Age | Commit message (Collapse) | Author | Files | Lines |
|
A malicious packet could advertise an extension header length bigger than
the actual packet length, which would cause an overflow.
Change-Id: I277123e6fde6937b0170f2b2e33846bd22848ac4
Signed-off-by: Yoann Desmouceaux <ydesmouc@cisco.com>
|
|
Change-Id: Ifa9bcd9a9c5dbda00ff8096909ccbc822445b8cb
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Also enable silent rules where missing
Change-Id: Ia521886815c862b013f01df4cc18fd8a298aaaa1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I3346b18126d65b72726e977dfb11ba4c380056c0
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Make src port configurable in flow report sample code
Change-Id: Ic7d3c3de17b83821106a827fb65e79381044da7e
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
The init of VIC/ENIC ports enable VLAN stripping of received packets by
default, which is different to all other devices. The VLAN stripping of
ENIC ports can be disabled by adding the per device DPDK config as
"vlan-strip-offload off" such as:
dpdk {... dev 0000:0c:00.0 {vlan-strip-offload off} ...}
The per device config "vlan-strip-offload on" can be used for enabling VLAN
stripping for other devices which support this function but is disabled
by default.
Change-Id: I9c81904a87c26868a07900b03677aeeb57f72372
Signed-off-by: John Lo <loj@cisco.com>
|
|
Reset IPFIX streams if reconfiguring IP addresses or collector port
Change-Id: Idc914f90462572342d4ed02b538bb2d30b317931
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Make Path MTU configurable
Make template resend interval configurable
Make collector port configurable
Change-Id: Ia557916137995ea565f0ede12e169efe81eb0a5d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: I85b3543a3f72a10e15c252e04ce2e4a390513ca9
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Indirect routes should always result in an indriect adjacency even when the route's next-hop is covered by a connceted, since the covering route may change and no tracking is in place.
Some de-duplication of code for installing indirect routes via the CLI and API.
Change-Id: I7a440ffba43ae3990b68cb407244c06bd0827534
Signed-off-by: Neale <nranns@cisco.com>
|
|
Change-Id: Iba8627062874eac63c584ec05343f4591f48c286
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
Change-Id: Ib8ef0559aa0573bf1229e9c794d48520197f9c8a
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I11207a0452cbccfb959ff426faefda4820463007
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: I3c3427c61e32d4727360aa802950bb9ab44afd84
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Also add an index of node names
Change-Id: Id65c2e607976d8bad73deb738035a471be077196
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Ie5e6751fd791e7ca728522632332abe442a1a75b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Iaf9735258f456574534c1a581b983326badea171
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
This patch introduces following changes:
- 4 predefined pg/stream[0-3] interfaces are removed
- Interface naming is changed form pg/streamX to pgX where X can be
any u32 value
- one pgX interface can handle multiple streams
- keyword "source pgX" is added to "packet-generator add" command, X is 0
by default
- new cli "packet-generator capture" is introduced
- new cli "create packet-generator interface pgX"
Change-Id: I768d075b9d4a34f0b5073debdc5dd4a0880c682c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Previously, netmap node switched from interrupt to polling if
worker threads are enabled even if there was no netmap interface
running. Netmap input node consumed CPU cycles because of input
node calls but these cycles were wasted as input node did not have
any packet to process.
This patch fixes issue stated above using more intelligent way of enabling
or disabling polling based on interfaces count. But the pre-requisite
condition for polling is, worker thread(s) should be enabled.
Change-Id: I3a901823c7b040cce3393958981f439b9f290fe5
Signed-off-by: Mohsin KAZMI <sykazmi@cisco.com>
|
|
Change-Id: I913c9807519aa10e515d12fcfbcbfc22b58f5839
Signed-off-by: Calvin <calvin.ference@gmail.com>
|
|
IPv4 static ARP entries should remain when interface is set admin-down
and be reapplied on interface admin-up.
Change-Id: Ic0051865154230c2561d6e6421b05d842f147ca7
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I6d224fe19f1e0dd7ad5659e0734bc96ba37337ff
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: Idc71a48f2eab3b712f6953af8baf1a6ecd54dcaf
Signed-off-by: Calvin <calvin.ference@gmail.com>
|
|
Change-Id: I3fe83a511064d73087c4526ef33cd7628f15b90f
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
- avoid code duplication by using only one function for
insertion/updating of remote mappings into map-cache. Static remote
mappings are now inserted using this function as well and therefore
the code does not try to build forwarding entries out of them now.
