Age | Commit message (Collapse) | Author | Files | Lines |
|
The RFC7857 state machine introduced in 56c492a is a trade-off.
It tries to retain sessions as much as possible and also offers
some protection against spurious RST by re-establishing sessions if data
is received after the RST. From experience in the wild, this algorithm is
a little too liberal, as it leaves too many spurious established sessions
in the session table.
E.g. a oberserved pattern is:
client server
<- FIN, ACK
ACK ->
ACK ->
RST, ACK ->
With the current state machine this would leave the session in established state.
These proposed changes do:
- require 3-way handshake to establish session.
(current requires only to see SYNs from both sides)
- RST will move session to transitory without recovery if data is sent after
- Only a single FIN is needed to move to transitory
Fixes: 56c492aa0502751de2dd9d890096a82c5f04776d
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Set is_add function argument to 0 when deleting interface role.
Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If7dd56e76efc31ed66b865e2c7231d22ec2322b4
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5e49f43b18ff011ce0b7259ed58854d81f910826
|
|
Type: fix
Free the old rewrite string before assigning a new rewrite string for the updated new tteid value.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
|
|
The sys/random.h header, which provides the getrandom syscall wrapper,
was only added in glibc2.25. To make it compatible with older version,
we can directly call the syscall.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9cf21ee7ad363dd1af5ca75f07bfe38d8fe749f9
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45c63e0a7d7179a0f27ca3f093bd3cf7458a12d3
|
|
In test_bihash_threads, if a test thread fails to be created,
it is still counted towards the total thread count, which could
lead to never-ending test loop. This patch fixes the issue.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
|
|
This patch fixes test_bihash_unittest in two ways:
1. The number of searches, namely tm->search_iter, defaults to 0,
thus disabling the test. This patch changes the default to 1.
2. Test errors are reported by clib_warning() instead of being
returned, thus the caller test/test_bihash.py is never aware of them.
This patch returns the errors constructed by clib_error_return().
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I60e99a829ebe6aa2a56e7a9332cf973afa100311
|
|
Type: fix
Fixes: 616447c39231
In lcp_router_link_mtu(), either vnet_hw_interface_set_mtu() or
vnet_sw_interface_set_mtu() is called, based on whether this appears to
be a physical interface. The test to determine whether this is true was
incorrect and probably never worked right so vnet_sw_interface_set_mtu()
was always being called. This causes some breakage with Recent changes
to code which manages interface MTUs. Fix the test so the right function
is called.
Change-Id: I1ecccbce37d5a1e53b2349ed40f3d0d27eb03569
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I9f061a05d947bc2867e1b962bf0522ad344bcc1a
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I68ada775810bb4a4f280962a979605b211562a52
|
|
An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.
This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
|
|
New dpdk version deprecates some macros used by VPP.
This patch changes them to 22.03 version.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: Ic362ed318dc1ad88bb682ef13fbd6159171fbaef
|
|
New version of dpdk changes some macros names.
This patch ensures VPP will be compatible with older dpdk versions.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I3d9736278e70064610a1dcad5f2d2f6eb26e0d4b
|
|
Type: fix
Change-Id: I70f9ec2eb6c9c1494a4ecd56e06898f6162a0e0e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Two similar CLI paths "nat44" and "nat44 add interface address"
caused unexpected behavior. If "nat44 add interface address"
command would fail the vlib cli processing function would
call "nat44" handler. This would also clean any previously
set errors from the first command and basically return
same error returned by "nat44" handler for every failed
command that starts with the same path string.
Fixes nat44-ed and nat44-ei plugin.
Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653
Ticket: VPP-2021
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: refactor
Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Use of _vec_len() to set vector length breaks address sanitizer.
Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead.
Type: improvement
Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7287e40ad95dfe061fd8a7b0e99921d5540e030d
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5d4e68730a75337a2e532e72f366b62d6973235e
|
|
Type: refactor
Change-Id: I449fcea92a1c96dd7dd0bcad893060ad1c614351
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add simple counter statistics to VRRP, based on a subset of those
defined in RFC8347.
