Age | Commit message (Collapse) | Author | Files | Lines |
|
This fixes cnat_feature node LB
- use siblings instead of direct next_nodes
- only do the lookup if we have NO_NAT
- fix behavior in v6
Type: fix
Change-Id: Ie80c9912946bf55c30eadeb51340f4aec9bb297e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Change-Id: I6ababc99ecf559327a4370914580c98d32680175
Type: feature
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9e65c94a5a05047a5104e9361ea36eac77b40442
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: refactor
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ifb4a9c52fd2c5dd9f3f5cf41214aa1851f6d7acd
|
|
Change-Id: I20e48a5ac8068eccb8d998346d35227c4802bb68
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
|
|
Type: style
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I66b7ed03f784f3992a910ad6a52ed89116a39297
|
|
Type: improvement
Change-Id: I934e1e981bfa3e5ef81a61b2180604f9b9fc991b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6ed2104e9d79c367ca36460047586f9b632c3315
|
|
Type: fix
Change-Id: Ia17c8255806a2575bb75ed37050b47ddb347050c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
API marked for deprecation last year due to non-inclusive language.
Last supported release: 21.01. See the "adl" plugin.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I931e58ced9cc8403ca5b23fd6b07e50d0ff7306b
|
|
Type: test
Change-Id: I37a12e3580c3631582f366944fe30f325b46f366
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Make sure packet lands on the right thread for dst nat case.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
|
|
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia1cfdbd39ed458cb3fffd29a8b6d6eff64644de8
|
|
Type: fix
Change-Id: I004a49e59d8643599fc99ad6fa5848d3cf289b7a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Fix incorrect vlib main usage.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
|
|
Use correct ports from SVR. Perform lookup of existing session for all
cases to pick any created bypasses and derive correct thread indexes.
Type: fix
Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Add missing show trace.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I2f216bfc1bc70ebcbf5593214d46601f44f0b6e2
|
|
Type: refactor
Change-Id: I02a527f57853ebff797f0d85761b71127916d6ce
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: fix
Change-Id: I0df14ff87d0bf51eeb392f72434febf6c4a2957a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Configure TCP MSS clamping on an interface as follows:
set interface tcp-mss-clamp [rx|tx] <interface-name>
ip4 [enable|disable|rx|tx] ip4-mss <size>
ip6 [enable|disable|rx|tx] ip6-mss <size>
Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change dpdk_ops_vpp_get_count() return value from 0
to actual available pool size;
For some drivers/envs(azure,vmbus) rx_queue size
will be zero and the only 1 element will be created
(0 + 1)
When more than one packet will arrive, it will cause
SEGFAULT
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
|
|
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a
compiler error for an unused result of the function.
Type: fix
Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
|
|
Fix places where "Marvel" is used incorrectly instead of "Marvell".
Type: style
Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error due to implicit declaration of
vnet_hw_if_get_rxq_poll_vector by including the header file that
declares this.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
|
|
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea.
Type: fix
Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The sw crypto scheduler converts crypto frames to individual crypto
operations. This is done by reusing per-thread vectors for crypto,
integrity and chained operations.
The crypto op flags must be reset to frame flags minus invalid values
depending of the operation.
The previous tentative also cleared the chained buffer flag, breaking
jumbo support.
Type: fix
Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
|
|
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules
to the include directories to allow use of system DPDK where the
headers aren't under standard include directories.
Type: fix
Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1
Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error in mrvl_pp2_delete_if caused by unused variable by
removing that variable.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
We hit a crash when the client sends us a bogus deescriptor which causes us
to access memory beyong the mapping. While the client clearly should not do
that, it is rather cheap for VPP to validate the descriptor instead of crash
and burn.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id09035810939f5f98530f212f0b23e606132251d
|
|
Enable DPDK AVX-512 Vector PMDs on Intel Icelake
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
|
|
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
|
|
Type: fix
Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a
Signed-off-by: Vengada Govindan <venggovi@cisco.com>
|
|
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync
protection. This can cause data contention with the worker threads. Wrap
all calls to vnet_feature_enable_disable with barrier sync and barrier
release.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I74545b074599273429f47e3e726551156bc11bbc
|
|
Old auth data is needed when generating new one.
Type: fix
Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
|
|
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
|
|
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
|
|
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Notable changes:
- ip[46]-cnat-snat is renamed to cnat-snat-ip[46]
- indent fixes
- common trace primitives
- bihash is now 40_56 with alias
Type: refactor
Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
|