Age | Commit message (Collapse) | Author | Files | Lines |
|
The vnet_crypto_key_add should only be called from the main thread.
This patch works around this limitation by allocating one key per worker
and updating it on the fly everytime we need to do a crypto operation.
This solution is far from ideal, but quicly has a strong assumption that
it can use a key immediately after determining it, so making the key
creation asynchronous is not a possibility.
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7
Type: fix
|
|
Should also fix coverity warning.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I068b837377b329a22ace5b2235c6dd9f067ead77
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9ea41b8b271e9123e676acdc581ef429072fe843
|
|
Handle case where extra data is present in buffer which is not part of
IP/ICMP headers.
Type: fix
Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76
Change-Id: Icfef811470056d38c60fc45cc302139ed7594385
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Change-Id: Ic07010f11ef303f5213a33b0faf24aaedb62f110
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
* Add clib_socket_init support for abstract sockets
if name starts with an '@'
* Add clib_socket_init_netns to open socket in netns
* Add clib_netns_open
Type: feature
Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Refactoring static mapping configuration
functions based on feature type.
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bcf6511c904c8625c0845cd9758539f35e6b50
|
|
Verify that headers are not truncated and that checksums are valid.
Correct checksum computation in translation code.
Type: fix
Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Change-Id: I06eaf39b1e441045c3402cbf40339054ad26ade9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Zero copy interface which exposes VPP buffers to snort instance(s).
Includes VPP DAQ which is compiled only if libdaq 3 API headers are
available.
Type: feature
Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Request use of RX interrupts for virtio if the system will support it,
which is done by applying the same check as in the virtio driver,
namely whether multiple interrupts are supported. This allows the use
of RX adaptive/interrupt mode instead of just polling, which is useful
in virtualised environments where functionality may be more important
than performance and so using polling mode is wasteful.
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I29527b6f04b0b1d0c9f9424751b2bd252ed10505
|
|
Type: fix
DBGvpp# set acl-plugin acl src 1::1/128 dst 2::/64
DBGvpp# sh acl-plugin acl
acl-index 0 count 1 tag {cli}
0: ipv4 permit src 1.1.1.1/32 dst 1.1.1.2/32 proto 0 sport 0-65535 dport 0-65535
acl-index 1 count 1 tag {cli}
0: ipv6 permit src 1::1/128 dst 2::/64 proto 0 sport 0-65535 dport 0-65535
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibb8e20dd4ec2792f423a61eefe7398175e45a577
|
|
Type: fix
Change-Id: I5677cbb183b10c974a3a2e569d1a7a525a7eb45d
Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
|
|
Type: refactor
Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fixing nat44-ed identity map in2out communication.
TCP packets would get dropped because of the order
of testing TCP state.
Type: fix
Change-Id: Ib11e7e75c66945224fecc0bb311733672e315c7d
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Refactored & fixed NAT44ED configuration
functions used for handling interfaces and
nodes.
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
|
|
These file are no longer needed
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I34f8e0b7e17d9e8c06dcd6c5ffe51aa273cdec07
|
|
Silence the coverity test with setting the interface index
in a variable before the boundary check.
Type: fix
Change-Id: I9bd6db08bfef93142581dada0b6a7d78b7de91e7
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
|
|
Put plugin init order inside plugin instead of in vnet
Type: improvement
Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com>
Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
|
|
Type: improvement
Allow the use of the base-virtaddr config option to be passed through
to DPDK. This is useful to allow use of devices with an IOMMU in
nested VMs without resorting to PA IOVA mode.
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I32b6513377e6d20bf155e12c45f902d51ea982c4
|
|
This patch removes the papi transport shared memory plugin.
It also removes any dependency on CFFI.
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia81701c0dc506871e511495d837e41420e1fdf72
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iacc58d27ac51c8a1c571087f98297e046b3477c2
|
|
When removing a l3xc path we must release the corresponding dpo.
Type: fix
Change-Id: Ib6309797cb11374264c786e064f262ad13c6f0a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When a buffer in the chain comes with a negative current_data offset,
the conversion to sgl will skip it because of resetting offset to 0.
Moreover, crypto_start_offset is relative to the 1st buffer data pointer
so we should not check it against subsequent buffers anyway.
Type: fix
Change-Id: Id177a90bfda242a5372c7e8836cf6668e98c780e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Thread assignment to tx queue has always been automatic and there
was no way to modify it. With this patch, it is now possible to use
the cli "set interface tx-queue" to change the thread assignment to
tx queue for vmxnet3 interface, thanks to the new tx infra.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1544e3557f70251d4bd423cc3d9f28ee1d44db4a
|
|
When enqueuing chained buffer, we must update the descriptor length for
each fragment descriptor in addition to the last.