Add an update API that allows in-place modification of an existing
instance. The method returns a vrrp_index which can be used both for
retrieving statistics and to modify non-key parameters. Also add a
delete method which will take that vrrp_index as parameter.
Type: improvement
Signed-off-by: Emanuele Di Pascale <lele84@gmail.com>
Change-Id: I2cd11467b4dbd9dfdb5aa748783144b4883dba57
|
|
Type: fix
VLAN programming is currently enabled for IXGBE. However, that is only
supported for IXGBE_VF.
With this fix, disable VLAN programming for IXGBE.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I37b1d0733988c964d2b0f5a49328effacec1cb6f
|
|
Type: fix
This patch fixes the following DPDK plugin issue:
CID 253333: Control flow issues (DEADCODE)
The change also includes some cosmetic changes for error
handling.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I830020bc3ae9a508f3a905f78333fa3ae25ce784
|
|
This patch affects how destination fib is choosen during session
creation. Default behavior of choosing fib based on output
interfaces is kept.
Configuration gives you the ability to change default behavior
to direct or restrict traffic between different FIB tables.
NAT specific VRF routing options:
a) keeping communication in the same VRF
b) option to add multiple destination VRFs
c) option to control the resolution order of destination VRFs
TX FIB resolution is based on looking up RX FIB entry in NATs
VRF table and picking the first FIB that resolves
destination address.
Ticket: VPP-2009
Type: improvement
Change-Id: If500c48d7ce3466533ad9581c0847870788fc4fb
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Set deprecated option on unsupported API calls.
Cleaned up API calls with deprecated option. Removed
in progress option from long term used API calls.
Removed obsolete/unused nodes, functions, variables.
Fixed set frame queue nelts function. Calling API
would incorrectly not fail even though frame queue nelts
can only be set before first call nat44_plugin_enable.
Moved all formatting functions to _format.c file.
Type: refactor
Change-Id: I3ca16e0568f8d7eee3a27c3620ca36164833a7e4
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: improvement
Signed-off-by: satna <satbeervarma9596@gmail.com>
Change-Id: I1b1db60fa1a0e47fce273bc07b01887813fd3c48
|
|
Change-Id: I9794da718805b40cc922e4f3cf316255398029a9
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: improvement
Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com>
Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
|
|
- support of in-place growth of vectors (if there is available space next to
existing alloc)
- drops the need for alloc_aligned_at_offset from memory allocator,
which allows easier swap to different memory allocator and reduces
malloc overhead
- rework of pool and vec macros to inline functions to improve debuggability
- fix alignment - in many cases macros were not using native alignment
of the particular datatype. Explicitly setting alignment with XXX_aligned()
versions of the macro is not needed anymore in > 99% of cases
- fix ASAN usage
- avoid use of vector of voids, this was root cause of several bugs
found in vec_* and pool_* function where sizeof() was used on voids
instead of real vector data type
- introduce minimal alignment which is currently 8 bytes, vectors will
be always aligned at least to that value (underlay allocator actually always
provide 16-byte aligned allocs)
Type: improvement
Change-Id: I20f4b081bb13bbf7bc0ace85cc4e301787f12fdf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30cc31c438d357d48576fba84e54809455960eaa
|
|
Type: improvement
Signed-off-by: sarmurug <sarmurug@cisco.com>
Change-Id: Ibbfe827b9c4c603a6fe7cc49970a46bd683194ce
|
|
Type: fix
Change-Id: I857403b9d93ee4c17f2dd5ac8e6dafd66260a252
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Creating tap interface / sub interface causes allocation of a new
software interface with possible sw interface pool reallocation.
In such case accessing L3 MTU and interface flags by obsolete sw
pointer is UAF.
