| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
- add patch to scapy to use latest six module instead
of the old scapy specific six module which fails to
import moves sub-module on python 3.12
- fix warning for deprecated legacy editable install of vpp_papi
- skip failing testcases on ubuntu-24.04
Type: test
Change-Id: Idc1a008c6e45ba69caa50c2e245012eb05effed7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: improvement
Change-Id: I629add6e3f4219d56610c3785013f69dbe847844
Signed-off-by: Adrian Villin <avillin@cisco.com>
|
|
Type: fix
Change-Id: Ifac0e2aca83fa2a79b65d8d1a40add02051287d2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Since scapy 2.4.4, scapy will not decode the next layer if the fragment
offset is not 0 - IOW it will decode only for the 1st fragment.
See https://github.com/secdev/scapy/commit/f1c26e77c535598f84b01035ac8ac465def30c72
Type: fix
Change-Id: If738734f90b15b24c0d98fec4bce4ff48c6d5fea
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
current approach saves state in per-thread data structure. in
multi-worker + nat-t cases udp/500 and udp/4500 might be dispatched on
different workers. this patch adds hands off packet to 1 explicit thread
- 1st worker (or main thread in case there're no workers) or to thread
that was explicitly set by user via configuration
Type: improvement
Change-Id: Ib5cd9a4b8612dfaa63b276035709524f7a492d4f
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
the former code was re-allocating the vector when padding takes place.
it's not necessary since we have the correct size. also, it caused
issues since upper layer doesn't know about re-allocation and it caused
crash. with this patch many test-cases are enabled again.
Type: fix
Change-Id: Idf0b320101670ec64d62e9aac6399cc7c54c996f
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
|
|
- Required for Ubuntu 24.04 LTS jobs
- temporarily disable TestIpsecEsp1 and
TestIpsecAhAll tests until a patch can
be added to fix them
Type: test
Change-Id: I1ae7b170117182c3252629bbbb770775e2c496c9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Plugin code is incorporated in http_static plugin for longer time.
Type: refactor
Change-Id: Ib74adb2a79d3ee715bbc994d77bc7718faf7184f
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Type: test
Change-Id: I022a3435429976590b8e8e2e1abe924188d1c3f9
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
session table
When an application namespace is added, we call session_table_is_alloced
to see if we need to allocate a new session table. That check returns true
even if we removed the session table.
The fix is when we delete an application's global session table,
we need to invalidate fib_index_to_table_index.
Fixed test_vcl test script to run two tests back to back.
The 1st test deletes the application namespace at the end.
The 2nd test adds the application namespace in the beginning.
Type: fix
Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59
Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Type: test
Change-Id: I4e945b2bd067466afdaa58a6f07a1ab2c567bc2b
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
lock the vrf table when adding an application namespace and
unlock the vrf table when deleting an application namespace.
Free the session table when no more application namespace
uses it anymore to avoid memory leaks.
Type: fix
Change-Id: I10422c9a3b549bd4403962c925e29dd61a058eb0
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
Introduce "none", "all" and "failed" options for --decode-pcaps
parameter. Keep "failed" as default to be consistent with current
behaviour. Add missing documentation to test/Makefile and passthrough to
Makefile.
Rationale: running tshark binary takes about 100-150ms and if there are
thousands of pcap files, it takes minutes to decode them. This might not
be desirable if rerunning the tests repeatedly during development.
Type: improvement
Change-Id: Ie033521d51d18b9d499b9bc40fe6eff21c94622d
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Check and skip VPP_EXCLUDED_PLUGINS tests for most of plugins.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I23fd3666729251c639aa8da72a676058e3f5bb4e
|
|
In some cases we do not need multicast support. Making it optional helps
scaling to high number of VRFs, by reducing the control plane operations
and memory consumption.
Type: improvement
Change-Id: Ib34ed3fe2806e2f4624981da4e4a3c49c69f70be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Also rework the logic so the skipping of marked Ubuntu 22.04 occurs at framework level
Leave debian11 special cases as-is.
Type: fix
Change-Id: I481eb32cd1a0860935482e9f930ced409da653c9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Do not mark drop paths as imported to avoid crashes on invalid table lookup.
