Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: feature
Configure TCP MSS clamping on an interface as follows:
set interface tcp-mss-clamp [rx|tx] <interface-name>
ip4 [enable|disable|rx|tx] ip4-mss <size>
ip6 [enable|disable|rx|tx] ip6-mss <size>
Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change dpdk_ops_vpp_get_count() return value from 0
to actual available pool size;
For some drivers/envs(azure,vmbus) rx_queue size
will be zero and the only 1 element will be created
(0 + 1)
When more than one packet will arrive, it will cause
SEGFAULT
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
|
|
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a
compiler error for an unused result of the function.
Type: fix
Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
|
|
Fix places where "Marvel" is used incorrectly instead of "Marvell".
Type: style
Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error due to implicit declaration of
vnet_hw_if_get_rxq_poll_vector by including the header file that
declares this.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
|
|
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea.
Type: fix
Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The sw crypto scheduler converts crypto frames to individual crypto
operations. This is done by reusing per-thread vectors for crypto,
integrity and chained operations.
The crypto op flags must be reset to frame flags minus invalid values
depending of the operation.
The previous tentative also cleared the chained buffer flag, breaking
jumbo support.
Type: fix
Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
|
|
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules
to the include directories to allow use of system DPDK where the
headers aren't under standard include directories.
Type: fix
Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1
Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error in mrvl_pp2_delete_if caused by unused variable by
removing that variable.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
We hit a crash when the client sends us a bogus deescriptor which causes us
to access memory beyong the mapping. While the client clearly should not do
that, it is rather cheap for VPP to validate the descriptor instead of crash
and burn.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id09035810939f5f98530f212f0b23e606132251d
|
|
Enable DPDK AVX-512 Vector PMDs on Intel Icelake
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
|
|
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
|
|
Type: fix
Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a
Signed-off-by: Vengada Govindan <venggovi@cisco.com>
|
|
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync
protection. This can cause data contention with the worker threads. Wrap
all calls to vnet_feature_enable_disable with barrier sync and barrier
release.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I74545b074599273429f47e3e726551156bc11bbc
|
|
Old auth data is needed when generating new one.
Type: fix
Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
|
|
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
|
|
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
|
|
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Notable changes:
- ip[46]-cnat-snat is renamed to cnat-snat-ip[46]
- indent fixes
- common trace primitives
- bihash is now 40_56 with alias
Type: refactor
Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
|
|
Type: refactor
IKEv2 registers the IPSec node as the port handler, so it can use the
IPSec functions to do that.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
|
|
lip_host_name is a non-NULL terminated vector, not a NULL-terminated
C-string.
Type: fix
Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
explicit null dereferenced
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
|
|
- "PNAT: 1:1 match and rewrite programmable NAT" link
was hanging out on the top level of the doc tree.
Move it to VPP->Developer Documentation.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I907b2e560d6ecd748aa7c6d775c4f7122a39b4cb
|
|
Type: fix
This patch fixes the missed crypto and integ offset update for
every packet. Previously the offset is updated only when the
key is changed. This is ok for encryption but not always true
for decryption.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Iccd0011f4ae488746ce487a14b94ddd24fb0c07c
|
|
This fixes an issue when initiator is expecting request with intitial
msgid being 0 but 1 is received instead which results in retransmission
(instead of normally processing the new request).
Type: fix
Change-Id: I60062276bd93de78128847c5b15f5d6cecf1df65
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Re-enable the test for 2-worker config test
Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Keep coverity happy by checking the return value of unformat calls.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Iccd0296da527d079f79cc7bd8b57af1b524299bd
|
|
Type: fix
If no host interface name is passed to the CLI command which creates
an interface pair, NULL gets passed to lcp_itf_pair_create() and a
seg fault occurs. Check whether a host interface name was provided
and fail gracefully if none was given.
Change-Id: I82886f4c2ee710e206c751c34a74399112e9062c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30fde452fdeeb9877f3e3fecb0dd723f10f61019
|
|
Type: fix
Change-Id: Ia22b1189b82e885eb380f638ea6d05923a858f01
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2a55a2fe0c483359c3b42ebe93cd0e8e279131d1
|
|
Type: refactor
This patch refactors the offload flags in vlib_buffer_t.
There are two main reasons behind this refactoring.
First, offload flags are insufficient to represent outer
and inner headers offloads. Second, room for these flags
in first cacheline of vlib_buffer_t is also limited.
This patch introduces a generic offload flag in first
cacheline. And detailed offload flags in 2nd cacheline
of the structure for performance optimization.
Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: feature
Support setting the MTU for a peer on an interface. The minimum value of
the path and interface MTU is used at forwarding time.
the path MTU is specified for a given peer, by address and table-ID.
In the forwarding plane the MTU is enfored either:
1 - if the peer is attached, then the MTU is set on the peer's
adjacency
2 - if the peer is not attached, it is remote, then a DPO is added to
the peer's FIB entry to perform the necessary fragmentation.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8b9ea6a07868b50e97e2561f18d9335407dea7ae
|
|
Ensure policer struct is cache aligned and fits in one cache line.
Give it a simpler name to reflect its job as the representation of
a policer.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: If1ae4931c818b86eee20306e503f4e5d6b84bd0d
|
|
Type: fix
Change-Id: I744cedb9c1b57945af5e83057e4759964fd2e104
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
When strongSwan rekeys it sends create child sa request first and then
delete request for the old child sa (or vice versa depending on
configuration) as opposed to sending just a single create child sa with
rekey notify message.
Type: fix
Change-Id: I1fa55a607ca623cd3a6d887436207153c6f6bbf6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Also apply style edits as proprosed by checkstyle.
Ticket: VPP-1971
Type: fix
Change-Id: I4332a4e32220f3076b4a373da01cc0022cde32f5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|