Instead, keep desired tap interface MTU value before sw intreface
creation and refetch sw pointer right before sw flags inheritance.
Type: fix
Fixes: b89c1ddcb3b4f9138ca3ebefb2115f896ff3e1bd
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
|
|
Type: fix
Fixes: 91f17dc
Change-Id: I860b6d5d5e9cf47d84fde0a2c92be43125038694
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Currently, the plugin can monitor link state changes on hardware
interfaces for which a linux-cp pair exists. When the link goes down on
one of the hardware interfaces, the plugin processes IPv4 routes that
resolve through that interface according to the configurations:
del-static-on-link-down and del-dynamic-on-link-down.
The problem is that link state changes are not signaled for
subinterfaces and the code that handles IPv4 routes is not triggered.
When the link on a hardware interface goes down, it implies
that subinterfaces added to that interface also will have the link in
the down state.
With this change, when the link goes down on a hardware interface,
iterate over subinterfaces added to the interface and apply the same
logic of routes processing as for hardware interfaces.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
|
|
Type: improvement
lcp_router_table_flush() is used to remove routes from the given route
table if they are resolved through the given interface with specified
FIB source. Currently, if you need to remove routes from a route table
that are resolved through one of the interfaces from a vector, the
function has to be executed for every interface from the vector. Every
execution walks the route table again.
With this change, lcp_router_table_flush() accepts a vector of
interfaces. Thus, the function can walk a single route table once and
delete routes that resolve through one of the interfaces from the
vector.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
|
|
Fix ordering in CMakeLists.txt
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I8e71e4fbc048a80c4b250c2a66cfd8a522bde5f4
|
|
format() expects a NULL-terminated C-string as format string.
Type: fix
Change-Id: Ib428cf2debbf98850eed512907175f8ae8ba3c04
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
* Correct endianness issue
* lip_namespace is a vector not a string
* Provide null termination to avoid unpack() failures in the client
Responses in the python API now look like:
lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=1,
host_sw_if_index=3, vif_index=19, host_if_name='ice0',
host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>,
namespace='dataplane')
lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=2,
host_sw_if_index=4, vif_index=20, host_if_name='ice1',
host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>,
namespace='dataplane')
lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=5,
host_sw_if_index=6, vif_index=21, host_if_name='ice0.1234',
host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>,
namespace='dataplane')
Type: fix
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: If4bf06a8b70977676ec7f5b1413cee6cc9d1714a
|
|
Type: improvement
Change-Id: I5317afa02fa1525a7d8df595b56eb6546ccded57
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Format host interface name as vector rather than c-string.
Otherwise non-null-terminated vector overrun triggers ASAN.
Type: fix
Fixes: 1705a6baefe205bb6792b547c7376eee3f328a71
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
|
|
Do connects in an session layer rpc instead of doing cli process sleeps.
Performance with 4 workers goes from ~120k/180k first run/warmed up to
~135k/240k
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id184913e9898f8db099e29a605f3a9b1fc67be63
|
|
Type: improvement
Change-Id: I946d91e67c332ecac0b09d50980529b9d4e74f9c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Currently, when the link goes down on an interface, routes that resolve
through that interface and created with Nexthop API are removed by the
kernel. However, IPv4 routes remain in the FIB because the kernel
doesn't send any notifications about that.
And for the plugin working with user-space applications that create
routes in the kernel using Nexthop API there should be a mechanism to
synchronize the FIB and the kernel in this case.
With this change, add two new startup configuration options to the
plugin to be able to control what should happen with static and dynamic
routes managed by the plugin on link down:
- del-static-on-link-down (disabled by default, delete routes created
with the linux-cp static FIB source on link down),
- del-dynamic-on-link-down (disabled by default, delete routes created
with the linux-cp dynamic FIB source on link down).
Then, monitor link state changes on interfaces for which a linux-cp pair
exists. If the link goes down on one of the interfaces, process routes
that resolve through that interface according to the new configurations.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8
|