Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: refactor
- remove the extern declaration of the nodes. keep the use of them to
the files that declare them
- remove duplicate declaration of ipsec_set_async_mode
- remove unsued ipsec_add_feature
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
|
|
Make the ipsec[46]-tun-input nodes siblings of device-input so that
input features can be enabled on them. Register ipsec-tun for feature
updates. When a feature is enabled on the device-input arc and the
ifindex is an IPSec tunnel, change the end node of the arc for that
ifindex to be the appropriate ESP decrypt node. Set a flag on the
tunnel to indicate that the feature arc should be started for packets
input on the tunnel.
Test input policing on ESP IPSec tunnels.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
|
|
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed
the behavior, so that the new looked only to adjacent gleans. This
caused a problem for destinations routed according to FIB table.
To reproduce:
vpp# create tap
vpp# set interface state tap0 up
vpp# set interface ip address tap0 192.168.11.1/24
vpp# ip route add 192.168.20.0/24 via 192.168.11.2
linux$ sudo ip addr add 192.168.20.1/24 dev lo
linux$ sudo ip link set tap0 up
linux$ sudo ip addr add 192.168.11.2/24 dev tap0
vpp# ping 192.168.20.1
Failed: no source address for egress interface
Type: fix
Signed-off-by: Július Milan <julius.milan@pantheon.tech>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
|
|
Type: improvement
Also:
- state as enum so my GDB life is easier
- typo; s/indice/indices/;
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
|
|
Coverify complains deref_ptr before null check.
deref_ptr: Directly dereferencing pointer reg.
1214 vl_reg = vl_api_client_index_to_registration (reg->client_index);
1215 ALWAYS_ASSERT (vl_reg != NULL);
1216
CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking reg suggests that it may be null, but it
has already been dereferenced on all paths leading to the check.
1217 if (reg && vl_api_can_send_msg (vl_reg))
I believe the check is for vl_reg instead of reg because vl_reg may be NULL
after the call vl_api_client_index_to_registration.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
|
|
When a buffer is freed and re-allocated for a new packet, opaque2 is
not reset, so the offload flags can be set to a stale value.
Make sure the offload flags are reset to the current value on 1st set.
Type: fix
Fixes: 6809538e646bf86c000dc1faba60b0a4157ad898
Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
|
|
Test worker thread handoff on an interface input policer.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
|
|
Add worker thread handoff for policers on the device input feature arc
on an interface.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
|
|
The IP punt policer currently checks if it needs to do worker thread
handoff based on the thread index stored in the policer. Move this
functionality into the policer code so it can be common for all users
of the policer.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
|
|
Apply a policer to an interface, check it's policing packets.
Remove it and check it no longer polices packets.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
|
|
Add a new API to apply a policer to an input interface.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700
|
|
Add input per-interface policing as an input feature, repurposing
vnet_policer_inline which formermly allowed input policing to be
configured via a CLI.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I2fd00e964ae358a05e507c844f5476372124fae1
|
|
The policer test class overrides setup and teardown methods from
VppTestCase but doesn't do anything other than call the parent's
method.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I76bac084c4cb5cb5195e34afe95b38affd585942
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic28ee0e7cd313686b820e7003a47d17b844b8a89
|
|
Type: refactor
This patch refactors the offload flags in vlib_buffer_t.
There are two main reasons behind this refactoring.
First, offload flags are insufficient to represent outer
and inner headers offloads. Second, room for these flags
in first cacheline of vlib_buffer_t is also limited.
This patch introduces a generic offload flag in first
cacheline. And detailed offload flags in 2nd cacheline
of the structure for performance optimization.
Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a3348c7edd1cce6b407d336443103f77392bc5d
|
|
Type: feature
Support setting the MTU for a peer on an interface. The minimum value of
the path and interface MTU is used at forwarding time.
the path MTU is specified for a given peer, by address and table-ID.
In the forwarding plane the MTU is enfored either:
1 - if the peer is attached, then the MTU is set on the peer's
adjacency
2 - if the peer is not attached, it is remote, then a DPO is added to
the peer's FIB entry to perform the necessary fragmentation.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8b9ea6a07868b50e97e2561f18d9335407dea7ae
|
|
Ensure policer struct is cache aligned and fits in one cache line.
Give it a simpler name to reflect its job as the representation of
a policer.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: If1ae4931c818b86eee20306e503f4e5d6b84bd0d
|
|
Add a new api to allow a policer to be bound to
a specific worker thread for thread handoff.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I2623a6827843c3d93c0d7b4ad7c2e13611ec1696
|
|
Type: feature
Change-Id: Ib777a5201f1c728438c7a5f2b1aa2246f1344b9b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id7b27edf3712aaa3c277e752b9ca78bb91d184a1
|
|
Type: improvement
negates the need to load the SA in the handoff node.
don't prefetch the packet data, it's not needed.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I340472dc437f050cc1c3c11dfeb47ab09c609624
|
|
Convert old logging style to new and remove unused tracepoints.
Remove code always conditionally not compiled.
Make comment style consistent.
Type: improvement
Change-Id: I13339f28539cf190fb92be2d5c8020b6249319c8
Signed-off-by: Brian Russell <brian@graphiant.com>
|
|
Make the policer action enum packed and use it in the policer code.
Use other policer enums where applicable.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I32f9735942af8bca3160b9ef8a75f605d9aba5fa
|
|
The policer code uses a naming convention of prefixing a lot of
its definitions with "SSE2" when in fact there is nothing SSE2
specific about them. This is confusing so remove the prefix.
