Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb2d1e6e0949844a70c81b218ca7dc83690776ca
|
|
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
|
|
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: improvement
Change-Id: I95023d2e6034b77952e0423d0430b433ea0dab15
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
|
|
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
|
|
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
|
|
Change-Id: I342de0a375b783725aa2b621c1c70bc8bf646450
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
Change-Id: I7a988fafe98599e4fcf7cdaa307a69b9d76650f0
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
|
|
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
|
|
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
|
|
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
|
|
Type: fix
Change-Id: I7c6fb783e5200773cbd02c86d39fd241efcc39f9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
|
|
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
|
|
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
|
|
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
|
|
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
|
|
Otherwise, we will get an error. The program could remain from the previous run.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I68e4072bd3b327592013804d67ccab7eb0ed3a0e
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6b3ecf0bdb6cfdf260cf4ccae89b6bc2335ff54c
|
|
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
Type: feature
With this change, packets that are larger than a single buffer can fit
will be able to be sent and received over a Wireguard tunnel. Also,
cover this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
|
|
List of changed messages:
- nat44_add_del_static_mapping
- nat44_user_session_dump
- nat44_user_session_details
- nat44_user_session_v2_dump
- nat44_user_session_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I317ae93a0e763c3759a8c24fd550e1c97f6f4987
|
|
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
|
|
In some cases, in the trace dump v2 dump function, we iterate over the
client cache even though this one could be empty.
Type: fix
Change-Id: Ice5cefa25bb93dabe86fe565347cdc32faa674ac
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
The plugin creates and manages adjacencies for the physical interface in
each interface pair (they are part of the x-connect feature). When a
link update notification is received from the host system, MAC address
of the corresponding physical interface is updated (as needed) as well
as previously created adjacencies for it (because a new rewrite string
needs to be generated).
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered in the plugin. After MAC address update on the parent
interface, packets sent from subinterfaces might have wrong source MAC
address. For example, IPv6 Neighbor Solicitation messages will be sent
with the wrong (previous) MAC address and neighbor discovery will fail.
With this fix, when the plugin updates adjacencies for a physical
interface, it will also update adjacencies for the subinterfaces with
existing interface pair.
Type: fix
Change-Id: Ia5f617197e33cb79b9b025c02c2c126c31a551ec
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
When dumping packets from multiple threads using the API, first all
packets from thread 0 are dumped then all ones from thread 1, etc
Until we reach the limit specified by the API call, so we could never
get packets trace from threads with higher ids.
However, the tracedump CLI dump a maximum number of packets from all
threads, which we can expect from the API to do.
We also add a trace_clear_cache API so the client gets an answer when
he only wants to clear its packet cache.
Type: improvement
Change-Id: I0d4df8f6210a298ac3f22cd651eb4d8f445e1034
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I7f8c975fae5d71ce1226a8e19761fc75134e61e2
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia81f1d8e706dbce9e57319d993bff595e6ba6f03
|
|
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Signed-off-by: Andrew Ying <hi@andrewying.com>
Type: fix
Change-Id: I3c428c90146387ad9ce291c7f646d74f06952b40
|
|
If openssl tls server handshake fails, track the fact that the context
does not have an app session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f493059a3610067b59caffbbe441ce9e0868252
|
|
When I setup vpp by netvsc driver, occurs the following crash:
(format_dpdk_device_name) assertion `(i) < vec_len (dm->devices)' fails
vnet[100166]: #6 0x00007f434d651f6a _clib_error + 0x2da
vnet[100166]: #7 0x00007f430b4bef64 format_dpdk_device_name + 0xf4
vnet[100166]: #8 0x00007f434d6555f3 do_percent + 0xee3
vnet[100166]: #9 0x00007f434d654359 va_format + 0xb9
vnet[100166]: #10 0x00007f434d7ac16e vlib_log + 0x3ce
vnet[100166]: #11 0x00007f430b49ebe3 dpdk_device_start + 0x193
vnet[100166]: #12 0x00007f430b4aa233 dpdk_interface_admin_up_down + 0x163
vnet[100166]: #13 0x00007f434d988fc8 vnet_sw_interface_set_flags_helper + 0x378
vnet[100166]: #14 0x00007f434d989338 vnet_sw_interface_set_flags + 0x48
This patch fix it by device_index as a index for devices vec, and not
dpdk port_id.
