Age | Commit message (Collapse) | Author | Files | Lines |
|
When the src-address to add match a route
without a valid output interface(such as default route 0.0.0.0/0),
fib_entry_get_resolving_interface() will return (u32)~0,
which will cause crash in ip4_neighbor_proxy_enable().
Type: fix
Signed-off-by: Mercury <mercury124185@gmail.com>
Change-Id: I5aee5676a2ff43ec06745ebed4dba2b9e5b98c4d
|
|
If a fragment arrives with fragment offset = 0 and M = 0, it means that
this is actually a complete packet and per RFC 8200, it should be
treated independently from other fragments. This patch does that.
Fragmentation header is stripped and fragment is forwarded irregardles
of other existing reassemblies in case of full reassembly and treated
the same way as regular packet in shallow virtual reassembly.
Type: improvement
Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Improve vppapigen to generate per-message #define indicating whether
said message is dynamically sized (due to VLA or string) or not. Use
these #defines in REPLY_MACROs to prevent improper usage. Fix existing
improper REPLY_MACRO* usage.
Type: improvement
Change-Id: Ia77aaf9f6cf3ed68ea21075a4cc8deda78a68651
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ied4fe0f2b35eeca4e3e82fa21346de7f243aa52a
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I42b5a5a07aae6708a20ed424c8f26ddbe91278fb
|
|
fib_sas6_get is called with NULL dst explicitly so add a NULL check to
avoid a NULL dereference.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I8ebcba98832f374991f5442c1b83a4b6e64771d0
|
|
Type: fix
Fixes: f16e9a5507
If an attempt to submit an async crypto frame fails, the buffers that
were added to the frame are supposed to be dropped. This was not
happening and they are leaking, resulting in buffer exhaustion.
There are two issues:
1. The return value of esp_async_recycle_failed_submit() is used to
figure out how many buffers should be dropped. That function calls
vnet_crypto_async_reset_frame() and then returns f->n_elts. Resetting
the frame sets n_elts to 0. So esp_async_recycle_failed_submit() always
returns 0. It is safe to remove the call to reset the frame because
esp_async_recycle_failed_submit() is called in 2 places and a call to
reset the frame is made immediately afterwards in both cases - so it
is currently unnecessary anyway.
2. An array and an index are passed to esp_async_recycle_failed_submit().
The index should indicate the position in the array where indices of the
buffers contained in the frame should be written. Across multiple calls,
the same index value (n_sync) is passed. This means each call may overwrite
the same entries in the array with the buffer indices in the frame rather
than appending them to the entries which were written earlier. Pass n_noop
as the index instead of n_sync.
Change-Id: I525ab3c466965446f6c116f4c8c5ebb678a66d84
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I231f782b3c56dc2b10321e4569ac7acdad1c11da
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Refactor and improve boundary checking on IPv6 extension header handling.
Limit parsing of IPv6 extension headers to a maximum of 4 headers and a
depth of 256 bytes.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: fix
When registering a new FIB node type, no name was required on the API, and so no name was printed.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
|
|
Type: improvement
Change-Id: I7c341dc4a99898dd1f865ac2ebd99de9898bb0bd
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Make sure segment is empty after writer lock acquired. Other workers
might add fifos in between empty test and writer lock acquire.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3400fdd14be98d9d8fb4e415d3a849be1d255241
|
|
Avoid constantly re-mapping a listener's first segment when all its
sessions are closed.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iea7033fb70f4cf9e4408d542b7c0ff2b0c5c2f92
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3e633f017c68e8c5446e45b577048138a387daf6
|
|
Acceping sessions might be rejected so the notification might not make
sense.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3ababdce7c2cec62941d9722a9c06fa48ec547db
|
|
The code to check the exp is set after the call to pool_get()
is marked as unreachable in coverity. This is becasue if it
fails in pool_get then the it panics. Remove the unreachable code.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Iabb51b6b6788b6c12ef37c28dde2118c798de831
|
|
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: Iab857b056639f7e513f87a6095bea081b7d8349c
|
|
Type: fix
This fixes the GSO size calculation in af_packet
which didn't include the ethernet size.
This is not ideal, as we default to the host
side mtu to check whether a packet is GSO or not
and to set the GSO size. But there doesn't seem
to be more info passed with the packets.
Change-Id: I9769e1dd21d5989b4cf67295352b5535454f88d1
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- Always check session ownership
- Improve test for main thread rpc
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5fa60f7f5de199af0966987f9ce9a4cc8180cf98
|
|
- Disconnect ct peer only after tx events have been drained
- Make sure session/connection is in healty state before rx/tx
notifications
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic6e684410a98530cc95a9c6c54c05a19c17c11d9
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ifcb631ed2913e5f4fc318238de9100286a7990d2
|
|
L2 prefetches the vlib_buffer_t and then immediately writes to l2 split
horizon group. Changing to the prefetch to a prefetchw.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: If3b7996978ee80f99c55904692c7b3c905f537ce
|
|
This patch ensures that fifo segment has at least the size that was
requested during allocation.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iea8a885ac290183e25e5c8f9163bba226c5efa15
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie2ed2554578d6a2c671c552dc2bdc081f9754eed
|
|
Type: improvement
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: BenoƮt Ganne <bganne@cisco.com>
Change-Id: I2f30a4f04fd9a8635ce2d259b5fd5b0c85cee8c3
|
|
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that
main struct is correctly sized for all multiarch permutations.
