| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Type: fix
Fixes: d6953332db225d5355f50348ef3b09f0525d5282
Change-Id: Ib85fee40e71ebe5bc2b84c62e37298b5e390d520
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Add a NULL check in case of hash lookup failure to make coverity happy.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I3cfa5960458d3618f1277ba442b4ca5ca15064ea
|
|
Type: fix
https://gerrit.fd.io/r/c/vpp/+/34027 added support
for l3 mode, but as the eth_mode constant was set
to 1 we did default to l3 mode in the api.
This reverts to the original logic.
Change-Id: If8b90b300d3868de5233dfa1f33ec975853cba11
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4f29e6118630146876b7f58f1afe6b6733401047
|
|
New code seems to be 1.5 clocks faster.
old:
mov eax,edi
shr rdi,0x20
add rdi,rax
movzx edx,di
shr rdi,0x10
add rdx,rdi
movzx eax,dx
shr rdx,0x10
add rax,rdx
mov rdx,rax
shr rdx,0x10
add eax,edx
new:
mov rax,rdi
shr rax,0x20
add eax,edi
mov edi,0x10
shrx edi,eax,edi
adc ax,di
adc ax,0x0
Type: improvement
Change-Id: I3c565812c67ff4c3db197a9d4137a6c131b5b66c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
In tap_create_if(), if args->host_namespace or args->host_bridge are
null because no values were set for those, the virtio_if_t entry in
virtio_main.interfaces ends up getting populated with values of "(nil)"
in net_ns or host_bridge, respectively.
Check whether args->host_namespace and args->host_bridge are null before
trying to set the corresponding fields on virtio_if_t.
Change-Id: I8e1e66a6d7b246e7c66fece406d116ffb1312c64
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Move socket creation past code which returns from function to avoid
leaking the socket in case of an early error return.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I9e18bd32022441c17ca920d1c2458b058b76c3c0
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id58ac44d45fb8b8a0d803f02e0242ec6f4b3db05
|
|
Originally the pool of keys can be expand and cache with pointer for
key can be invalid.
For example in Wireguard during handshake process this pool can be
expand and pointer for these keys in cache can be invalid for workers
or can has incorrect value (poison memory).
The fixes add barrier if the pool needs be to expand to ensure that
cache in function will be valid and avoid situation when cache has
invalid pointer for these keys.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
|
|
This patch provides a fix for early-kill of timewait sockets that is based on
rfc's 1122, 6191.
The following commits provided a solution for port re-use. However, they
are not fully compliant with rfc 1122 4.2.2.13 ( Closing a connection )
and rfc 6191 (Reducing the TIME-WAIT State Using TCP Timestamps)
commit b092b77cf238ba ("tcp: Enable TCP timewait port use") introduced
a significant improvement by enabling TCP timewait port re-use.
commit ee1cb469b2dd ("tcp: fix port reuse with multiple listeners") fixed
usage of the wrong value for connection_index when searching for a
listener, by storing the state in tcp.flags.
Implementation details:
When a SYN is received during time-wait state, the code
checks whether all the requirements for accepting the SYN packet are
met. If they aren't, the SYN can't be accepted and the packet is dropped,
otherwise, connection is deleted and a new connection with same port
is opened.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Yuval Caduri <cyuval@marvell.com>
Signed-off-by: Michal Kalderon <mkalderon@marvell.com>
Change-Id: I38a33c6e321c760d45ebec9154399e1c90dd0250
|
|
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3c4152219e5307ac0fe773e16d597f0e4b9a7d4c
|
|
Type: fix
Ticket: VPP-1970
Ticket: VPP-1992
Fixes: 9e17887db97bb9f6507270f9fa9923c10816e0df
https://gerrit.fd.io/r/c/vpp/+/33495/7 introduced a bug
where ND responses are inproperly dropped. This fixes that bug.
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Change-Id: Iec4b07646332ced292e2211408c4f7af3088ac28
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ia6b9d4ac55be2216887bfdb99be4021f6a96f166
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib3fe4f306f23541a01246b74ad0f1a7074fa03bb
|
|
Type: fix
If the walk is triggered when the child is added, then that child is visited in the walk. However, since it is just attahcing to the path-list it may not, or indeed cannot, have all the context it needs to successfully handle the walk.
