Age | Commit message (Collapse) | Author | Files | Lines |
|
When IPsec async mode is enabled, packets don't pass through the tunnel
if ciphers other than AES GCM are used for child SAs. An error that
arises is "bad-hmac" in the "crypto-dispatch" node.
On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set
for the integrity crypto operation when it's not supposed to. It seems
that the flag remains from the previous operation.
With this change, zero flags of crypto operations in the SW scheduler
during operation filling.
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
|
|
Type: fix
Change-Id: I1f8245e8cccacb5bbb511aef39e31d0a76bba95f
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibea7ec844d1d910e8a3235e11154b1ecea8302ac
|
|
If static-mapping-only is enabled, NAT pool cannot be configured, only
static mappings. There're two ways to add addresses to the NAT pool:
by address range, or by first found address from an interface.
NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are
available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If
static-mapping-only is enabled, adding addresses by range is rejected
but by interface not.
With this change, if static-mapping-only is enabled, do not allow to
add addresses to the NAT pool both ways.
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29
|
|
Including a general missing free in fromjson autogenerated code.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9ab2b0193135e2fb3d62d51b3c114df56969e341
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: improvement
Change-Id: I456f9b14e6a4eb46c9c49f6e09acccae530e4ebc
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f.
Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged.
Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
support
Type: feature
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
|
|
Allow to supply the external VPP worker config for tests which
do not specify the workers config explicitly, and use
the tags infra to flag those that need attention in this configuration.
This commit shows one example use of such a tag, there will be
a separate commit with the rest of the places needing it,
since that change is rather mechanical.
Thus, the assumption is that the test should by default be agnostic
of the VPP configuration, unless it explicitly specifies so.
Type: test
Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: fix
Currently ping stops on events like SOCKET_READ_EVENT,
which makes it hard to use over e.g. govpp as it aborts
immediately most of the time. With this patch, ping only
stops upon real CLI read / quit events.
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: Id7a8d0b0fdeb7bbc7b85240e398d27bd5199345b
|
|
Fix dependency issues where multi-arch file is using API generated file.
Type: improvement
Change-Id: I5d4af7a630529bc138c35841723e38938f36d963
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Ticket: VPP-1859
Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech>
Change-Id: Iaa5045001621ec99dc8579e8e989adf81dc60525
|
|
Avoid synchronizing producers and the consumer. Instead, only use mutex
or spinlock (if eventfds are configured) to synchronize producers.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
|
|
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output.
It's stateless (no connection tracking).
Currently it supports rewriting of SA, DA and TCP/UDP ports.
It should be simple to add new rewrites if required.
API:
pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get
CLI:
set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del]
show pnat translations
show pnat interfaces
Trying a new C based unit testing scheme. Where the graph node is tested
in isolation. See pnat/pnat_test.c.
Also added new cmake targets to generate coverage directly.
E.g.:
make test_pnat-ccov-report
File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00%
pnat_instructions_from_mask 9 0 100.00% 13 0 100.00%
pnat_binding_add 64 8 87.50% 31 2 93.55%
pnat_flow_lookup 4 4 0.00% 10 10 0.00%
pnat_binding_attach 104 75 27.88% 33 6 81.82%
pnat_binding_detach 30 5 83.33% 23 2 91.30%
pnat_binding_del 97 33 65.98% 17 3 82.35%
pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86%
pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82%
pnat.c:pnat_enable 5 0 100.00% 11 0 100.00%
pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00%
pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12%
pnat.c:pnat_disable 7 2 71.43% 13 7 46.15%
------------------------------------------------------------------------------------
TOTAL 576 194 66.32% 281 55 80.43%
File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13%
pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71%
pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00%
pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00%
pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00%
pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00%
pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00%
pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00%
------------------------------------------------------------------------------------
TOTAL 264 157 40.53% 402 228 43.28%
Type: feature
Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
Change-Id: Icd01491043e9fd1bb8f51f4f55e1252fd78512de
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Make number of worker handoff frame queue elements configurable as
a set nat frame-queue-nelts command. The default value is 64 which
is the same value that was previously hard-coded. The idea is that
allowing larger values can be useful in some cases, to avoid
congestion drops. Also add nat_set_fq_options API support and a
corresponding test case.
Type: improvement
Change-Id: I5c321eb2d7997f76fac2703d9c4a5b2516375db3
Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
|
|
Test whether responder sends info requests using correct ip table
Type: test
Change-Id: I9e97576f9d80686961f92de3cbc3e6f8d6341587
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: improvement
Ticket: VPP-1908
Change-Id: I1d86ea18fcb6174b86c449d5d9403fd0e5715318
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: fix
In responder initialize msgid in requests to 1 as the previous value (0) was
causing retransmision on the initiator.
Change-Id: I8f5b84331ecac5943129f4c9a377076768fec455
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Type: feature
Change-Id: Ide2901f5d2111a518b2c8212aa84468cef1d72ca
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Making code more simple and storing thread index along with session
index as a preparation step for fixing thread safety patches.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ib0c531e9f1f64b1f1ee912d4a83279200638e931
|
|
Type: improvement
the empty pool chekc is always required, so make it alwayd happen.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3879e752036a7dd49fff7e16dc6d9ea02563aa7a
|
|
Type: feature
please see FEATURE.yaml for details.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa
|
|
When the counter vectors are validated and they are already long enough
to fit the given index in memory, there is no need to increase the stats
segment epoch. In this case, the counter vectors do not change as a
result of the validation.
