Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I2d1c5e4dbdcab2a81d6c88801183ca0bbc83e1d9
Signed-off-by: flyingeagle23 <wang.hui56@zte.com.cn>
|
|
(VPP-682)
This fixes the previously-implicit "drop all non-first fragments" behavior
to be more in line with security rules: a non-first fragment is treated
for the purposes of matching the ACL as a packet with the port
match succeeding. This allows to change the behavior to permit
the fragmented packets for the default "permit specific rules"
ruleset, but also gives the flexibility to block the non-initial
fragments by inserting into the begining a bogus rule
which would deny the L4 traffic.
Also, add a knob which allows to potentially turn this behavior off
in case of a dire need (and revert to dropping all non-initial fragments),
via a debug CLI.
Change-Id: I546b372b65ff2157d9c68b1d32f9e644f1dd71b4
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9fc0c26c6b28fd6c8b8142ea52f52eafa7e8c7ac)
|
|
Change-Id: I97e03d98758a08b1f75a9a1f35f0181385a10ae8
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
- single-hop BFD: attach a delegate to the appropriate adjacency
- multi-hop BFD [not supported yet]: attach a delegate to the FIB entry.
adjacency/fib_entry state tracks the BFD session state. when the state is down the object does not contribute forwarding hence and hence dependent objects will not use it.
For example, if a route is ECMP via two adjacencies and one of them is BFD down, then only the other is used to forward (i.e. we don't drop half the traffic).
Change-Id: I0ef53e20e73b067001a132cd0a3045408811a822
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- update default flags
- add missing flag learn
Change-Id: I50a1a001848769836468838775b59d3414d27710
Signed-off-by: Choonho Son <choonho.son@gmail.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
when tunnel is deleted reply should include the tunnel's sw_if_index
instead of ~0
Change-Id: Ie5e04f4feab9cf2c90f0e155ec0fb9ca839a956d
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I0a6989c6963956f3e60e8c50835c57845fccef8c
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Make BFD ARP-aware when sending out packets.
Fix a few one-liner bugs discovered while integrating with cisco
nexus. Enhance CLI view to better observe session state.
Change-Id: I266c29492f351207b84328ab665d9d697969da9c
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: Id15b401223aabe7dacb7566c871ebefc17fbb1fc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 7fd3f513c7df198c45204eba0a3e9a3abe509593)
|
|
Change-Id: I935620798d6fe82b99b6bd564749e20a189b4ae3
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: Ib83baf6ddec4ac192f6b4123d9eb599fb370fd0c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I190696da5555c05074ee0eee32eb914bd16e38fb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Refactors the GRE node to work with both IPv4 and IPv6 transports.
Note that this changes the binary configuration API to support both
address families; each address uses the same memory for either
address type and a flag to indicate which is in use.
The CLI and VAT syntax remains unchanged; the code detects whether
an IPv4 or an IPv6 address was given.
Configuration examples:
IPv4 CLI: create gre tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 CLI: create gre tunnel src 2620:124:9000::1 dst 2620:124:9000::2
IPv4 VAT: gre_add_del_tunnel src 192.168.1.1 dst 192.168.1.2
IPv6 VAT: gre_add_del_tunnel src 2620:124:9000::1 dst 2620:124:9000::2
Change-Id: Ica8ee775dc101047fb8cd41617ddc8fafc2741b0
Signed-off-by: Ciara Loftus <ciara.loftus@intel.com>
|
|
Change-Id: Ic5bd7da08f8a46b548d56516e4633f0b8badf2a1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I16606757176649e61f0a51895329586311144766
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ic2d33b31ba88f6d9602a22439865637d98cf4a33
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: Ibc293aa1305126920c0b2c44df1f7a7d5ae9ea9d
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I24577bd32ae23fbe8515cc8d960eab5448ce3b5c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I48bf6c46d78773669e76dc4749be3b1af80782f4
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Create an elog_merge utility, extracted from test_elog.
