08d2284b413d457e4eae
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ida114ba35227f70ddd87cad791a21f186be1cba8
|
|
struct dirent *e is freed when calling closedir(). Use ifname instead.
Type: fix
Change-Id: Icc9ca52c33ecc1dee7a9e28802149e4e3e4c8ac0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|