This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
Make sure half-open sessions are marked as transport closed once
connected notification is provided. This ensures that if they've been
scheduled for tx, the event is ignored.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
(cherry picked from commit fb49e07816)
TCP nodes consume the buffers so they have no nexts. To avoid long drop
path through vlib graph, add drop node.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL should be treated as a
config option that is not frequently changed. Or alternatively, it
should be set together with SVM_FIFO_WANT_DEQ_NOTIF to elicit a one time
tx notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie4132c7789ee87227a875ff981eb98f9f4d898a9
(cherry picked from commit 470d72f54a)
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit d52f80f422)
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
(cherry picked from commit af4fa965e9)
Epoll events might not have been cleared by user so always compute event
flags locally and assign to user provided epoll event.
Type: fix
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3b594a0fd7be345a0e0ad81d1d3636e9354cc15d
When dumping packets from multiple threads using the API, first all
packets from thread 0 are dumped then all ones from thread 1, etc
Until we reach the limit specified by the API call, so we could never
get packets trace from threads with higher ids.
However, the tracedump CLI dump a maximum number of packets from all
threads, which we can expect from the API to do.
We also add a trace_clear_cache API so the client gets an answer when
he only wants to clear its packet cache.
Type: improvement
Change-Id: I0d4df8f6210a298ac3f22cd651eb4d8f445e1034
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Peer fib index and nh fib index should be different when nh-table-id is
specified.
Type: fix
Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
There was already a basic type defined, but nothing more.
This implements callbacks similar to
ip4_enable_disable_interface_callback_t.
Type: feature
Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d
Signed-off-by: Adrian Pistol <vifino@posteo.net>
The order of the parameters when calling the ip_neighbor_probe_dst for
an aged neighbor is wrong and given that it runs on the master thread,
probes for IPv6 neighbors were never sent, leading to a certain neighbor
strike out and death and its removal from the neighbor cache.
Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360
Type: fix
Fixes: fd2417b2a4
Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
- Make error message more human readable.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Iefc276b3a85ff82b927028a72bb91ed87ebd04ba
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Rename extra_vpp_punt_config to a more generic name extra_vpp_config to
better fit its purpose. It's fit for general use and already used that
way by quic and vcl tests anyway.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ib0a5789b0dbb3a8c3cae654dea4e32ac5e56dd41
The built stat_segment_data_t is leaked if stat_segment_access_end()
returns false.
Type: fix
Signed-off-by: Duncan Eastoe <duncan@graphiant.com>
Change-Id: I70adabbe7947d3e8a798cdfb3eaa14c683dce9da
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
If openssl tls server handshake fails, track the fact that the context
does not have an app session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f493059a3610067b59caffbbe441ce9e0868252
On epoll ctl mod, set want deq flag before checking if unhandled events
are needed.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id1491837c7156a66c21e0e45af60b04b1c18601c
Reset deq notification flag even if session is no longer epolled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e9aed1849aa2817176f3a54ae41910df5e704a0
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
format_hexdump currently requires the length parameter to be uword
(64-bits) hence all callers must make sure to cast the length to uword.
Use u32 instead to benefit from C automatic integer promotion: any
length smaller or equal to u32 will be promoted to int fitting in u32).
Only callers using a length of u64 needs to downcast.
It also makes it similar to other variants.
Type: fix
Change-Id: I09b52fdde3970cec0be4150a29126ff63106c75b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Add the missing AArch64 support for printing program counter.
Type: improvement
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Idb63737ed72e10fa29fd61e1eab5af059e2b8e28
In some cases with Generic FLow, it is only required to show the pattern
of spec and mask, but no need to add the flow. Therefore, add an option
in packetforge so that users can show spec and mask only.
Type: improvement
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I7b3040689eb82d0b58924712ee6fc9cfa0a42fa1
Print fib-index, next node index and opaque.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