Type: fix
Change-Id: I9bc95fe557a049eeea4abd41c695153632d52a52
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
When switching to the direct verb chain buffer tx path, we must account
for all remaining packets, including the packets that would wrapped
around.
Previously we were using the 'n' counter but ignoring the 'n_wrap'
counter: if some packets would have wrapped around in the default path,
it would be ignored by the chained buffer tx path.
Compute the correct number of remaining packets based on the old and
current txq tail instead.
Also simplify the chained tx function parameters.
Type: fix
Change-Id: If12b41a8f143fda80290342e2904792f7501c559
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The total_length_not_including_first_buffer field must be reset before
being updated otherwise it will quicly grows as stale values are reused.
Type: fix
Change-Id: Ic48c0822660998b0dfc0b5fdeadae6071b2d03f7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
If an IPv6 Link Layer Address is missing from an interface,
treat it as a down interface. While this fails to send a
VRRP multicast group join, it also prevents a seg fault.
Type: fix
Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
|
|
Type: fix
Outbound packets which arrive on tun/L3 interfaces use a default
adjacency for the interface & address family from the corresponding
interface pair. However, there are entries in the linux-cp adj table
that are created for them. Managing these entries might cause a
segfault because the rewrite data might exceed the reserved space for
it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6).
With this change, stop creating adjacencies for tun/L3 interfaces in
the linux-cp adj table and delegating them.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
|
|
Type: improvement
Allow callbacks to be registered which will be called when an
interface pair is added or deleted.
Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Fixes: bf55e9931ce203049385fbf55dde291ead556679
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I5410a7a5a8cdc1d41abcc42fe5b42e6e2991dc06
|
|
If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.
Fix ICMP checksum computations.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
|
|
Type: improvement
Set port type and supported flow actions on 2.5G Intel NICs which are
managed by the igc PMD.
Change-Id: Id144eaa158e24a3f10effb6b517d1c62fba0d2e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
TTL was already decremented in ip4-rewrite so it's okay if it's 1.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
|
|
Type: test
UT for patch: 4fc68ee
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I96fac9a6407a7f3ebeecc5e68a7683e541063de7
|
|
Type: fix
Signed-off-by: jxm <jiangxiaoming@outlook.com>
Change-Id: I6fb2620e7076e1e38a2ab85a70febe614b079e67
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2d5039cd35edd02ffa2439bcac119d0647234385
|
|
Type: fix
Currently, is_interface_addr() tests if a given IPv4 address belongs to
an interface by a given sw_if_index. However, there are several issues:
* only the first found address on the interface is actually tested,
* sw_if_index is always cached even if the interface hasn't been
assigned any addresses yet.
With this change, is_interface_addr() tests all IPv4 addresses on an
interface by a given sw_if_index and caches sw_if_index only if there
are addresses present.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: If1acc4a534647a5f0ce8e9b565b867c92a016dc3
|
|
Type: fix
Currently, there might be a crash in NAT ED mode:
* if a session for an unknown proto packet cannot be created in2out,
* if a session for an unknown proto packet cannot be found out2in.
With this change, translate packets only if a session is given in NAT
ED mode.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iafb332db1ae9a3e76435964ad636037d1b8a51e8
|
|
use autogenerated code
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I91a55412f96b138c3c00cbb8943d271c8a6452c9
|
|
Type: fix
Change-Id: I456cc0b0a6f2dc32b14791baf9d4a7f67279e8df
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
when the configuration of tx queues is larger than the worker-threads,
the clib_spinlock_lock_if_init will not be executed, and then this function
will executed the clib_spinlock_unlock_if_init, so this may caused the issue.
Type: fix
Signed-off-by: fangtong <fangtong2007@163.com>
Change-Id: I3ce244cd5e1f410e9f14bd060b929238f069b9fa
|
|
Type: fix
Change-Id: Id6406702061ada54e51ebcf5c367328605de2b6b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Test added to the unittest plugin / test_vlib.py
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407
|
|
Type: fix
Change-Id: I58931e235535be7d596ca578790f389b64a4fbd2
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I76923ad5035498aae821db4fd42a127617476fbb
|
|
Type: fix
Outbound packets from the host have an adjacency lookup performed so
buffer metadata can be filled in and output features can be applied.
If no adjacency is found for a packet, it gets dropped. This breaks
DHCP and possibly other things since the DHCP reply to a discover
request is sent to a destination MAC address that is determined by
the contents of the request packet rather than any existing neighbor
table entry.
If adjacency lookup for outbound packets does not find an entry, use
the default adjacency for the interface & address family.
Change-Id: Ia53a4df3a5bad2991768cfe4a84c560b879e656f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I62fb56257445a05105e556d1ea6cc6280b5eeccc
|