| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1. When the backend engine is not enable, adding an entry returns
a confusing error message.
DBGvpp# session sdl add 191.1.1.30/32 action 1 tag blue-v4-rule1
session sdl add 191.1.1.30/32 action 1 tag blue-v4-rule1
unknown input `add 191.1.1.30/32 action 1 ta...'
DBGvpp#
2. When the sdl or rule-table entry is already present, adding the duplicate
entry returns a confusing error message.
DBGvpp# session sdl add 8.8.8.1/32 action 0
session sdl add 8.8.8.1/32 action 0
DBGvpp# session sdl add 8.8.8.1/32 action 0
session sdl add 8.8.8.1/32 action 0
session: session is already enable. Must disable first
DBGvpp#
The problem is because there are multiple cli commands start with "session".
When the command is failed with the best match chain, it passes the
command to the other parser chains which start with the keyword "session".
The other cli chain also fails to parse the command. The error message
that the previous parser chain returned may be overwritten by
the newest error message.
The fix is to not return an error in sdl and rule-table parser command chain.
Type: fix
Change-Id: If0165324a763f47ec98ab79a41c3ee9b10057454
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
The language is
local == VPP local interface
remote == sender prefix to VPP node
SDL acts on remote prefix.
Type: fix
Change-Id: I82917c6ef801fc67430dfdd15c5630cb7a6347e0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Handshake completion is now tracked via a ctx flag so we no longer need
ctx_handshake_is_over.
Also, as we no longer prealloc application sessions, improve ctx state
formatting.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If48588ecde13e56fb99d1a46238bda53ed4eae1b
|
|
Type: improvement
Change-Id: If39e4d2b46820d5c0465fcc40d255fa95d137d38
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I12ddcd56f2fecb504180cdc044a3b3c3d1db7e3c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ie64ce16ea512b855a1b886eceb94c0e6ba33df05
Signed-off-by: Radislav Chugunov <chgnrdv@gmail.com>
|
|
when a protected tunnel gets deleted it's necessary to run a proper
cleanup
Type: fix
Change-Id: I9d2c60ecbf97c4df299ac5c2228b036bf3478a56
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4c0c1b27adb3e3ea3c3ff6353b068447db19fa85
|
|
The AWS Graviton make test fails in dvr_test.py on Ubuntu 22.04,
due to a mismatching source MAC address. Debian 11 tests run fine.
The following can be seen in the log.txt trace:
00:00:00:756422: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
IP4: 02:03:00:00:ff:02 -> de:ad:00:00:00:00 802.1q vlan 92
00:00:00:756435: l2-input
l2-input: sw_if_index 6 dst de:ad:00:00:00:00 src 02:03:00:00:ff:02 [l2-input-vtr l2-learn l2-fwd l2-flood l2-flood ]
00:00:00:756438: l2-input-vtr
l2-input-vtr: sw_if_index 6 dst de:ad:00:00:00:00 src 02:03:00:00:00:00 data 08 00 45 00 00 80 00 01 00 00 40 11
00:00:00:756441: l2-learn
l2-learn: sw_if_index 6 dst de:ad:00:00:00:00 src 02:03:00:00:00:00 bd_index 1
Note how l2-input-vtr node has the two lowest bytes of the source MAC corrupted.
Discussing with Benoit, since this could be caused by unaligned memory accesses,
using clib_memcpy_fast.
Type: fix
Change-Id: I28991e1166335df0edd1e4b84fa72a2b1d0bb9bf
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Add support for:
- "sh session verbose thread <n> [lcl|rmt|ep] <ip>[:port]", which can be
used to filter sessions based on transport ip:port
- "force-print" option to force printing even when it exceeds existing
printing thresholds
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iab3e58b8162664b425379d14818b8a4daa0ce345
|
|
Also retires old marvell plugin.
Change-Id: Icedec11f5661909058fdfe8d5fc455306adafacd
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch removes redundant sa index value in
format_ipsec_tun_protect_input_trace() as sa index value already added
by format_ipsec4_tunnel_kv().
Type: fix
Change-Id: I7834bda57ba0f7cfe5084b671f6f7da0749ba64d
Signed-off-by: Garvit <gvarshney@marvell.com>
|
|
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Now when lcp pair is created, tap instance is based on hw_id. But tap
interface with such instance can already exist. Introduce an offset and
auto-selection based on it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I9db39106b0b0d5bf95c445b03e5b7ff52f946dd2
|
|
Change-Id: Ief8e159b25d4fc4859c7116da6ff22c15bd3fff0
Type: feature
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Add RSS support to make use of multiple queues.
