Age | Commit message (Collapse) | Author | Files | Lines |
|
vcm->cfg.namespace_id is a vector and not a null-terminated C-string.
Type: fix
Fixes: 8af2054b78
Change-Id: I9324712f053066790a30fed617c9cac673f0fbd7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Fixes: 6a5adc3695
Change-Id: I21091fc2938cababeb28bacf7c5e457a05ab6272
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Fixes: d48e9763bfc39106eca954a28223b72261bf1aeb
Change-Id: I9af222f4083a82592058fd42950db1c97caf647e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
If a tunnel interface has the crypto alg set on the outbound SA to
IPSEC_CRYPTO_ALG_NONE and packets are sent out that interface,
the attempt to write an ESP trailer on the packet occurs at the
wrong offset and the vnet buffer opaque data is corrupted, which
can result in a SEGV when a subsequent node attempts to use that
data.
When an outbound SA is set on a tunnel interface which has no crypto
alg set, add a node to the ip{4,6}-output feature arcs which drops all
packets leaving that interface instead of adding the node which would
try to encrypt the packets.
Change-Id: Ie0ac8d8fdc8a035ab8bb83b72b6a94161bebaa48
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I01f1cc53efc93b0a7bb588ea6db89a53c971a3f5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: Id818f86164acabcb732e9a65d0e284d68e747a7b
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
- this remove the need to iterate through all state when deleting an SA
- and ensures that if the SA is deleted by the client is remains for use
in any state until that state is also removed.
Type: feature
Change-Id: I438cb67588cb65c701e49a7a9518f88641925419
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
tag should be added at the end of the reply message instead of
overwriting the original data.
Type: fix
Fixed: dd1e3e780c
Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
cherry picking fix for bug introduced by https://gerrit.fd.io/r/#/c/20011/
- also fixes unit tests.
Type: fix
Fixes: ab05508e1eb96749b68de8ccd2f6f88ff3e64fad
Change-Id: I8287385f094911ea70de4751a716a7e0e6521b64
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: fix
There's no call for an SPI-0 punt reason with UDP encap, since
it's only with UDP encap that the ambiguity between IKE or IPSEC
occurs (and SPI=0 determines IKE).
Enhance the punt API to dum ponly the reason requested, so a client
can use this as a get-ID API
Change-Id: I5c6d72b03885e88c489117677e72f1ef5da90dfc
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: docs
Change-Id: I1f657389fec716cc6cdc942803e65f861ffea5f5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
syslog structured data are stored as vectors not null-terminated
C-strings. Use '%v' instead of '%s'.
Type: fix
Fixes: b4515b4be4
Change-Id: Iba224f271c832daca90d4bbccfef45d0f563fe60
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
If is_add=2, fail w/ return value -2 if the key exists instead of
overwriting the (key,value) pair.
Type: feature
Change-Id: I00a3c194a381c68090369c31d6c6f9870cfe0a62
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: fix
Fixes: f7a55ad74c
Change-Id: Ic3474e746887f880a8f6246bebc399715bac8e80
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Fixes: 231c4696872cb344f28648949603840136c0795d
This reverts commit 231c4696872cb344f28648949603840136c0795d.
Change-Id: I136344555983dd10a31dbc000ee40e2de2c91291
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This reverts commit 9b208ced585d3b4620d6fde586cd047fe2027ecf.
Type: fix
Fixes: 9b208ced585d3b4620d6fde586cd047fe2027ecf
Change-Id: I94a17039b4727bff0877423da5ba6cfceb188b17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I9d3a73a6a6048fa0189f7fa6306a638279977fcd
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
Change-Id: I6f94f7ef5ffbd938457c9356a5a11f3d1afeb0a2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: Ibaa272b57f36b092897a99a65ca28f9d4caf29a7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type:feature
- sample rtt estimation
- report acked+sacked
- report last lost bytes
- use snd_una == snd_nxt to detect 0 bytes in flight
Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Both format_ethernet_arp_ip4_entry() and format_ip6_neighbor_ip6_entry()
used %s to format flags which is a vector and not a null-terminated
C-string.
Introduce format_ip_neighbor_flags() instead.
Type: fix
Fixes: 102ec52bc4
Change-Id: I0c9349fefbeb76471933de358acceb50512a21aa
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The CLI code, when it accepts a socket connection, ran a timer
for each session that would ensure the CLI session was started
should the TELNET negotiation stage fail to complete.
It has since transpired that this is unsafe; the timer is capable
of firing in critical sections, during a spinlock, and since we
peform non-trivial things in the handler it can cause a deadlock.
This was reported recently in VPP-1711 but a search of history
suggests this may also be (one of) the causes in VPP-1413.
This change replaces that method with an event-driven process.
The process is created when the first socket connection is
accepted.
