Age | Commit message (Collapse) | Author | Files | Lines |
|
An SA is normally bound to the first thread using it. However, one
could want to manually bind an SA to a specific worker.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
|
|
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I07f54bb643c24b1839a2d0e93acc593d13a43fed
|
|
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I435ff10fa3af15b0bed83607aca508a1c087a159
|
|
Packet-generator does not support TCP options.
Along with its support, a formatting function has been added.
Further work will be needed to update header formatting functions
to take into account TCP connection options. For now, TCP options
are taken on a per-packet basis.
Type: improvement
Change-Id: Id800887853c4941d893be353ce6d8624ed8bbc5d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Make sure half-open sessions are marked as transport closed once
connected notification is provided. This ensures that if they've been
scheduled for tx, the event is ignored.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
|
|
Type: fix
Ticket: VPP-2078
Change-Id: I418269632bdfc823c5f0ba7652957277276d294d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
TCP nodes consume the buffers so they have no nexts. To avoid long drop
path through vlib graph, add drop node.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
|
|
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
|
|
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I46b8194ff00c6a0a4a2bc19df9991f037856cede
|
|
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
|
|
Type: fix
Change-Id: I879594fcade4e081190e8dfb1dbcfc53e8431edf
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Idada695432d2bfac8808f35f1e8cd16f84d963c6
|
|
commit failed
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib4c61906a9cbb3eea1214394d164ecffb38fd36d
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I484f3759b6c27052e08741398ec389729285f035
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I323946f7838507110c663f5a904399a74fc76691
|
|
Type: docs
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I36764aa3c0e9657d228413aeafa0a54bbd755e49
|
|
Peer fib index and nh fib index should be different when nh-table-id is
specified.
Type: fix
Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
There was already a basic type defined, but nothing more.
This implements callbacks similar to
ip4_enable_disable_interface_callback_t.
Type: feature
Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d
Signed-off-by: Adrian Pistol <vifino@posteo.net>
|
|
The order of the parameters when calling the ip_neighbor_probe_dst for
an aged neighbor is wrong and given that it runs on the master thread,
probes for IPv6 neighbors were never sent, leading to a certain neighbor
strike out and death and its removal from the neighbor cache.
Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360
Type: fix
Fixes: fd2417b2a42
Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
|
|
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: docs
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I57f27f8ec4be7f3d8dc3d13ff4ea6b1b21c3cf6b
|
|
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib0ca3379439d6ee23e696f8f0840e6ddf42430b8
|
|
This caused that failed to create flow rule with rss types.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I77696286a32804cbe884075cb027eec19eb5c7cb
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Print fib-index, next node index and opaque.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic28da52b9c8286f71e472ef6c3afc23d464f85b0
|
|
Move GRE folder under vnet to the plugin folder, and modify some of path
of the #inlude<header> to the new path.
Add a plugin.c file to register a plugin.
JIRA: VPP-2044
Type: improvement
Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5
Signed-off-by: Chuhao Tang <nicotang@cisco.com>
|
|
Make sure half-open table is cleaned up on close and cleanup of
half-open.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
|
|
After the clib_socket_init syntax changed, the behavior of VCL
socket creation was broken. This patch introduces app_namespace_add_del_v4
to address the behavioral change.
Type: refactor
Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
traceroute sends 3 packets rapidly that triggers and depends on ICMP error
generation. The current ICMP4 throttle setting at 1-e3 throttles the last
ICMP error and makes traceroute sit in a timeout.
Type: fix
Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib188f3331696dff6357a18f5bac5f1db3cefaeab
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id4ca9a749a343c55b24f6eb4b5eb0909a57e0c23
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Iaa3ad87d56163396476bcaaa34e52948b9032f4e
|
|
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
|
|
support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
|
|
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
|
|
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
|
|
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
|
|
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|