In the case of MPLS tunnel, it does not have the path extensions ready, and cannot since the path extensions need to resolve on the path-list.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I027af8cf2f522d2f6e37931bea60c767f0cb667d
|
|
When an mfib entry was created with both paths and entry_flags then
the entry flags were being ignored. If there are no paths then the
flags were passed into mfib_table_entry_update, but in the case where
the entry didn't exist and there were paths and flags, the entry was
created within mfib_table_entry_paths_update() which used a default
of MFIB_ENTRY_FLAG_NONE.
Pass the flags through into the mfib_table_entry_paths_update fn. All
existing callers other than the create case will now pass in
MFIB_ENTRY_FLAG_NONE.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I256375ba2fa863a62a88474ce1ea6bf2accdd456
|
|
Type: improvement
This adds a new ip[46]-receive node, sibling
of ip[46]-local. Its goal is to set
vnet_buffer (b)->ip.rx_sw_if_index to the
sw_if_index of the local interface.
In dependant nodes further down the line (e.g.
hoststack) we then set sw_if_idx[rx] to this
value. So that we know which local interface
did receive the packet.
The TCP issue this fixes is that :
On accepts, we were setting tc->sw_if_index
to the source sw_if_index. We should use
the dest sw_if_index, so that packets
coming back on this connection have the
right source sw_if_index. And also setting
it in the tx-ed packet.
Change-Id: I569ed673e15c21e71f365c3ad45439b05bd14a9f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ie79a2deac03c04c0697e482a649ff151142126ed
|
|
Type: fix
When VPP generates an ICMP echo reply in response to an incoming
echo request to a local address, set VNET_BUFFER_F_LOCALLY_ORIGINATED
on the buffer. It will prevent ip6-rewrite from decrementing the hop
limit.
Outbound IPv4 echo replies also get this flag set.
Change-Id: Iaa229294eb158edb58cf1bf1b7a90da281321406
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6b89c4158d10d4928c8418312180dbeba7d70ab2
|
|
Using VPP CLI "ip route add" to add static IPv6 entries outputs wrong
results. Fix this error by correctly calculating IPv6 addresses with
different increased ranges and grouping ip4/ip6 prefix calculation
functionality into two functions.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If954876301ca2095f9331799a086f75db936f246
|
|
Type: test
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I5d44a6ea24e4aa0842024a0961f1fb22c6e6419a
|
|
Type: fix
Currently, auth activation CLI command
"bfd upd session auth activate ... conf-key-id <cki> bfd-key-id <bki>"
allows to change both key-ids to new values at once.
But if only bfd-key-id should be corrected, e.g. as a result of mistyping,
we can't do that in a single operation, and have to deactivate auth first
and then reactivate it with a correctly entered pair of ids.
Currently, backend's bfd_auth_activate() function returns immediately,
with no action, if it finds that submitted conf-key-id matches the
current record. No check on bfd-key-id value is made.
With this fix, bfd_auth_activate() checks if session's bfd-key-id has to
be changed to a new value, and if so, it updates and logs appropriately.
Change-Id: I3b915a936cb1721707860bb503f70e7dd29e0ddd
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: fix
Currently, the change in desired_min_tx value initiated locally
doesn't result in actual update of the transmission interval.
bfd_session_t structure has two fields for each of protocol's
local time parameters
desired_min_tx, required_min_rx
In a case of a parameter update,
"config_" prefixed fields store new values sent to remote
bs.config_desired_min_tx_nsec,
bs.config_required_min_rx_nsec
Those prefixed "effective_", keep old values, still in charge,
until new ones are being negotiated between peers:
bs.effective_desired_min_tx_nsec,
bs.effective_required_min_rx_nsec
Currently, upon termination of the Poll Sequence (negotiation) only
bfd_set_effective_required_min_rx()
is called to update effective RX value. TX value remains unchanged.
With this fix, add a call to
bfd_set_effective_desired_min_tx()
to set new, acknowledged TX value in effect.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I80b6746533839c9572598f1ad9dabb33e621a525
|
|
While looking at a coverity warning it was discovered that it's caused
by return value modified by pd msg handlers. As these are legacy, it's
a good time to remove them and also fix the warning this way.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ic72ab8b2b7a2e55188d1c31cfd18a74b7cf82c43
|
|
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ib07029204ecf12bf2adb5a39afa54bc98fb81f34
|
|
We should compute offloads in interface_ouput.c
in the case when any of the UDP, TCP or IP
offload flags is not present in the interface
capabilities.
e.g. if the interface supports IP cksum offload
but not tcp/udp we should still compute cksums
here.
