For active-backup mode, we transmit on one and only one interface. However,
we might still receive traffic on the backup interface. We should drop them
and strictly process incoming traffic on only the active interface.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Idb6b798b30033e84044b151c616be3c157329731
(cherry picked from commit 6dfd3785e4d65418f4330a73bf837912c37b8ec2)
Type: fix
Several tunnels encapsulation use udp as outer header and udp src port
is set by inner header flow hash, such as gtpu, geneve, vxlan, vxlan-gbd
Since flow hash of inner header is already been calculated, keeping it
to vnet_buffere[b]->ip.flow_hash should save load-balance node work to
select ECMP uplinks.
Change-Id: I0e4e2b27178f4fcc5785e221d6d1f3e8747d0d59
Signed-off-by: Shawn Ji <xiaji@tethrnet.com>
(cherry picked from commit 623b4f85e6ee4611ae15bb3103fe30725ca977ed)
Type: fix
On multiworker setup when an app client dies, the
vec_reset_length call fails the assert in
clib_mem_is_heap_object. Same thing might happen for
the clib_warnings
Change-Id: I369f9d2dbe60407c84994a4e8d25f6df7848ca93
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
(cherry picked from commit 5ed3fe3dd4320a7b4080f18de32ef491b5a1c7f0)
Type: fix
Since Vxlan hw offload jumps the ethernet-input node, so needs to
adjust the data offset accordingly
In original code, the current_data is 0 when arriving vxlan-flow-input
node(due to no graph node before it, except the dpdk-input), so this
code block cannot find the correct vxlan header:
enum
{ payload_offset = sizeof (ip4_vxlan_header_t) };
vlib_buffer_advance (b0, payload_offset);
see code in src/vnet/vxlan/decap.c, function vxlan4_flow_input_node
This patch fixes this issue
Signed-off-by: Chenmin Sun <chenmin.sun@intel.com>
Change-Id: Iab4af7a7dc3b69a117a4c9ea1c59662669a6438c
(cherry picked from commit 1ec9fdbf29aedcdd4040feb635971c3f87a1cfdf)
Type: fix
Since the connection is closed, also mark the session as closed.
Change-Id: Ica3849c3ff12fa7a65ba64e563a60d6c94f5ceca
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 52be67435eb4615b899950b42b8ff72d258fbcb3)
Glibc 2.28 now provides fcntl64 which is used instead of fcntl
by defining fcntl as fcntl64 in fcntl.h
Type: fix
Change-Id: I87fedfbf3e0d241aafdc920e90f824d71353e0e6
Signed-off-by: Carl Smith <carl.smith@alliedtelesis.co.nz>
(cherry picked from commit e16707b5b2195fda47c1a3db7ba61f30055d2dbc)
We discard unwanted events until we get an ACCEPTED.
But if we are non-blocking we need to check the queue
length every time and EAGAIN if empty before waiting.
Type: fix
Signed-off-by: Carl Smith <carl.smith@alliedtelesis.co.nz>
Change-Id: Ie0c7e5cb00f0d37d2e1534f8bb384221ff56f2e3
(cherry picked from commit 592a909a302262cf4088a5468b8e427f577725e8)
opt_data is defined as a array, while in some code, e.g., function
vnet_crypto_get_op_type, it's used as vec.
vec api is not applicable to static arraies.
src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0)))
Type: fix
Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
(cherry picked from commit b15d796dbf1da6a229df4e10a3a2bdd700f0354e)
Type: feature
Also make sure that size for dlmalloc allocated private segments is
accurate.
Change-Id: I6ec81ff99a13dd29b9664d768835a68019f0c96c
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f8461bfb4822ca20f64df19dfbb3170e99f7e89d)
Type: fix
Use sid returned by vcl_session_connected_handler instead of trying to
infer it from vpp session handle.
Change-Id: Ic0fbb90ec2bd851b435fc3f2a34265ac9a8ab29f
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f1653e62fe41e3df429aadaaab22d0cc8aaa227a)
Type: feature
Along with the port information, we need to validate the IP address details as well.
This is very useful in the case port re-use scenario
Signed-off-by: Srikanth Akula <srakula@cisco.com>
Change-Id: I11e1ebcd3e56aae47ac235a89606a83c928aa6bb
(cherry picked from commit cf4c2102d9dc3ccc939cca1137b24a75341f1b0c)
To improve gcov/lcov code coverage stats, it's necessary to send
incorrect debug CLI commands; to force vpp into debug CLI error paths.
cli_return_response() sends commands and returns the response object,
so test vectors can handle failures.
Type: feature
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I4fab591c9d2e30c996f016e18e4fd69b9c5bed06
(cherry picked from commit 5932ce17e128c096fcc56eb04b27e780da3cf255)
IPsec writes trailing data at the end of the buffer without checking
if there is enough space. If the packet length equals buffer size this
leads to rewiting of the next buffer header in the pool.
Type: fix
Change-Id: Iceb27bb724c7243863a4b532aad0808051b7d74c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Type: refactor
Use pending tx buffer vector to postpone dispatching of all buffers,
i.e., either generated as a result of tx events or custom tx event.
Change-Id: Ic5894c4653c338cfb04555d20857f954b245ee83
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 8a754f1a55fb16a4d42efd5c606e5a07b4afffe9)
Type: fix
all other uses of the fib_entry_get_preifx in the code base don't pass
the prefix into recursive functions.