```
vpp[8478]: /build/Vpp2310/source/src/vnet/fib/fib_table.c:35 (fib_table_get) assertion `! pool_is_free (ip4_main.fibs, _e)' fails
#9 0x00007ff21785da1d in _clib_error () from /lib/x86_64-linux-gnu/libvppinfra.so.23.10
#10 0x00007ff218087698 in fib_table_get (index=4294967295, proto=FIB_PROTOCOL_IP4) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:35
#11 0x00007ff218087a37 in fib_table_lookup_exact_match (fib_index=4294967295, prefix=0x7ff0eae0d354) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:100
#12 0x00007ff2180bc938 in fib_attached_export_import (fib_entry=0x7ff0eceac3e0, export_fib=4294967295) at /build/Vpp2310/source/src/vnet/fib/fib_attached_export.c:264
#13 0x00007ff218098ade in fib_entry_post_flag_update_actions (fib_entry=0x7ff0eceac3e0, old_flags=FIB_ENTRY_FLAG_NONE, new_fib_index=4294967295) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:624
#14 0x00007ff218098b90 in fib_entry_post_install_actions (fib_entry=0x7ff0eceac3e0, source=FIB_SOURCE_API, old_flags=FIB_ENTRY_FLAG_NONE) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:674
#15 0x00007ff218098cce in fib_entry_create (fib_index=1, prefix=0x7ff0d3244d80, source=FIB_SOURCE_API, flags=FIB_ENTRY_FLAG_NONE, paths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_entry.c:712
#16 0x00007ff218088db4 in fib_table_entry_update (fib_index=1, prefix=0x7ff0d3244d80, source=FIB_SOURCE_API, flags=FIB_ENTRY_FLAG_NONE, paths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_table.c:799
#17 0x00007ff2180c026c in fib_api_route_add_del (is_add=1 '\001', is_multipath=0 '\000', fib_index=1, prefix=0x7ff0d3244d80, src=FIB_SOURCE_API, entry_flags=FIB_ENTRY_FLAG_NONE, rpaths=0x7ff0eac15ab8) at /build/Vpp2310/source/src/vnet/fib/fib_api.c:485
#18 0x00007ff217d4b6dd in ip_route_add_del_t_handler (mp=0x7ff0eb08b998, stats_index=0x7ff0d3244dc8) at /build/Vpp2310/source/src/vnet/ip/ip_api.c:718
#19 0x00007ff217d4b986 in vl_api_ip_route_add_del_t_handler (mp=0x7ff0eb08b998) at /build/Vpp2310/source/src/vnet/ip/ip_api.c:789
```
Type: fix
Fixes: 4b08632748727486e7ebfdcf4d992743595bc500
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I647899533771c35f44c9ecde517a30f111b36ad9
|
|
- Remove code from test report that is effectively
untested and categorize based on reason for lack
of testing.
Type: test
Change-Id: I6ca5444055b3a81a4880945b6845afc867556277
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: fix
This patch fixes the missing UDP port check in IPsec NAT-T
case. As of RFC3948 UDP encapped ESP traffic should have
destination port ID of 4500, which was missing.
The related tests are updated with this port ID, too.
Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
|
|
Type: fix
fib_api_path_decode() is utilized by the IP route API call
to translate the path from the API to the fib_route_path_t
structure. The ip_route_add_del_handler_t function initializes
the fib_route_path_t structure to zeros, consequently setting
the sw_if_index value to 0, which is a valid value in VPP.
Typically, the default VRF (Virtual Routing and Forwarding)
has a local interface at index 0, leading to normal functionality.
However, a custom VRF table without any interface will result
in a crash.
The issue arises because the DROP route in fib_api_path_decode()
does not override the sw_if_index value with the one provided
in vl_api_fib_path_t. Subsequently, when this sw_if_index is
attempted to be resolved in the VRF table where the interface
does not exist, it leads to a crash.
This patch addresses the problem by setting the sw_if_index of
fib_route_path_t to the sw_if_index value of the API path.