With 4 RX queues and RSS enabled
ping from host to guest vm ip queue use
192.168.2.3 192.168.2.1 2
'' 192.168.2.10 0
'' 192.168.2.5 1
'' 192.168.2.105 3
With 4 RX queues and RSS disabled, queue 0 is always used for all of the above cases
Type: improvement
Change-Id: I3ca78fd83fce26cbe8f23fee0a9034cb572bacb7
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: Ibe8ee27484c3b7b920529fd082b1e46b7daef1e5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Id81d1ac23505a74d3bc6f5d7eddca2be20d39f45
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I3ea7664c9f2cd1deaa6721bfd31214fe27f21468
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: refactor
This patch moves osi into a plugin, and also modifies
the init functions of llc and snap to preserve init
order dependency (llc_init --> osi_init --> snap_init).
While the initial intent was to move osi/llc/snap together
into a single plugin, there exists a dependency on llc
in vnet/ethernet, which would require further refactoring
and testing work.
Change-Id: Ic0eff030ee29c8d316c0e0fe13931451aa193527
Signed-off-by: Hadi Rayan Al-Sandid <halsandi@cisco.com>
|
|
This patch adds capability to update max_rx_frame_size on octeon
port.
Initial MTU value is being set in the "oct_port_start", which is
invoked every time the Ethernet interface is brought up, thus
overwriting any MTU value set by VPP CLI.
Moved the MTU initialization to "oct_port_init" to address this.
Type: feature
Change-Id: I00d0d52bc7711062cde47b8fe52e6823bb718d08
Signed-off-by: Alok Mishra <almishra@marvell.com>
|
|
Type: improvement
Change-Id: Ia6a9f69b787950e3dbffd13ae577e499d6d2f55f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Backend needs to return protocol to indicate if the prefix is ip4 or ip6.
Type: fix
Change-Id: If827c2e8b2a58051298968fa4d69de71ce9c4fcc
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Need to vec_free ns_id whenever we return in the function
show_session_rules_command_fn in case memory was allocated to it.
Type: fix
Change-Id: Ifc38d3eb2756a8a128467dd40ad40fe3f0be8fc0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
SESSION_INVALID_INDEX is u32. The function is supposed to return u64.
The caller of the function tests the return value to see if it is
SESSION_INVALID_HANDLE in ct_session_connect. If it is not, it
thinks it is a valid handle and calls listen_session_get_from_handle
which causes a crash.
Type: fix
Change-Id: I4ede6b2dfb95259f3a6071cfa3a77ce0d9cd9edd
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: improvement
Change-Id: Ibc1e391356cef415b992b65c00f3d365fc97386d
Signed-off-by: Aritra Basu <aritrbas@cisco.com>
|
|
When packets are dropped and this field is not set, then
trace shows the packet being dropped by the null-node instead
of the correct reason.
Type: fix
Change-Id: I3ed9186285d0db7fa6a1e5b739a28ee625968f30
Signed-off-by: Ole Troan <otroan@employees.org>
|
|
Type: fix
Change-Id: I844539af3a283c8ec12498dbfd4857b8b533d7c1
Signed-off-by: Aritra Basu <aritrbas@cisco.com>
|
|
Type: improvement
Change-Id: Ie8f6ddc96fd3f5d44827ace834f8f6baa330d37d
Signed-off-by: Aritra Basu <aritrbas@cisco.com>
|
|
Type: improvement
Change-Id: I11dc43bdf65cecfa5c48ac734a4727b377023c80
Signed-off-by: Aritra Basu <aritrbas@cisco.com>
|
|
session table
When an application namespace is added, we call session_table_is_alloced
to see if we need to allocate a new session table. That check returns true
even if we removed the session table.
The fix is when we delete an application's global session table,
we need to invalidate fib_index_to_table_index.
Fixed test_vcl test script to run two tests back to back.
The 1st test deletes the application namespace at the end.
The 2nd test adds the application namespace in the beginning.
Type: fix
Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59
Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
ip4_sas_commonlen may be called with null a2 argument from
ip4_neighbor_advertise -> ip4_sas_by_sw_if_index.
If a1 or a2 is null, there is no common length, shortest mask
between a1 and a2, return 0 instead of crashing.
