Age | Commit message (Collapse) | Author | Files | Lines |
|
set asan default options in vppctl and vpp_get_stats
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I58e1ae1c91f4a62e80eaf4e16e9932d8bab17c74
|
|
Type: fix
Change-Id: Idc325a096903dcdfad5157db2eb728f2e61ce974
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: improvement
Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
IPFIX buffers are stored on a per worker thread basis. Currently, the
flush callbacks will flush only buffers stored for the main thread. And
buffers for worker threads will not be sent until their size reach the
path MTU configured for the exporter. So if traffic is constant, the
problem will unlikely to be visible. Buffers will be sent once they
reach the maximum size. However, if traffic stops at some point and
flush is triggered in order to make the plugin send all currently
buffered data, this will not happen. And collectors will not receive
that data. The plugin will keep the remaining data until traffic starts
again, the buffers reach the maximum size, and be sent.
With this fix, flush buffers for worker threads and for the main thread
when the flush callbacks are triggered.
This will allow to remove @tag_fixme_vpp_workers from the unit tests
that don't set timers. The tests that set timers will still be failing
for other multi-worker related problems.
Type: fix
Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: improvement
The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.
Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.
Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.
There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.
Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
When link state interval is 3 and stats interval is 10, updates
for stats will be made every 12 seconds (next number after 10,
that divisible by 3). And if you get counters every 30 secs, you
will get ideal "saw"-line instead of real smooth chart.
This commit makes smooth line on stats intervals that are divisors
of the charts update interval (regardless of link state interval),
and makes it possible to configure them.
Type: fix
Fixes: cb9cadad578297ffd78fa8a33670bdf1ab669e7e
Change-Id: Ia4350467be2b0ec0c1be37c7fda63f43b3330f44
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
|
|
In case of both stdin and non-interactive inputs are there
vppctl parses them all, causing mixed corrupted output:
$ echo foo | vppctl sh bar
show: unknown input `bar'
unknown input `foo'
This is not desired, stdin should be ignored if there's a command
but still allow stdin commands - following cases are still equal:
$ vppctl foo
$ echo foo | vppctl
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I98667391627150c98a57d49ae544e48ef3351f34
|
|
This patch adds support for VF and loopback device.
Type: feature
Change-Id: I1ea92f3a1161851957206300ab921c27290b0305
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
Uninitialized stats time for new dynamic processes (like unix
cli) leads to invalid and too high clocks diff, breaking the
stats collecting.
$ sudo vppctl sh runtime | grep unix
unix-cli-new-session any wait 0 0 30 2.72e3 0.00
unix-cli-process-0 active 14 0 27 3.73e15 0.00
unix-epoll-input polling 6464 0 0 3.56e6 0.00
unix-epoll-input polling 68360 0 0 1.31e3 0.00
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ic70678b67a3fb3f78ed4a1a03077ae243ed5d7cd
|
|
As similar 535364e90459566b603661c3dbe360c72f59ad71 is
merged, printing possibly deleted interfaces by index
only in all the rest cases.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
|
|
Change-Id: I0fcda3e7afaab037bd12d0079d6639c6cbe8647e
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I1c900bbe441c6797215f16e99b71149904aa745f
|
|
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1)
- add locally generated flag in ICMPv4 buffers (reflect ICMPv6)
Type: fix
Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
BPF filter w/o optimization can take x2 - x3 more instructions,
causing significant slow down in fast path.
Enable pcap optimization by default via cli and introduce api v2
with pcap optimization control, keep v1 for a while as it exists
in previous release already.
Intriduce bpf filter cli dump, similar to tcpdump -d.
Also fix memleak, function name typo, cli pcap format hint and
add related tests.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
|
|
Type: improvement
Change-Id: I6f99f09c7724ce656a4f41a1d5f9c88d74c00faf
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
|
|
Fix crash while adding intf-rx ip4 and ip6 routes via api due
invalid exporting of interface rx routes as attached.
