If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.
Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
While comment properly says that only first 64 bytes can be read, actual
code was returning error instead being happy with 64 bytes received.
Change-Id: I09c0d1d5c9fc8e1f6c59c093d81bb1ce1924281b
Signed-off-by: Damjan Marion <damarion@cisco.com>
While the netlink field is named nl_pid, and typically
contains a process id, setting it to a pid value directly
prevents other modules from also using a netlink socket.
On the other hand, setting it to 0 allows multiple modules
to use a netlink socket by letting the kernel assign the
nl_pid a value.
This allows the verito tap code to interact nicely with
the router plugin's librtnl after, say, tap-inject has
been enabled.
Change-Id: I9771929f34d15497a5f7b8c5fd78dac28e31383b
Signed-off-by: Jon Loeliger <jdl@netgate.com>
- Add VCL cut thru uni-direction test over multiple sockets
- Add VCL cut thru bi-direction test over multiple sockets
- Add LDP cut thru uni-directional test over multiple sockets
- Add LDP cut thru bi-directional test over multiple sockets
- Add VCL thru host stack uni-direction test over multiple sockets
- Add VCL thru host stack bi-direction test over multiple sockets
- Add LDP thru host stack uni-directional test over multiple sockets
- Add LDP thru host stack bi-directional test over multiple sockets
- Fix validateResults to ensure worker_server process is killed if
it still exists after running the test.
Change-Id: I77ea9acef172667558dbcec23af1e4c72b29f376
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
The 'vpp-api/java' includes 'core' subdir which should be tracked.
This patch adds .gitignore for 'vpp-api/java'
to negate pattern that matches 'core' files/dirs,
introduced by https://gerrit.fd.io/r/#/c/9848/.
Change-Id: I4e10ca10a891a2d95d6b45e479ee8d2196749132
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Introduces JSON parser which builds object model of Java API.
Also rewrites JNI translation of typedefs
to use per type translation functions
instead of code inlining.
Not covered:
- integrate with vappigen plugin (VPP-1154) or vapi parser (VPP-1155)
- use better templating engine (VPP-480)
- improvements of generator structure (e.g. VPP-1186)
Change-Id: I9e12d76c2f3c6ee041669f58e8a37917f656aa90
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
It consists of two main parts. First, add an application transport type
whereby applications can offer transport to other applications. For
instance, a tls app can offer transport services to other applications.
And second, a tls transport app that leverages the mbedtls library for
tls protocol implementation.
Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838
Signed-off-by: Florin Coras <fcoras@cisco.com>
1. When interface create encouners an error (see test below),
the same id cannot be used again.
This is due to hash_set is called too early in the function. After the
hash entry is set, there are different errors may cause the interface
create to be aborted. But we didn't remove the hash entry when error is
encountered. The fix is to move the hash_set call near the end which has
no more "goto error"
DBGvpp# create tap id 1 rx-ring-size 1021 tx-ring-size 1021
create tap id 1 rx-ring-size 1021 tx-ring-size 1021
create tap: ring size must be power of 2
DBGvpp# create tap id 1 rx-ring-size 1024 tx-ring-size 1024
create tap id 1 rx-ring-size 1024 tx-ring-size 1024
create tap: interface already exists
DBGvpp#
2. multiple issues exist with api_format.c with the below command
binary-api tap_create_v2 id 4 hw-addr 90:e2:ba:76:cf:2f rx-ring-size 1024 tx-ring-size 1024
- hw_addr is not taken due to the test for random mac is inverted
- id is an integer, not a string
- integer values were not converted to network format
Change-Id: I5a669d702a80ad158517df46f0ab089e4d0d692e
Signed-off-by: Steven <sluong@cisco.com>
forwarding mode:
session initiaded from service host - translate
session initiaded from remote host - do not translate
Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32
Signed-off-by: Matus Fabian <matfabia@cisco.com>
This patch adds an API to delete a sub-connection following a SRC/DST IP
mapping as required by the RFC4960.
Change-Id: I7673dd07352557442ffeed6c6c00da274b24953d
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
For ERSPAN encap, both bits in the EN field of the header should
be set to indicate any VLAN tag in the original Ethernet frame is
preserved.
Added SPAN L2 test case where the mirrored packet output is a GRE
ERSPAN tunnel.
Change-Id: Ie7a40992a9278469c24aa6fa9e122b4505797d10
Signed-off-by: John Lo <loj@cisco.com>
This patch adds an API to add a sub-connection following a SRC/DST IP
mapping as required by the RFC4960.
