Attempting to create an af_xdp interface with zerocopy where the
underlying driver didn't support it would lead to a crash due to
queue creation silently failing.
Type: fix
Signed-off-by: Joshua Roys <roysjosh@gmail.com>
Change-Id: Ifd9070b8c2b3023d71120c5cf20f7e89d04e4cb3
- do not initialize resources if ikev2 is not used.
- process IKE packets only if we have profile(s) configured
Type: improvement
Change-Id: I57c95a888532eafd70989096c0555ebb1d7bef25
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
This patch fixes the chacha20-poly1305 support check in ipsecmb
engine build.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: I74b52a27f78a0f6a65c867dbd44a44a8f4a2ed60
IDr is optional in IKE AUTH from the initiator. In that case, the
responder is free to use any matching profile and fills the
corresponding IDr in the response.
The initiator is then free to accept or reject it.
Type: improvement
Change-Id: I07a1c64a40ed22bd41767c259406238bbbab5cf4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The IDi is not mentioned in the RFC for the responder AUTH message, and
it confuses some IKE implementations.
Type: fix
Change-Id: I2bcefa1efd315412a6f5fa592668d4e0da510264
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Enable Topdown Level 1 support on Snowridge,
enabled with standard CPU events on small core.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I58ad09383de7464265ac1b69e683f253591e3b5e
Add a check bundle is supported before futher activation.
Enable different bundles with same name, supported on different platforms.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I73e8bbd1e07c05ebccd9146d48a234eb598a2388
we can receive events from peer about its state:
-WIREGUARD_PEER_STATUS_DEAD
-WIREGUARD_PEER_ESTABLISHED
Type: improvement
Change-Id: Ide83fbe2cfafa79ded5bcf3f6a884c26a7583db0
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Allow perfmon bundles to support more than one bundle type, either node
or thread. Only used for topdown bundle for the moment.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Iba3653a4deb39b0a8ee8ad448a7e8f954283ccd8
Backward compatibility fix returns erroneous behavior that lets user
add internally unused inside interface for the purpose
of complying with the old add/dump/details API behavior.
Change introduced in https://gerrit.fd.io/r/c/vpp/+/32951 removed
extra inside interface that wasn't required or any how used by the
output feature. This patch also changed outside interface flags to
inside & outside. This fix returns the old behavior by imitating
the old behavior through dummy registratoin data.
Added new API calls nat44_ed_add_del_output_interface
and nat44_ed_output_interface_get/details as a
replacement of old API's. New API introduces
simplified and cleaner way of configuring outside
feature without requirement of config flags.
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I7a170f7325727c04da5e2e3ffbe3f02179531284
The 0.55 version of libipsec_mb does not support the chacha functions
used in the plugin.
The missing symobls are:
ipsecmb_ops_chacha_poly
ipsecmb_ops_chacha_poly_chained
IMB_CIPHER_DIRECTION
Check for ipsecmb_ops_chacha_poly() and conditionalise the chacha code
in the plugin on this.
ipsec_mb 0.55 is the version currently found in Debian Stable (bullseye)
Type: make
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I88c962ac4f99a58b5cd61fb9b75f692e27d4ec30
now we can reuse udp-port for many wireguard interfaces
Type: improvement
Change-Id: I14b5a9dbe917d83300ccb4d6907743d88355e5c5
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
_pool_init_fixed uses mmap to initialize a fixed-size and preallocated
pool, whose size is the sum of vector_size and free_index_size with
alignment to the CLIB_CACHE_LINE_BYTES and page size. In this way
vector_size equals to pool_header_t + vec_header_t + elt_size * max_elts
so moving to the end of the pool space should be pool_header_t pointer +
vector_size, instead of vec_header_t pointer + vector_size.
Simple code to reproduce this error:
u64 *pool;
pool_init_fixed(pool, 2042);
Improve unit test to cover this case
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If088ef89b3dcb2d874ee837ae9da60983b14615c
Signed-off-by: Dave Barach <dave@barachs.net>
Topdown events are peusdo events exposed by linux,
and are only present on Intel platforms.
