Age | Commit message (Collapse) | Author | Files | Lines |
|
Introduced SA and child SA uptime.
Type: improvement
Change-Id: I28cf9f90d35ebe035a31ed0a985a5e462c8536a8
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
This patch adds support for SDP (System DPI Packet Interface Unit)
device.
Type: feature
Change-Id: Idf1f53b151edf2992613746d5818409187b4b051
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
Type: fix
Change-Id: Ic303ff9b21872b7cc31f23c92e48ec3737eeb8fe
Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
|
|
Currently sw_scheduler runs interchangeably over queues of one selected
type either ENCRYPT or DECRYPT, then switches the type for the next run.
This runs perfectly when we have elements in both ENCRYPT and DECRYPT
queues, however, this leads to performance degradation when only one
of the queues have elements i.e either all traffic is to be encrypted or
decrypted.
If all operations are encryption, then 50% of the time, the loop exits
without dequeueing.With this change, that dequeueing happens on every
loop. This increases the performance of single mode operation (ecryption
or decryption) by over 15%.
This change was also added in commit https://github.com/FDio/vpp/commit/61cdc0981084f049067626b0123db700035120df
to fix similar performance issue when the crypto-dispatch node is in interrupt
node, however was removed by https://github.com/FDio/vpp/commit/9a9604b09f15691d7c4ddf29afd99a31e7e31eed
which has its own limitations.
Type: improvement
Change-Id: I15c1375427e06187e9c4faf2461ab79935830802
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
|
|
vl_api_lcp_itf_pair_get_v2_t_handler method was not be able to
handle invalid sw_if_index, it caused a seg fault.
With this fix, the method checks for an invalid sw_if_index and
sends error back to caller.
Type: fix
Change-Id: I4e89b0cab34f9109c4ce2689021ecfc2786055ab
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
|
|
Type: fix
Change-Id: I9d7e6dd099cf9f4b7f6bb06d9e8a17fac7d7e772
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I51345fb75843c67c6bf6a4c56380e1f0899c45b1
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Fixes: 01fe7ab
Change-Id: I4425e809f0977521ddecf91b58b26fe4519dd6e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: 01fe7ab
Change-Id: I4419107c4bcb7f85b76addfc62178b6e75e10a52
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Update to the MAP rule lookup (in IPv6) based on the rule's source
prefix instead of DMR
Type: improvement
Per RFC, the DMR is allowed to serve multiple MAP Basic Mapping Rules, but this
capability was prevented by the above logic.
Updates to the code include populating a new hash table based on the MAP rule
ip6 prefix and length, changing several functions to reference this new table,
and slight alterations to a few functions regarding pre-lookup bitmasking.
All changes are commented with [dgeist] and are in need of peer review,
especially the bitmask alterations.
An attempt was made at generating an additonal MAP rule in the test_map_br test
harness, but the coding appears very much oriented towards testing just one
rule. I would appreciate suggestions on how to test multi-rule cases.
Issue: VPP-2111
Change-Id: Id1fea280eba625e23cd893575d9b63aac7f48405
Signed-off-by: Dan Geist <dan@polter.net>
|
|
fix use of vip after it was deleted
Type: fix
Fixes: 041eacc81656d2ed5bc01b96b15a7d03a1700f13
Change-Id: I5723485c5da7507fbc6c86ff6eb9f77127439f67
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
|
|
This change allows to limit lcp interface queues
to be used by explicit host interface workers.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I0626f66021e5a5f251470156231dc44ddaea5ee6
|
|
Type: improvement
Change-Id: I6cf5adbd609d911e15dcc6d976cda4ad21ce89ad
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Fixes: 01fe7ab
Change-Id: I72fdaca250468d91a31efcce2fb447c97ba49dc7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
It may happen that rx queue is empty of free buffers due to previous
alloc failure.
Type: fix
Fixes: 01fe7ab
Change-Id: I344dcda11525444bd1358b3d36ffdf8ab9aa2677
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Don't force tx rescheduling of tls session if no forward progress is
made. The session will still be rescheduled by the session infra if
there's pending tx data.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic57b6ee79969055cec782938668c054bcc39f206
|
|
Change-Id: I1f8adf1f5650ab6c04e03c95d7a8d0bfa39b5f2d
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: improvement
Change-Id: I43f59037181ec6b76499e8ee1d82c04670119dc9
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
need free bi after send packets
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: I98d03820366c3d106df212c4eb353ec6a228e20e
|
|
Copy v23.10-rc0-154-gfeda2ff64 fix to the unbatched path
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I2f58ed9a39439b22918946f328f96e676c68add9
|
|
Type: fix
Change-Id: I06d56e6d4be2e728e13053a66273a71656ac14c4
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Since async rx event infra decouples notification event generation from
delivery we no longer run the risk of having tls realloc session pools
while session layer still holds a pointer to the accepted/connected tcp
session.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
|
|
Type: improvement
Change-Id: I0d6f11d5ece19c5e0e00dfdadc9d4c09274ae8e1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ia23414e87d64567d5124b8297315ed7a426c3651
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: refactor
Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Idc325a096903dcdfad5157db2eb728f2e61ce974
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
IPFIX buffers are stored on a per worker thread basis. Currently, the
flush callbacks will flush only buffers stored for the main thread. And
buffers for worker threads will not be sent until their size reach the
path MTU configured for the exporter. So if traffic is constant, the
problem will unlikely to be visible. Buffers will be sent once they
reach the maximum size. However, if traffic stops at some point and
flush is triggered in order to make the plugin send all currently
buffered data, this will not happen. And collectors will not receive
that data. The plugin will keep the remaining data until traffic starts
again, the buffers reach the maximum size, and be sent.
