Using the cli "set interface tx-queue", it is not possible to assign
tx queue to the last worker thread.
The reason is that vdm->first_worker_thread_index is 1. Adding that
to clib_bitmap_last_set (bitmap) exceeds vdm->last_worker_thread_index
when the CLI specifies the last worker thread.
Also make the threads argument optional to enable user to unbind a queue
from any thread.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I796259c20f571289c8f5a97b9418caf452d0ab3d
Type: fix
For a TAP device the MTU is set via the ethernet_register for TUN we
need to do it explicitly (like we do for other tunnel types).
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie6a13c795acb35b53f8d99b05c70c3e73a7b428e
When removing a l3xc path we must release the corresponding dpo.
Type: fix
Change-Id: Ib6309797cb11374264c786e064f262ad13c6f0a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Failure due to the method vrrp_adv_packet scope and self reference.
Type: fix
Signed-off-by: rajaselvam <rajaselvam@gmail.com>
Change-Id: I4ec14ea37928142651eb08fcc5736bc9c24ab062
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
.. as it is going to be removed.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
Alignment size should be CLIB_CACHE_LINE_BYTES(64)
instead of CLIB_LOG2_CACHE_LINE_BYTES(6)
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If2d5ae324093be64454377866297f5e76ccddc93
When a buffer in the chain comes with a negative current_data offset,
the conversion to sgl will skip it because of resetting offset to 0.
Moreover, crypto_start_offset is relative to the 1st buffer data pointer
so we should not check it against subsequent buffers anyway.
Type: fix
Change-Id: Id177a90bfda242a5372c7e8836cf6668e98c780e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
local0 exists just to burn sw_if_index=0 so we catch common API errors.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
Thread assignment to tx queue has always been automatic and there
was no way to modify it. With this patch, it is now possible to use
the cli "set interface tx-queue" to change the thread assignment to
tx queue for vmxnet3 interface, thanks to the new tx infra.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1544e3557f70251d4bd423cc3d9f28ee1d44db4a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
When enqueuing chained buffer, we must update the descriptor length for
each fragment descriptor in addition to the last.
Type: fix
Change-Id: I9bc95fe557a049eeea4abd41c695153632d52a52
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When switching to the direct verb chain buffer tx path, we must account
for all remaining packets, including the packets that would wrapped
around.
Previously we were using the 'n' counter but ignoring the 'n_wrap'
counter: if some packets would have wrapped around in the default path,
it would be ignored by the chained buffer tx path.
Compute the correct number of remaining packets based on the old and
current txq tail instead.
Also simplify the chained tx function parameters.
Type: fix
Change-Id: If12b41a8f143fda80290342e2904792f7501c559
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The total_length_not_including_first_buffer field must be reset before
being updated otherwise it will quicly grows as stale values are reused.
Type: fix
Change-Id: Ic48c0822660998b0dfc0b5fdeadae6071b2d03f7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
Type: fix
two problems;
1 - just because anti-reply is not enabled doesn't mean the high sequence
number should not be used.
- fix, there needs to be some means to detect a wrapped packet, so we
use a window size of 2^30.
2 - The SA object was used as a scratch pad for the high-sequence
number used during decryption. That means that once the batch has been
processed the high-sequence number used is lost. This means it is not
possible to distinguish this case:
if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
{
...
if (post_decrypt)
{
if (hi_seq_used == sa->seq_hi)
/* the high sequence number used to succesfully decrypt this
* packet is the same as the last-sequnence number of the SA.
* that means this packet did not cause a wrap.
* this packet is thus out of window and should be dropped */
return 1;
else
/* The packet decrypted with a different high sequence number
* to the SA, that means it is the wrap packet and should be
* accepted */
return 0;
}
- fix: don't use the SA as a scratch pad, use the 'packet_data' - the
same place that is used as the scratch pad for the low sequence number.
other consequences:
- An SA doesn't have seq and last_seq, it has only seq; the sequence
numnber of the last packet tx'd or rx'd.
- there's 64bits of space available on the SA's first cache line. move
the AES CTR mode IV there.
- test the ESN/AR combinations to catch the bugs this fixes. This
doubles the amount of tests, but without AR on they only run for 2
seconds. In the AR tests, the time taken to wait for packets that won't
arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of
these tests from 10-15 to about 5 sceonds.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
According to RFC 793, the ACK control bit is always sent once
the connection is established.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
ipsec_spd_policy_counters are incremented only for matched inbound
PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have
SPD policy counters that should be incremented on match.
This fix increments the counters for inbound BYPASS and DISCARD actions.
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
In stress test case, memset may consume a lot of CPU because
vls_epoll_wait is called very frequently.
Type: improvement
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I9b4e1d6e1c4d7217cf0b2529d8efed792dea7b40
Type: improvement
the rationale being that the del only requires the SA's ID, so it's a
bit mean to require the client to fill out all the other information as
well.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
If an IPv6 Link Layer Address is missing from an interface,
treat it as a down interface. While this fails to send a
VRRP multicast group join, it also prevents a seg fault.
Type: fix
Fixes: 39e9428b90
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
Puts return statements back inside code blocks under the lock
Type: fix
Change-Id: I76d426f336200035026b92bcb0ffe2b472a3142d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Type: fix
Outbound packets which arrive on tun/L3 interfaces use a default
adjacency for the interface & address family from the corresponding
interface pair. However, there are entries in the linux-cp adj table
that are created for them. Managing these entries might cause a
segfault because the rewrite data might exceed the reserved space for
it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6).
With this change, stop creating adjacencies for tun/L3 interfaces in
the linux-cp adj table and delegating them.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
Applications like curl will poll the fd after a non-blocking
connect, so we need to avoid returning the wrong event.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I7ea146fc954fda631b3d88b46bb80adfbcdf137c
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
Type: improvement
Allow callbacks to be registered which will be called when an
interface pair is added or deleted.
Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.
Fix ICMP checksum computations.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
