Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously, .src_ip_sticky may have been left uninitialized.
Type: fix
Fixes: 613e6dc0bf928def5d337312d522e1a15df87b00
Change-Id: Ifd866d6322fe9ff723f92b7ab3fd77e720a3cfa4
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.
This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.
Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <vifino@posteo.net>
|
|
Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.
Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
The unformat type for "%d" should be u32 or int.
Type: fix
Signed-off-by: Ted Chen <znscnchen@gmail.com>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
|
|
Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
- fixing endianess
Type: improvement
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
|
|
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.
Type: fix
Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.
Type: fix
Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
|
|
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
|
|
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
|
|
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
|
|
- crypto code moved to vppinfra for better testing and reuse
- added 256-bit VAES support (Intel Client CPUs)
- added AES_GMAC functions
Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|
|
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.
Type: fix
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
|
|
Recognize and drive google virtual ethernet (gve) in google cloud.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
|
|
Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
|
|
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Exploiting AVX-512 operations on avf_tx_prepare().
Type: improvement
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
|
|
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e
|
|
This patch enables RSS action of avf flow.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I65de18d0c2eaa415893959563ea917a6b1956550
|
|
Remove extra line_input and unformat_user.
Type: fix
Fixes: b4ff07a2f843 ("Intel Adaptive Virtual Function native device driver plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I9e502f3b254d0b1c7d8fd4b80925338a18da8269
|
|
vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.
Type: fix
Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb
|
|
- clib_open_netns() expects a NULL-terminated C-string
- if no netns was given, we should not try to format it otherwise we'll
get "(nil)" as netns name.
Type: fix
Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
|
|
Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
|
|
This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
MAC-IPv4-IPv4-TCP/UDP/None,
MAC-IPv4-IPv6-TCP/UDP/None,
MAC-IPv6-IPv4-TCP/UDP/None,
MAC-IPv6-IPv6-TCP/UDP/None,
IP in IP flow rules can be created by using the following new keywords in vppctl:
in-src-ip, in-dst-ip : to provide information for inner IPv4 header
in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
in-proto : to specify inner transport layer protocol type (TCP or UDP)
in-src-port, in-dst-port : to provide information for inner TCP/UDP header
An example to create flow rule for MAC-IPv6-IPv6-TCP:
test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default
Another example to create flow rule for MAC-IPv6-IPv6:
test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
|
|
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
|
|
Type: fix
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb
|
|
This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.
It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.
socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)
Type: feature
Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
|
|
Type: docs
Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace")
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
|
|
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
|
|
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
|
|
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
|
|
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
|
|
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
|
|
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
|
|
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
|
|
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
|
|
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
|