Age | Commit message (Collapse) | Author | Files | Lines |
|
Packets arriving on an IPsec tunnel interface
are decrypted and forwarded even if the
interface is down.
Check interface flags. If the interface is down,
cause packet to be dropped and increment the
counters for drops.
Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: Ie942efab86d24a953fe34754e3d50df54b560dc0
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
DBGvpp# set int ip addr loop0 10.10.10.10/24
DBGvpp# set int ip addr loop0 10.10.10.11/24
set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0
Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Thanks to DucTM for spotting the issue.
Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Replace binary API communication between CP and DP with
direct communication using function calls and callbacks.
Change-Id: Ib54f09062217c028e5ee0e96ae2449cf7e9224e3
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Instead of repeatedly cutting, pasting, and hacking to create a new
callback, use vnet_flow_rewrite_generic_callback(). Add three
arguments to the flow rewrite callback:
(in) pointer to an array of report elements,
(in) length of array,
(out) pointer to the stream index
Change existing code prototypes. Code owners encouraged to evaluate
whether they can use the generic callback or not, at leisure.
/* ipfix field definitions for a particular report */
typedef struct
{
u32 info_element;
u32 size;
} ipfix_report_element_t;
Best generated like so:
_(sourceIPv4Address, 4) \
_(destinationIPv4Address, 4) \
_(sourceTransportPort, 2) \
_(destinationTransportPort, 2) \
_(protocolIdentifier, 1) \
_(flowStartMicroseconds, 8) \
_(flowEndMicroseconds, 8)
static ipfix_report_element_t simple_report_elements[] = {
foreach_simple_report_ipfix_element
};
...
/* Set up the ipfix report */
memset (&a, 0, sizeof (a));
a.is_add = 1 /* to enable the report */ ;
a.domain_id = 1 /* pick a domain ID */ ;
a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ;
a.rewrite_callback = vnet_flow_rewrite_generic_callback;
a.report_elements = simple_report_elements;
a.n_report_elements = ARRAY_LEN (simple_report_elements);
a.stream_indexp = &jim->stream_index;
a.flow_data_callback = simple_flow_data_callback;
/* Create the report */
rv = vnet_flow_report_add_del (frm, &a, &template_id);
if (rv)
return rv;
...
Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Idae4ecb60351f2e74bad2f2a33c073de8412fcb0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I1f7877af61f3726cfb7b93ce7893f6df23e866a6
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them
up to date. The neighbor of an entry is probed if its time-stamp
is older than 1 minute. If the neighbor respond, its time-stamp
will be updated. If there is no response from a neighbor, its
entry will be deleted when the time-stamp of the entry become more
than 4 minutes old. Static neighbor entries are not probed nor
deleted.
Implemented CLI and API to enable and disable priodic scan of IPv4,
IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and
API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan
parameters can also be changed from their defaults via the CLI/API.
Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I1f7c634328f25b33580a215af2daeb498cd3b181
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Iaa28f96d613d6fb75bd29958d757de206448eb22
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Due to union, l2 sub-interface bits were wrongly set
causing sporadic misconfiguration of l2 mode on some
interfaces.
Change-Id: Id77ee281e3a0030878641a786c22ffe16ce1c759
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
It is much cheaper to use ctzll than to do shift,subtract and mask
in likely case when we are looking for 1st set bit in the uword.
Change-Id: I31954081571978878c7098bafad0c85a91755fa2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The pointer to IP header was derived from l3_hdr_offset,
which would be ok, if l3_hdr_offset was valid. But it does not
have to be, so it was a bad solution. Now the previous nodes
mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt
we count get ip header pointer by substracting the size
of the ip header from the pointer to esp header (which lies
in front of the ip header).
Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16
Signed-off-by: Szymon Sliwa <szs@semihalf.com>
|
|
When a DHCP client is in the bound state, it wakes up
halfway through it's lease (by default) to try and renew
the lease. The ip4-dhcp-client-detect is not enabled as
a feature at this point, so replies sent from the DHCP
server do not get applied to the lease. Eventually the
lease expires, the address is removed from the interface,
a new discovery is performed and the same address is added
back to the interface.
Before sending a request to renew in the bound state, enable
the feature to process the reply.
Change-Id: I95332ee0596f47df6f3c8bf8e3f0698dde9a1fc5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: I1c8a14d4d51aa730f0edcf491e3c4725e2d8bd66
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- rework the function to declutter and avoid building more than one tx
frame
- add dual loop although benefits in my tests seem to be minimal
- improve tcp/udp echo external apps. They have slightly better
throughput than internal echo apps.
- udp bugfixes
Change-Id: Iea4a245b1b1bb407a7f403dedcce2664a49f774b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I2b50e3fc06b4e905395d4706083f12ebc76826ce
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I9937912cd760698e39044e8ae022a90b58c8db30
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I9363cf54b73f7cfd8622af6f1cb250438ea0d3b6
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Object sizes must evenly divide alignment requests, or vice
versa. Otherwise, only the first object will be aligned as
requested.
Three choices: add CLIB_CACHE_LINE_ALIGN_MARK(align_me) at
the end of structures, manually pad to an even divisor or multiple of
the alignment request, or use plain vectors/pools.
static assert for enforcement.
