| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
GCC 11 complains about potential cast from u32 to session_t.
Type: fix
Change-Id: Id777e339c40e0ea3c3c8b2b0800acf7cd7a4ced3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Make sure compiler can optimize out constants.
Type: improvement
Change-Id: I3982d4b2cf1e0e08e31a0836fd64fab82564a7d6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Also optimize lookup to avoid session rules table matching.
Type: fix
Change-Id: I5b62c870edd9f7486e7de1417816fffa30d03a3e
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Allocate ports per fib.
Type: improvement
Change-Id: I9e1f113602485bfb09f71092eee58b9a433daa6a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Id9cec0c802024c1df0ac06a0f8833379a782e9de
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Program session events using session handles instead of fifos.
Type: improvement
Change-Id: I69063190598c2b4dc1104f2938f27c6cd057341a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I898baf3e2a7586124f4678eaeaa4516db7186f8f
|
|
Type: fix
Change-Id: I487ee4e69d8885f46d7a4af2c66a710da66108c5
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
New CLI to enable/disable auto-sdl (requires session enable rt-backend sdl)
auto-sdl <enable|disable> [threshold <n>] [remove-timeout <t>]
threshold is defined as the number of packets before the SDL entry is created to deny the source.
remove-timeout is defined as the duration to remove the SDL entry which was created earlier.
Type: feature
Change-Id: I513094a59663970beae33257006c652674643764
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: Id6aa410a75356ece1d114a2970f70cf32203997f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Problem
The API app_namespace_add_del allows specifying ip4_fib_id and
ip6_fib_id. But the CLI does not. It only allows interface.
Interface binding may change after the application namespace
is created and there is no registration for the callback
when the interface binding changes.
Fix
Add ip4-fib-id and ip6-fib-id to app ns CLI. When both
interface and fib-id's are specified, interface takes
precedence. When interface is not specified, either ip4-fib-id
or ip6-fib-id or both ip4 and ip6 fib-id's may be specified.
If only ip4-fib-id is specified, ip6 is disable for this
particular app namespace. If only ip6-fib-id is specified,
ip4 is disable for this namespace.
When the interface binding changes to different vrf and the
application namespace was created via interface option, we
delete the application namespace and recreate the application
namespace with the new interface binding. Notice when the
application namespace is removed, all session rules and
sdl rules previously created for the deleted application
namespace will be deleted. However, if the fib table/session
table was shared by another namespace, the other namespace
will still contain the session rules and sdl rules.
Type: improvement
Change-Id: I76eb30da1ed8a39d06694c1e66d0675bf03516bf
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Display segment manager information for show app <index> verbose
Mark segment manager as listener if it is a listener segment.
Type: improvement
Change-Id: I8d91f4c2ed5b8f39620f2c8b06950c0e7ee2225e
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
The app ns semantics allows the same app ns to be re-added with different
interface. For example,
app ns add id blue secret 1 if tap0
app ns add id blue secret 1 if tap1
If tap0 is bound to table 0 and tap1 is bound to tap1, we need to clean
up the existing session table and possibly allocate a new session table
for the app ns.
Type: fix
Change-Id: I566d621081b7cdbd7d0c481fda53953b39c26001
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: Iae00637ab843121651f187436bf849f41874f48c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Track number of tries to alloc local port and report it in stats
segment. Could be used to gauge how busy the port allocator is.
Also add cli to dump trasport sub-layer state.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3736a48488c491dee85aa2b074b87519a3857057
|
|
vnet_session_rule_add_del may be called with a bogus appns index
from the API. Validate the appns index is indeed valid.
Type: fix
Change-Id: Ife1b5b9ab0b180ececa74008d2ef92045a9e8b58
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
session table may be shared among multiple appns's.
app ns add id blue secret 1 if tap0
app ns add id red secret 1 if tap0
session table holds the last added app_ns's appns_index.
If the last app_ns is deleted, session table is not free
since there is still an appns which uses the same session
table. In that case, session table is holding the free
app_ns's appns_index and it can cause problem.