Type: fix
Fixes: 290526e3c
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I10af028b5e57b36b8015b02240f1e4e9a42d0898
|
|
On interface delete we were not removing
the lock taken by a previous ip_table_bind()
call thus preventing the VRFs to be removed.
Type: fix
Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Iec9dacde170533ca16e8117787e62da8af69ae96
|
|
The current code that sends ipfix packets assumes IPv4. Modify this
so that it generates and sends packets based on whether the destination
address is IPv4 or IPv6. Where code is common across multiple places
pull it out into helper functions.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I216c6c4c1b58cacedca22019f74a38c64a368b7e
|
|
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific
version. Modify the current code so that it writes into the v4 specific
part of the address, i.e. we are not yet fully supporting IPv6. For the
exporter configured via the original API (the one that is always in slot0)
we will not support IPv6 addresses.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
|
|
Rename the local variables used when building ipfix export packets to make
it clear that they are v4 specific variables.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I3a5a623aeb0b6f2b7fcdafb3fc19c500934c529b
|
|
When a new flow-report is created the caller provides 2 callback functions.
These functions both take a pointer to the exporter, plus a pointer to the
source and dest address. However the pointers to the address are not adding
any value as these are always set to the src/dest addresses of the exporter
(which is already being passed). Remove these parameters and leave the
callback functions to get the addresses out of the exporter.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
|
|
The ipfix exporter should be doing most of the work of building packets
and sending them rather than leaving every client of the exporter to do
all the work themselves. Start to move towards that by adding APIs to
get and send buffers. Store the state of this in new per thread data on
the report so that we can send with minimal use of atomics. We do need
an atomic for the sequence number in the packet though as that contains
the number of data_records sent for the 'stream', not just for a single
core. As the state is stored on the flow_report_t the caller needs to
know which report they are using, so add a field to the args struct used
to create the report that is used to pass back the report index on success.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I222b98a3f0326b3b71b11e0866a8c9736bed6dc1
|
|
Add a new API to dump all the exporters. As the destination struct
type is not the same as for the existing dump/details API no
attempt is made to use the existing code to populate the structure.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I409f80285b107a530e0e4f3c6a047a803815a0ec
|
|
The existing api set_ipfix_exporter only allows for the creation of
a single exporter. In some cases it is desirable to export data to
multiple different destinations. Allow users to create multiple
ipfix exporters to support this.
Add a new api that allows for the creation of multiple exporters, and
store them in a pool of exporters. The exporter created by the old API
will always be in index 0 of the pool. Exporters created by the new API
will be given the next available index in the pool, and will return this
index to the API caller so that they can track the exporter they created.
The collector_address is the key for the exporter, so changes can be made
by doing a further call to the API with the same collector_address.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Id71c98cffcf8d141d890b40fb90a40b90a91d1d6
|
|
Split this api handler into 2 parts. The first is the top level handler
and the second is the internal helper function that does all the work.
This is in preparation for having a similar API that allows multiple
exporters to exist at the same time.
Type: refactor
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ibd4037682742f4c2f52b4cd1346d35fb2029461d
|
|
Pass an ipfix_exporter to this function so that callers can choose which
exporter they are modifying.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
|
|
The functions that work on streams were getting the set of streams
directly from flow_report_main. Modify them to take an ipfix_exporter
as an argument, and then any processing they do is only for this
exporter.
Type: refactor
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I32bd9a6ba32a15ec4d4ec9556a9b75f3d83fcd6e
|
|
Pull out the fields in flow_report_main_t that are specific to a single
exporter and move them into a new structure that represents an exporter.
Add a pool of exporters to flow_report_main_t and do a pool_get() to get
the entry at index 0, so that the existing users of the code need only
change the path at which they access the old fields and have no need to
make further code changes. In functions that were accessing the fields
that now make up the ipfix_exporter create a local var that points to the
first (always valid) exporter and use this as the base for the fields
rather than finding them from flow_report_main.
This is in preparation for supporting multiple flow_exporters.
Note that at the moment the code supports multiple 'streams' for a given
exporter, where each stream has its own source port, domain id and template
space. But all streams within an exporter have the same destination address,
so this is not the same as multiple exporters.
Type: refactor
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
|
|
Type: fix
Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface.
Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node).
rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive.
There's also a fix in config string handling to:
1- prevent false sharing of strings when the end node of the arc is different.
2- call registered listeners when the end node is changed
For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5b6cb8dd9db7e003a470ca4aeb8472fa7cb9a128
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9e5438a2f82762aa8a88bbacf4290151ef30969e
|
|
Type: improvement
make the ip_prefix_cmp take const paramenters.
plus some other miscellaneous functions.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
|
|
This affect udp only
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5e05e9c77b733b9e10c14cc9ef610c9bff216fa0
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ife1e046b62bb0679419fd1346e973d0e3ea55489
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I11de851949afd90a37c102ed0c00969a4cc73df4
|
|
The node ip6_not_enabled should be marked as sibling of
ip6-drop as both are start nodes of the ip6-drop arc.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
|
|
There are no implementations for this function so remove it.
Type: improvement
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I793b015ea1657edd1de719c2a574799aeb8b74d5
|