Age | Commit message (Collapse) | Author | Files | Lines |
|
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.
Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
|
|
format vlib_buffer_t::flags into interface output trace
Type: fix
Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
|
|
After deleting a sw interface with nat44 features, the next created
sw interface will get the same sw_index reused and therefore will
erroneously have the same nat features enabled.
Type: fix
Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg
which is a combination of gso_buffer and gso_size.
but if HostStack regardless the gso_size to the buffer and split the buffer with default mss,
that cause peer client failed on parsing the package.
Type: improvement
Signed-off-by: Dou Chao <chao.dou@intel.com>
Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459
Signed-off-by: Dou Chao <chao.dou@intel.com>
|
|
Type: improvement
The function vapi_wait() is intended to allow a caller to block while
waiting until the API queue can be read/written. It was a stub that
returned VAPI_ENOTSUP. Add code which implements the wait on being able
to read an incoming message.
Had to touch a few other things in vapi.h to make checkstyle.sh happy
after changing the prototype of vapi_wait().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ida80c1a1d34fe297ab23268087be65ea53ad7040
|
|
Type: improvement
The log buffer and event buffer get lots of messages written like
"Processed 2 messages" by linux-nl when its enabled. This can crowd out
more important messages and should only actually be stored if debug
messages are desired. Change from logging with NL_INFO() to NL_DBG().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f
|
|
Docstring in VPP Python API says that find_api_dir() will search for
environment variable VPP_API_DIR first and foremost, except it doesn't.
Prepend VPP_API_DIR if it exists, and allow dirs to be omitted in case
it will be the empty list []
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: Ic892e4bb7d8ff50f18e64ddfd2a61343883f07ea
|
|
NAT44 enable/disable return status was used
instead of appropriate VNET_API_ERROR_ code.
Type: fix
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
|
|
Don't redirect to "favicon.ico/index.html" if you can't find
"favicon.ico".
If asked to serve up a nonexistent path, see if the path ends with a
known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request
on the spot: "Error 404 Not Found." Do not issue a redirect.
This change will not break the obvious corner case: if the browser
asks for "its_a_dir.mp3/index.html" - and the file exists - the server
will produce it.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526
|
|
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0f087477e257f5119d7d6182d19f8796773a1f19
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369
|
|
Add plugin-path parameter to aid external plugin development.
Multiple directories are supported as a colon separated list.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ida35dedceccd0019ea68e56f7a3672c530258447
|
|
Use the Python API binding to generate a set of API messages
in binary format, that can later be replayed independently
of the Python API.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iaab6ca31fd2809193e461ab53f7cc7332a231eb5
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
To support testing of external plugins, add support to the test framework and PAPI
for specifying a list of locations to look for api.json files.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
if the api client didn't wait for the last message, we'd get a SIGPIPE
from Unix and VPP would crash.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iac7705ec09ccd67cc249cc9a9525a7cb379e2f6f
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Async use of the API is much faster than blocking calls.
Seemed like it only worked over shared memory transport.
This patches re-enables support for async calls over socket
transport.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I05f3b362035ce0a1c16788ba9003a35601ddb04e
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
The request vector generated by hss_ts_rx_callback() must be NULL
terminated.
The hss_main_t use_ptr_thresh member must be a u64 since
unformat_memory_size() expects it. Otherwise, the adjacent u8
enable_url_handlers may have an accident.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf
|
|
The metadata in classifier entries is used to index a fib or a dpo in
the acl nodes which can exceeds UINT16_MAX in large configurations.
To maintain entries size and alignment, decrease next_index from 32- to
16-bits: next_index should not exceed 16-bits in VPP, as it is already
shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node.
Type: fix
Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Add an http redirect template to generate correct-looking "301 Moved
Permanently" replies.
Supply a default value of 1<<31 for the use_ptr_thresh config parameter.
Expose hss_session_get() so friend plugins which register GET / POST
handlers with the http_static server can add data to the session fifos.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f
|
|
on an empty vector from ls
The return value in this function is initialized with 0, so if a vector of length 0 is passed
to stat_segment_dump_r, then this return value is never populated, resulting in inability
to distinguish between a successful dump of an empty vector and an error.
Solution: call vec_alloc(). As a side effect might get some trivial speed-up.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I33fefd801df457152e9ec257742305182e91f339
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
|
|
Type: improvement
Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
This change was introduced to workaround a bug in the NAT code, but
we should not woraround plugin bugs in infra.
Type: fix
Fixes: f8631ce7e8886136b4543a7926ffdf1bc760fb11
Change-Id: Id6ee281cf1fe8466b6522905fc2a176716e3d52f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Account for the potential of sysconf() returning -1 if it can not
get the page size and make it a fatal error.