Change to clarifies this.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I6a3dcea5f43f53dbb96475329baf5e596a24d54f
proxy main lock not released in certain cases and resulting in deadlock.
Type: fix
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: Ib869f459b447189bb921c05fd260f3691c2ac787
Type: improvement
Linux uses pseudo header checksum when checksum of l4 is offloaded.
This patch adds similar support in virtual interfaces.
Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
now we should add routes manually
Type: improvement
Change-Id: I877511a18854efdfad02939267d38a216b2ccec3
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Type: improvement
Currently, NAT44-ED users sessions details are returned for both active
and timed out NAT sessions. It may confuse users that expect to see only
active sessions in the response and make them think that timeouts for
NAT sessions do not work.
With this change, introduce an indicator of timing out for NAT sessions
returned in NAT44-ED user session details.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4d689f77cec4b0b0cc8484019e13733cc8bdc0d
Type: improvement
* add support for JSON format in API trace
* add ability to replay JSON API trace in both VPP and VAT2
* use CRC for backward compatibility check during JSON API replay
* fix API trace CLI (and remove duplicits)
* remove custom dump
* remove vppapitrace.py
* update docs accordingly
Change-Id: I5294f68bebe6cbe738630f457f3a87720e06486b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
This is the last in the series of moving API messages from vpp/api/vpe.api to vlibmemory/memclnt.api.
This patch makes the remaining vpe.api messages dynamic, to help VAT2 binary-api command.
Moves the VAT test code to a separate file and removes the now unnused API meta files.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I01dd78eaff1d3715dff17d2643bf0f7f0089935b
Signed-off-by: Ole Troan <ot@cisco.com>
Improving session filtering capabilities of
show nat44 sessions CLI command for EI and ED NAT
plugins. Adding filtering options: saddr, sport,
daddr, dport, proto for both i2o and o2i flows.
Type: improvement
Change-Id: I70bc94a2e922cddf9451eb7dcbf4a7be21ebf0df
Signed-off-by: Filip Varga <fivarga@cisco.com>
Exported entries are tracked only when the prefix found in the export
FIB is really attached, exporter tracker is not set if the export
entry is not valid for export, ex. for special FIB entries - default
route, zeronet, mcast and broadcast prefixes.
When imported entries need to be purged, such unset exporter tracker is
being removed by non-initialized index with absent delegate entries,
causing corresponding assert and crash.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib24a2e7853a03a960577872480213e1e8097da5a
Move control ping and change dependencies from vpe.api_types to
memclnt.api_types
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9f8bc442e28738c48d64d1f6794082c8c4f5725b
The removed code caused the feature to be wrongly removed on the wg
interface.
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I998e01ec231527128eaeae78bcc7576ac00e5b12
lookup node uses this field later to set fib_index for buffer
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I993cf80296e1713b4f13fc6ccdf49ebeaf295467
This code seems really usefull for reuse in
other plugins, for pretty table formatting
Type: feature
Change-Id: Ib5784a0dfc81b7d5a5d1f5ccdd02072e460a50fb
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
When memif CP processes the socket connection error, it may go through
the following code paths which may eventually cause double pool_put on a
clib_file
memif_master_conn_fd_error:633 -> memif_disconnect ->
memif_socket_close -> memif_file_del_by_index ->
clib_file_del_by_index -> clib_file_del -> pool_put
After memif_master_conn_fd_error:633, the code continues on
memif_maser_conn_fd_error:651 -> memif_file_del -> clib_file_del ->
pool_put
The fix is to skip calling memif_file_del in
memif_master_conn_fd_error:651 if uf->file_descriptor == ~0 to catch
problem from all possible paths in memif_master_conn_fd_error
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0960998db1ff358a8ddd4a5e22188a244eccd270
