Age | Commit message (Collapse) | Author | Files | Lines |
|
When the NIC does not support mac filter, we rely on ethernet-input
node to do the destination mac check, ie, when the interface is in L3,
the mac address for the packet must be the mac address of the
interface where the packet arrives. This works fine in ethernet-input
node when all packets in the frame might have different interfaces, ie,
ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is not set in the frame. However,
when all packets are having the same interface,
ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is set, ethernet-input node goes
through the optimized routine eth_input_single_int -> eth_input_process_frame.
That is where dmac check has a bug when all packets in the frame are
either, ip4, ip6, or mpls without vlan tags. Because without vlan tags,
the code handles all packets in fast path and ignores dmac check.
With vlan tags, the code goes to slow path where dmac check is handled
properly.
The fix is to check if we have a bad dmac in the fast path and force the
code to go to slow path which will handle dmac check properly.
Also do a wholesale correction on all the testcases which do not use
the proper dmac when sending L3 packets.
Type: fix
Change-Id: I73153a805cecdc24c4eefcc781676de04737ae2c
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
set_interface_name may crash if wrong sw_if_index is passed e.g. ~0
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: Ic7e400c914fb33c2f9eac4f2985bb5b163a18d57
|
|
Type: improvement
Change-Id: I955fbef0e0238cb69307e96cd1c677061737e5f3
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This commit adds missing support in CLI for creating ipsec itf
in p2mp mode.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I1bd1cc6667625b8e527af8d25bd8e723751dbc41
|
|
Currently ipip tunnel allows to use an empty addresses for dst when we
trying to add tunnel, but it doesn't return it correctly on ipip dump
call. There is case when we create an ipip tunnel with an empty ipv6
address, address is zero, but AF is ipv6. And when we dump ipip tunnels
we get an emtpy ipv4 address instead of an empty ipv6 address.
There is no point to detect AF for each address in
send_ipip_tunnel_details, because ipip tunnel can't handle different
AF for src and dst addresses, and prohibits creating ipip tunnel
with different AF of dst and src addresses.
With this fix, send_ipip_tunnel_details function return a correct AF
despite address value.
Type: fix
Change-Id: Ib343293ad79a300cdb70135fffbfd156dfef6e27
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
|
|
Type: fix
Fixes: c4c205b091934d96a173f4c0d75ef7e888298ac7
Change-Id: I110729601a9f19451297883b781ec56e2b31465b
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Force transport and session cleanup on session detach if transport is
already closing. This should also avoid races between transport
initiated session cleanups and pending session control events.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
|
|
Type: fix
Change-Id: I5f309ca4db4ae4a3e475d87b8f0188c4ead5e562
Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
|
|
Type: fix
Change-Id: I0a43a37971d03a700926d59e848f0b6e6dbeb19a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ib824d0ca9efc7d8967e043db69017655b2dcf6b5
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
The rewrite string can be up to max_size, and max_size can be up to
VNET_REWRITE_TOTAL_BYTES. Don't waste the last byte.
Type: fix
Change-Id: I2fb7e9873b6b4c1e6a55b172c7f753f3c5910802
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
In case of multiple path within tunnel, mpls lookup node
computes lb hash with mpls_compute_flow_hash config value 0,
so only mpls label and l4 ports gets accounted, not 5-tuple.
This leads to flow traffic polarization and disbalance over
mpls paths.
Use mpls hash config from lb instead, usually it'll be
MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel.
As optimization, fix flow hash reuse from the previous lookup
node if present, like ip_lookup does. Previously mpls lookup
always calcs the hash.
Test lb distribution for both cases.
Also, use the same flow hash hex format in ip4/ip6 and mpls
traces for easier reading, most code changes is due fixstyle
formatting.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
|
|
On unnumbered interfaces, ARP fails because there is no attached route.
Allow replies to peer-to-peer addresses on unnumbered interfaces:
eg. 192.0.2.1/32 <-> 192.0.2.2/32
Type: fix
Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
Only set state to ready if session is not already closing.
Type: fix
Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I739b7129c7e5a3fccefcdeeaf7f4a298223dd8eb
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I56c1a2717f197c889425449b37f51b0f2cc89ea5
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1464e93cd3020eaa26068df558924e39dd255ccb
|
|
- also fix memory leak in adj_glean_walk_proto()
Type: fix
Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to
compute flow hash for udp src port entropy. In case of inner mpls tunnels
to the same lsr ethernet src and dst macs are the same, so l2 flow hash
is also the same leading to no src port entropy and the only rss queue
overflow on receiver side.
Fix it for all the possible vnet_l2_compute_flow_hash callers by making
mpls playload hash in additon to ip4/ip6. Visible performance impact is
not expected as it's only one check for mpls ethertype for common cases.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
|
|
Type: improvement
Change-Id: I8c248d9e224bd069b641a174da57d448371470af
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Type: fix
Change-Id: Ic015b37e18a43c49c3fb3dbff284a17fa2c5fd99
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
|
|
Type: improvement
Change-Id: Iefe5c2e610a26241a88ca783ac548fd8f2317bb0
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I04f836d09a1cbd5a5b55dc64359d2d761dfc4988
|
|
First step towards moving to an 8 byte struct instead of u64.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idd0b95520ab7158e175b9af1702fc09c0613a4bb
|
|
Type: refactor
Change-Id: Ifd7f5b351401cdcaaaf57fefc5dbbfdaf235054e
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
Make sure session is marked as invalid.
Type: improvement
Change-Id: I1c861645de95ef15a24acd4fe6dd5364a55b4fb8
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Change-Id: I958e059384db3c13a29f64be96877f57617bbae2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
|
|
Fix copy-paste typo with an incorrect index.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I463e6f016df9cd24e96defcd30c1b442b8809416
|
|
Type: improvement
Change-Id: Icac31a8a3da71334e2b877f3b8e5d5a7cc5e76b8
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
|
|
The offload should be handled by gso node or by the NIC
if the latter has the relevant capabilities. But ip midchain
is missing the support for buffer offload metadata in case
of GSO packet.
This patch adds the relevant support to add the buffer metadata
if the packet is GSO/IPIP to be handled accordingly.
Type: improvement
Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: improvement
Change-Id: Ib6c4e6bc42dd63cb2fdb2dfa7e94baa709e7185b
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
|
|
Since async rx event infra decouples notification event generation from
delivery we no longer run the risk of having tls realloc session pools
while session layer still holds a pointer to the accepted/connected tcp
session.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
|
|
If already enabled, return 0 to indicate success.
Type: fix
Change-Id: I4a182e14df9b05698ad93d596a97c46a020fd54b
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Type: refactor
Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.
Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.
Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.
There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.
Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
As similar 535364e90459566b603661c3dbe360c72f59ad71 is
merged, printing possibly deleted interfaces by index
only in all the rest cases.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
|
|
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1)
- add locally generated flag in ICMPv4 buffers (reflect ICMPv6)
Type: fix
Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
|
|
Fix crash while adding intf-rx ip4 and ip6 routes via api due
invalid exporting of interface rx routes as attached.
Also, add missed route path via rx-ip6 cli support.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
|
|
Type: fix
Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru>
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
|
|
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
After 9a9604b introduced adaptive mode for crypto dispatch,
the performance of async mode at lower rate got worse.
A work around for CSIT test is done by changing dispatch mode via explicit API call
in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02
In this change, the CLI is brought back to allow user to fix the
dispatch mode.
set crypto async dispatch mode <polling|interrupt|adaptive>
Type: improvement
Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
|
|
Type: improvement
Change-Id: Ie042605e50656229874b7a93638f0f04c894410f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|