To reproduce the issue, please remove the fix and run the following command:
make test-debug TEST=test_ip4.TestIPv4RouteLookup.test_exact_match
Change-Id: I5d72e91e5c701e749a92873941bee7b7b5eabd41
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: make
Change-Id: Iae7998692890264dfeea98c165617d0efa024d42
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
When the NIC does not support mac filter, we rely on ethernet-input
node to do the destination mac check, ie, when the interface is in L3,
the mac address for the packet must be the mac address of the
interface where the packet arrives. This works fine in ethernet-input
node when all packets in the frame might have different interfaces, ie,
ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is not set in the frame. However,
when all packets are having the same interface,
ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is set, ethernet-input node goes
through the optimized routine eth_input_single_int -> eth_input_process_frame.
That is where dmac check has a bug when all packets in the frame are
either, ip4, ip6, or mpls without vlan tags. Because without vlan tags,
the code handles all packets in fast path and ignores dmac check.
With vlan tags, the code goes to slow path where dmac check is handled
properly.
The fix is to check if we have a bad dmac in the fast path and force the
code to go to slow path which will handle dmac check properly.
Also do a wholesale correction on all the testcases which do not use
the proper dmac when sending L3 packets.
Type: fix
Change-Id: I73153a805cecdc24c4eefcc781676de04737ae2c
Signed-off-by: Steven Luong <sluong@cisco.com>
|
|
This reverts commit 71c32a898941e32b5d4f865b50fbe775560c582d.
Type: fix
Reason for revert: vnet pinning is not considered in this patch.
This causes keywords 'workers' and 'skip-cores' to be broken,
as well as keyword 'main-core auto' introduced in this patch.
If this patch is ever reconsidered, it must account for vnet
pinning fix in commit https://gerrit.fd.io/r/c/vpp/+/40711.
Change-Id: I1f3154a6c7e830b100f824375aa00e95b192f7f3
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
Type: improvement
Change-Id: I955fbef0e0238cb69307e96cd1c677061737e5f3
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
Type: fix
Change-Id: I4105109c1c659190fc2da4ee1802ef53449a3c15
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Type: refactor
Change-Id: I4abbc77a447358f4beaa05505299cae732a3f374
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
After adding a path to the default route, the prefix still be there
in the table as it is a mandatory prefix. However, the registry hence
fail to remove the route from VPP.
Type: fix
Change-Id: Ic4ad72455ac7a1a2f1d8baba59a7a3afe1610726
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Type: test
Change-Id: Ibceabc411f09d80cc23be6f2e7c8abd56d4c4ac2
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
In case of multiple path within tunnel, mpls lookup node
computes lb hash with mpls_compute_flow_hash config value 0,
so only mpls label and l4 ports gets accounted, not 5-tuple.
This leads to flow traffic polarization and disbalance over
mpls paths.
Use mpls hash config from lb instead, usually it'll be
MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel.
As optimization, fix flow hash reuse from the previous lookup
node if present, like ip_lookup does. Previously mpls lookup
always calcs the hash.
Test lb distribution for both cases.
Also, use the same flow hash hex format in ip4/ip6 and mpls
traces for easier reading, most code changes is due fixstyle
formatting.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
|
|
On unnumbered interfaces, ARP fails because there is no attached route.
Allow replies to peer-to-peer addresses on unnumbered interfaces:
eg. 192.0.2.1/32 <-> 192.0.2.2/32
Type: fix
Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e
Signed-off-by: Pim van Pelt <pim@ipng.nl>
|
|
Type: test
Change-Id: I01500466f3d15c79e38028677ce7e5c75d427fdc
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
In run_in_venv_with_cleanup.sh, sed was changed to gsed to allow the
script to run properly on FreeBSD because the sed script uses an
expression that is specific to the gnu sed. Gnu sed is available to
be invoked as gsed on FreeBSD systems, but there is no executable or
symlink which allows sed to be run by the name gsed on ubuntu 22.04.
Check for the existence of gsed. If it's found, use it. Otherwise, just
use sed.
Type: fix
Fixes: b3c863eae4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I487197e486f500711aa3e87ec7ba899a53606b40
|
|
Type: improvement
Change-Id: Ie79fd8a5bcfd72a97bf460ef6437913ac34f439c
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Change-Id: I646f96517d3bda5c0f5644e6bb89ade7818fc466
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to
compute flow hash for udp src port entropy. In case of inner mpls tunnels
to the same lsr ethernet src and dst macs are the same, so l2 flow hash
is also the same leading to no src port entropy and the only rss queue
overflow on receiver side.