When new connections are created the process is sent an event
to register the new session in a list. That event process has
a loop that evaluates the list of oustanding sessions and if
a deadline expires, their session is started if it has not been
already, and then removed from the list.
If we have pending sessions then the loop waits on a timer or an
event; if there are no sessions it waits on events only.
Type: fix
Ticket: VPP-1711
Change-Id: I8c6093b7d0fc1bea0eb790032ed282a0ca169194
Signed-off-by: Chris Luke <chrisy@flirble.org>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: fix
Change-Id: I32000cd42b0ab2ce54a159c6727823fd0d113fe4
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
|
|
Type: feature
Change-Id: I7a99b72276878625017c73dff8402f3e7fa7c33f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Fixes: 097fa66b
Change-Id: I690e31433b64f11399c08b4a0318762916c2c2f0
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Some users tend to call registration routine long before they need
that service - which triggers an immediate initialization of
the ACL heap, which is rather big. This commit defers this process
by keeping the registrations in the global heap.
Change-Id: I5825871bd836851942b55184b6ee2657c7a9cc33
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Type:feature
Change-Id: Ic9515c0b11ca6f75503f47ec6b2c58d240afb144
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: feature
Change-Id: Ibb60d5b46aafe109a81a8604712a917f6e246eaf
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Ib8fb4957f4da9e464e2575c45c8ff3828db89872
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the
loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong.
This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required.
The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface.
The hash table maps from sw_if_index to pool index.
Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: I64e2082bd8ac5b0be21e10407dc29ba4c3f4cab3
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
|
|
If the corresponding vpp plugin is absent, return a non-zero
clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The
vat plugin calls dlclose on the vat plugin, and it disappears.
Depending on the plugin configuration, this can reduce the vpp virtual
size by several gigabytes.
Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up
boilerplate vat_plugin_register() implementations. Fixed a number of
non-standard vat_plugin_register methods.
Type: refactor
Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
When removing duplicates in urpf_itfs vector we search for the 1st next
different entry in the vector, but the loop test is in the wrong order:
(urpf->furpf_itfs[i] == urpf->furpf_itfs[j]
&& j < vec_len(urpf->furpf_itfs))
We must check for overflow before checking equality.
Type: fix
Fixes: 3ee44040c66cbe47ff292ac7fb0badccbe2afe6d
Change-Id: I63729aff12057d5abce6c24ec24339cd9cd79494
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type:feature
Change-Id: I687809ebcc759cec8cb1d5c3b2b7e6bc995a7985
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: refactor
Change-Id: Ie54a77252e9f58a90f9e1f9595b9ede354952f70
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Python3 uses __bool__ instead of __nonzero__
Type: fix
Depends-on: https://gerrit.fd.io/r/#/c/20484/
Change-Id: I7dd13d0508ab18d6c50c235f4186006799e92b45
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Reduces the vpp image virtual size by multiple gigabytes
Add a "show bihash" command which displays configured and current
virtual space in use by bihash tables.
Modify the .py test framework to call "show bihash" on test tear-down
Type: refactor
Change-Id: Ifc1b7e2c43d29bbef645f6802fa29ff8ef09940c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type:feature
Change-Id: Ie73644aed94e58d5dce822de5000183e414401df
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: Ic470d429f4bf1924185f720d66efe06f4727bcbd
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=',
https://gerrit.fd.io/r/#/c/20406/ set papi to match.
- all f64 api references are now wrapped with
clib_net_to_host_f64 or clib_host_to_net_f64.
IEEE f64 endianess is not defined. If clib_net_to_host_f64 and
clib_host_to_net_f64 are later defined in VPP as big-endian, it is
a single character change in the papi vpp_serializer.
Note: This breaks the api in a manner that would not be detected by
the flag day initiative. The scope is small. This only impacts map.api,
which applied the u64 transformation, while the gbp api uses '='.
The implementation of "=" raises issues for the papi socket implementation
if used between systems of differing endianess. See Vratko's comments.
- Added get_f64_endian_value() to api to allow client to verify endianess of f64's.
Type: fix
Depends-on: https://gerrit.fd.io/r/#/c/20484/
Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Type: feature
ip4_local_check_src() was overwriting vnet buffer opaque data
on the adjacency for packets with "local" (dpo-receive) destination
addresses.
Retain the dpo receive index in vnet_buffer()->adj_index[VLIB_TX].
This can allow a graph node to distinguish the interface where the
destination address is configured from the interface where the
packet was received. This can be useful in correctly handling
packets that have been sent to an address configured on a loopback
interface.
Change-Id: I52a942e85b5302b338a2d0404a37c5ea1a99e89f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Type: feature
Change-Id: I1369859be0a722ea37e5d3ecb35dee5684fc69f8
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: test
Change-Id: I0a58cc19bdfb73eabadbf6eb49b57e8db96959b5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: fix
Change-Id: Iafcf85315c73bcd73af20bd84b1ccba030e2065b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
- Replaces the need to screen scrape "show log".