Unfortunately it has to stay in the API definitions for backward
compatibility.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I59a7df9fd5ded2575f2e587b2768a025a213b07c
|
|
If the multi-worker default VPP configuration is triggered by
setting VPP_WORKER_CONFIG="workers 2", some of the tests fail
for various reasons.
It's a substantial number, so this change marks all of the
testsets that have this issue, such that they can be addressed
later independently.
Type: test
Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Use the common IP definitions of DSCP rather than duplicating in the
policer code.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Iff4bc789356edc290b9c31eca33e93cf5b6211bf
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c15a465f84f2ceb6bd5f1c459899824d4bc1c90
|
|
Add some tests which configure policer params, use the policer
test helper CLI to police pretend packets and then check the
policer stats.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ib2688b6f77d84a4bfd3c8185e44c59fa2300716a
|
|
support
Type: feature
attmpet 2. this includes changes in ah_encrypt that don't use
uninitialised memory when doing tunnel mode fixups.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
|
|
Avoid doing inter-thread reads without locks by doing a handoff before
destination address rewrite. Destination address is read from a session
which is possibly owned by a different thread. By splitting the work in
two parts with a handoff in the middle, we can do both in a thread safe
way.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
|
|
Running vpp without any interface configured and then invoking the
binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due
to l2input_main.configs has no memory allocated to it, not even for the local
interface which exists all the times.
The reason that l2input_main.configs has no memory allocated to it was due to
gerrit patch 29232 which took out a line in l2input_init
/* Create the config vector */
vec_validate (mp->configs, 100);
The fix is to iterate through l2input_main.configs for each interface in
l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces.
Type: fix
Fixes: gerrit 29232
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b
|
|
Type: feature
Basic dtls transport protocol implementation that relies on openssl
wire protocol implementation. Retries/timeouts not yet supported.
To test using vcl test apps, first ensure all arp entries are properly
resolved and subsequently:
server: vcl_server -p dtls 1234
client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2828287c58115aa08c0a4297c01cea60f41f4749
|
|
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f.
Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged.
Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
support
Type: feature
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
|
|
Sometimes, vnet_hw_if_rx_queue_set_int_pending is called on rxqs which
are not in interrupt mode. Currently, it segfaults due to a too small
clib_interrupt_t structure. This change prevents that and makes the
framework slightly more robust to driver bugs (that might be subtle
to track in some cases involving concurrency...)
Change-Id: I9643b9b1aa37e6852754b93f10cd2f96ed9e6118
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ib3cefe5d27286c4853eb0c0e1803a94787a62c97
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I41faa2ca249ff75e564a732af896e6b5d76bf665
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2325d311a6fd7343c7041dc516777f4db0029823
|
|
Type: feature
The added functionality is to support copying TTL and flow label from
inner to outer. The .api was extened to support expressing this and also
adding a common tunnel endpoint type. i find it best to make API changes
in one patch so there are less versions of the API.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I755c1e3f4c475058792af39c1abeda92129efb76
|
|
Change-Id: I59f55db7209549ad43a1205470a2f5ea9ea8a1c7
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
|
|
The check in listen state that the listener is not valid is not enough
if the time wait session's index overlaps an actual listener's index.
Thanks wanghanlin@corp.netease.com for the report!
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3dff0cb134940a8265ff908faa607c67dba5e56b
|
|
Type: fix
Set the GSO flag when buffer length exceeds the
linux mtu. Don't listen for mtu changes on linux
side for now.
This also fixes a TX issue, as we only search for
valid frames on tx to the extent of n_left, we might
stay stuck.
Change-Id: Idf0bdd88990254a614962c2f7bc3e0292ccfd61a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Avoid synchronizing producers and the consumer. Instead, only use mutex
or spinlock (if eventfds are configured) to synchronize producers.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
|
|
Type: refactor
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
|
|
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output.
It's stateless (no connection tracking).
Currently it supports rewriting of SA, DA and TCP/UDP ports.
It should be simple to add new rewrites if required.
API:
pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get
CLI:
set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del]
show pnat translations
show pnat interfaces
Trying a new C based unit testing scheme. Where the graph node is tested
in isolation. See pnat/pnat_test.c.
Also added new cmake targets to generate coverage directly.
E.g.:
make test_pnat-ccov-report
File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00%
pnat_instructions_from_mask 9 0 100.00% 13 0 100.00%
pnat_binding_add 64 8 87.50% 31 2 93.55%
pnat_flow_lookup 4 4 0.00% 10 10 0.00%
pnat_binding_attach 104 75 27.88% 33 6 81.82%
pnat_binding_detach 30 5 83.33% 23 2 91.30%
pnat_binding_del 97 33 65.98% 17 3 82.35%
pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86%
pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82%
pnat.c:pnat_enable 5 0 100.00% 11 0 100.00%
pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00%
pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12%
pnat.c:pnat_disable 7 2 71.43% 13 7 46.15%
------------------------------------------------------------------------------------
TOTAL 576 194 66.32% 281 55 80.43%
File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h':
Name Regions Miss Cover Lines Miss Cover
------------------------------------------------------------------------------------
pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13%
pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71%
pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00%
pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00%
pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00%
pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00%
pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00%
pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00%
------------------------------------------------------------------------------------
TOTAL 264 157 40.53% 402 228 43.28%
Type: feature
Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0
Signed-off-by: Ole Troan <ot@cisco.com>
|