The fix is to modify appns_index in session table to hold
a vector of appns_index's instead of just the appns_index
that was last added. When the app ns is deleted, remove the
deleted appns_index from the session table's vector of
appns_index's.
Type: fix
Change-Id: Ied8bc97f185071dc89b9b56656e18efbd2995131
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
The convention in the binary API is that fields encoded in network order.
For some reason, port was parsed in host order.
Type: fix
Change-Id: I31ea313937097e2547226566b7869be4e28251b8
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0dd002f923908c4b9244c2c47fc85fa8855d54e1
|
|
App can now pass http connection timeout using extended configuration,
ext cfg type TRANSPORT_ENDPT_EXT_CFG_HTTP, value (in seconds) set in ext
cfg member opaque.
It is optional, default value is 60 seconds.
Type: improvement
Change-Id: Ibeff4bbd3153421be350ff564ec3c8e52e5b9639
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
This allow configuration for each transport protocol when combined,
e.g. HTTPS=HTTP+TLS.
Extended config of session endpoint config is now chunk of memory,
which allow seamless integration with VCL, and internal
representation is hidden behind APIs, which is better for
future improvements. By default chunk is allocated to 512B if the
app doesn't do so before.
Type: improvement
Change-Id: I323f19ec255eba31c58c06b8b83af45aab7f5bb1
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Session layer can push transport attributes to vcl sessions which are
stored as vector for session lifetime.
Store original_dst_ip and port when available in vcl session attribute
vector.
Type: feature
Change-Id: Iab6c65ddcfed220fc919f564cd19083561812faf
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iebf5155a429c77143df9eb44f504fea28cddaf98
|
|
Type: improvement
Change-Id: Ib8e9f9fb6dfc553cc9e344544961832fecbea8c1
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
1. When the backend engine is not enable, adding an entry returns
a confusing error message.
DBGvpp# session sdl add 191.1.1.30/32 action 1 tag blue-v4-rule1
session sdl add 191.1.1.30/32 action 1 tag blue-v4-rule1
unknown input `add 191.1.1.30/32 action 1 ta...'
DBGvpp#
2. When the sdl or rule-table entry is already present, adding the duplicate
entry returns a confusing error message.
DBGvpp# session sdl add 8.8.8.1/32 action 0
session sdl add 8.8.8.1/32 action 0
DBGvpp# session sdl add 8.8.8.1/32 action 0
session sdl add 8.8.8.1/32 action 0
session: session is already enable. Must disable first
DBGvpp#
The problem is because there are multiple cli commands start with "session".
When the command is failed with the best match chain, it passes the
command to the other parser chains which start with the keyword "session".
The other cli chain also fails to parse the command. The error message
that the previous parser chain returned may be overwritten by
the newest error message.
The fix is to not return an error in sdl and rule-table parser command chain.
Type: fix
Change-Id: If0165324a763f47ec98ab79a41c3ee9b10057454
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
The language is
local == VPP local interface
remote == sender prefix to VPP node
SDL acts on remote prefix.
Type: fix
Change-Id: I82917c6ef801fc67430dfdd15c5630cb7a6347e0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: I12ddcd56f2fecb504180cdc044a3b3c3d1db7e3c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Add support for:
- "sh session verbose thread <n> [lcl|rmt|ep] <ip>[:port]", which can be
used to filter sessions based on transport ip:port
- "force-print" option to force printing even when it exceeds existing
printing thresholds
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iab3e58b8162664b425379d14818b8a4daa0ce345
|
|
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Backend needs to return protocol to indicate if the prefix is ip4 or ip6.
Type: fix
Change-Id: If827c2e8b2a58051298968fa4d69de71ce9c4fcc
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Need to vec_free ns_id whenever we return in the function
show_session_rules_command_fn in case memory was allocated to it.
