Improves compilation time and reduces object file size for 1MB
Type: improvement
Change-Id: Ibe4840c0ced22070248d93822ea61afe20aff65c
Signed-off-by: Damjan Marion <damarion@cisco.com>
- use user instance number in interface name
Restore the behavior of previous versions where the IPsec tunnel
interface name contained the value of the user-provided instance number.
For example, a command similar to
create ipsec tunnel local-ip . . . instance 5
would result in the creation of interface "ipsec5".
- ipsec: delete tunnel protection when asked
The "ipsec tunnel protect" command will parse a "del" argument but does
not undo the tunnel protection, leaving the SAs hanging around with
reference counts that were incremented by a previous invocation of the
command. Allow the tunnel protection to be deleted and also update the
help text to indicate that deletion is an option.
- test: ipsec: add test for ipsec interface instance
Also cleanup (unconfig) after TestIpsecItf4 NULL algo test.
Type: fix
Fixes: dd4ccf2623b5 ("ipsec: Dedicated IPSec interface type")
Signed-off-by: Eric Kinzie <ekinzie@labn.net>
Signed-off-by: Christian Hopps <chopps@labn.net>
Change-Id: Idb59ceafa0633040344473c9942b6536e3d941ce
Level 9 is deprecated in new ubuntu release.
Type: improvement
Change-Id: I9376b5f7a1aa0860e35475c5d32f3626257d2f01
Signed-off-by: Damjan Marion <damarion@cisco.com>
Without this, if a multiarch source depends on a generated api header
for instance, the build would be racy between the api header generation
and the multiarch object compilation.
Type: improvement
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I08fcd0e5a1c51398ac1a8f37cf6562064b400d4a
Type: fix
Due to confusion between ethernet flags and hw interface flags, DMAC
filtering was not happening, most of the time.
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: I95209e1ea0f95f9be0b1a82ec9fcbc80955428d2
Only allow one state instead of using flags.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I08ffccbf8c3f6e2f61533996bb36c799cbc931e7
Type: fix
This patch re-enables libIPSec_MB build for the ipsecmb crypto engine
plugin.
Also since DPDK meson build relies on system installed libIPSec_MB.so
that may be inconsistent with VPP compiled one (system installed
version vs VPP locally compiled version for example), this patch also
disables all libIPSec_MB dependant PMDs from DPDK build.
Also ipsec-mb version is incresed to 0.54.
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I2ff9e7cd0c35cff9fa642895301a26a5350ea94e
Type: improvement
do not add a per-MPLS tunnel tx node. per-tunnl nodes limit the number
of tunnels that can be created to the number o fnodes that can be
created (64k).
improve the tx node.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I6016f05e809c6c64a0b098a101b28c9dd47824b3
After get_icmp_o2i_ed_key() bihash key may include
IP protocol and addresses from inner ICMP packet.
It is OK for session lookup, but we should not create
a session on ICMP error message receiving.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ic93272ebe90d2288a975265439f9e079eb28936a
State set to STATE_UPDATED to ensure the session is not assumed to be open and to also allow the app to close it prior to vpp's connected reply!
Type: fix
Signed-off-by: fanyf <fanyufei521@outlook.com>
Change-Id: I7a6d0914599cb9296d112205dac725ecd11a5d0f
This adds a new data model for counters.
Specifying the errors severity and unit.
A later patch will update vpp_get_stats to take advantage of this.
Only the map plugin is updates as an example.
New .api language:
A new "counters" keyword to define counter sets.
counters map {
none {
severity info;
type counter64;
units "packets";
description "valid MAP packets";
};
bad_protocol {
severity error;
type counter64;
units "packets";
description "bad protocol";
};
};
Each counter has 4 keywords. severity, which is one of error, info or warn.
A type, which is one of counter64 or gauge64.
units, which is a text field using units from YANG.
paths {
"/err/ip4-map" "map";
"/err/ip6-map" "map";
"/err/ip4-t-map" "map";
"/err/ip6-t-map" "map";
};
A new paths keyword that maps the counter-set to a path in the stats segment KV store.
Updated VPP CLI to include severity so user can see error counter severity.
DBGvpp# show errors
Count Node Reason Severity
13 ethernet-input no error error
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib2177543f49d4c3aef4d7fa72476cff2068f7771
Signed-off-by: Ole Troan <ot@cisco.com>
When looking for existing SA connection to clean up search all per
thread data, not only current one.
Type: fix
Change-Id: I59312e08a07ca1f474b6389999e59320c5128e7d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Type: fix
After clearing the l2fib with 'vppctl clear l2fib', a SEGV occurs the
next time a MAC address is learned.
In l2fib_clear_table(), the l2fib bihash is freed and then
l2fib_table_init() is called to reinitialize it. l2fib_table_init()
will not do anything if l2fib_main.mac_table_initialized is set to 1.
Reset the value of l2fib_main.mac_table_initialized to 0 before
calling l2fib_table_init().
Change-Id: I87f1a3f9a46c951f36c1c0a5ab795b0ec08c81a8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
clang-11 complains:
error: field 'buffer_template' with variable sized type 'vlib_buffer_t' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
Type: improvement
Change-Id: I2cb6b4fde723a05b42cf33dd8130df074f0362ab
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: fix
reference counting on the ip6 state was broken, meaning that disabling
one of serveral ip6 configs on an interface, completely ip6 disabled the
interface.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie3af51587310ffe871ad2a9cbd927e15a3ececa9
Experimental reduction of tcp timer resolution from 100ms that
allows for finer grained timers, if needed. Please report
issues if any encountered.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4050f7691aa7365b77298b4427408a4a447834fa
Bihash key already contains rx_fib_index for lookup
but fib value for session itself is set to 0.
In the result bihash is allocated with key with fib index
set, but free function is looking for key with fib index set
to zero. It leads to use-after-free because session itself is
removed from pool but bihash is not because of key mismatch.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I8ac5a41b0a5a32b1baab9e9d757141d5b24b7798
1. Typo in usage of vnet_hw_interface_add_del_mac_address(),
which returns 0 when it succeeds instead non zero value.
2. Generated error doesn't clean allocated resources for
an interface.
3. Returned value from vnet_hw_interface_add_del_mac_address()
should be erased or reported.
Type: fix
Fixes: 149fd3fbd069a5f7be86e68472578ee7af229cb6
Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
Change-Id: Ia6b28ae70fea127d15eb0102223ff972358766bc
Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
Until the feature is configured. It would make sense to push more of
the feature init code into the newly-added wg_feature_init()
function. This patch fixes a severe hemorrhoid.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I87095575363baa41407dd52492159a7b8c2899e7
Turns out that clang is a bit too enthusiastic about mapping static
variables to registers, which makes it hard to extract (especially)
the faulting VA from an optimized core file.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I836e5d9695aeb4c5ee4a27f9565acf08ee4eaac0