Change-Id: Ide137b4858c88b3a2885583b7fbb15ddc4963af9
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I844ec53b55ceaa1e00996f5cf8a018537ea8b481
Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
|
|
Change-Id: I2a1246061e57c4caae0a1a1b861c459d115860cd
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I316862e1d33e5d10c058317cc4827304e55ceba4
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I03195a86c69f84a301051c6b3ab64456bbf28645
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
- added persist timer
- update rcv_las whenever sending an ack
- moved fifo size to its own cache line
- improved session and builtin client debugging
Change-Id: Ia649cf942cf0c061a713e8b67f0eb6974a6cd55b
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Added new CLI command
- create bridge-domain <bridge-domain-id>
- create bridge-domain <bridge-domain-id> del
Change-Id: I1a7d632c7daa3c37b7f424a184e8fabd489518e9
Signed-off-by: Choonho Son <choonho.son@gmail.com>
|
|
fixed arp registration without allocating the event
added protection against identical ND registrations
Change-Id: I4e2db4913b35d895d8686ada1f0818920f276ad6
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Fix a decade-old ridiculous qsort function bug. Managed to subtract
floating-point numbers as if they were integers, leading to
manufactured time-paradoxes. That completely confuses g2, leading to
the summary disappearance of entire tracks' worth of data at high zoom
levels.
Add a manual alignment tweak parameter to elog_merge, users can
dial-out time paradoxes caused by NTP-grade clock synchronization.
The event-logger has a precision of O(100ns), whereas NTP
synchronization is O(1ms).
Change-Id: I69dedabaa314f69f9df74ec9ee66e21e6c87f703
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
1) 16-8-8 stride. Reduce trie depth walk traded with increased memory in the top PLY.
2) separate the vector of protocol-independent (PI) fib_table_t with the vector of protocol dependent (PD) FIBs. PD FIBs are large structures, we don't want to burn the memory for ech PD type
3) Go straight to the PD FIB in the data-path thus avoiding an indirection through, e.g., a PLY pool.
Change-Id: I800d1ed0b2049040d5da95213f3ed6b12bdd78b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I3ed2834a326eac50a7cb4faa592f42fd06325d5a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I6ff7b65a400734a47bc0a7d03faf86ef1cf4f8c8
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I4dbd0dbd1e24bbf7c66fb9a2c055c8bc11d3817d
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I1aa25ef11dc75002cb9b6aac0981af00026e57ce
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Make sure pid field in these API messages is stored in network
order (it is also kept and used by VPP in network order).
Change-Id: Id5d08e7a45b7e49d4b840a337458d99414d0b949
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I4467f26da5bdcfd76e5914e0124a83b659757947
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- use the counters in a private struct rather than node error counters
- ensure the timer for the non-idle connections is restarted
- fix the deletion of conn at the current tail the list
Change-Id: I632f63574d2ced95fb75c5e7fb588c78fb3cce1c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 097051a3bd1f63a177c0728f15375afd84a68918)
|
|
Change-Id: I86089e9bb604adfc260a111685001be1c897ce53
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: If1c68fc63fa71fab198f2bf4f79bdd7a9841c2e8
Signed-off-by: shwethab <shwetha.bhandari@gmail.com>
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Change-Id: I1eab03525f234139ceefbc9b9895a35a03a56910
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
|
|
Fix the bug and add the unit test to start with ping test coverage
Change-Id: Ibeacbed1f1660e677faa2dbb2ebe386216693e96
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Change-Id: I6081a38af3817f0957a2faf0e3e41afa4a74f3a4
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
we should not suppress arps on remote interface instead we should flood them to the local one
used shg != 0 to identify packets from remote interfaces and disable arp term l2 input feature for them
Change-Id: I701537c05df7451a25ccb5bfc9e2b03ea70cff20
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
Change-Id: I19b16d3e04a187ffe736fae868941957c70edf62
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I3f67d32d5d76069a27176deef6cba0c1a194b7ec
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Id3398bd4b7a56c168aaab37942b92715e19d4025
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ie77c8d57d0b0a153742d55ff0a8a9d72791d8b20
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
indirectiob throught the map-DPO
Change-Id: Ifb72a1c1258440fdc4845aca8aecf2abd63526b1
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - make the default route non-special, i.e. like any other less specific route. Consequently, all buckets have a valid valid index of either a leaf or a ply. Checks for special indeices in the data-path can thus be removed.
2 - since all leaves are now 'real' i.e. they represent a real load-balance object, to tell if a ply slot is 'empty' requeirs chekcing that the prefix length of the leaf occupying the slot is slot than the minium value for that ply.
3 - when removing a leaf find the cover first, then recurse down the ply and replace the old leaf with the cover. This saves us a ply walk.
Change-Id: Idd523019e8bb1b6ef527b1f5279a5e24bcf18332
Signed-off-by: Neale Ranns <nranns@cisco.com>
|