Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: feature
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
|
|
This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
|
|
DPO in the new copy was not locked ...
Type: fix
Fixes: 0bfe5d8
Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Free node frames in worker mains on refork. Otherwise these frames are
never returned to free pool and it causes massive memory leaks if
performed under traffic load
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
|
|
Type: improvement
Change-Id: I7f52222706200c31a731fadfb84513549ccb532d
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.
Type: fix
Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
zero-initialize the variables
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
|
|
Store mss and sw_if_index to udp_connection_t and display them via
show sessipn verbose 2
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
|
|
It may contain garbage in debug builds resulting in wrong
gho detected flags and offsets.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
|
|
Mark arp packet as locally originated when probing/replying and don't apply any
arp-term logic against it.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
|
|
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei,
is called only if ei is set.
Type: fix
Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Following the discussion during the review
of b46a4e69e5db18ef792415439d04a0ab22c59386,
remove the redundant ei0. This resulted in realization
that in order for this code to do anything useful,
the ei must be always non-zero, so rewrite the logical
condition for it. Also, make it a conjunction which seems simpler
to understand.
Type: improvement
Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add
static ARP entries will output wrong mac addresses due to lack of
big/little endian conversion. Fix this error by converting mac address
from big endian to little endian before doing the self-increment.
Before patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
After patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0
4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0
4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0
4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0
4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
|
|
Add an assert to express the constraint to coverity without
incurring the overhead in release builds.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
|
|
Add an ASSERT so coverity is aware of the assumption taken,
without incurring any penalty in release build.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Check that the pointer is non-null before dereferencing it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
|
|
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
|
|
Day1 latent integer overflow.
vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32
in split_and_rehash as well.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
|
|
Type: improvement
If an SA protecting an IPv6 tunnel interface has UDP encapsulation
enabled, the code in esp_encrypt_inline() inserts a UDP header but does
not set the next protocol or the UDP payload length, so the peer that
receives the packet drops it. Set the next protocol field and the UDP
payload length correctly.
The port(s) for UDP encapsulation of IPsec was not registered for IPv6.
Add this registration for IPv6 SAs when UDP encapsulation is enabled.
Add punt handling for IPv6 IKE on NAT-T port.
Add registration of linux-cp for the new punt reason.
Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
|
|
Type: improvement
plus the addition of the 'thorttle' counter of IP6.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b
|
|
Type: improvement
Currently, once an adjacency is stacked on a FIB entry via
adj_midchain_delegate_stack(), "midchain delegate" is created for the
adjacency and the FIB index is stored there. And all further calls to
adj_midchain_delegate_stack() even passing another FIB index will cause
the function to still use the stored one. In other words, there is
currently no way to stack an adjacency on another FIB index if "midchain
delegate" already exists for it.
Being able to stack on another FIB index is needed for the wireguard
plugin. As per the protocol, peers can roam between different external
endpoints. When an authenticated packet is received and it was sent from
a different endpoint than currently stored, the endpoint needs to be
updated and all futher communication needs to happen with that endpoint.
Thus, the corresponding to that peer adjacencies need to be stacked on
the FIB entry that corresponds to the new endpoint.
With this change, add adj_midchain_delegate_remove() that removes
"midchain delegate". When stacking on another FIB entry is needed,
existing "midchain delegate" can be removed and then, a new one created
with a new FIB index via adj_midchain_delegate_stack().
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
|
|
like tcp punt
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifda8ca8d26912c750a77d2ca889e1638ca83d85a
|
|
Type: fix
API and internal flags do not match 1:1.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
|
|
Type: improvement
This method allows the assignment of a severity to the error.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8907fecde6d48f5362f0f91372d5a9a1bba6f931
|
|
Type: feature
stats of the like from:
https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-arp-yang-model-03#section-4
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icb1bf4f6f7e6ccc2f44b0008d4774b61cae96184
|
|
Change-Id: I42a138628b06a412b8fce7fb4fc500caf9057169
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Change-Id: I2f3163a7a158afa8e2debc6f545c3d1a2a12ac1d
Type: fix
Fixes: 3414977152ae6362277158dc732e6b9958a6e618
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Change-Id: I6bed66f740b34673a4883eda1c7f7310c57e131b
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode()
returns an error it actually returns success. This has been changed to
return a clib_error_return() value.
Type: fix
Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522
Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
|
|
This patch fixes followig coverity issues:
CID 274739 Out-of-bounds read
CID 274746 Out-of-bounds access
CID 274748 Out-of-bounds read
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9bb6741f100a9414a5a15278ffa49b31ccd7994f
|
|
Fix parse problem with per-prefix settings (e.g. valid-lifetime)
in ip6 ra.
Type: fix
Signed-off-by: me@hrntknr.net
Change-Id: I2a00bf5b9621ebc16211227d70e376fc2f61bae1
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I39e3e007da2b99321bebf3e1c1ebb1d87547f532
|
|
Type: fix
Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right
Signed-off-by: liangrq <liangrq@efly.cc>
Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
|
|
format_base10 reads 64b but is fed 32b values at the callsite; change
to u64 consistently. The function has only one call site in
interface/monitor.c which has a few additional bugs (spurious
character, and ambiguous 'bits' versus 'bytes' in the output).
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
|
|
With thousands of UDP sessions,
Sometimes VPP needs more time to grab the MQ lock for a session.
So increased tries from 5 to 75.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
|
|
With this patch fast path for ipv6 policy lookup is enabled.
This impelentation scales and outperforms original implementation when
the number of defined flows is higher thatn 100k.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
|
|
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: I5ecfb242e5905c9bd8ce19cd9ab6efd657ee14d4
|
|
0 is not NULL (at least not in all cases), passing 0 into a variadic
function in a place where the consumer reads it as pointer might
leave parts of the pointer uninitilized and hence filled with random
data.
It seems that this used to work with gcc, but clang seems to treat the
0 in those places as a 32bit integer.
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
|
|
Type: feature
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Change-Id: I2d3a0211abfee3501d3d77c80da20e67e1e9e133
|
|
classify hash used to be stored as u64 in buffer metadata, use 32 bits
instead:
- on almost all our supported arch (x86 and arm64) we use crc32c
intrinsics to compute the final hash: we really get a 32-bits hash
- the hash itself is used to compute a 32-bits bucket index by masking
upper bits: we always discard the higher 32-bits
- this allows to increase the l2 classify buffer metadata padding such
as it does not overlap with the ip fib_index metadata anymore. This
overlap is an issue when using the 'set metadata' action in the ip
ACL node which updates both fields
Type: fix
Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: refactor
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Change-Id: Iff5e85952273526d5c9d9e7e73bd2b6c15bcd7f6
|