| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
|
|
For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.
The VPP symlink metric:
/interfaces/local0/rx_unicast
that points to
/if/rx_unicast
Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
|
|
Type: docs
Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace")
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
|
|
Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.
App does not need to be notified of the event.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
|
|
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
|
|
Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I777979dbb89f9af774533cb280e77af58b81fb29
|
|
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
|
|
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
|
|
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I27112947071a757065162f0e50f69983d258525d
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2c97faa2cdca32d083aabc3344c8fe67c74ff2fd
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a
|
|
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
|
|
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
|
|
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55
|
|
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
|
|
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
|
|
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
|
|
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
|
|
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
|
|
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
|
|
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
|
|
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
|
|
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
|
|
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
|
|
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
|
|
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
|
|
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
|
|
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
|
|
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
|
|
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
|
|
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
|
|
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
|
|
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
|
|
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
|
|
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
Gabriel Oginski
Ole Troan
Nobuhiro MIKI
Florin Coras
Mohammed Hawari
Tianyu Li
Filip Tehlar
Dave Wallace
Liangxing Wang
Alexander Skorichenko
Nathan Brown
Takeru Hayasaka
Ting Xu
Alexander Chernavin
Benoît Ganne
Damjan Marion
Dmitry Valter
Ondrej Fabry
Ofer Heifetz
Stanislav Zaikin
Yulong Pei
Maxime Peim
Artem Glazychev