Coverity: 277313
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628
|
|
Type: fix
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
|
|
convert vhost device driver to a plugin as described in
https://jira.fd.io/browse/VPP-2065
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
|
|
Support generic flow in native avf.
Enable necessary RSS hash function for generic flow. Extend some
structures and functions from for FDIR only to for both RSS and FDIR
flows. Modify virtual channel message to align with ice kernel driver.
Add functions to parse generic flow patterns. The parsing results will
be delivered to the kernel driver and create corresponding flow rules.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
|
|
The initiate handshake process can be called a numbers times for each
peers, then the main VPP thread called by Wireguard starting to
allocate memory. This behaviour can lead to out of memory when VPP has
a lot of Wireguard tunnels concurrently.
This fix add mutex to send only once handshake initiate at time for
each peers.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
|
|
Also, use connected udp for builtin echo apps
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie24d7e97f4f27b67df9ceff3c268954485255c2d
|
|
Write time into /sys/boottime on VPP start.
This allows a stateless control plane agent to validate if it's reconnecting to the same
VPP instance.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0
Signed-off-by: Ole Troan <ot@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
|
|
Maintain a single writer multiple readers usage model for transport
endpoints pool.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8555700ed725971341f145ea97f031042a298e83
|
|
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I477e92712e441c91789afdf9be389d967acfa799
|
|
The issue can be reproduced by running "vpp_get_stats tightpoll"
The root cause is that the control flow discards the "result" struct
being prepared, along with pointer its allocated name.
This results in a memory leak.
Type: fix
Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution
will fall into scalar path of processing packets. But with a wrong
initialization value for n_left set to zero, i in the for-loop will
equal to n_rx_packets. This leads to the bypass of required ip4 checksum
validation and byte count endianness conversion in scalar path.
Besides, refactor the code using while instead of for-loop to keep
consistency with VPP code style.
Type: fix
Fixes: bf93670c515d ("rdma: fix ipv4 checksum check in rdma-input node")
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
|
|
Type: fix
Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6
Ticket: VPP-2068
Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Type: fix
Fixes: a51f9b3747
Some IPsec message type definitions were not being written to
ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and
ipsec_sad_entry_add.
The cause appears to be that tunnel_flags, which is defined in
tunnel_types.api is a special case of enum called an enumflag. These do
not appear to have been handled in the code that generates the vapi
header files.
This patch adds processing of enumflag objects for vapi.
Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
Fast path spd was explicitely storing array of policy id vectors.
This information was redundand, as this inofrmation is already stored
in bihash table. This additional array was affecting performance
when adding and removing fast path policies.
The other place that needed refactoring after removing this array was
cli command showing fast path policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
|
|
Not ideal. The sparse vector used to map ports to next nodes assumes
only a few ports are ever used. When udp transport is enabled this does
not hold and, to make matters worse, ports are consumed in a random
order.
This can lead to a lot of slow updates to internal data structures
which in turn can slow udp connection allocations until all ports are
eventually consumed.
Consequently, reallocate sparse vector, preallocate all ports and have
them point to UDP_NO_NODE_SET. We could consider switching the sparse
vector to a preallocated vector but that would increase memory
consumption for vpp deployments that do not rely on host stack.
For reference, populating one of the v4 or v6 sparse vectors in reverse
order takes about 9.8s on a skylake cpu.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd
|
|
Implements the API for SRv6 Path Tracing
Type: feature
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
|
|
Type: docs
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84
|
|
Type: fix
Fib entries for attached routes when sourced from
FIB_SOURCE_API or FIB_SOURCE_CLI
get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source.
Such a route added from linux-cp doesn't get this flag.
Fix this flag for linux-cp sources by passing it to the
fib entry's update/create function in lcp_router_route_add().
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
|
|
Type: docs
Several kinds of policers are implemented in VPP.
However, they could differ from the RFCs it is
said they are from.
Additionally, the CLI command's help has been
updated with the current list of acceptable
parameters.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
|
|
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
|
|
Type: improvement
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
|
|
We add the crypto key to the vnet crypto library via vnet_crypto_key_add.
However, when the session is disconnected, we don't call
vnet_crypto_key_del and the memory is leaked in vnet_crypto library
as well as in pico tls key store.
It seems dispose crypto is the appropriate place to add
vnet_crypto_key_del.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
|
|
the batch
Type: fix
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
|
|
Leave tp_vfts vector out for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f
|
|
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec
Multi-Buffer library checks for both AVX2 and BMI2 sets during init.
VirtualBox VM doesn't provide BMI2 by default to guest operating system.
Result is that VPP plugin decides to use AVX2 initialization and library
then doesn't do it. Since flush_job remains empty, the self-check fails
and with that the whole VPP crashes on start-up.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
|