- Adds an api to return the system time. When running over a socket, the
api client may have different time than the vpp host.
expected use:
vpp_time_before_command = self.vapi.show_vpe_system_time_ticks().vpe_system_time_ticks
<run some commands>
log_output = self.vapi.log_dump(start_timestamp=vpp_time_before_command)
Depends-on: https://gerrit.fd.io/r/20484
Depends-on: https://gerrit.fd.io/r/#/c/19581/
==============================================================================
TestVpeApi
==============================================================================
log_details(_0=838, context=3, timestamp_ticks=2.4954863503546518e+48, level=<vl_api_log_level_t.VPE_API_LOG_LEVEL_WARNING: 4>, timestamp=u'2019/07/04 20:35:41:281', msg_class=u'buffer', message=u'vlib_physmem_shared_map_create: clib_mem_create_hugetlb_fd: open: No such file or directory\n\n')
log_details(_0=838, context=3, timestamp_ticks=1.6101902879480125e+159, level=<vl_api_log_level_t.VPE_API_LOG_LEVEL_WARNING: 4>, timestamp=u'2019/07/04 20:35:41:281', msg_class=u'buffer', message=u'falling back to non-hugepage backed buffer pool')
test_log_dump_default (test_vpe_api.TestVpeApi) OK
log_details(_0=838, context=13, timestamp_ticks=2.4954863503546518e+48, level=<vl_api_log_level_t.VPE_API_LOG_LEVEL_WARNING: 4>, timestamp=u'2019/07/04 20:35:41:281', msg_class=u'buffer', message=u'vlib_physmem_shared_map_create: clib_mem_create_hugetlb_fd: open: No such file or directory\n\n')
log_details(_0=838, context=13, timestamp_ticks=1.6101902879480125e+159, level=<vl_api_log_level_t.VPE_API_LOG_LEVEL_WARNING: 4>, timestamp=u'2019/07/04 20:35:41:281', msg_class=u'buffer', message=u'falling back to non-hugepage backed buffer pool')
test_log_dump_timestamp_0 (test_vpe_api.TestVpeApi) OK
test_log_dump_timestamp_future (test_vpe_api.TestVpeApi) SKIP
test_show_vpe_system_time_ticks (test_vpe_api.TestVpeApi) SKIP
==============================================================================
TEST RESULTS:
Scheduled tests: 4
Executed tests: 4
Passed tests: 2
Skipped tests: 2
==============================================================================
Test run was successful
Type: feature
Change-Id: I893fc0a65f39749d2091093c2c604659aadd8447
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
|
|
Refactor both policy and policy-dpo nodes so they share the same code
for contract & acl lookup and for tracing.
This should help to implement new policy schemes.
Type: refactor
Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
from the draft:
3. Backward Compatibility
VXLAN [RFC7348] requires reserved fields to be set to zero on
transmit and ignored on receive.
Change-Id: I98544907894f1a6eba9595a37c3c88322905630e
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Type: feature
improve the tracing from:
00:00:01:259665: pg-input
stream pcap3, 42 bytes, 3 sw_if_index
current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:259690: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
00:00:01:259702: arp-input
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:259710: error-drop
rx:pg2
00:00:01:259717: drop
null-node: blackholed packets
to
00:00:01:283323: pg-input
stream pcap3, 42 bytes, 3 sw_if_index
current data 0, length 42, buffer-pool 0, ref-count 1, trace handle 0x0
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283348: ethernet-input
frame: flags 0x1, hw-if-index 3, sw-if-index 3
ARP: 02:03:00:00:ff:02 -> ff:ff:ff:ff:ff:ff
00:00:01:283360: arp-input
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283369: arp-disabled
request, type ethernet/IP4, address size 6/4
02:03:00:00:ff:02/172.16.3.5 -> 00:00:00:00:00:00/172.16.2.1
00:00:01:283374: error-drop
rx:pg2
00:00:01:283380: drop
arp-disabled: ARP Disabled on this interface
Change-Id: I49b915b84cf56d6c138dedd8a596c045c150c4fb
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Removed sctp buffer metadata from vnet/buffer.h, added it to the
plugin. Add registration APIs for plugin-based vlib_buffer_opaque /
opaque2 decoders, used by "pcap dispatch trace ..." for display in the
wireshark dissector.
Type:refactor
Not actively maintained.
Change-Id: Ie4cb6ba66f68b3b3a7d7d2c63c917fdccf994371
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Type: feature
Change-Id: Icb3c574100cde95ab5be4923c8739889cf7e48c6
Signed-off-by: Vladimir Kropylev <vladimir.kropylev@enea.com>
|