Age | Commit message (Collapse) | Author | Files | Lines |
|
Immediate benefit is ability to use hugepage backed memory.
Type: improvement
Change-Id: Ibcae961aa09ea92d3e931a40bedbc6346a4b2039
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
When dNAT-ing to a VIP, it can happen
that the return session conflicts with
another forward session than the one
we own.
This patchs adds a rsession_flags
CNAT_SESSION_RETRY_SNAT that makes cnat_session_create
search for a free src port to use for the
resulting return session.
It also makes forward & return session
share their fate in the session scanner.
Type: fix
Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: fix
Calling vnet_hw_if_register_tx_queue should
be done with the worker barrier held, as
virtio-pre-input might be grabbing a queue
while a memif connect event is triggered.
Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
There is no need to verify the checksum for packets that have the IP
checksum offload flag set. This uses the same logic as
ip4_ttl_and_checksum_check.
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
|
|
Checking for existence of source address on interface prevents creating
session before assigning address to said interface. Removing this check
allows more flexibility when configuring BFD feature.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ia57960e29b5dbdb758a7a64193c28f21482f229e
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib3d1ac6c82bc0c00e445b15d4102e4fd755f8e2d
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic8cc12788d9062f30faa992afaecc0c64078c4d7
|
|
Type: improvement
Change-Id: I17778e89674da0e8204713302e2293377bdabcbc
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
On the forst vector alloc values are stored into header.
Later, when vector grows values from header are used istead of provided
ones.
In the debug image code will assert if same values are not provided.
Type: improvement
Change-Id: I8fdcfa495e9c1df0f6392c90f634e8c74b73b328
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: refactor
Change-Id: Ibd29a717eaf12d795b3bceb31835d6fc655268b1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Id705dab895602a60b053296b560ca3db5b0cd344
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Add missing translation of ICMP inner IP layer.
Change responsible test so that it actually tests something.
Type: fix
Fixes: 4881cb4c6f
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
|
|
For some unknown reason sometimes calling exec() ends up on weak
exec() defined in src/vat/api_format.c which return -1 instead of using
one few lines above.
Another proof that use of weak symbols is bad idea.
Luckily this can be easily workarounded.
Type: fix
Change-Id: Ic84e8525bff75c1b8186c233cd524aac4d95c8b5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib2e1d847607c9c7d928b174b87e5c21d53153ebe
|
|
Update persist timer if data sent during snd_wnd < snd_mss was acked.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5c75ff8ddc0e49750b2088237d32afa4eda99e7f
|
|
In order to support the requirement of RSS and packet steering of new
protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern
is introduced in vnet flow. The generic flow pattern is based on DDP
(Dynamic Device Personalization) function and Parser Library module in
DPDK. Using generic flow pattern, we do not need to create new packet
and field type and offset in API parser for every new protocols. We can
create flows for any protocol immediately as long as supported by DDP.
The generic flow can be used to support 5G related protocols in
different scenarios.
The input of this generic pattern are two binary strings for spec and
mask. Spec is the binary presentation of the target packet type, and
mask is used to mark the target fields.
In this patch DPDK plugins is enabled for POC. Next step we will enable
generic flow in native IAVF, which is the main target.
Here is an example. If we want to create a flow for GTPU QFI,
spec is:
00000000000100000000000208004500003C00000000001100000101010102020202000
008680028000034FF001C00000000000000850100010045000014000000000000000001
01010102020202
mask is:
00000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000007F0000000000000000000000000000
00000000000000
A naming API POC is created via VAPI to help create the rule with
the target packet format similar to Scapy. It is based on a function
module called PacketForge. In this way, the user no need to create
binary string spec and mask by themselves.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
|
|
Type: improvement
Change-Id: I531115f32c484e4c4794173d24e15f3b5b8f547b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The index i was incremented in the wrong place, and the check on the
presence of a next buffer in the chain was actually done for the
next desc_status rather than the current one.
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
|
|
Rename vec_capacity to vec_mem_size as it returned the size of the
underlying memory allocation not the number of bytes that can be used
for vector elements.
Add new vec_max_elts macro that returns number of elements that can fit
into generic vector.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e53a2bfa6e56a89af62d6ddc073ead58b8c49bb
|
|
Change-Id: I09d2da73eff42c52ba1373acc99ff28f283a6725
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
With DPDK plugin, VPP does the DMA page map in IOMMU, only when
DPDK supported ethernet devices are present. As a result, Mellanox NIC
and QAT combo doesn't work. As part of this fix, DPDK supported
crypto device check is added to do the DMA page map.
