Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: improvement
The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.
Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.
Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.
There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.
Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
As similar 535364e90459566b603661c3dbe360c72f59ad71 is
merged, printing possibly deleted interfaces by index
only in all the rest cases.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
|
|
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1)
- add locally generated flag in ICMPv4 buffers (reflect ICMPv6)
Type: fix
Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
|
|
Fix crash while adding intf-rx ip4 and ip6 routes via api due
invalid exporting of interface rx routes as attached.
Also, add missed route path via rx-ip6 cli support.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
|
|
Type: fix
Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru>
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
|
|
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
After 9a9604b introduced adaptive mode for crypto dispatch,
the performance of async mode at lower rate got worse.
A work around for CSIT test is done by changing dispatch mode via explicit API call
in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02
In this change, the CLI is brought back to allow user to fix the
dispatch mode.
set crypto async dispatch mode <polling|interrupt|adaptive>
Type: improvement
Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
|
|
Type: improvement
Change-Id: Ie042605e50656229874b7a93638f0f04c894410f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
|
|
Type: feature
Change-Id: If63f39211288ab2eba8bc1ab50a2a4c7755abc66
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I787825dea7f82748537cc4372104cc6647cf2132
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: If27702d2a9755e0e0a6eaeab4cf26b4974444b44
|
|
Type: fix
Change-Id: I8832839738b96495bd775a778dd736bb25e1236c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
|
|
When an other interface is specified to generate packets from, we should
bind its sw_if_index to the pg interface to use.
Fix if_index_by_sw_if_index variable name, and force to specify a pg
interface to source traffic from.
Type: fix
Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's
max path is 4 bytes shorter than Linux's.
Type: improvement
Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
|
|
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
|
|
Use udp transport refcnt instead of local port refcnt when accepting new
connections.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
|
|
Type: improvement
Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tuntap requires porting on FreeBSD, only build on Linux for now.
Type: improvement
Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
tap requires some porting on FreeBSD, while we wait for those changes
only build tap on Linux.
Type: improvement
Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Fix instances where timers are reset after programming fin.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
|
|
UDP transport port refcount is incremented even if port is shared. So
decrement it, by unregistering, whener udp connections are cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
|
|
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
__unused is a clang keyword, this struct member will trip the build when
using clang. Instead call the unused padding 'pad' which should be clear
to the purpose if not the usage.
Type: improvement
Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Add vlib_worker_wait_one_loop prior to invoking dpo_reset
upon uninstalling a fib entry to avoid contention with DP.
Type: fix
Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
show udp transport ports
Dumps list of ports registered by udp transport, as opposed to udp
local, and their refcount.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
|
|
Session lookup tables could be allocated from workers, e.g., connects
are done from first worker. Make sure consumers are not affected by
stopping workers.
Type: fix
Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Set the flag in tls framework as opposed to tls engines. This is similar
to passive close.
Type: improvement
Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
the error node is set to ip6_input in the inline funcition
associated with ip6_rewrite. Thus, error counters defined
for node ip6 rewrite are never used.
Type: fix
Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0afd1b9ddbc17825aab3bfa3e5f9c6c0fbc561ca
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
|
|
Avoid situations when notifications are delayed for long enough for
transports to start closing/cleaning up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
|
|
debug+asan build will fail on initialisation when loglevel==debug
Type: fix
Fixes: 1cd0e5dd533f4209dde453eaa43215e52cd42985
Change-Id: I2005ebf9b95ec3b753c4e6d29337be460c77ffed
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
|
|
Type: fix
Change-Id: Icdc9d1c8b7b29827ce17920dae64a365bb8a4e40
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: I9c48b163f174b824df1a76e75c272dc985386bf2
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
One less pointer chase when accepting sessions.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
|
|
Adds support for connectionless listener port reuse. Until now, cl
listeners had fifos allocated to them and therefore only one app worker
could ever listen, i.e., a session cannot have multiple fifos.
To circumvent the limitation, this separates the fifos from the listener
by allocating new cl sessions for each app worker that reuses the app
listener. Flows are hashed to app worker cl sessions but, for now, this
is not a consistent/fixed hash.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia98556e7ae61547cf153c78ec085cd4248bee74a
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0bb6aba26f1cd974d6bb3b5fe6234aacfee0d30c
|
|
Incase the ack for the fin is lost twice or want to dup ack
packets with incorrect ack/seq # at different times and
session state is already closed, this fifo event is set for
the first ack that went out and prevents queuing of further events.
Type: fix
Change-Id: I102019fca26918a51e055a751db7209011bd43ad
Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
|