Age | Commit message (Collapse) | Author | Files | Lines |
|
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit d52f80f422439227e98d9d26bf43394c69f8a7fd)
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I46b8194ff00c6a0a4a2bc19df9991f037856cede
(cherry picked from commit 645ac119e8f2602454050f5da6cafc4a22def7ff)
|
|
Type: fix
Change-Id: I879594fcade4e081190e8dfb1dbcfc53e8431edf
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
(cherry picked from commit b269def5cba2058c49f58a7fef382e2fc068fdfd)
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I484f3759b6c27052e08741398ec389729285f035
(cherry picked from commit 4778164869395ec9efeeef31fc08f97b93cdff90)
|
|
Peer fib index and nh fib index should be different when nh-table-id is
specified.
Type: fix
Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
There was already a basic type defined, but nothing more.
This implements callbacks similar to
ip4_enable_disable_interface_callback_t.
Type: feature
Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d
Signed-off-by: Adrian Pistol <vifino@posteo.net>
|
|
The order of the parameters when calling the ip_neighbor_probe_dst for
an aged neighbor is wrong and given that it runs on the master thread,
probes for IPv6 neighbors were never sent, leading to a certain neighbor
strike out and death and its removal from the neighbor cache.
Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360
Type: fix
Fixes: fd2417b2a42
Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
|
|
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: docs
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I57f27f8ec4be7f3d8dc3d13ff4ea6b1b21c3cf6b
|
|
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib0ca3379439d6ee23e696f8f0840e6ddf42430b8
|
|
This caused that failed to create flow rule with rss types.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I77696286a32804cbe884075cb027eec19eb5c7cb
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
Print fib-index, next node index and opaque.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic28da52b9c8286f71e472ef6c3afc23d464f85b0
|
|
Move GRE folder under vnet to the plugin folder, and modify some of path
of the #inlude<header> to the new path.
Add a plugin.c file to register a plugin.
JIRA: VPP-2044
Type: improvement
Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5
Signed-off-by: Chuhao Tang <nicotang@cisco.com>
|
|
Make sure half-open table is cleaned up on close and cleanup of
half-open.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
|
|
After the clib_socket_init syntax changed, the behavior of VCL
socket creation was broken. This patch introduces app_namespace_add_del_v4
to address the behavioral change.
Type: refactor
Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
traceroute sends 3 packets rapidly that triggers and depends on ICMP error
generation. The current ICMP4 throttle setting at 1-e3 throttles the last
ICMP error and makes traceroute sit in a timeout.
Type: fix
Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib188f3331696dff6357a18f5bac5f1db3cefaeab
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id4ca9a749a343c55b24f6eb4b5eb0909a57e0c23
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Iaa3ad87d56163396476bcaaa34e52948b9032f4e
|
|
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
|
|
support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
|
|
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
|
|
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
|
|
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
|
|
Type: feature
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
|
|
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
|
|
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.
Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
|
|
Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id87c41c472898d4f66b0771f18f822d1069bbfd0
|
|
Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27
|
|
Type: fix
Fixes: ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
|
|
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
|
|
format_udp_connection takes 2 arguments from the caller.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9
|
|
There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called
Type: fix
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
|
|
Type: style
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67
|
|
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|