Age | Commit message (Collapse) | Author | Files | Lines |
|
Type: fix
Change-Id: I0df14ff87d0bf51eeb392f72434febf6c4a2957a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ib01ed3231321f0f38c4b1deb885c4cf718cc0147
|
|
It naturally belogns there...
Type: refactor
Change-Id: I05f7ba01103a5e9b3756f1ea69c8cc5d8f26f0a0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Configure TCP MSS clamping on an interface as follows:
set interface tcp-mss-clamp [rx|tx] <interface-name>
ip4 [enable|disable|rx|tx] ip4-mss <size>
ip6 [enable|disable|rx|tx] ip6-mss <size>
Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
- For check patchset ignore files outside of src directory
- For check patchset ignore files that have version < 1.0.0
- fix Pylint warnings
- Modify vppapigen_crc to include version in JSON output
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I171cf6397e129e2438b2a494c5656236a7810f7b
|
|
Coverity complains that the statement
if (!e)
return -1;
is never true and is logically dead code in the subject function. It is
right. e is assigned in both the if and else statementes immediately above
and can never be null.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic2d0e76eff696ee689a68a07913876dcecf5c647
|
|
Change dpdk_ops_vpp_get_count() return value from 0
to actual available pool size;
For some drivers/envs(azure,vmbus) rx_queue size
will be zero and the only 1 element will be created
(0 + 1)
When more than one packet will arrive, it will cause
SEGFAULT
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
|
|
Type: feature
This feautre only applies to ESP not AH SAs.
As well as the gobal switch for ayncs mode, allow individual SAs to be
async.
If global async is on, all SAs are async. If global async mode is off,
then if then an SA can be individually set to async. This preserves the
global switch behaviour.
the stratergy in the esp encrypt.decrypt nodes is to separate the frame
into, 1) sync buffers, 2) async buffers and 3) no-op buffers.
Sync buffer will undergo a cyrpto/ath operation, no-op will not, they
are dropped or handed-off.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
|
|
Type: improvement
In the current scheme an async frame is submitted each time the crypto
op changes. thus happens each time a different SA is used and thus
potentially many times per-node. thi can lead to the submision of many
partially filled frames.
change the scheme to construct as many full frames as possible in the
node and submit them all at the end. the frame owner ship is passed to
the user so that there can be more than one open frame per-op at any
given time.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic2305581d7b5aa26133f52115e0cd28ba956ed55
|
|
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a
compiler error for an unused result of the function.
Type: fix
Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
|
|
Fix places where "Marvel" is used incorrectly instead of "Marvell".
Type: style
Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error due to implicit declaration of
vnet_hw_if_get_rxq_poll_vector by including the header file that
declares this.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
|
|
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea.
Type: fix
Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
The sw crypto scheduler converts crypto frames to individual crypto
operations. This is done by reusing per-thread vectors for crypto,
integrity and chained operations.
The crypto op flags must be reset to frame flags minus invalid values
depending of the operation.
The previous tentative also cleared the chained buffer flag, breaking
jumbo support.
Type: fix
Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: feature
Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
|
|
Coverity complans the line
h = hashes;
uses uninitialized variable if the prior ASSERT statement is hit.
ASSERT is compiled out coverity as well as in release image. So the
complain is legitimate. Change the ASSERT to drop the frame and log
an error instead.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
|
|
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules
to the include directories to allow use of system DPDK where the
headers aren't under standard include directories.
Type: fix
Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1
Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
Fix compile error in mrvl_pp2_delete_if caused by unused variable by
removing that variable.
Type: fix
Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
|
|
We hit a crash when the client sends us a bogus deescriptor which causes us
to access memory beyong the mapping. While the client clearly should not do
that, it is rather cheap for VPP to validate the descriptor instead of crash
and burn.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id09035810939f5f98530f212f0b23e606132251d
|
|
Enable DPDK AVX-512 Vector PMDs on Intel Icelake
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
|
|
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
|
|
Compiling VPP on CentOS 7 will fail shown as below. The root cause is
that uh_sport/uh_dport field names for struct udphdr are chosen only if
macro __FAVOR_BSD in /usr/include/netinet/udp.h is defined for glibc
version less than 2.19. Fix this issue by using source and dest field
names in struct udphdr for compatibility reasons.
FAILED: vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o
ccache /opt/rh/devtoolset-9/root/bin/cc -Dvppinfra_EXPORTS -I/vpp/src -I. -Iinclude -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=corei7 -mtune=corei7-avx -O2 -fstack-protector -D_FORTIFY_SOURCE=2 -fno-common -flto -fno-fat-lto-objects -fPIC -fvisibility=hidden -ffunction-sections -fdata-sections -MD -MT vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -MF vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o.d -o vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -c /vpp/src/vppinfra/unix-formats.c
/vpp/src/vppinfra/unix-formats.c: In function 'format_udp4_packet':
/vpp/src/vppinfra/unix-formats.c:319:19: error: 'struct udphdr' has no member named 'uh_sport'
319 | u16 source = udp->uh_sport;
| ^~
/vpp/src/vppinfra/unix-formats.c:320:17: error: 'struct udphdr' has no member named 'uh_dport'
320 | u16 dest = udp->uh_dport;
Type: fix
Change-Id: Ifc99c7286ea3fac463096152267033ac0518c230
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
|
|
cf may be removed when:
1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal
message, secondly reading 0 bytes because of socket client crash, then
cf removed without clear message added to pending event data vectors
before
2. clib_file_write called
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I4523e9bb322e98357575925f3113f710d70dd679
|
|
Type: fix
Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a
Signed-off-by: Vengada Govindan <venggovi@cisco.com>
|
|
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync
protection. This can cause data contention with the worker threads. Wrap
all calls to vnet_feature_enable_disable with barrier sync and barrier
release.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I74545b074599273429f47e3e726551156bc11bbc
|
|
Old auth data is needed when generating new one.
Type: fix
Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
If no pcap filters have ever been configured and we try to enable pcap
capture with a filter, cm->classify_table_index_by_sw_if_index is not
initialized yet.
Type: fix
Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
This fix the classify filter if we attach several different filters.
This also fix some issues with l3 and l4 parsing.
Type: fix
Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
|
|
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
|
|
Type: fix
Change-Id: I2384e052bee91a275c3b97a00542819b1d646c88
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I23d1dda86c781ac077dbee7cb0e1ddeaa328c660
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
|
|
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Avoid changing the header on attach as it may be in use. Instead, as for
chunks, allocate header to be collected on detach.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib316ecb5d61ae161032869b6f6a1863f1105a1d9
|
|
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
|
|
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
|
|
Type: fix
Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
|
|
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|