Age | Commit message (Collapse) | Author | Files | Lines |
|
The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).
Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I921465ea64b59d42674cc8f19069ed04e3b25026
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I3669068f694614f8555b33bf0b703c41e45363ef
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ifea9c772e8784642433b92091f5769eb9ec06890
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I387b22427b3f322969bcf32fcfc189123c8ed6ae
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I16557189aa4a763ec496cb4a45f6e12f2d46971f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I9363cf54b73f7cfd8622af6f1cb250438ea0d3b6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Object sizes must evenly divide alignment requests, or vice
versa. Otherwise, only the first object will be aligned as
requested.
Three choices: add CLIB_CACHE_LINE_ALIGN_MARK(align_me) at
the end of structures, manually pad to an even divisor or multiple of
the alignment request, or use plain vectors/pools.
static assert for enforcement.
Change-Id: I41aa6ff1a58267301d32aaf4b9cd24678ac1c147
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Output string 's' was not assigned the return value of format() for
the destination address, which, in case the underlying memory was moved
by the realloc, resulted in an invalid memory access by the subsequent
invocations of format().
Change-Id: I2b5dfd85db085c553ca5ec0b3257aeeb437c360a
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Static mappings with equal local and external IPs
but different ports were dumped as identity mappings.
Change-Id: Ifea7cef5b78aea4c2eb31cf1620185eeef2681e5
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: If379247f0574fbfcca39e752684bf6c81b95187b
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
When a packet with an unknown proto arrives
on an inside interface and there are no existing sessions
for the source address, a segv occurs.
snat_in2out_unknown_proto() finds the head of the sessions
dlist, fetches the address of the next element using
head->next, and then dereferences the next element. On the
first packet received from a source address, head->next is
~0, so this results in a segv.
Check that the session list is not empty before trying to
traverse it.
Also removed unnecessary lookup against tsm->user_hash.
Prior call to nat_user_get_or_create() already performed
that lookup and added a user if one didn't exist.
Change-Id: If73e79aa2f8e3962ab7b876ecf55aea40d7a5472
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: If33854f9c32736edf571fb66cdfa759db1c9de25
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
Change-Id: I2794384557c6272fe217269b14a9db09eda19220
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Icd42abf4e35db550df496592cffce655f1987d68
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Be gentle with people who run VPP in the noisy envirement where
not-for-us IGMP messages are flying around...
Change-Id: I07e74e29bc12ecdcc83faead9182d861c7ea1add
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If174d189de40e6f9ffae99997bba93a2519d9fda
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I379150a88f2d53d6281be41e8bad6fc4f4e88a71
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
recompile each time
Change-Id: I97ef0ef5f694062e5867e11d434e3b521a57f649
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I69fee1dcf07a4d2eed69a59f0a36e63e3741ed4e
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Fixes:
- the parsing of the packet falsely assume an ethernet header at offset 0
- it causes a frame leak
Change-Id: Ib9ac9535173ed216de613baaa06d0e1dea3640ca
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I927c9358915e03187cf7d3098c00b85b5ea2f92d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Improve igmp membership report performance, introduce group and source specific timers.
(side effect compatible with Group-specific query).
Change-Id: Ie3dd2c0dabe5f7138c2f8029e6bbbbfcb5e4904f
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
[VPP-1251]
Problem:
When the bond subinterface is removed, it was observed that we lost the lacp
partner. Show hardware shows rx counter goes up, but show interface does not
for the slave interfaces.
Cause:
We reset the interface promiscuous mode when the bond subinterface is deleted.
This causes dpdk not to accept any packet. Leave the interface in promiscuous
mode fixes the problem.
Other fixes:
There are few places we use hw_if_index as if they are sw_if_index. But they
don't necessarily have the same value. As soon as a subinterface is created,
they start to diverge. The fix is to use the correct API for the hw_if_index
and sw_if_index.
Change-Id: I1e6b8bca0a4aae396d217a141271cbf968500c91
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 42c6599bf3057a7e8f4f00f5b6a9dd72af48d283)
|
|
Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
We should be sending LACP PDU every second if the partner has LACP_TIMEOUT flag
set which means it will time us out in 3 seconds.