Type: fix
Change-Id: Ibaa3a56dbc92938dca45311c38f079d040052194
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Add a missing return statement in case there are no parameters supplied
to 'set ip6 nd proxy' CLI to avoid calling code with uninitialised
parameters.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ie4fdb4df5d1af49471c421e5e7a6c2f885d2e8d2
|
|
Type: improvement
Change-Id: If453321785b04f9c16e8cea36fb1910efaeb2c59
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c77066cc9f1d3063373cc9559cc5b369906cc24
|
|
Type: fix
In vnet_sw_interface_set_flags_helper(), the variable old_flags is set
to the original value of vnet_sw_interface_t.flags for an interface. If
an error occurs during the process of bringing an interface up, old_flags
is used to restore the original value.
Before the dev class or hw class admin_up_down_function can be called,
but after modifying vnet_sw_interface_t.flags to it's new value,
old_flags is set to the value of vnet_sw_interface_t.flags a second time.
This discards the original flags that were being preserved.
As a result, if an interface is being brought up and the dev class
or hw class function fails, at the end VPP believes that interface is up.
This can cause a crash if packets are routed through the interface
and some RX/TX initialization was not completed because of the error
while bringing the interface up.
Change-Id: Ica6b6bac13c24e88c4136bf084cd392e6217e7d9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: fix
the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting.
The traces previously showed some bogus reason:
00:04:27:325550: ip6-mfib-forward-rpf
entry 10 itf -1 flags
00:04:27:325551: ip6-drop
fib:0 adj:10 flow:0
UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2
tos 0x00, flow label 0x651ed, hop limit 1, payload length 64
UDP: 546 -> 547
length 64, checksum 0xec9a
00:04:27:325551: error-drop
rx:GigabitEthernet6/0/0
00:04:27:325553: drop
ip6-input: drops due to concurrent reassemblies limit
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
|
|
Adding flow cache support to improve outbound IPv4/IPSec SPD lookup
performance. Details about flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using bihash without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, old entry will
be overwritten by the new entry. Worst case is when all the 256
packets in a batch result in collision and fall back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows.
This can be made as a configurable option as a next step.
4. Whenever a SPD rule is added/deleted by the control plane, the
flow cache entries will be completely deleted (reset) in the
control plane. The assumption here is that SPD rule add/del is not
a frequent operation from control plane. Flow cache reset is done,
by putting the data plane in fall back mode, to bypass flow cache
and do linear search till the SPD rule add/delete operation is
complete. Once the rule is successfully added/deleted, the data
plane will be allowed to make use of the flow cache. The flow
cache will be reset only after flushing out the inflight packets
from all the worker cores using
vlib_worker_wait_one_loop().
Details about bihash usage:
1. A new bihash template (16_8) is added to support IPv4 5 tuple.
BIHASH_KVP_PER_PAGE and BIHASH_KVP_AT_BUCKET_LEVEL are set
to 1 in the new template. It means only one KVP is supported
per bucket.
2. Collision handling is avoided by calling
BV (clib_bihash_add_or_overwrite_stale) function.
Through the stale callback function pointer, the KVP entry
will be overwritten during collision.
3. Flow cache reset is done using
BV (clib_bihash_foreach_key_value_pair) function.
Through the callback function pointer, the KVP value is reset
to ~0ULL.
MRR performance numbers with 1 core, 1 ESP Tunnel, null-encrypt,
64B for different SPD policy matching indices:
SPD Policy index : 1 10 100 1000
Throughput : MPPS/MPPS MPPS/MPPS MPPS/MPPS KPPS/MPPS
(Baseline/Optimized)
ARM Neoverse N1 : 5.2/4.84 4.55/4.84 2.11/4.84 329.5/4.84
ARM TX2 : 2.81/2.6 2.51/2.6 1.27/2.6 176.62/2.6
INTEL SKX : 4.93/4.48 4.29/4.46 2.05/4.48 336.79/4.47
Next Steps:
Following can be made as a configurable option through startup
conf at IPSec level:
1. Enable/Disable Flow cache.
2. Bihash configuration like number of buckets and memory size.
3. Dual/Quad loop unroll can be applied around bihash to further
improve the performance.
