Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
|
|
Type: fix
Ticket: VPP-1883
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Icf50a645e114fa3b7bd974f8c82f5ceebfcedcd7
|
|
Type: improvement
Bond link state is being maintained inconsistently. It is initially set to
up. If the bond interface admin state is set to down, the link state is
set to down. If the bond interface admin state is set to up, the link
state is only set to up if there are active slave interfaces at that point.
If slaves become active at some later time, it does not get updated. Its
next chance to be updated is the next time the bond interface is set to
admin up.
To address this, do not set the link state to up after creating a bond.
Adjust the link state as slave interfaces are attached or detached
based on whether the bond is getting its first active slave or losing
its last one.
Unit test added to verify correct maintenance of link state.
Change-Id: I31f17321f7f0e727e1ab1e01713423af6566dad9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
when the interpose is on an adj-fib and the cover is removed the adj
source will not install. this lead to no path list being found for the
interpose source and a crash. pick a drop path list in this case.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ied217da043926c913657080f5ffb151201225d23
|
|
Type: improvement
a bihash per-interface used too much memory.
Change-Id: I447bb66c0907e1632fa5d886a3600e518663c39e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 487507f
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia9813ae09d14111dc8edac0fa6ab082e13ab6e2e
|
|
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal
reply / request pair. As expressed in the below service statement.
Example:
service {
rpc map_domains_gets returns map_domains_get_reply
stream map_domain_details;
};
define map_domains_get
{
u32 client_index;
u32 context;
u32 cursor;
};
define map_domains_get_reply
{
u32 context;
i32 retval;
u32 cursor;
};
To avoid blocking the main thread for too long, the replies are now sent in client message queue size
chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read.
The API handler must also include a "cursor" that is used to the next call to the get function.
API handler example:
REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains,
({
send_domain_details (cursor, rp, mp->context);
}));
The macro starts from cursor and iterates through the pool
until vl_api_process_may_suspend() returns true or the iteration
reaches the end of the list.
Client Example:
cursor = 0
d = []
while True:
rv, details = map_domains_get(cursor=cursor)
d += details
if rv.retval == 0 or rv.retval != -165:
break
cursor = rv.cursor
or the convenience iterator:
for x in vpp.details_iter(vpp.api.map_domains_get):
pass
or
list(details_iter(map_domains_get))
Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Reported as part of "show tcp stats"
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I499ab4e41d13aaf1a0d060e37f09087e63d09567
|
|
In case there is no free space in first buffer for ICV and footer,
additional buffer will be added, but esp_encrypt will stay in single
buffer mode.
The issue happens for the following payload sizes:
- TCP packets with payload 1992
- ICMP packets with payload 2004
This fix moves the single/chained buffer ops selection to after
esp_add_footer_and_icv call.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
|
|
Request connected udp listener behavior by setting
VPPCOM_ATTR_SET_CONNECTED attribute with vppcom_session_attr
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iba95155c0f41cea8c6e1a4263946270d49c213ac
|
|
Type: fix
Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h>
or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new
file: src/vnet/mpcap.h.
Type: refactor
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d
|
|
Swap byte order for fields of type vl_api_rx_mode_t.
Ticket: VPP-1871
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ia1745257b57209d41661d38067e0dd7618f9a9b9
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
(cherry picked from commit aefcd1a3579ec2c93f606b151d563d87ea211387)
|
|
Type: fix
Signed-off-by: Ignas Bacius <ignas@noia.network>
Change-Id: Id99a15272f6f12a724a4cfd9de461f1aa6a6a634
|
|
Cleanup L2/L3 mode switch to not redirect to/from ethernet-input node
as it is no longer necessary.
L2 patch should use sw_if_index for device feature enable/disable.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I0f24161d027b07c188fd1e05276146f94c075710
|
|
Type: fix
Change-Id: Id6687780b9a740323bd2eef58447864e70dc0235
Signed-off-by: Ignas Bacius <ignas@noia.network>
|
|
Identified and removed executable bit from source files in the tree.
find . -perm 755 -name *.[ch] -exec chmod a-x {} \;
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iae734a526d2e7befd9738054d028df0062b67000
|
|
Type: fix
Seems clang needs explicit casting to u64 of u64 and f64 multiplication
before truncating to u32
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib0d7a33d4c5e68577e401e854fc3e55e0723da93
|
|
Removing the comments around eid_type which seem to have been overlooked
by the original patch https://gerrit.fd.io/r/c/vpp/+/24663.
Type: refactor
Signed-off-by: Onong Tayeng <otayeng@cisco.com>
Change-Id: I48e1993cf8869cb32e159d1956f3ec1e5943e33f
|
|
By storing thread and session index in hash table we are able to skip
multiple hash lookups in multi-worker scenario, which were used for
handoff before. Also, by storing sesion index in vnet_buffer2, we can
avoid repeating the lookup after handoff.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
|
|
Type: fix
Signed-off-by: Ye donggang <yedg@wangsu.com>
Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
|
|
Calling ethernet_set_flags() to switch interface to/from promiscuous
mode must use use hw_if_index instead of sw_if_index.
