Age | Commit message (Collapse) | Author | Files | Lines |
|
Check if L4 headers are truncated and if so, set a flag for (future)
consumers instead of reading/writing garbage data.
Type: fix
Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75
Change-Id: I0b656ec103a11c356b98a6f36cad98536a78d1dc
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Also does a bit of code cleanup.
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ifbff1e03a2e1fdca98925fdd3db7eb230ff24a37
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I93c819cdd802f0980a981d1fc5561d65b35d3382
|
|
Remove unnecessary NULL check of t0, which causes coverity to scream. t0
is always initilised to *something* by doing pool_elt_at_index().
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7cf21767c43a24923e490ad40622743c17142fe2
|
|
There is no reason to enforce vnet rewrite size to be equal to pre_data.
Moreover, since vnet rewrite size is now saved as u8, this limits
pre_data to 192 bytes.
Type: fix
Fixes: 7dbf9a1a4fff5c3b20ad972289e49e3f88e82f2d
Change-Id: I3f848aa905ea4a794f3b4aa62c929a481261a3f1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Run 'find src -executable -type f', remove unnecessary executable bits from the
source tree.
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I070e22c8fb2ef8712bc3ea620727ee5ab3d9a9fb
|
|
Make sure the infra works on platforms without crc32, like risc-v
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f267497bb4e73a91a5320822ca42388f1f8b037
|
|
Change-Id: I102f84d6d72a7f17e62fb8c16a1d4a3234753476
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4229239ed6b81c10362faa1aa9f658c3fccfd31b
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Reported by gcc-11...
Type: fix
Change-Id: Ia00001a6334722a6ae9cc771e6861c1f709df286
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
May not be valid error but gcc-11 complains.
Type: fix
Change-Id: I207b8b4966c5eadd534495e29c873663249a377f
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I2f87ed4b151ecd5034b69d6f060626be6fd74e85
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
This reverts commit 5ecda99d673298e5bf3c906e9bf6682fdcb57d83.
Change-Id: I393c7d8a6b32aa4f178d6b6dac025038bbf10fe6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- move existing ethernet hash functions to hash infra (no l4
awareness)
- refactor code to use hash infra and add apis to request l4 aware
hashing functions
- hashing functions per interface
- code cleanup
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia9f44db98d83f0f027aeb37718585a2e10ffd2c6
|
|
Type: fix
Fixes: d6953332db225d5355f50348ef3b09f0525d5282
Change-Id: Ib85fee40e71ebe5bc2b84c62e37298b5e390d520
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Add a NULL check in case of hash lookup failure to make coverity happy.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3cfa5960458d3618f1277ba442b4ca5ca15064ea
|
|
Type: fix
https://gerrit.fd.io/r/c/vpp/+/34027 added support
for l3 mode, but as the eth_mode constant was set
to 1 we did default to l3 mode in the api.
This reverts to the original logic.
Change-Id: If8b90b300d3868de5233dfa1f33ec975853cba11
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4f29e6118630146876b7f58f1afe6b6733401047
|
|
New code seems to be 1.5 clocks faster.
old:
mov eax,edi
shr rdi,0x20
add rdi,rax
movzx edx,di
shr rdi,0x10
add rdx,rdi
movzx eax,dx
shr rdx,0x10
add rax,rdx
mov rdx,rax
shr rdx,0x10
add eax,edx
new:
mov rax,rdi
shr rax,0x20
add eax,edi
mov edi,0x10
shrx edi,eax,edi
adc ax,di
adc ax,0x0
Type: improvement
Change-Id: I3c565812c67ff4c3db197a9d4137a6c131b5b66c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
In tap_create_if(), if args->host_namespace or args->host_bridge are
null because no values were set for those, the virtio_if_t entry in
virtio_main.interfaces ends up getting populated with values of "(nil)"
in net_ns or host_bridge, respectively.
Check whether args->host_namespace and args->host_bridge are null before
trying to set the corresponding fields on virtio_if_t.