This optimization is necessary for the case when the configuration is
changed at multiple thousands per second rate. The counter vectors grow
at the beginning and their size stabilizes after a while. Without this
improvement, it can still take several seconds for a stats reader to
succeed.
Type: improvement
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: I5a6c30255832716a1460018d0bd0f63031de102b
|
|
.api files
Type: feature
Make the auto-endian nature explicit, rather than hidden in the x_api.c
file.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibe647117ceeaf6f99a38a96576a5a41a3cbb1615
|
|
Type: fix
Change-Id: I02e473440a8732ddfb1a13ad6552779adaa67f60
Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
|
|
Type: docs
Change-Id: Ia541839e1f1ceddfae4579dece43b9cc820702e2
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit de569048a504cf211d80b86882e6781684301790)
|
|
Type: improvement
1) stack the interpose on any path-extensions (e.g. labels) from the
next best source
2) allow more than 1 source to contribute a DPO for a given prefix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Idc2fbb36cfbd2387081765d8af0f1fbe61612160
|
|
Type: fix
When a translation gets deleted, hiting a
session pointing to it sefaults. We're better
off directly storing the next node index.
Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
This fixes two issues :
- We used a hash to throttle RPC for adding fib entries,
but as we rely on a refcount, we cannot accept loosing an
entry, which could happen in case of a collision.
- On client cleanup we weren't freeing the fib entry correctly
which resulted in crashes when recreating an entry.
Added a test that ensures proper cleanup
Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: feature
A device/router needs to have a unique ID which is included in the flow
has so that flows are not polarised through the network, i.e. each deice
in the network chooses the same nth link for the same flow.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I963e03674adbb085902b4084fdc4886b88f5734c
|
|
Type: fix
Change-Id: I79258a95cfb75587685dffae671255063f57cbef
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: Ic502d806410ea3c8f3f1eac70b694114ccb053bf
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I85a463b4ca15baf11e3eb70189f5190ba2585170
Type: refactor
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Add separate queue implementation for the message queue as it's custom
tailored for fifo segments as opposed to binary api.
Also move eventfds to the private data structures.
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
|
|
Use error counters related to ipsec-mb return codes instead of
'bad-hmac' only.
Type: improvement
Change-Id: I9329da300a70d76b4d4ab30fa45f0a2a85d6519b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
- update quic plugin with new quicly/picotls API
- remove packet allocator
- remove crypto batching
- update picotls plugin
- add cli for quicly congestion control configuration
Type: feature
Change-Id: If76ef31c43b430eea2f7674539b2112aee0f351e
Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
|
|
We have accumulated several scenarios in prod or wishlists
where it would be useful to have a general infra to say yes/no
about a certain test, and potentially make decisions based on that,
for example:
- runs solo (aka 'time-dependent')
- (wishlist) part of quick smoke-test set
- (wishlist) intermittent failure unrelated to timing
- (wishlist) test broken with a multi-worker config in vpp
Refactor the current "run-solo" code to allow for this extension.
Type: test
Change-Id: Ia5b3810e57c0543753c8e0dc4dc0cfb4a30b36ac
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Asking for TSO (TCP Segmentation Offload) on packets that are already
smaller than (headers + MSS) does not make sense and may not work
on some HW.
Fix to only set the TSO flag when a segmentation offload is
really required, i.e when packet is large enough.
Type: improvement
Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
Change-Id: I7830ae8474581c8e518fb4910f7863e10346bb62
Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
|
|
Performance improvement: on supported platforms, currently only Intel Tremont,
use a write combining store to update the tail pointers.
Also, Tremont node variant is added for all.
Type: improvement
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie9606e403b7d9655184f778e3ffee3027c8c9edd
|
|
Change-Id: Id539d36635f0ab9625dc2fc73630be39bead09af
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
Change-Id: Ifa8bccd8a34ec1b14e772ee53757e9083373e3de
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
|
|
Type: improvement
Change-Id: Icb23af5f5e458a555f416cb0a829e84646b25dd9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change-Id: I8759a07a24692b8b418ef8eb2025b61a62d2dda1
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: improvement
Change-Id: I4008cadfd5141f921afbdc09a3ebcd1dcf88eb29
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Added basic support for counting cache hits and misses per node.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ic566611fd3d4246ccaa2117d8f74a569a6862e80
|
|
Type: fix
When a device is whitelisted with devargs arguments specified, the
string that is generated and added to conf->eal_init_args is not
explicitly terminated with 0. If the formatted string takes up all
of the memory allocated to the vector which stores it and it is
used later as a string in a format() or printf() call, any nonzero
characters stored in memory at the address immediately following the
memory allocated for the vector will be erroneously appended to the
string.
Terminate the string with 0 to ensure that this does not happen.
Change-Id: I20a78d994daad93bf5aecab5c03d705022e882ec
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
This patch enables dynamically linking the dpdk plugin against a
system-wide packaged version of dpdk.
Change-Id: I2276d125f39986b0e1788c7b52b94485cdbcd855
Signed-off-by: Nathan Moos <nmoos@cisco.com>
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ice2bc42838e6d5ba579f449c3f8b0feffebeb719
|
|
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation
Type: improvement
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
|