Type: fix
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
|
|
Type: fix
... it's not a feature anymore
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ifbcaf7d832aa76336feb0556d0dc7d2002f19c35
|
|
Type: fix
In quad loop, checksum will be calculated for all four packets,
if one packet needs checksum computation, without respecting their
respective flags. This patch fixes it.
Change-Id: I479b420ba0dcbd178ea4180bf05a0e55a6b13843
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
it is possible for a user to change the end node of a feature arc, but
this change should only apply to that 'instnace' of the arc, not all
arcs. for example, if a tunnel has its ipx-output end node changed to
adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously...
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
|
|
Type: fix
Only add GSO and Checksum offload flags when gso is
enabled.
Change-Id: I58945a4ffbb9a0e6a8640fc01424c63feef16306
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: feature
the es4-encrypt and esp6-encrypt nodes need to be siblings so they both have the same edges for the DPO on which the tunnel mode SA stacks.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I2126589135a1df6c95ee14503dfde9ff406df60a
|
|
Type: fix
Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I84ec1c91a3a7b2195aad58923fa6f17f551444cb
|
|
Fix the issue that vppctl show ip4{6} neighbor [interface] command can't
show entries correctly, example: both ip4 and ip6 entries can be shown
with command:
vppctl show ip4 neighbor.
Type: fix
Signed-off-by: Michael Yu <michael.a.yu@nokia-sbell.com>
Change-Id: I229368b71cd285adce994c8290cc9d7e4c4f5aa6
Signed-off-by: Michael Yu <michael.a.yu@nokia-sbell.com>
|
|
Type: fix
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Change-Id: I617fb365def22a28d48f75013dea38f8e1703a44
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I20daa023eed50f8b42e8dc2d17e47a54aa16ae31
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4ac923fda84feee8d2ad76d0c3e3a252f53008ed
|
|
Type: docs
Change-Id: I9b5e5137eb4c1e89f6e8d7a278cd11a0fd496471
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Fix coverity issues in crypto framework and cryptodev
engine.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ib261da0163c8182c803600db22c5a6dad5a19999
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51660e4b02f449bd2db12a8cfd395c6c343d2dee
|
|
Type: feature
thus allowing NAT traversal,
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: style
Change-Id: Iccd2c205059abcdf121093ff03da603fe3dda1f7
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add an IP_ROUTE_LOOKUP function that does either an exact match or
longest prefix match in a given fib table for a given prefix
returning the match if present.
Add API test.
Type: improvement
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
|
|
Type: feature
Change-Id: I37752af8496e0042a1da91124f3d94216b39ff11
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Binary API message handlers need to check sw_if_index
values.
Found in binary api fuzz testing.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie47546ef36590b90ed481b14cf812afbecf7981c
|
|
Type: improvement
- inline some common encap fixup functions into the midchain
rewrite node so we don't incur the cost of the virtual function call
- change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header
- add adj-midchain-tx to multiarch sources
- don't run adj-midchain-tx as a feature, instead put this node as the
adj's next and at the end of the feature arc.
- cache the feature arc config index (to save the cache miss going to fetch it)
- don't check if features are enabled when taking the arc (since we know they are)
the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc)
for IPSec:
- don't run esp_encrypt as a feature, instead when required insert this
node into the adj's next and into the end of the feature arc. this
implies that encrypt is always 'the last feature' run, which is
symmetric with decrypt always being the first.
- esp_encrpyt for tunnels has adj-midchain-tx as next node
Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70c63db91c3512fb724bba4762e3ca1e369ca421
|
|
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API
messages, e.g. by xoring random data into them before processing. We
specifically exempt client connection messages, and inband debug CLI
messages. We step over msg_id, client index, client context, and
sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn
anything.
The goal is to reduce the number of crashes caused to zero. We're
fairly close with this patch.
Add vl_msg_api_max_length(void *mp), which returns the maximum
plausible length for a binary API message.
Use it to hardern vl_api_from_api_to_new_vec(...) which takes an
additional argument - message pointer - so it can verify that
astr->length is sane. If it's not sane, return a u8 *vector of the
form "insane astr->length nnnn\0".
Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...)
and vl_api_dhcp6_pd_send_client_message_t_handler(...).
Add a fairly effective binary API fuzz hook to the unittest plugin,
and modify the "make test" framework.py to pass "api-fuzz { on|off }"
to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
|
|
Type: refactor
This patch refactor the existing flags and also add a new
flag for packet coalescing.
Change-Id: Ic826e4c81313f26d87c475cdf666b06cbed60a3a
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Change-Id: I5e1f7c37d612f4666edf2262b457ae0e13f20791
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
|
|
Type: feature
Change-Id: I6f607f383dc77a71e8712124f7613b38b4ac065a
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
Ticket: VPP-1837
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ibf468970b56fc6bf8d5fb6ba491dd3e727464fc0
|