Type: fix
Change-Id: Ifc38d3eb2756a8a128467dd40ad40fe3f0be8fc0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
SESSION_INVALID_INDEX is u32. The function is supposed to return u64.
The caller of the function tests the return value to see if it is
SESSION_INVALID_HANDLE in ct_session_connect. If it is not, it
thinks it is a valid handle and calls listen_session_get_from_handle
which causes a crash.
Type: fix
Change-Id: I4ede6b2dfb95259f3a6071cfa3a77ce0d9cd9edd
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
session table
When an application namespace is added, we call session_table_is_alloced
to see if we need to allocate a new session table. That check returns true
even if we removed the session table.
The fix is when we delete an application's global session table,
we need to invalidate fib_index_to_table_index.
Fixed test_vcl test script to run two tests back to back.
The 1st test deletes the application namespace at the end.
The 2nd test adds the application namespace in the beginning.
Type: fix
Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59
Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
1. Adding an ip6 rule entry
session rule add proto tcp ee80::/10 0 ee80::/10 0 action 2
2. show session rules does not display the entry.
show session rules tcp
3. However, show session rules for a specific entry shows the entry
show session rules tcp ee80::/10 0 ee80::/10 0
Type: fix
Change-Id: I65c881665d3698a2a9452a186ed657eee0bf13e0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: If07a6a420d467e6305f166ed250f84befe9f983d
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: Id8542ad74389eca4cc7903cd455f556743a5e0cf
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Invoking the API session_rule_add_del to add a rule causes VPP to crash
if session is not enable.
Type: fix
Change-Id: If8de83f1064bc60d20461e87889b7c3393ad2af1
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
lock the vrf table when adding an application namespace and
unlock the vrf table when deleting an application namespace.
Free the session table when no more application namespace
uses it anymore to avoid memory leaks.
Type: fix
Change-Id: I10422c9a3b549bd4403962c925e29dd61a058eb0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
We call application_namespace_cleanup to remove the application which
has a reference to the application namespace when deleting an application
namespace. When we find the matching application namespace, we queue
the ns_index instead of app_index to look for the application.
This may lead to a crash.
Type: fix
Change-Id: I89c7f8d1681b4c7c1bcb16641217230a26dbe582
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: improvement
Change-Id: I5a4a33604ecb8a29ef6932cc5826835d3bec7f23
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c79d16f6a19767d990e8a4683c296219b559ccd
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iadc6ec58f5fc7fbff62e4fd31d509557b60395cb
|
|
If session is not enable, type in the CLI session disable cause VPP to crash.
Type: fix
Change-Id: Ib55b7430b7ce521a40025d58fa18b765f5129fd5
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
When toggling session disable and enable, memory leaks found on various
transports.
Don't create the timer wheels on enable when they are already creaded.
Don't create the spin locks when they are already created.
Add session enable disable test in session unit test.
Type: fix
Change-Id: I08988a96bbf2d67a67c743b50b63f5b1e27402a3
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
When the rule table is allocated, the root node is allocated. But it
cannot be deleted by the add_del API, or the table is useless.
When the table is free, the root node is not free and there is memory
leak. Let's add pool_flush when the rule table is free.
Type: fix
Change-Id: I58c3e040cd101c7db501d99a373ad78d85321b8f
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Avoid double free if app forces reset while half-open is cleaning up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2311fb763076aa8a263c193f5967793402eedb6a
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9e7011ff45f14e17fc0d0d63800184f404c29093
|
|
This makes session_lookup_connection_wt6 consistent with session_lookup_connection_wt4 -
they both just return an error for wrong thread.
Type: fix
Change-Id: Ide38976e9a7274b53311e65711098e6b22a3f8d5
Signed-off-by: Brian Morris <bmorris2@cisco.com>
|
|
Type: fix
Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Force transport and session cleanup on session detach if transport is
already closing. This should also avoid races between transport
initiated session cleanups and pending session control events.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
|
Benoît Ganne
Florin Coras
Matus Fabian
Steven Luong
Brian Morris
Damjan Marion