Age | Commit message (Collapse) | Author | Files | Lines |
|
the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.
In detail, this constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};
doesn't get the job done:
ip4-unicast:
[17] nat44-out2in
[23] ip4-dhcp-client-detect
[26] ip4-not-enabled
Add a proper constraint:
VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat44-out2in",
.runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
"ip4-dhcp-client-detect"),
};
and the interface feature order is OK, at least in this regard:
ip4-unicast:
[17] ip4-dhcp-client-detect
[18] nat44-out2in
[26] ip4-not-enabled
We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!
Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ic1fab1f3aba92bbdbfd281459562d1f9697ab465
Signed-off-by: John Lo <loj@cisco.com>
|
|
- fix newreno cwnd computation
- reset snd_una_max on entering recovery
- accept acks beyond snd_nxt but less than snd_congestion when in
recovery
- avoid entering fast recovery multiple times when using sacks
- avoid as much as possible sending small segments when doing fast
retransmit
- more event logging
Change-Id: I19dd151d7704e39d4eae06de3a26f5e124875366
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Should cost at most 1 clock per frame when not enabled.
Add "pcap rx trace..." debug CLI, refactored "pcap tx trace" debug CLI
to avoid duplicating code.
Change-Id: I19ac75d1cf94a6a24c98facbf0753381d37963ea
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Replace clib_warning with vlib_log_warn
Change-Id: I6d0b8d97048b75f4418609264af0c14e19fad79b
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Thanks to Ning Li <muziding001@163.com> for reporting.
Change-Id: I758bc6760ec5a9ec688172bc162a1873f96ab4f3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
- hash is great. But it is a bit too slow for the DP. Use direct array indexing
to quickly retrieve the slave interface.
- the algorithm used by flow hash is great. But it is a bit too slow for the DP.
Use l2_hash_hash() extracted from lb_hash.h which ECMP is using. It makes use
of intrinsic crc32 instruction set.
- shortcut modulo arithmetic when the operand is 2**x (where x up to 4) to
avoid division instruction.
- special case for link count == 1 in bond_tx_fn()
- use clib_mem_unaligned to access data for the packet to avoid alignment error
- Fix some typos for packet tracing.
Change-Id: I8eae3ad497061c5473aa675ba894ee0211120d25
Signed-off-by: Steven <sluong@cisco.com>
|
|
Change-Id: I8335ebf266becf2f42bb3f28a17dfed8d9b08f97
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add support for either copying TOS/TC from inner packet to outer,
or set to fixed value.
Change-Id: I716a95f875349acec94317b266c8cf9f2f81a785
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I8cbd1eac80ae4aeb173d02786e9ccf3b4877304d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fix GRE/IPv6 setting of ip->payload_length (which has never worked).
Change-Id: Ie68f1cc7bbb70489d6ec97356132c783f2345e1e
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I7a4133c59ff45b0744b48e246a049d9f015026fc
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Note: The Python, Java and C/C++ bindings must be updated before ip/ip_types.api can be used.
ip_types.api:
typedef ip4_address {
u8 address[4];
};
typedef ip6_address {
u8 address[16];
};
enum address_family {
ADDRESS_IP4 = 0,
ADDRESS_IP6,
};
union address_union {
vl_api_ip4_address_t ip4;
vl_api_ip6_address_t ip6;
};
typedef address {
vl_api_address_family_t af;
vl_api_address_union_t un;
};
Change-Id: I22f67092f24db5bd650a03c6f446a84cd9fd1074
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Change-Id: I6615bb612bcc3f795b5f822ea55209bb30ef35b5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Replace hash with a vector to improve performance.
Plus other minor performance improvements.
Change-Id: I3f0ebd909782ce3727f6360ce5ff5ddd131f8574
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I37705fb572045f42be4c2dabbd8460c8f8872167
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Remove functions which have native C equivalent (i.e. _is_equal can be
replaced with ==, _add with +)
Add SSE4.2, AVX-512 implementations of splat, load_unaligned, store_unaligned,
is_all_zero, is_equal, is_all_equal
Change-Id: Ie80b0e482e7a76248ad79399c2576468532354cd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4f245fd225bcc563fafee2696cd039477d661c57
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: If01400e3434b25b2da36ba28ceb8444b216d0e38
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I44278dea2ee1daa147b0928bfe26e861907a209f
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I8c64a0d2f757d96ffa7fd042c23b0d814217c215
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Add a session process node that handles main thread tx and retransmit in
order to avoid having a polling input node.
Change-Id: I3357e987c023a84b533b32793e37ab4204420f64
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Idff55a19d27fed0d57e222f38d2e16c5367911cb
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
vnet_feature_enable_disable_with_index() checks the
return status of vnet_config_{add,del}_feature().
If the config string heap index returned is the same
index that was in use prior to the add/delete, it is
concluded that a failure occurred and processing of
the feature stops.
Sometimes the config index that is returned
can legitimately be the same index that was in used
before the add/delete. The old list of features can
have its heap entry deallocated before a new entry for
the new list is allocated. The heap entry for the new
list can be the entry that was deallocated while
deleting the old one.