- bring up lisp dp interfaces when a vni is bound to a vrf.
- ensure eids are cleaned-up before parsing control plane messages
- ensure map-requests are always sent to default fib
- new API to insert lisp adjacencies as opposed to remote mappings which
should be replaced post merged in CSIT
- reorganize and group functions according to their purpose and use. No
need to pre-declare internal functions now.
- this does not touch locator-set logic
Change-Id: Ibcfc0f2d9c1bc1c9eab6e83c1af1b4cf9302ac10
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I735292bb2176742acab2295f90956c57e6f7ec1c
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
The output of the CLI command "show ip6 interface" shows only the first
link-local address and any globally-scoped addresses. It ignores all
other valid address scopes.
This patch reworks that routine to cover the three main address scopes
("link-local", "global" and "local") and anything else it finds is
grouped under "other").
Rationale for this final grouping is that these other addresses fall under
ranges currently either "reserved" or "multicast" in scope. Whilst it's
good to show if these are present, they are not normally found as link
addresses.
DBGvpp# sh ip6 int tap-0
tap-0 is admin down
Link-local address(es):
fe80::e857:7fff:fe77:c1a9/64
Local unicast address(es):
fd50:7389:246b:4321::2/64
Joined group address(es):
ff02::1
ff02::2
ff02::16
ff02::1:ff77:c1a9
ff02::1:ff00:2
...
Change-Id: I1d750b3b39c54aa4eb75632d53089640601bcba5
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
vlib_buffer_free_inline actually checks (b->flags & VLIB_BUFFER_RECYCLE)
in order to decide whether to free the packet or not.
Although the flag was correctly set in replication_prep, it is not removed
by replication_recycle during last iteration.
This patch just removes VLIB_BUFFER_RECYCLE when is_last is set.
Change-Id: I2445ebce908d94d95535e706b40407b4f15906e4
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
Change-Id: I678d7e0a7c91c7daf9feb3ec23a633b96fab56a7
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The spelling mistake where "suppress" is written as "surpress" was
sufficiently common and annoyed me enough to fix it.
For backwards compatibility, the CLI and API test tool both still accept
the erroneous spelling.
Change-Id: I82104ae9d8c2c9d6e3396ba0d72cb1dc133081d1
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: I9f1522f55bdd11602784a421fd850b839a1070e6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This will cause FIB counters to appear to be reset.
This is an implementation of a patch from Dave Barach.
Change-Id: I19b9953d42dfb92ec22af6a855e2e519ae7c3bdc
Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
|
|
Change-Id: I28616f1a89f2da95484438ec1a1db64845f15ef6
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change tunnel interface creation to be done from the main thread instead
of a worker thread by calling vl_api_rpc_call_main_thread.
Make per-thread copies of volatile elements in ikev2_main.
Change-Id: I4cda8aaa392a04c2aea2d50a52a07933cf40c016
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
This patch fixes a few minor things:
- Previously ip[46]_input was rejecting packets with an input TTL (hop
limit) of one; this was not correct behavior. Packets that are bound
for this device can validly have a TTL of one.
- ip[46]_forward was not generating an ICMP TTL expired message if the
act of decrementing the TTL caused it to become zero. This was not
previously an issue because ip[46]_input was filtering packets where
this could happen.
- udp_local was not generating ICMP Port Unreachable messages if
UDP packets arrived for a port that is not listened to. This is
typically the signal that "traceroute" uses to terminate its
search.
Together these fixes mean that traceroute probes transiting a VPP
node, or are targetted toward a VPP node, now work as expected.
Change-Id: I84bb940883f7a18435f29f4518fb0445b989a3e3
Signed-off-by: Chris Luke <chrisy@flirble.org>
|
|
Change-Id: Iab9f6793112f19a5b54a555623d84099aa8bb03e
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Size of interface descriptor rings have direct impact
on Last Level Cache utilization, and can significantly affect performance.
So generally having smaller ring size is good idea as long as
there is enough buffer in the ring to accomodate line rate.