Change-Id: I41aa6ff1a58267301d32aaf4b9cd24678ac1c147
Signed-off-by: Dave Barach <dbarach@cisco.com>
|
|
Change-Id: I565d79af410825c72f291ab40178883b1bc6f1df
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
If sessions are not preallocated, the rx retries counters are not
correctly validated/initialized
Change-Id: Iaf7456f3a0e2181fcea0c370613d694f8e98276d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Two vxlan union/struct initializations caused gcc on
CentOS 7 to puke. Modified them to make the build
work again.
Change-Id: Iad667444b86cfde5ee4329993b520028d3b593ad
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
moving the rewrite into the tunnel struct
Change-Id: Iec74b48e13456d32957e826cffb5ea35a8ebd1a0
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I906e58b4f9827a79a6ab673f8fa2e03036c69820
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I2d39e56ff605e3a24927d6330d65d0406f588381
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5cab31639e7819c9ab7e9c9159d931b25161d00b
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- move the IPv6 incomplete and glean node to ip6_neighbour.c (so it has access to ip6_neighbour_main_t)
- use the RA info config on the interface to find the multicast adj to use
Change-Id: I835e419072abe54fb09dafb0e7eb0a9e50eba1af
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - use bit-map to re-use ID values and thus VLIB nodes
2 - free vrings
3 - free hw_address on HW interface delete (a HW * struct is memset on pool_get)
4 - free temporary node names during TX node setup
Change-Id: Id114c8bb9c844fd4ceb02fbbeb4b511ecfeb61ce
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I2794384557c6272fe217269b14a9db09eda19220
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Currently for VXLAN IPv4.
Change-Id: Id4b8bc0d9f6ab043810e4d1b9f28e01c27ce0660
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
|
|
It is possible for span-input to get call with sw_if_index which is greater than
sm->interfaces and crashes in span_mirror () in the following line
span_interface_t *si0 = vec_elt_at_index (sm->interfaces, sw_if_index0);
For example, span-input mirrors a main interface as source, it may actually get
call for traffic coming in from the subinterface and crashes.
The fix is simply to check if sw_if_index >= vec_len (sm->interfaces) and
punt if it is.
Change-Id: I8312eb321d638518e14ba2326fffd1a7919646ca
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 516d63ff2c6671f3b0dc641511a50017a9804179)
|
|
Change-Id: I379150a88f2d53d6281be41e8bad6fc4f4e88a71
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
from encap path
Change-Id: I62a8d13495355ad5e687f13b86c2a5d360bb2b7f
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I69fee1dcf07a4d2eed69a59f0a36e63e3741ed4e
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
When walking all adjacencies for a given {next-hop,interface} instead of
walking all the adjacencies on that interface and matching the next-hop
(which is O(n) in the number of adjacencies on that link, find all instances
of an adjacency with any link-type and wtih that {next-hop,interfacE} pair:
this is O(1).
Change-Id: Ic80399fc9e93c8df111379c039e592d8cafbab18
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
[VPP-1251]
Problem:
When the bond subinterface is removed, it was observed that we lost the lacp
partner. Show hardware shows rx counter goes up, but show interface does not
for the slave interfaces.
Cause:
We reset the interface promiscuous mode when the bond subinterface is deleted.
This causes dpdk not to accept any packet. Leave the interface in promiscuous
mode fixes the problem.
Other fixes:
There are few places we use hw_if_index as if they are sw_if_index. But they
don't necessarily have the same value. As soon as a subinterface is created,
they start to diverge. The fix is to use the correct API for the hw_if_index
and sw_if_index.
Change-Id: I1e6b8bca0a4aae396d217a141271cbf968500c91
Signed-off-by: Steven <sluong@cisco.com>
(cherry picked from commit 42c6599bf3057a7e8f4f00f5b6a9dd72af48d283)
|
|
obvious leak of parent_indices
Change-Id: I572b33de1756c8062a87c754117d990622fe12fe
Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
|
|
Some scenarios not involving ip[4,6]-input paths might benefit from IP
header QOS fields recorded and applied.
An example: L2 (overlay) traffic being encapsulated by VPP in VXLAN
and transmitted on another (underlay) interface might want the QOS
information carried over in the outer IP header.
Change-Id: I4d9462c47ae6ba97680edb1e53340b17cfd7845b
Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
|
|
set the IS_RX flag based on CLI 'l2-input-on'
Change-Id: I53d9129a7c09f605c1eb55753426f392b1b480bc
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Should be more resilient to ack losses
Change-Id: Icec3b93c1d290dec437fcc4e6fe5171906c9ba8a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I9ab11ba9f958c679112eb22c8db39cb269a29dc7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
When creating an IPsec tunnel interface, allow a numeric
identifier to be set for use in the interface's name in
place of the dev instance. Default to using the dev instance
if no value is explicitly set.
When an IPsec tunnel is deleted, the interface is deleted
now instead of being kept in a pool of available hw
interfaces. Otherwise there was the possibility of
conflicting tx node names between deleted tunnels and
newly created ones.
Change-Id: Ic525466622a0dec38a845fa5871c084f6d9da380
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Change-Id: Ibf3ef82950f50b746394a731cd2e7cba1cd16ec4
Signed-off-by: John Lo <loj@cisco.com>
|