Change-Id: Ic1c56acd406a733b215ee2fd98b6bed58b490a4f
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 320dfcf2aa8f4617b51a2bb15f3d0f93ee62d4dc)
Set vm->check_frame_queues after actually enqueuing a frame. Under
obscure circumstances, the code managed to set check_frame_queues so
far in advance that 100 dispatch cycles could elapse before the frame
enqueue succeeded. That resulted in permanent lack of queue service.
Type: fix
Ticket: VPP-1734
Fixes: 18191
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If2d398202b4ba2b96581d25e8142daef3f74c9e5
(cherry picked from commit 320998a8126766c0db92d9c7652f765f9565a7b5)
When creating rdma interface without specifying a name, we need to
generate one instead of NULL.
Type: fix
Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit a50892e1504401e243076f08d9077675eb0b030e)
- Fix AAD initialization. With use-esn the aad data consists of the SPI
and the 64-bit sequence number in big-endian order. Fix the u32 swapped
code.
- Remove salt-reinitialization. The GCM code seems inspired by the GCM
RFCs recommendations on IKE keydata and how to produce a salt
value (create an extra 4 octets of keying material). This is not IKE
code though and the SA already holds the configured salt value which
this code is blowing away. Use the configured value instead.
Type: fix
Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0
Signed-off-by: Christian Hopps <chopps@labn.net>
(cherry picked from commit d58419f19b33560d224471bc16674a525427308e)
Type: fix
crypto perf test crashes for key size different than 16 bytes.
This patch fixes the issue
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
(cherry picked from commit bc2e640db7533394a3de7bdffd78fadf2a2ffd9f)
The 42693521f6046997133c8f63bcfc9d615d96f69d added the timeout
to the child process join + print the name of the offending
child process.
Upon testing the issue furher, appeared the offenders were
always the same - punt tests. The processes running them
were stuck trying to acquire lock, even if all
the user-accessible execution has finished. Some searching
revealed that one needs to tread carefully when dealing
with Thread and Multiprocessing at the same time.
punt tests used threads but did not call thread.join. Somehow
it worked in some cases but not the others. This fix makes
the threads exit cleanly - which also makes the timeouts
waiting for the process to join disappear.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I05d99bb48a9987544bbfe45118755c09d7867aa0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 3f8c87132d63c14f1ba90d7db6cf2a2aba0f8cb9)
Log the random seed used when running tests and provide means to re-use
it in a later run.
Type: feature
Change-Id: I18d2a36ee802b901d4cca5577df41cec07f09cc0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 45a95dd782b91e9ae5665b5f95be4b6d7f99b879)
In parallel test, the single process is spawning
a bunch of child processes running the tests,
and communicates to them. When the child process
signals that it has finished, the parent calls
child.join(). Sometimes this join never returns.
The result is a lot of defunct python processes,
and the test run just hangs.
I have seen this failure intermittently a fair bit
in a busy containerized environment, and by chance,
consistently reproduced it on a Thinkpad X280
with 8G of RAM and Ubuntu 19.04, which allowed
to diagnose it.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: If0a3110fc2d23e73d77c310d61c3ea90a2b53610
(cherry picked from commit 42693521f6046997133c8f63bcfc9d615d96f69d)
Make sure packet is big enough before processing it.
Policy matching is done speculatively but is discarded if packet is too
short.
Type: fix
Change-Id: I647db2c4e568b0d9bf2cfd5056e1b1c2e25132fe
Signed-off-by: Benoît Ganne <bganne@cisco.com>
(cherry picked from commit f7f49640bbb4339d71f8b713b04b8f401d5fc270)
- vlib_node_add_next_with_slot was not cleaning the old next node
references to the given slot when replacing it with new next node. This mostly
worked until one tried to set the slot to a previously (but not currently) used
next node for that slot.
Type: fix
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: I7ee607625da874e320158b80f12ddc16e377f8e9
(cherry picked from commit 2e8b0618b12d317f2a4632e69a0663dcd8dde472)
The number of paths on the mpls tunnel returned through the bapi is
always zero. Doing a ntohl on a uint32 and poking it into a uint8 causes the problem.
Type: fix
Signed-off-by: IJsbrand Wijnands <ice@cisco.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4135ad43a891e7818ca673c8067ef1f11cb34530
(cherry picked from commit bf103d99e651f3b221361f6d964ae84870fd7a6b)
Type: feature
Improves fairness for sessions that are snd space or pacer constrained.
Change-Id: Ida5f523090f1dcbfb17bf5116bc7917747ac8593
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit dd97a48d9fac91c7f16a31aa661dd6c968c3b760)
When CLIB_DEBUG is enabled, vlib_foreach_main macro asserts that
vlib_main it currently looks at is safely parked in barrier, by
checkling that vlib_main->parked_at_barrier is not 0.
Unfortunately, the check is racy - workers first increment the
atomic counter to indicate that they have reached the barrier
and _then_ set this_main->parked_at_barrier to 1. For the last
worker to suspend this opens the race - main thread is free
to execute and assert immediately after atomic counter has been
incremented, before worker gets to write to own parked_at_barrier.
Fix this by simply swapping the order of two operations.
Type: fix
Signed-off-by: Alexnader Kabaev <kan@FreeBSD.org>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iae47abd6ca0be1c5413f5ecaefabc64cd7eac2ed
(cherry picked from commit feda545105106d673fdca61028331c86eeb1f408)