Change-Id: I8e1e66a6d7b246e7c66fece406d116ffb1312c64
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Move socket creation past code which returns from function to avoid
leaking the socket in case of an early error return.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9e18bd32022441c17ca920d1c2458b058b76c3c0
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id58ac44d45fb8b8a0d803f02e0242ec6f4b3db05
|
|
Originally the pool of keys can be expand and cache with pointer for
key can be invalid.
For example in Wireguard during handshake process this pool can be
expand and pointer for these keys in cache can be invalid for workers
or can has incorrect value (poison memory).
The fixes add barrier if the pool needs be to expand to ensure that
cache in function will be valid and avoid situation when cache has
invalid pointer for these keys.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
|
|
This patch provides a fix for early-kill of timewait sockets that is based on
rfc's 1122, 6191.
The following commits provided a solution for port re-use. However, they
are not fully compliant with rfc 1122 4.2.2.13 ( Closing a connection )
and rfc 6191 (Reducing the TIME-WAIT State Using TCP Timestamps)
commit b092b77cf238ba ("tcp: Enable TCP timewait port use") introduced
a significant improvement by enabling TCP timewait port re-use.
commit ee1cb469b2dd ("tcp: fix port reuse with multiple listeners") fixed
usage of the wrong value for connection_index when searching for a
listener, by storing the state in tcp.flags.
Implementation details:
When a SYN is received during time-wait state, the code
checks whether all the requirements for accepting the SYN packet are
met. If they aren't, the SYN can't be accepted and the packet is dropped,
otherwise, connection is deleted and a new connection with same port
is opened.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Yuval Caduri <cyuval@marvell.com>
Signed-off-by: Michal Kalderon <mkalderon@marvell.com>
Change-Id: I38a33c6e321c760d45ebec9154399e1c90dd0250
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3c4152219e5307ac0fe773e16d597f0e4b9a7d4c
|
|
Type: fix
Ticket: VPP-1970
Ticket: VPP-1992
Fixes: 9e17887db97bb9f6507270f9fa9923c10816e0df
https://gerrit.fd.io/r/c/vpp/+/33495/7 introduced a bug
where ND responses are inproperly dropped. This fixes that bug.
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Change-Id: Iec4b07646332ced292e2211408c4f7af3088ac28
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ia6b9d4ac55be2216887bfdb99be4021f6a96f166
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib3fe4f306f23541a01246b74ad0f1a7074fa03bb
|
|
Type: fix
If the walk is triggered when the child is added, then that child is visited in the walk. However, since it is just attahcing to the path-list it may not, or indeed cannot, have all the context it needs to successfully handle the walk.
In the case of MPLS tunnel, it does not have the path extensions ready, and cannot since the path extensions need to resolve on the path-list.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I027af8cf2f522d2f6e37931bea60c767f0cb667d
|
|
When an mfib entry was created with both paths and entry_flags then
the entry flags were being ignored. If there are no paths then the
flags were passed into mfib_table_entry_update, but in the case where
the entry didn't exist and there were paths and flags, the entry was
created within mfib_table_entry_paths_update() which used a default
of MFIB_ENTRY_FLAG_NONE.
Pass the flags through into the mfib_table_entry_paths_update fn. All
existing callers other than the create case will now pass in
MFIB_ENTRY_FLAG_NONE.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
|
|
Type: improvement
This adds a new ip[46]-receive node, sibling
of ip[46]-local. Its goal is to set
vnet_buffer (b)->ip.rx_sw_if_index to the
sw_if_index of the local interface.
In dependant nodes further down the line (e.g.
hoststack) we then set sw_if_idx[rx] to this
value. So that we know which local interface
did receive the packet.
The TCP issue this fixes is that :
On accepts, we were setting tc->sw_if_index
to the source sw_if_index. We should use
the dest sw_if_index, so that packets
coming back on this connection have the
right source sw_if_index. And also setting
it in the tx-ed packet.
Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ie79a2deac03c04c0697e482a649ff151142126ed
|
|
Type: fix
When VPP generates an ICMP echo reply in response to an incoming
echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED
on the buffer. It will prevent ip6-rewrite from decrementing the hop
limit.
Outbound IPv4 echo replies also get this flag set.
Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6b89c4158d10d4928c8418312180dbeba7d70ab2
|
|
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong
results. Fix this error by correctly calculating IPv6 addresses with
different increased ranges and grouping ip4/ip6 prefix calculation
functionality into two functions.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If954876301ca2095f9331799a086f75db936f246
|
|
Type: test
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I5d44a6ea24e4aa0842024a0961f1fb22c6e6419a
|
|
Type: fix
Currently, auth activation CLI command
"bfd upd session auth activate ... conf-key-id <cki> bfd-key-id <bki>"
allows to change both key-ids to new values at once.
But if only bfd-key-id should be corrected, e.g. as a result of mistyping,
we can't do that in a single operation, and have to deactivate auth first
and then reactivate it with a correctly entered pair of ids.
Currently, backend's bfd_auth_activate() function returns immediately,
with no action, if it finds that submitted conf-key-id matches the
current record. No check on bfd-key-id value is made.
With this fix, bfd_auth_activate() checks if session's bfd-key-id has to
be changed to a new value, and if so, it updates and logs appropriately.
Change-Id: I3b915a936cb1721707860bb503f70e7dd29e0ddd
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: fix
Currently, the change in desired_min_tx value initiated locally
doesn't result in actual update of the transmission interval.
bfd_session_t structure has two fields for each of protocol's
local time parameters
desired_min_tx, required_min_rx
In a case of a parameter update,
"config_" prefixed fields store new values sent to remote
bs.config_desired_min_tx_nsec,
bs.config_required_min_rx_nsec
Those prefixed "effective_", keep old values, still in charge,
until new ones are being negotiated between peers:
bs.effective_desired_min_tx_nsec,
bs.effective_required_min_rx_nsec
Currently, upon termination of the Poll Sequence (negotiation) only
bfd_set_effective_required_min_rx()
is called to update effective RX value. TX value remains unchanged.
With this fix, add a call to
bfd_set_effective_desired_min_tx()
to set new, acknowledged TX value in effect.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I80b6746533839c9572598f1ad9dabb33e621a525
|
|
While looking at a coverity warning it was discovered that it's caused
by return value modified by pd msg handlers. As these are legacy, it's
a good time to remove them and also fix the warning this way.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic72ab8b2b7a2e55188d1c31cfd18a74b7cf82c43
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
|
|
We should compute offloads in interface_ouput.c
in the case when any of the UDP, TCP or IP
offload flags is not present in the interface
capabilities.
e.g. if the interface supports IP cksum offload
but not tcp/udp we should still compute cksums
here.
Type: fix
Change-Id: Ibaa3a56dbc92938dca45311c38f079d040052194
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Add a missing return statement in case there are no parameters supplied
to 'set ip6 nd proxy' CLI to avoid calling code with uninitialised
parameters.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ie4fdb4df5d1af49471c421e5e7a6c2f885d2e8d2
|
|
Type: improvement
Change-Id: If453321785b04f9c16e8cea36fb1910efaeb2c59
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c77066cc9f1d3063373cc9559cc5b369906cc24
|
|
Type: fix
In vnet_sw_interface_set_flags_helper(), the variable old_flags is set
to the original value of vnet_sw_interface_t.flags for an interface. If
an error occurs during the process of bringing an interface up, old_flags
is used to restore the original value.
Before the dev class or hw class admin_up_down_function can be called,
but after modifying vnet_sw_interface_t.flags to it's new value,
old_flags is set to the value of vnet_sw_interface_t.flags a second time.
This discards the original flags that were being preserved.
As a result, if an interface is being brought up and the dev class
or hw class function fails, at the end VPP believes that interface is up.
This can cause a crash if packets are routed through the interface
and some RX/TX initialization was not completed because of the error
while bringing the interface up.
Change-Id: Ica6b6bac13c24e88c4136bf084cd392e6217e7d9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting.