At the same time, it changes the way the next available sub-connection
is being calculated: rather than having an index in the parent
connection which is prone to many issues at run-time, the next available
sub-connection is being calculated by looking at the state of the set
sub-connections and if marked as DOWN it means that is an available slot
to be used.
Change-Id: I662be6a247bfbbe8bf9aaf3f485183c07ef862fe
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Only run semodule command on hosts where selinux
is enabled.
Change-Id: I7bcfc758e44bb0f41ec657ad395352ddb92766eb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
The following command sequences cause the crash:
create tap id 0 rx-ring-size 1024 tx-ring-size 1024
create tap id 1 rx-ring-size 1024 tx-ring-size 1024
set interface state tap0 up
set interface state tap1 up
delete tap tap0
delete tap tap1
create tap id 0 rx-ring-size 1024 tx-ring-size 1024
0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46
(vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails
The reason for the crash is because when the tap interface is deleted,
the code does not remove the entry from the device queue. But the interface
is deleted anyway from vnet_main.interface_main.hw_interfaces.
When an interface is created again, it may encounter
the deleted entry in the device queue and crash. Notice create and delete a
single entry does not cause a crash. Need to create and delete 2 interfaces
to create a "hole" in the device queue.
Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f
Signed-off-by: Steven <sluong@cisco.com>
This patch address the requirement to handle a COOKIE chunk whilst in
SHUTDOWN phase. The COOKIE shouldn't just be dropped but an OPERATION
ERROR chunk shall be sent to the peer to inform about the current
situation.
Change-Id: I1a47652402d49cfee3b0c810304d7902f3a62f40
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
When heavy traffic is running using worker threads, it may crash here
DBGvpp# 0: /home/sluong/vpp3/vpp/build-data/../src/vlib/main.c:1128 (dispatch_pending_node) assertion `f->flags & VLIB_FRAME_PENDING' fails
Thread 1 "vpp_main" received signal SIGABRT, Aborted.
0x00007ffff5d50428 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
No crash was observed if only main thread was used.
Change-Id: I96f8b02ec23accc85c0f1ddecfeff6043b5e3c2b
Signed-off-by: Steven <sluong@cisco.com>
The VAT calls to MEMIF_SOCKET_FILENAME_ADD_DEL erroneously
cleared the message memory after the M() macro call and
thus lost their message id. Don't do that.
While in the neighborhood, prevent a string copy from
referencing data that doesn't belong to the filename string.
Change-Id: Ib4309608ed617ef4f193880ecf4a0b35fda65e51
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Fixed a typo in sctp_push_header(). It was inherited from tcp_output.c
Change-Id: I810fcb4c24cfd3d54f15da72a5184cfc4df24592
Signed-off-by: Steven <sluong@cisco.com>
- Reduce replicated code in test cases
- Configure separate namespace secrets for thru hoststack
test case to validate namespace secret functionality.
- Pass per-instance environment variables to Worker class
init function.
Change-Id: I3cd5d4538f105cbfb09671c4d761541b40714b8f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch addresses the requirements depicted in section 5.2.4 of the
RFC 4960. It also takes care of handling the ERROR chunk and obviously
the STALE COOKIE error.
Change-Id: I6b88a9371546b18a52abac22f7c593a5f16be838
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
As per RFC4960 the INIT chunk could be received in unexpected scenarios
and - depending on the state of the internal state-machine - the INIT
chunk requires different treatment.
This patch addresses section 5.2.1 and 5.2.2 of the RFC4960.
Change-Id: Ib23ef490c6a5ca3da6c46a9584b75e7577cb7042
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
vlib_buffer_get_current() should be used for current data offset in ACL.
This is required for output ACL where packets are decoded through a vxlan tunnel rx node.
Change-Id: I6f739f251c3eb0d59ee4ae0da97aa04ddf667468
Signed-off-by: Steve Shin <jonshin@cisco.com>
PEP8 has been deprecated and python users are being asked to migrate to
pycodestyle.
Change-Id: I52d5f7b2bf72156216a9966e8322ec58763f24d4
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
The expression to determine whether to delete a session
from the disposal list only evaluates true if some,
but not all, of the sessions in the list were freed.
When all sessions in the list are freed, it evaluates
false and the sessions are left in the list to be freed
again later, which can result in a session pool element
that was reallocated to a different SA being freed,
breaking crypto for the newer SA.
Add an 'else' that handles the case where all sessions
were freed.
Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