Fix it for all the possible vnet_l2_compute_flow_hash callers by making
mpls playload hash in additon to ip4/ip6. Visible performance impact is
not expected as it's only one check for mpls ethertype for common cases.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
|
|
Type: feature
Auto core pinning now fetches vpp cpu affinity list
using pthread api. This enables us to do core-pinning in
environments where the host cpu list does not necessarily align
with cpus available to vpp
Change-Id: Ife8c2a2351c08c5c6c4fdf7c729eeff2697bc39a
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
Type: improvement
Change-Id: I960edc05a9a77eb55f67cb1ec01d2b3122298ef8
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
FreeBSD doesn't have an easy mechanism to discover CPU features
currently. For tests declare we don't support anything we are asked
about.
Add the FreeBSD spelling of amd64 while we are here.
Type: improvement
Change-Id: I3eb5db856ee5cbc71250e47eee619e2f620de33a
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
Type: fix
Change-Id: I957877d7a82dea437c072e493561894f11321aaf
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
For portability we use errno defines rather than explicit int values
when checking for errors.
Type: improvement
Change-Id: Ib5fc1db357da150d008d5a11bef5dbc7ec354cfb
Signed-off-by: Tom Jones <thj@freebsd.org>
|
|
The offload should be handled by gso node or by the NIC
if the latter has the relevant capabilities. But ip midchain
is missing the support for buffer offload metadata in case
of GSO packet.
This patch adds the relevant support to add the buffer metadata
if the packet is GSO/IPIP to be handled accordingly.
Type: improvement
Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
|
|
introduce ability to connect over unix socket instead of shared memory
Type: improvement
Change-Id: Id9042c74e33ad4e418896c4d7ae48bb9106195c9
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
Using unittest skip instead of print unclutters display by not printing
skip messages when not applicable, e.g. when somebody runs tests which
are unrelated to netns tests, e.g. with FILTER=vapi.
Type: fix
Fixes: e416893a59
Change-Id: Ie09e213249aa47da7e4ff484c3d072fbce3c2001
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
|
|
IPFIX buffers are stored on a per worker thread basis. Currently, the
flush callbacks will flush only buffers stored for the main thread. And
buffers for worker threads will not be sent until their size reach the
path MTU configured for the exporter. So if traffic is constant, the
problem will unlikely to be visible. Buffers will be sent once they
reach the maximum size. However, if traffic stops at some point and
flush is triggered in order to make the plugin send all currently
buffered data, this will not happen. And collectors will not receive
that data. The plugin will keep the remaining data until traffic starts
again, the buffers reach the maximum size, and be sent.
With this fix, flush buffers for worker threads and for the main thread
when the flush callbacks are triggered.
This will allow to remove @tag_fixme_vpp_workers from the unit tests
that don't set timers. The tests that set timers will still be failing
for other multi-worker related problems.
Type: fix
Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1)
- add locally generated flag in ICMPv4 buffers (reflect ICMPv6)
Type: fix
Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
BPF filter w/o optimization can take x2 - x3 more instructions,
causing significant slow down in fast path.
Enable pcap optimization by default via cli and introduce api v2
with pcap optimization control, keep v1 for a while as it exists
in previous release already.
Intriduce bpf filter cli dump, similar to tcpdump -d.
Also fix memleak, function name typo, cli pcap format hint and
add related tests.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
|
|
Fix crash while adding intf-rx ip4 and ip6 routes via api due
invalid exporting of interface rx routes as attached.
Also, add missed route path via rx-ip6 cli support.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
|
|
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
|
|
Split virtual interface tests in VPP into smaller and modular
tests for testing various interface types and features.
Type: test
Change-Id: Ic38af88379f75eee3090679d411edbdc8fd5d2e5
Signed-off-by: Naveen Joy <najoy@cisco.com>
|
Steven Luong
Dave Wallace
Adrian Villin
Benoît Ganne
Stanislav Zaikin
Matus Fabian
Klement Sekera
Dmitry Valter
Andrew Yourtchenko
Fan Zhang
Mohsin Kazmi
Hadi Rayan Al-Sandid
Maxime Peim
Vladislav Grishenko
Pim van Pelt
Matthew Smith
Tom Jones
Arthur de Kerhor
Alexander Chernavin
Naveen Joy