The traces previously showed some bogus reason:
00:04:27:325550: ip6-mfib-forward-rpf
entry 10 itf -1 flags
00:04:27:325551: ip6-drop
fib:0 adj:10 flow:0
UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2
tos 0x00, flow label 0x651ed, hop limit 1, payload length 64
UDP: 546 -> 547
length 64, checksum 0xec9a
00:04:27:325551: error-drop
rx:GigabitEthernet6/0/0
00:04:27:325553: drop
ip6-input: drops due to concurrent reassemblies limit
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
|
|
Adding flow cache support to improve outbound IPv4/IPSec SPD lookup
performance. Details about flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using bihash without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, old entry will
be overwritten by the new entry. Worst case is when all the 256
packets in a batch result in collision and fall back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows.
This can be made as a configurable option as a next step.
4. Whenever a SPD rule is added/deleted by the control plane, the
flow cache entries will be completely deleted (reset) in the
control plane. The assumption here is that SPD rule add/del is not
a frequent operation from control plane. Flow cache reset is done,
by putting the data plane in fall back mode, to bypass flow cache
and do linear search till the SPD rule add/delete operation is
complete. Once the rule is successfully added/deleted, the data
plane will be allowed to make use of the flow cache. The flow
cache will be reset only after flushing out the inflight packets
from all the worker cores using
vlib_worker_wait_one_loop().
Details about bihash usage:
1. A new bihash template (16_8) is added to support IPv4 5 tuple.
BIHASH_KVP_PER_PAGE and BIHASH_KVP_AT_BUCKET_LEVEL are set
to 1 in the new template. It means only one KVP is supported
per bucket.
2. Collision handling is avoided by calling
BV (clib_bihash_add_or_overwrite_stale) function.
Through the stale callback function pointer, the KVP entry
will be overwritten during collision.
3. Flow cache reset is done using
BV (clib_bihash_foreach_key_value_pair) function.
Through the callback function pointer, the KVP value is reset
to ~0ULL.
MRR performance numbers with 1 core, 1 ESP Tunnel, null-encrypt,
64B for different SPD policy matching indices:
SPD Policy index : 1 10 100 1000
Throughput : MPPS/MPPS MPPS/MPPS MPPS/MPPS KPPS/MPPS
(Baseline/Optimized)
ARM Neoverse N1 : 5.2/4.84 4.55/4.84 2.11/4.84 329.5/4.84
ARM TX2 : 2.81/2.6 2.51/2.6 1.27/2.6 176.62/2.6
INTEL SKX : 4.93/4.48 4.29/4.46 2.05/4.48 336.79/4.47
Next Steps:
Following can be made as a configurable option through startup
conf at IPSec level:
1. Enable/Disable Flow cache.
2. Bihash configuration like number of buckets and memory size.
3. Dual/Quad loop unroll can be applied around bihash to further
improve the performance.
4. The same flow cache logic can be applied for IPv6 as well as in
IPSec inbound direction. A deeper and wider flow cache using
bihash_40_8 can replace existing bihash_16_8, to make it
common for both IPv4 and IPv6 in both outbound and
inbound directions.
Following changes are made based on the review comments:
1. ON/OFF flow cache through startup conf. Default: OFF
2. Flow cache stale entry detection using epoch counter.
3. Avoid host order endianness conversion during flow cache
lookup.
4. Move IPSec startup conf to a common file.
5. Added SPD flow cache unit test case
6. Replaced bihash with vectors to implement flow cache.
7. ipsec_add_del_policy API is not mpsafe. Cleaned up
inflight packets check in control plane.
Type: improvement
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I62b4d6625fbc6caf292427a5d2046aa5672b2006
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic2ba5fa234a394acb524b61573fc49f2d58c2dea
|
|
This patches fixes an issue that could cause
fib locks to underflow: if an API user deletes
a fib and quickly recreates it, the fib may not
have been actually deleted. As a result, the
lock would not be incremented on the create call
leading to the fib potentially disappearing
afterwards - or to the lock to underflow when
the fib is deleted again.
In order to keep the existing API semantics,
we use the locks with API and CLI source as flags.
This means we need to use a different counter
for the interface-related locks.
This also prevents an issue where an interface being
bound to a vrf via API and released via CLI could
mess up the lock counter.
Finally, this will help with cleaning up the
interface-related locks on interface deletion
in a later patch.
Type: fix
Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: improvement
Change-Id: Iec585880085b12b08594a0640822cd831455d594
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|