Type: fix
Change-Id: I307509ee7dedafac76d8877a1ef76ab8bbafef59
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
1. Adding an ip6 rule entry
session rule add proto tcp ee80::/10 0 ee80::/10 0 action 2
2. show session rules does not display the entry.
show session rules tcp
3. However, show session rules for a specific entry shows the entry
show session rules tcp ee80::/10 0 ee80::/10 0
Type: fix
Change-Id: I65c881665d3698a2a9452a186ed657eee0bf13e0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Coverity issue: 394440
Change-Id: I915a088145ee1317a7c8746b517f4af50323aa11
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
|
|
- fixes incorrect pcap packet type for packet
generator interfaces configured in ip mode.
- corrects pcap file decode for pg output files
- fixes scapy versions > 2.4.3 which now appear to
use the packet type in the pcap file header which
had been ignored in earlier versions
Type: fix
Change-Id: Idb1e3f8fbc7ca938fb5d2aaa72365e333c0ea2e9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: improvement
Change-Id: I8c5bfc82c1db1213eb43072853f8500ce1d2ee92
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Type: fix
Change-Id: If07a6a420d467e6305f166ed250f84befe9f983d
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: fix
Change-Id: Id8542ad74389eca4cc7903cd455f556743a5e0cf
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Allow other apps to own transport sessions for tls.
Type: improvement
Change-Id: Ida04cef1dc49acb7117cbed8657e26890bf43d2a
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Invoking the API session_rule_add_del to add a rule causes VPP to crash
if session is not enable.
Type: fix
Change-Id: If8de83f1064bc60d20461e87889b7c3393ad2af1
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
lock the vrf table when adding an application namespace and
unlock the vrf table when deleting an application namespace.
Free the session table when no more application namespace
uses it anymore to avoid memory leaks.
Type: fix
Change-Id: I10422c9a3b549bd4403962c925e29dd61a058eb0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
When a FIB entry has multiple sources installed by covering inheritance,
the first walk installs the covering source, which can be worse than the
already used one (hence the source is not activated). If a covering path
is added and a new fib cover walk is done, the deactivated source is
compared to itself. This operation calls for a reactivation of the source which was not activated in the first place.
Type: fix
Change-Id: I2639401bed14eb5a2cb003664c04d6c1f9130de9
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Avoid to do fixup either if TTL or MTU check fails. It rewrites the
icmp header copied in case the ip6-icmp-error ran before.
Type: fix
Change-Id: If043d1cae35c41ebf70ba979883119604bee883d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
VPP IPv6 FIB relies on 2 bihash for all its VRFs: 1 for control plane
and one for data plane. Because of that, control plane VRF walks
time grows with the number of VRFs as it has to go through all the VRFs.
In order to improve control plane performance with large number of VRFs,
the control plane data structure is changed from a global bihash to a
per-VRF hashtable, similarly to IPv4. Contrary to IPv4, there is only 1
hashtable per VRF and not 1 hashtable per prefix-length per VRF, which
is a compromise between memory consumption and single VRF scaling.
Type: improvement
Change-Id: Ib738a44adb88e46c95c4c62c853ee1f1392c7187
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
In some cases we do not need multicast support. Making it optional helps
scaling to high number of VRFs, by reducing the control plane operations
and memory consumption.
Type: improvement
Change-Id: Ib34ed3fe2806e2f4624981da4e4a3c49c69f70be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Destroying a non-empty fib table can lead to difficult to diagnose bugs,
like dandling fib entries preventing entries to be inserting to the
mtrie.
Always log an error to help diagnose those issues.
Type: improvement
Change-Id: I2c771a80595035b440931b74cca4429af22161a2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
We call application_namespace_cleanup to remove the application which
has a reference to the application namespace when deleting an application
namespace. When we find the matching application namespace, we queue
the ns_index instead of app_index to look for the application.
This may lead to a crash.
Type: fix
Change-Id: I89c7f8d1681b4c7c1bcb16641217230a26dbe582
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: refactor
Change-Id: I3d7ff64e2e54b113f8d4b26f2dbf5b9c67b80976
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Change-Id: I5a4a33604ecb8a29ef6932cc5826835d3bec7f23
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c79d16f6a19767d990e8a4683c296219b559ccd
|
Steven Luong
Florin Coras
Damjan Marion
Radislav Chugunov
Stanislav Zaikin
Andrew Yourtchenko
Garvit
Benoît Ganne
Dave Wallace
Hadi Rayan Al-Sandid
Alok Mishra
Aritra Basu
Ole Troan
Fan Zhang
Klement Sekera
Maxime Peim