Type: improvement
During synchronization, only the current actual set of entries is
loaded. If some entries are no longer present in the set being loaded
but present in VPP, they should be removed to fully syncronize.
With this change, add handlers for sync begin and end events. Begin
handlers will mark the entries as stale. End handlers will remove the
entries that are still marked as stale.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
An updated ipsec script was identical to the existing ipsec_tun_protect script.
Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the
default ipsec vnet script.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
Type: improvement
Currently, if an error happens on the netlink notification socket, the
socket gets reopened. A portion of notification messages have been lost
because of this and will never arrive on the socket. VPP will be out of
sync with the kernel networking state.
With this change, synchronize VPP state and the kernel networking state
if there was an error polling or reading the notification socket.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
Type: refactor
check for pool expansion in the DPO allocation, just in case.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
Type: improvement
For some message types, timestamps are checked on netlink message to
decide whether the message should be applied. For notification messages
timestamps are expected to be always available.
With this change, before accessing the timestamp, make sure the message
info object that carries it is not null. If it is null, pass the check.
This is to be ready to process dump replies that will not need the
timestamp check and will have the message info object set to null.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
Type: fix
Currently, a tap interface created to be a member of a linux-cp pair has
default link state (down) and default link speed (10Mb/s). Then the
plugin monitors the link state of the paired hardware interface and if
it changes, the new link state is reflected on the tap interface. And
when the new link state is "up", the link speed is also reflected on the
tap interface.
The problem is that this scheme implies that the hardware interface's
link state is "down" at the moment of the linux-cp pair creation and
then changes. But there are cases when the link state is already "up" at
that moment. If that is the case, the link speed on the tap interface
will remain the default one until the link comes down and then comes up.
With this fix, when a linux-cp pair is created, reflect current link
state of the hardware interface being paired on the created tap
interface.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
Some possible side effects for multicast routes appears to be in
lcp_router_table_add_or_lock. so ff00/8 route will be processed
for ospf purposes the right way
Ignore IPv6 kernel routes
Skip adding auto routes into FIB
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
Include the user_instance in wireguard interface details.
In addition to dumping all wireguard interface details,
also allow selective dumping of just one interface.
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iaf1093c6ae3eb00a685f34b2e0171285b02fae2b
When building a VPP library out of tree using add_vpp_library, the build
sometimes fails because the library API files are not necessarily
generated before compiling this library.
This is fixed by adding the lib API files as dependencies of the
lib compilation.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I69dffaecbfd547f10115504494a47358c4624258
- cli_inband is missing from vat2
Type: improvement
Change-Id: I1f22dee3ee29f3cf0f1f7c6076d5f2b2b2bf969d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- A call to vapi_msg_control_ping_hton() is generated in
a static inline function in vlib.api.vapi.h, which is
defined/generated in memclnt.api.vapi.h without
including memclnt.api.vapi.h in vlib.api.vapi.h.
This breaks the compilation of plugins which include
only vlib.api.vapi.h (e.g. hicn_plugin from the HICN
project).
Type: fix
Fixes: a1400cecb
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5574f4ed496183ea93265f493bf3624254a865a2
The app keeps on using the default app ns but each listen will be done
in the vrf configured.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0947e03188d55231b299916351115038e0b1f5da
This fixes an issue caused by session layer reading expected part of
data (cert + key) before the client actually sends it.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
Raise a new UnexpectedPacketErrror, when a packet is captured
unexpectedly. This pretty-prints a terse description of said packet.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ibac19fc5bbd82a150fec3c90940a37af6344fd4f
- HICN project's hicn_plugin requires vnet header files
fib/fib_entry_track.h and udp/udp_encap.h to be
included in build-root/install-vpp*-*/vpp/include/vnet
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iabd3f8fe0aee8d727758fc6ef202e859d68d63a3
Type: fix
Fixed coverity-issue CID 248517.
Originally possible passing null pointer to one function and directly
dereferences it.
This patch fixes the issue by add a new condition to check this
pointer.
Change-Id: If506abaf08c9f003860b641971af291f68613c18
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Type: fix
Fixes: 39e9428b90
When a VRRP advertisement is received by a worker thread, the worker
calls vl_api_rpc_call_main_thread() so the main thread will process the
packet and make adjustments to VR state if necessary.
The data being passed to the main thread included a pointer to the VRRP
header in the received packet buffer. Since the main thread processes
the RPC request asynchronously from the worker thread, it's possible for
the worker to drop the packet and for the buffer to be overwritten before
the main thread can process it.
Copy the fields which may be needed by the main thread into a struct
instead of passing a pointer to a packet buffer.