Here we are reducing rings sizes to 1024 which is still bigger
than lab verified 512 buffers per ring.
Indirectly, this also affects memory footprint, as we can have
smaller buffer allocation, which is now 16384 (previously it was 32768)
This patch also fixes issue with i40e vector PMD which was leaking
buffers when previous default ring sizes were set.
Change-Id: I58fb40586304b2f0cb5de9a444055da3cd3acb53
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Added new API calls to read
- classify table ids as array
- classify table ids for specified interface
- classsify table info
and to dump sessions of specified classify table.
Change-Id: I089604fa98eea92866495089d76c2330ae7d850c
Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
|
|
Change-Id: I80f05a222cb0f728ad2460efe33955e781b6849f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Remove private / name-colliding "give me the first ip address on an
interface" routine from proxy_node.c
Return a proper error from ip4_lookup_init / ip6_lookup_init.
Change-Id: Idd3c574424ba2ea77c263af16b02cd4ad0cb4605
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
[VPP-155]: There is inconsistency in the netmap interface
state for software interface state and hardware interface
state. This patch resolves that issue.
Change-Id: I92199e117f919bd985670366a6d3b7753e40659c
Signed-off-by: Mohsin KAZMI <sykazmi@cisco.com>
|
|
Burst size for DPDK is 32, which is different from VLIB_FRAME_SIZE.
A loop is needed to dequeue all packets.
Change-Id: Ie611c58c4e3434251a47fe6ad1f38abcb85180cb
Signed-off-by: Zhihong Wang <zhihong.wang@intel.com>
|
|
Change-Id: Icbb6814306f51873af6ad9d1425b52d660bb99ce
Signed-off-by: Georgii Tkachuk <georgii.tkachuk@intel.com>
|
|
This patch adds multithreading support for netmap interfaces.
Change-Id: Iba94386fe309a4aac71646fe567f8dabbebd0459
Signed-off-by: Mohsin KAZMI <sykazmi@cisco.com>
|
|
Use appropriate libnames to copy
Change-Id: Iaa1e7e3ceed52f328e26e75ee7309fc6464d5c66
Signed-off-by: Shesha Sreenivasamurthy <shesha@cisco.com>
|
|
Example output:
DBGvpp# sh lisp eid
EID type locators
[100] 6.0.2.0/24 local(ls1) host-intervpp1
[200] 6.0.2.0/24 local(ls2) host-intervpp1
[100] 6.0.4.0/24 remote 6.0.3.2
[200] 6.0.99.0/24 local(ls3) local0
host-intervpp1
[0] 6.0.0.0/16 remote
Change-Id: I69200bf7636167bce931def88828503a75496f4b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
L2TP tunnels use virtual interfaces but directly send
packets to l2-input node (not ethernet-input).
This node requires a bridge-domain to be associated with
the interface.
Past code was immediatly turning the interface up, but
some packets could be sent to l2-input without bridge domain
between interface creation and association with a bridge domain.
The tunnel is now created as down and has to be set up later
(typically after being associated with a bridge-domain).
Another option would have been to change the api and enforce
a bridge-domain to be specified before the tunnel, but this
is less flexible for the user.
Change-Id: I26d1f36bb4f327d9fa1c8044023f2210c4117904
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
|
|
"show ip features" displays all available features, in execution
order.
"show ip interface features <intfc>" displays all features currently
configures on an interface, in execution order.
Change-Id: I489bbdb85799a01721ba60b12ffaffcab1e0d1df
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
The patch switches to using LISP interface counters for storing the
number of decapsulated packets instead of using per decap node stats. It
also removes the encap node (iface tx node) stats since the iface output
node already keeps track of the number of encapsulated packets.
Change-Id: I636702a824264c173792f2f0c7fec0b0f4c6a9f7
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
"show mpls fib" -> "mpls_fib_encap_dump" and "mpls_fib_decap_dump"
"show mpls tunnel" -> "mpls_eth_tunnel_dump [tunnel-index <tunnel-id>]" and
"mpls_gre_tunnel_dump [tunnel-index <tunnel-id>]"
Change-Id: I59699039392f06dc61f62a015d07186a91cfaf45
Signed-off-by: marek zavodsky <mazavods@gmail.com>
|