With this fix, flush buffers for worker threads and for the main thread
when the flush callbacks are triggered.
This will allow to remove @tag_fixme_vpp_workers from the unit tests
that don't set timers. The tests that set timers will still be failing
for other multi-worker related problems.
Type: fix
Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When link state interval is 3 and stats interval is 10, updates
for stats will be made every 12 seconds (next number after 10,
that divisible by 3). And if you get counters every 30 secs, you
will get ideal "saw"-line instead of real smooth chart.
This commit makes smooth line on stats intervals that are divisors
of the charts update interval (regardless of link state interval),
and makes it possible to configure them.
Type: fix
Fixes: cb9cadad578297ffd78fa8a33670bdf1ab669e7e
Change-Id: Ia4350467be2b0ec0c1be37c7fda63f43b3330f44
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
|
|
This patch adds support for VF and loopback device.
Type: feature
Change-Id: I1ea92f3a1161851957206300ab921c27290b0305
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
As similar 535364e90459566b603661c3dbe360c72f59ad71 is
merged, printing possibly deleted interfaces by index
only in all the rest cases.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I1c900bbe441c6797215f16e99b71149904aa745f
|
|
BPF filter w/o optimization can take x2 - x3 more instructions,
causing significant slow down in fast path.
Enable pcap optimization by default via cli and introduce api v2
with pcap optimization control, keep v1 for a while as it exists
in previous release already.
Intriduce bpf filter cli dump, similar to tcpdump -d.
Also fix memleak, function name typo, cli pcap format hint and
add related tests.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
|
|
Type: improvement
Change-Id: I6f99f09c7724ce656a4f41a1d5f9c88d74c00faf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I11cc52ff3867277e6591efb061f96cadfcc70c88
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The existing comparision triggers the following clang assertion:
error: result of comparison of constant 50331648 with expression of type
'u16' (aka 'unsigned short') is always true
Section 9.1 of RFC3315 describes the DUID type field as:
"A DUID consists of a two-octet type code represented in network byte"
correctly convert the local type to a network short for the comparison.
Type: fix
Change-Id: I7cb048035bd5e06372e29471ae6004ee1b2191b9
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: feature
Change-Id: I3485e1627eafc5125255985003573247e7562db2
Signed-off-by: Kommula Shiva Shankar <kshankar@marvell.com>
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
Type: improvement
Change-Id: Ie042605e50656229874b7a93638f0f04c894410f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
libepoll-shim has some hacks to enable functionality, one of these
redefines close as a macro. This conflicts with a close call back. On
FreeBSD undefine this macro at point of use.
Type: improvement
Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: I3ab8df625524b5ff85e62760f5e29daf0d650773
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
|
|
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
|
|
Set last thread id and last packet position in TRACE_DUMP_REPLY.
To enable collection of traces from multiple workers using iterator.
Type: fix
Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
After changes done in https://gerrit.fd.io/r/c/vpp/+/40281 ,
mbedtls plugin is failing to build if enabled.
Discussion https://lists.fd.io/g/vpp-dev/topic/104344802#24060
Type: fix
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
Change-Id: Iee58b69301ac64f058bca0a7f7a0dedd2def4b35
|
|
Type: improvement
Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
|
|
Type: fix
Attempting to create a host-interface with an invalid af_packet name
causes a crash, as we attempt to read the contents of a null ptr.
Change-Id: Ia31ae21684c2b66baa1ceaadf29e19fae33c4ed4
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
Add/del functions can be used from external modules.
Type: improvement
Change-Id: I267bcfacd58970bcacae13744d8acc690b87d2fc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA,
establish a new equivalent IKE SA with the peer to whom the old
IKE SA is shared using a CREATE_CHILD_SA within the existing IKE
SA. An IKE SA so created inherits all of the original IKE SA's
Child SAs, and the new IKE SA is used for all control messages
needed to maintain those Child SAs.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
|
|
Set the flag in tls framework as opposed to tls engines. This is similar
to passive close.
Type: improvement
Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|