4. The same flow cache logic can be applied for IPv6 as well as in
IPSec inbound direction. A deeper and wider flow cache using
bihash_40_8 can replace existing bihash_16_8, to make it
common for both IPv4 and IPv6 in both outbound and
inbound directions.
Following changes are made based on the review comments:
1. ON/OFF flow cache through startup conf. Default: OFF
2. Flow cache stale entry detection using epoch counter.
3. Avoid host order endianness conversion during flow cache
lookup.
4. Move IPSec startup conf to a common file.
5. Added SPD flow cache unit test case
6. Replaced bihash with vectors to implement flow cache.
7. ipsec_add_del_policy API is not mpsafe. Cleaned up
inflight packets check in control plane.
Type: improvement
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I62b4d6625fbc6caf292427a5d2046aa5672b2006
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic2ba5fa234a394acb524b61573fc49f2d58c2dea
|
|
This patches fixes an issue that could cause
fib locks to underflow: if an API user deletes
a fib and quickly recreates it, the fib may not
have been actually deleted. As a result, the
lock would not be incremented on the create call
leading to the fib potentially disappearing
afterwards - or to the lock to underflow when
the fib is deleted again.
In order to keep the existing API semantics,
we use the locks with API and CLI source as flags.
This means we need to use a different counter
for the interface-related locks.
This also prevents an issue where an interface being
bound to a vrf via API and released via CLI could
mess up the lock counter.
Finally, this will help with cleaning up the
interface-related locks on interface deletion
in a later patch.
Type: fix
Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
|
|
Type: improvement
Change-Id: Iec585880085b12b08594a0640822cd831455d594
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
similar behavior as here: 839dcc0fb7313638d9b8f52a9db81350dddfe461
Type: improvement
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I1b0a8f8f3dab48839e27df7065cf5f786cf0b5e9
|
|
If logging is on, it will try to print the address nh. Make sure it is
not NULL.
Type: fix
Change-Id: I81c0295865901406d86e0d822a103b4d5adffe47
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ia63899b82e34f179f9efa921e4630b598f2a86cb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I415d68b39ecac546b531f6eb98bca51e7eb6f7f7
|
|
The path mtu node uses errors defined by ip fragmentation.
Type: fix
Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
https://gerrit.fd.io/r/c/vpp/+/30197 introduced SAS and inadvertently
broke ping in a variety of situations:
https://jira.fd.io/browse/VPP-1992
https://jira.fd.io/browse/VPP-1970
https://lists.fd.io/g/vpp-dev/topic/84038840
all of which seem to be rooted in situations where there's literally
nothing smarter ping can do for source address selection than
to pick the first IP on the interface. This can happen for:
1. P2P interfaces, see attempted fix: https://gerrit.fd.io/r/c/vpp/+/32801
2. Interfaces with /32 IP addresses intentionally assigned
After some discussion, this problem was partially fixed in
https://gerrit.fd.io/r/c/vpp/+/33449
Unforunately, while source selection was fixed in ping, it continued
to be broken in arp/nd. This gerrit builds on
https://gerrit.fd.io/r/c/vpp/+/33449
and fixes arp/nd.
Type: fix
Ticket: VPP-1970
Ticket: VPP-1992
Fixes: e2fe097424fb169dfe01421ff17b8ccd0c26b4a6
Change-Id: Ief60c321676a15f4f30bf4cd84d50b2f1efec432
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
|
|
previous - b31fbc47f5fcf8234c757558d7b0285348774086
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6548274f8c0ae2a183b1d221cb195de445c2819f
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe39bc045c3b154209a83b59ef95a37c61b32c0c
|
|
Type: fix
Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).
Type: feature
Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
This adds an API message to do the switch
at runtime.
Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Tap fds are stored in vector array but deleting tap
was not freeing this vector.
This patch fixes it.
Change-Id: I5228e3b9f432c69cf2656b2ee7402360d775964b
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
Benoît Ganne
Klement Sekera
Nathan Skrzypczak
Mohsin Kazmi
Damjan Marion
Matthew Smith
Florin Coras
Gabriel Oginski
Michal Kalderon
Neale Ranns
Ed Warnicke
Filip Tehlar
Paul Atkins
Jieqiang Wang
Alexander Skorichenko
Xiaoming Jiang
Govindarajan Mohandoss
Artem Glazychev
Ed Warnicke