Type: fix
Signed-off-by: mgovind <govindarajan.mohandoss@arm.com>
Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
|
|
Type: improvement
Change-Id: I85dd3d34bcb175dd68dda34a58cd454848a0fc2b
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fixes a minor issue that causes printing an error message when there is no error.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
|
|
Type: fix
Change-Id: I298d2a5067f7949002e6c010f892553f1eb9f477
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
This patch improves the per dpdk-input loop number of packets
received from the port. The change mimics how packets rx happened
before VPP 22.02/DPDK 21.11: instead of trying to rx huge number
of packets (256) in one go, rx more times with up to 32 packets
max each time.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
|
|
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report.
Type: fix
Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
The tlsmbedtls plugin should only be built if mbedtls libraries are
present.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I24364177d24ea744f24f808f492be08adff3690b
|
|
This fixes a crash caused by client closing socket before adding worker.
During detach vpp tries to delete worker based on invalid worker index.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
|
|
Type: refactor
Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I2eb5543aa470094d4c5ad420a2fcc9873b7808e1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF.
Type: fix
Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com>
Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
|
|
Type: refactor
Change-Id: If180816303909b92c9aa4ff9fd70dc7938a6cfbe
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: refactor
Change-Id: I0a40e22e1439e13ffdbcbd6fd7cad40c8178418c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3425350f5e874df79716bd726900540629793beb
|
|
Type: fix
The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
|
|
Type: refactor
Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Deadly combination is clib_{set,long}jmp + lazy linking + tail call compiler
optimization. On the first call to clib_setjmp, dynamic linker executes loader
code which then calls clib_setjmp, so stored stack position contains dynamic
loader data. Tail call optimization simply jumps back to the calling
code when clib_longjump is called and that results in wrong return
address used from the stack.
Change-Id: Ia7d8dbd5b2c425cdd0449374aa07ab6b684a330e
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
As per IPSec RFC4301 [1], any non-matching packets should be dropped by
default. This is handled correctly in ipsec_output.c, however in
ipsec_input.c non-matching packets are allowed to pass as per a matched
BYPASS rule.
For full details, see:
https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480
It appears the ipsec6_input_node only matches PROTECT policies. Until
this is extended to handle BYPASS + DISCARD, we may wish to not drop
by default here, since all IPv6 traffic not matching a PROTECT policy
will be dropped.
[1]: https://datatracker.ietf.org/doc/html/rfc4301
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
|
|
While setting an ACL, a user can specify the adjacency to follow after
the input ACL node. Thus, we may skip a lookup and enter directly a
local node (ex: ip4_local). To prevent the local source check from
failing, we need to specify the fib index. And, we have to do it just
before exiting the input ACL node because the l2_classify object
is overlapping with the fib_index in the vnet_buffer_opaque_t struct.
We could have added a padding to avoid this overlap but there is no
place for that in the structure.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
|
|
Type: improvement
Currently, when an interface is brought down administratively, IPv4
routes that resolve through that interface remain in the FIB. However,
the kernel removes those routes but doesn't send any notifications about
that. Desynchronization between the kernel and VPP happens.
With this change, when a notification received from the kernel
indicating that an interface was brought down, in addition to bringing
the VPP interface down, walk the IPv4 FIB bound to that interface and
remove any entries that resolve through that interface and were added
with one of the linux-cp FIB sources.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
|
|
Type: fix
- IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer
- IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places
- IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local
- IPv6oMPLS should send back TooBig ICMP6 for non locally generated
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
|
|
Type: fix
Primarily fix an issue reported by Coverity in
lcp_nl_open_sync_socket() that close() could possibly be run with
negative fd. Also, add more checks and error logging there.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
|
|
Type: improvement
Currently, read event signal is sent on every notification message
received and added in the queue.
With this change, signal read event only when all currently available
notification messages are received.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
|
|
Type: improvement
Currently, while reading notifications, ENOBUFS error is ignored and
reading continues. This was done to minimize the number of notifications
that are lost due to reopening the socket.
Now that synchronization is implemented to recover from socket errors,
ignoring ENOBUFS and reading as much notifications as possible is not
actual. Before synchronization, all currently enqueued notification are
discarded in any case.
With this change, stop reading notifications if any error occurs.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
|
|
- make sure we do not overflow
- skip unknown messages if we can
Type: fix
Change-Id: I0efbe7376d9d78f6b0ec8018c0813400e6653698
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
if original packet was to the link local, then the
fib index in the buffer is that of the LL table, we can't use that
to foward the response if the new destination
is global, so reset to the fib index of the link.
In other case, the fib index we need has been written
to the buffer already.
Add a test for IPv6 ping in an MPLS-VPN where int inout interface is
not the the same VRF as the response should be sent.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
|
|
Type: improvement
For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages.
The rate limiting is done based on src,dst IP address of the received packet.
the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
|
|
Type: improvement
When dump of neighbors is requested, the replies will also include
neighbor entries for IPv6 multicast addresses:
GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16
GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35
GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02
Such entries are not reported in netlink notification messages and
VPP is unlikely to use these.
With this change, ignore neighbor entries when the IP address is a
multicast address.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
|
|
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements.
Type: fix
Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|