| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
more generic version of clib_sysfs_link_to_name with support for
format strings...
Type: improvement
Change-Id: I0cb263748970378c661415196eb7e08450370677
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Since gre is a plugin, nsh should not use symbol names directly.
Type: fix
Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd
Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Avoid explicit manipulation of session state and generate closing event
if need be.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
|
|
Change-Id: Ieafbed6f2db3dec65e4b43d84a4661f6a1bbe891
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Change-Id: Ib1131eedb8eeaa9adfed9cfc47beeb1c7c8adb5c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Type: improvement
Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
clang-16 complains about signed one-bit bitfield value changes
from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
|
|
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb2d1e6e0949844a70c81b218ca7dc83690776ca
|
|
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
|
|
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: improvement
Change-Id: I95023d2e6034b77952e0423d0430b433ea0dab15
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
|
|
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
|
|
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
|
|
Change-Id: I342de0a375b783725aa2b621c1c70bc8bf646450
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
Change-Id: I7a988fafe98599e4fcf7cdaa307a69b9d76650f0
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
|
|
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
|
|
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
|
|
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
|
|
Type: fix
Change-Id: I7c6fb783e5200773cbd02c86d39fd241efcc39f9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
|
|
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
|
|
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
|
|
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
|
|
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
|
|
Otherwise, we will get an error. The program could remain from the previous run.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I68e4072bd3b327592013804d67ccab7eb0ed3a0e
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6b3ecf0bdb6cfdf260cf4ccae89b6bc2335ff54c
|
|
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
Type: feature
With this change, packets that are larger than a single buffer can fit
will be able to be sent and received over a Wireguard tunnel. Also,
cover this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
|
|
List of changed messages:
- nat44_add_del_static_mapping
- nat44_user_session_dump
- nat44_user_session_details
- nat44_user_session_v2_dump
- nat44_user_session_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I317ae93a0e763c3759a8c24fd550e1c97f6f4987
|
|
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
|
|
In some cases, in the trace dump v2 dump function, we iterate over the
client cache even though this one could be empty.
Type: fix
Change-Id: Ice5cefa25bb93dabe86fe565347cdc32faa674ac
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
The plugin creates and manages adjacencies for the physical interface in
each interface pair (they are part of the x-connect feature). When a
link update notification is received from the host system, MAC address
of the corresponding physical interface is updated (as needed) as well
as previously created adjacencies for it (because a new rewrite string
needs to be generated).
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered in the plugin. After MAC address update on the parent
interface, packets sent from subinterfaces might have wrong source MAC
address. For example, IPv6 Neighbor Solicitation messages will be sent
with the wrong (previous) MAC address and neighbor discovery will fail.
With this fix, when the plugin updates adjacencies for a physical
interface, it will also update adjacencies for the subinterfaces with
existing interface pair.
Type: fix
Change-Id: Ia5f617197e33cb79b9b025c02c2c126c31a551ec
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When dumping packets from multiple threads using the API, first all
packets from thread 0 are dumped then all ones from thread 1, etc
Until we reach the limit specified by the API call, so we could never
get packets trace from threads with higher ids.
However, the tracedump CLI dump a maximum number of packets from all
threads, which we can expect from the API to do.
We also add a trace_clear_cache API so the client gets an answer when
he only wants to clear its packet cache.
Type: improvement
Change-Id: I0d4df8f6210a298ac3f22cd651eb4d8f445e1034
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I7f8c975fae5d71ce1226a8e19761fc75134e61e2
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia81f1d8e706dbce9e57319d993bff595e6ba6f03
|
|
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Signed-off-by: Andrew Ying <hi@andrewying.com>
Type: fix
Change-Id: I3c428c90146387ad9ce291c7f646d74f06952b40
|
|
If openssl tls server handshake fails, track the fact that the context
does not have an app session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f493059a3610067b59caffbbe441ce9e0868252
|
|
When I setup vpp by netvsc driver, occurs the following crash:
(format_dpdk_device_name) assertion `(i) < vec_len (dm->devices)' fails
vnet[100166]: #6 0x00007f434d651f6a _clib_error + 0x2da
vnet[100166]: #7 0x00007f430b4bef64 format_dpdk_device_name + 0xf4
vnet[100166]: #8 0x00007f434d6555f3 do_percent + 0xee3
vnet[100166]: #9 0x00007f434d654359 va_format + 0xb9
vnet[100166]: #10 0x00007f434d7ac16e vlib_log + 0x3ce
vnet[100166]: #11 0x00007f430b49ebe3 dpdk_device_start + 0x193
vnet[100166]: #12 0x00007f430b4aa233 dpdk_interface_admin_up_down + 0x163
vnet[100166]: #13 0x00007f434d988fc8 vnet_sw_interface_set_flags_helper + 0x378
vnet[100166]: #14 0x00007f434d989338 vnet_sw_interface_set_flags + 0x48
This patch fix it by device_index as a index for devices vec, and not
dpdk port_id.
Type: fix
Change-Id: I84c46616d06117c9ae3b2c7d0473050f1b8ded5f
Signed-off-by: Daniel Ding <danieldin95@163.com>
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I9e6fd29c0e09406e48215f06977b2d4678650669
|
Nathan Skrzypczak
Benoît Ganne
Damjan Marion
Florin Coras
Filip Tehlar
Denys Haryachyy
Tianyu Li
qinyang
Nobuhiro MIKI
Alexander Chernavin
Adrian Pistol
Ondrej Fabry
Piotr Bronowski
Mohammed Hawari
Stanislav Zaikin
Shmuel Hazan
Artem Glazychev
gaoginskx
Mohsin Kazmi
Pim van Pelt
Xiaoming Jiang
Maxime Peim
Andrew Ying
Daniel Ding