Type: fix
Change-Id: I84c46616d06117c9ae3b2c7d0473050f1b8ded5f
Signed-off-by: Daniel Ding <danieldin95@163.com>
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I9e6fd29c0e09406e48215f06977b2d4678650669
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Idba74f880a251dbeec2205ee41e16b40d4799b06
|
|
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I9971e69135e0652a36e4b4754774a43ea1d92e8b
|
|
Type: fix
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ie3f390be16df81f6824344034377f9a6f4fa9f92
|
|
format_hexdump currently requires the length parameter to be uword
(64-bits) hence all callers must make sure to cast the length to uword.
Use u32 instead to benefit from C automatic integer promotion: any
length smaller or equal to u32 will be promoted to int fitting in u32).
Only callers using a length of u64 needs to downcast.
It also makes it similar to other variants.
Type: fix
Change-Id: I09b52fdde3970cec0be4150a29126ff63106c75b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8d3a1939870601297ecccf4cda6767510c2abfa5
|
|
Prior to dpdk-22.11, VPP can count on rte_eth_dev_socket_id to return
numa node 0 if the device didn't set it. Ever since below patch is
committed in dpdk
https://patchwork.dpdk.org/project/dpdk/patch/20220929120512.480-1-olivier.matz@6wind.com/#152498
the aforementioned assumption is no longer true. If the device didn't
set the numa node, VPP gets -1 from the aforementioned API call. This
causes VPP to crash.
This fix is to set the numa node to 0 if the API returns -1, or SOCKET_ID_ANY
Type: fix
Change-Id: I2fde2870e5a3eb98473fe8d119fef594bfba9a8d
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Move GRE folder under vnet to the plugin folder, and modify some of path
of the #inlude<header> to the new path.
Add a plugin.c file to register a plugin.
JIRA: VPP-2044
Type: improvement
Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5
Signed-off-by: Chuhao Tang <nicotang@cisco.com>
|
|
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I9f0f786b50aa77383b16e0f844c85f236f7aa8d0
|
|
Type: fix
Currently sw_scheduler runs interchangeably over queues of one selected
type either ENCRYPT or DECRYPT. Then switches the type for the next run.
This works fine in polling mode as missed frames get processed on the
next run. In interrupt mode if all of the workers miss a frame on the
first run the interrupt flag is lowered so the frame remains pending in
queues waiting for another crypto event to raise the interrupt.
With this fix force sw_scheduler in interrupt mode check the second half
of the queues if the first pass returned no results. This guarantees a
pending frame gets into processing before interrupt is reset.
Change-Id: I7e91d125702336eba72c6a3abaeabcae010d396a
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
When trying to start perfmon with a bundle that has a unique type while
specifying that type as argument, the command fails
(e.g. perfmon start bundle branch-mispred type node).
This error occurs because the returned value of
unformat_perfmon_active_type is actually a perfmon_bundle_type_t, but
it was treated as a perfmon_bundle_type_flag_t by a test in the CLI
function.
However, this test is useless and thus can just be removed.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I5d8b9815871621e8ee7b935586f4cedbc0e7a53d
|
|
Introduce async model into memif by utilizing new DMA API. Original
process is broken down to submission stage and completion stage. As
multiple submissions may in flight simultaneously, per thread data is
no longer safe, now replace thread data into each dma data structure.
As slave side already support zero copy mode, DMA option is only added
in master side.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I084f253866f5127cdc73b9a08c8ce73b091488f3
|