Add interface name for lacp trace
Change-Id: If7d816c062d03e80cc0dd7d10dba0b76ace0664a
Signed-off-by: Steven <sluong@cisco.com>
|
|
When enabled then Twice-NAT is applied only when
source IP equals destination IP after DNAT
Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
- use of vlib_log for non-dataplane logging
- redirect of dpdk logs trough unix pipe into vlib_log
- "show dpdk physmem" cli
Change-Id: I5da70f9c130273072a8cc80d169df31fc216b2c2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I7e6b0e7e91cc032b1685f35de5d84363a85158a5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
https://gerrit.fd.io/r/#/c/7701/ accidentally removed 3 lines of code in
dpdk/device/init.c which were added by https://gerrit.fd.io/r/#/c/7826/
case VNET_DPDK_PMD_VHOST_ETHER:
xd->port_type = VNET_DPDK_PORT_TYPE_VHOST_ETHER;
break;
Those lines were needed to recognize vhost-user interface which is created
via vdev command in dpdk and display VhostEthernet. Without them,
UnknownEthernet is displayed.
Change-Id: I6d7ee6aecc6a415fbb7308595d515649475bcd5f
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I3792c524323ce9e300648abe85454cff5d19aba7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I0d10f13a56420b119fdfad97dcc135b245c269e1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
A poor man's flow switching or policy based rounting.
An ACL is used to match packets and is associated with a [set of] forwarding paths
that determine how to forward matched packets - collectively this association is a
'policy'.
Policies are then 'attached', in a priority order, to an interface when thaey are
encountered as an input feature. If a packet matches no policies it is forwarded
normally in the IP FIB.
This commit is used to test the "ACL-as-a-service" functionality,
which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes.
Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
It is a relatively rarely used low level command for code that didn't change,
but due to infra changes it did not survive. Having it working may be very
useful for corner-case debugging. So, fix it for working with
the acl-as-a-service infra.
Change-Id: I11b60e0c78591cc340b043ec240f0311ea1eb2f9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 18bde8a579960aa46f43ffbe5c2905774bd81a35)
|
|
Change-Id: I071d4cfcf6ea9763dd4842a3594c486a8e400e8c
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
|
|
interface)"
This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa.
Reverting as this patch is causing following crash:
0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails
Aborted
Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
only in lookup context 0
In process of extracting the matching out of the ACL plugin internals,
a couple of pieces setting the miscellaneout fields in the 5tuple structure
did not make it, so they are initialized to zeroes. Move the assignments
to the right place to make both traffic acls and acl-as-a-service working.
Change-Id: I66a7540a13b05113b599f0541999a18fad60385d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit d3b96ef0d75889f09dc51efb89e5123cdbe7ffe8)
|
|
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I98bd454a761a1032738a21edeb0fe847e801f901
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
update the GBP plugin to implement the full NAT feature set of opflex agent
Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
When in deterministic mode disable nondeterministic CLI/API.
When not in deterministic mode disable deterministic CLI/API.
Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
When NAT44 forwarding is disabled, if a DHCP server-to-
client packet arrives on an outside interface, it is
handled correctly by setting the next node to the next
feature on the ip4-unicast feature arc, where it can be
processed.
When NAT44 forwarding is enabled, if a DHCP server-to-
client packet arrives, it is not handled any differently
than other packets and ends up going to ip4-lookup
which results in the packet being dropped.
Move the check for DHCP server-to-client packets outside
of the block that is executed if forwarding is disabled so
DHCP replies will be processed in either case.
Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
The users of ACL lookup contexts might not check the data they supply,
so do it on their behalf in this function, and return an error if
an ACL does not exist or if they attempt to apply the same ACL twice.
Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
|
|
using the inline functions
The acl_main struct, which is defined in the acl_plugin, is not visible when
the ACL plugin inline code is being compiled within the context of other plugins.
Fix that by using the global pointer variable, which exists in both the ACL plugin
context and is set in the context of the external plugins using ACL plugin.
Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
|
|
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
lb session with the same user maybe deleted.
Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d
Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
|