Also, add missed route path via rx-ip6 cli support.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
|
|
Adding two elements to the full svm queue passes exact
bounds check, therefore tail gets overwritten w/o any
waiting. Fix it with requiring at lease two free slots.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I704ee606c47b523952cb965f848339ae1988cb60
|
|
Type: fix
Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru>
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
|
|
Type: fix
Change-Id: I11cc52ff3867277e6591efb061f96cadfcc70c88
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The existing comparision triggers the following clang assertion:
error: result of comparison of constant 50331648 with expression of type
'u16' (aka 'unsigned short') is always true
Section 9.1 of RFC3315 describes the DUID type field as:
"A DUID consists of a two-octet type code represented in network byte"
correctly convert the local type to a network short for the comparison.
Type: fix
Change-Id: I7cb048035bd5e06372e29471ae6004ee1b2191b9
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: feature
Change-Id: I3485e1627eafc5125255985003573247e7562db2
Signed-off-by: Kommula Shiva Shankar <kshankar@marvell.com>
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
After 9a9604b introduced adaptive mode for crypto dispatch,
the performance of async mode at lower rate got worse.
A work around for CSIT test is done by changing dispatch mode via explicit API call
in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02
In this change, the CLI is brought back to allow user to fix the
dispatch mode.
set crypto async dispatch mode <polling|interrupt|adaptive>
Type: improvement
Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
|
|
Type: improvement
Change-Id: Ie042605e50656229874b7a93638f0f04c894410f
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
|
|
Type: feature
Change-Id: If63f39211288ab2eba8bc1ab50a2a4c7755abc66
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I787825dea7f82748537cc4372104cc6647cf2132
|
|
libepoll-shim has some hacks to enable functionality, one of these
redefines close as a macro. This conflicts with a close call back. On
FreeBSD undefine this macro at point of use.
Type: improvement
Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: If27702d2a9755e0e0a6eaeab4cf26b4974444b44
|
|
Type: improvement
Change-Id: I3ab8df625524b5ff85e62760f5e29daf0d650773
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Change-Id: I8832839738b96495bd775a778dd736bb25e1236c
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Linux doesn't support the Linux idiom of using lseek and a write to set
the size of a file, instead use ftruncate to accomplish the same effect.
This change is taken from the Nanoteq VPP port commit:
https://github.com/ftk-ntq/vpp/commit/04a1b19b37e791accc61b91f3f413d8bc8b1ff8f
Type: improvement
Change-Id: Ie0b83e751b8b8f20b6814e5c9f760035747dfad9
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: I7693f2647f65f662c9b20f77bbf7e1a530b58259
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD doesn't offer epoll, but an implementation which uses kqueue is
available as an external library. On FreeBSD in subsystems which require
epoll have cmake look for libepoll-shim.
Type: improvement
Change-Id: Iafd5406a9e2ebaa53fd94034489ffbbf87a7d040
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD only defines posix scheduling policies, remove the others from
the for each look to allow build.
Type: improvement
Change-Id: Ifdb9414417e8b6ffdf216fd001708b347c496b97
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Add support for adding Linux and FreeBSD specific sources to
add_vpp_library and support for installing Linux specific headers. Don't
add support for FreeBSD specific headers until we have some to install.
Type: improvement
Change-Id: I38549cf4d71999b71b3298e529323956e54ddc36
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
|
|
When an other interface is specified to generate packets from, we should
bind its sw_if_index to the pg interface to use.
Fix if_index_by_sw_if_index variable name, and force to specify a pg
interface to source traffic from.
Type: fix
Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's
max path is 4 bytes shorter than Linux's.
Type: improvement
Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD has its own set of syscalls for getting current CPU and NUMA
domain information. Stub out these calls and return CPU 0 and NUMA domain
0 as placeholders until we bring in FreeBSD specific calls.
Type: improvement
Change-Id: Id61df0273b0bcc6acf4844ee626e4f246f9f217b
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4
Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
|
|
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.
In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)
As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
|
|
This is a prerequisite patch for the following openssl API optimization
patch, which tries to offload openssl ctx init and key expansion work to
the initialization stage.
Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it
modifies the keys, the underneath openssl crypto engine shoud be informed
of the changes to update the openssl ctx.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
|
|
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
|
|
Use udp transport refcnt instead of local port refcnt when accepting new
connections.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
|
|
Type: improvement
Change-Id: Idb318eb386617013015c43153bf0bd92fa28b9b6
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: improvement
Change-Id: Ia9295b79340a18de6eb5fe80877dcf4ce97b35eb
Signed-off-by: Tom Jones <thj@freebsd.org>
|