Change-Id: I4e899e967df5a54776b521825a80e9cce1a94f5f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.
Type: fix
Fixes: edca1325cf
Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
adj_get() crashed in worker thread. The index is valid but was freed.
0x00007fba5fb07921 in __GI_abort () at abort.c:79
0x00007fba528de7c3 in os_panic () at /development/libvpp/src/vpp/vnet/main.c:618
0x00007fba506f2a19 in debugger () at /development/libvpp/src/vppinfra/error.c:84
0x00007fba506f2797 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fba521cecd9 "%s:%d (%s) assertion `%s' fails") at /development/libvpp/src/vppinfra/error.c:143
0x00007fba51d88254 in adj_get (adj_index=79) at /development/libvpp/src/vnet/adj/adj.h:472
0x00007fba51d87642 in icmp6_neighbor_solicitation_or_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40, is_solicitation=0) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:134
0x00007fba51d8f479 in icmp6_neighbor_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:348
Type: fix
Signed-off-by: Rajith P R <rajith@rtbrick.com>
Change-Id: Ibe29854137ee9680f7947450eb7e256b8c0ade31
mpls fib DB size was 2^20 instead of intended 2^21.
Therefore large mpls labels caused DB to overflow and write
to other tables or some random objects. Or crash with ASAN.
Sometimes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
Add support for inline packet counter verification to send_and_* functions.
Diff dictionary is a dictionary of dictionaries of interesting stats:
diff_dictionary =
{
"err" : { '/error/counter1' : 4, },
sw_if_index1 : { '/stat/segment/counter1' : 5,
'/stat/segment/counter2' : 6,
},
sw_if_index2 : { '/stat/segment/counter1' : 7,
},
}
It describes a per sw-if-index diffset, where each key is stat segment
path and value is the expected change for that counter for sw-if-index.
Special case string "err" is used for error counters.
This then allows more precise packet counter verification by first
defining a "zero" dictionary, e.g. for ED NAT:
cls.no_diff = StatsDiff({
pg.sw_if_index: {
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
}
for pg in cls.pg_interfaces
})
and then to specify only changed counters directly when calling
one of send_and_* functions:
self.send_and_assert_no_replies(
self.pg0, pkts, msg="i2o pkts",
stats_diff=self.no_diff | {
"err": {
'/err/nat44-ed-in2out-slowpath/out of ports': len(pkts),
},
self.pg0.sw_if_index: {
'/nat44-ed/in2out/slowpath/drops': len(pkts),
},
}
)
operator | is overloaded by StatsDiff class to perform a deep merge operation,
so in above case, dictionaries for "err" and self.pg0.sw_if_index do not
overwrite whole sub-dictionaries, rather the contents are merged,
assuring that all the remaining counters are verified to be zero.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I2b87f7bd58a7d4b34ee72344e2f871b2f372e2d9
Some tests might want to keep vpp config in between test functions.
Add a flag to allow that.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I90243cd667dce922b43b381f3d52f4ac0f6bf3a7
TCP/UDP packets which are dropped are not counted towards TCP/UDP
counters. Apply same behaviour to ICMP packets.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I487fa7135ac8e49431a621fac213638d2dab31c8
Breakdown the distribution of uops delivered to the frontend.
Collerates directly with the source of the uops.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I93a57dbe56dfa0f378527844aa4e63f45a548e55
Type: improvement
remove the [un]lock logs, they are not useful.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
This is required after distinguishing between max_frame_size and MTU
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
Type: fix
Fixed coverity-issue CID 248517.
Originally possibly passing null pointer to one function and
directly dereferences it.
This patch fixes the problem by add a new condition.
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I02fc6fb5d1cfd6138ea4ba2b1946fd8a7ef34d3b
Type: test
there were multiple instances of send_and_expect_load_balancing
and a send_and_expect_one_itf which has the same functionality as send_and_expect_one.
Put one implementation of both in framework.py (where the other send_and_X functions reside).
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7f629d440220bee29368067f475059322e1134f7
Originally after remove the policy entry in spd, macro "vec_del1"
can change localization of the last entry in vector and finally the
entry list has not been sorted.
This patch fixes this issue by change executed macro "vec_delete"
instead of "vec_del1".
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
If the user supplies an instance number when creating a wireguard
interface, it should be used in the device name. If no user-instance
is given, the device instnce (tunnel number) is used.
For example:
vpp# wireguard create instance 17 listen-port 23023 src 1.2.3.4
private-key MDEwMjAzMDQwNTA2MDcwODA5MTAxMTEyMTMxNDE1MTY=
wg17
Type: fix
Fixes: edca1325cf
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ibf51868bf7b4b9e8a3f85557d05667207873bc91