Make vnet_config_{add,del}_feature() return ~0 on
failure. Look for that return value as an indication
that an error occurred in
vnet_enable_disable_feature_by_index().
Change-Id: I88bb3ff88a76971c1b5e5ece74784ce8ba78373c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Add default route to the VRF table in which the interface is bound.
Add missing pool_put.
Change-Id: Id76c7dbfbf9bcf18357f372f3eee9b931df1995e
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I4b6577b496c56f27f07dd0066fcfdfd0cebb6f1a
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I9ede6bc861350c7d9e78fa4d96cd584c2816d06f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Set vnet_buffer2(b0)->pg_replay_timestamp, for use when desired.
Fix a memory leak in pg_stream_free(...), which wasn't freeing the
replay packet templates.
Change-Id: I01822a9e91a52de4774d2b95cf0c2ee254a915e9
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Packets arriving on an IPsec tunnel interface
are decrypted and forwarded even if the
interface is down.
Check interface flags. If the interface is down,
cause packet to be dropped and increment the
counters for drops.
Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie942efab86d24a953fe34754e3d50df54b560dc0
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
DBGvpp# set int ip addr loop0 10.10.10.10/24
DBGvpp# set int ip addr loop0 10.10.10.11/24
set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0
Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Thanks to DucTM for spotting the issue.
Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Replace binary API communication between CP and DP with
direct communication using function calls and callbacks.
Change-Id: Ib54f09062217c028e5ee0e96ae2449cf7e9224e3
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Instead of repeatedly cutting, pasting, and hacking to create a new
callback, use vnet_flow_rewrite_generic_callback(). Add three
arguments to the flow rewrite callback:
(in) pointer to an array of report elements,
(in) length of array,
(out) pointer to the stream index
Change existing code prototypes. Code owners encouraged to evaluate
whether they can use the generic callback or not, at leisure.
/* ipfix field definitions for a particular report */
typedef struct
{
u32 info_element;
u32 size;
} ipfix_report_element_t;
Best generated like so:
_(sourceIPv4Address, 4) \
_(destinationIPv4Address, 4) \
_(sourceTransportPort, 2) \
_(destinationTransportPort, 2) \
_(protocolIdentifier, 1) \
_(flowStartMicroseconds, 8) \
_(flowEndMicroseconds, 8)
static ipfix_report_element_t simple_report_elements[] = {
foreach_simple_report_ipfix_element
};
...
/* Set up the ipfix report */
memset (&a, 0, sizeof (a));
a.is_add = 1 /* to enable the report */ ;
a.domain_id = 1 /* pick a domain ID */ ;
a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ;
a.rewrite_callback = vnet_flow_rewrite_generic_callback;
a.report_elements = simple_report_elements;
a.n_report_elements = ARRAY_LEN (simple_report_elements);
a.stream_indexp = &jim->stream_index;
a.flow_data_callback = simple_flow_data_callback;
/* Create the report */
rv = vnet_flow_report_add_del (frm, &a, &template_id);
if (rv)
return rv;
...
Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Idae4ecb60351f2e74bad2f2a33c073de8412fcb0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1f7877af61f3726cfb7b93ce7893f6df23e866a6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them
up to date. The neighbor of an entry is probed if its time-stamp
is older than 1 minute. If the neighbor respond, its time-stamp
will be updated. If there is no response from a neighbor, its
entry will be deleted when the time-stamp of the entry become more
than 4 minutes old. Static neighbor entries are not probed nor
deleted.
Implemented CLI and API to enable and disable priodic scan of IPv4,
IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and
API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan
parameters can also be changed from their defaults via the CLI/API.
Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I1f7c634328f25b33580a215af2daeb498cd3b181
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Iaa28f96d613d6fb75bd29958d757de206448eb22
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Due to union, l2 sub-interface bits were wrongly set
causing sporadic misconfiguration of l2 mode on some
interfaces.
Change-Id: Id77ee281e3a0030878641a786c22ffe16ce1c759
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
It is much cheaper to use ctzll than to do shift,subtract and mask
in likely case when we are looking for 1st set bit in the uword.
Change-Id: I31954081571978878c7098bafad0c85a91755fa2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).
Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
When a DHCP client is in the bound state, it wakes up
halfway through it's lease (by default) to try and renew
the lease. The ip4-dhcp-client-detect is not enabled as
a feature at this point, so replies sent from the DHCP
server do not get applied to the lease. Eventually the
lease expires, the address is removed from the interface,
a new discovery is performed and the same address is added
back to the interface.
Before sending a request to renew in the bound state, enable
the feature to process the reply.
Change-Id: I95332ee0596f47df6f3c8bf8e3f0698dde9a1fc5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I1c8a14d4d51aa730f0edcf491e3c4725e2d8bd66
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- rework the function to declutter and avoid building more than one tx
frame
- add dual loop although benefits in my tests seem to be minimal
- improve tcp/udp echo external apps. They have slightly better
throughput than internal echo apps.
- udp bugfixes
Change-Id: Iea4a245b1b1bb407a7f403dedcce2664a49f774b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I2b50e3fc06b4e905395d4706083f12ebc76826ce
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|