Return unsupported error if user calls one
of the configuration functions that can
run only after nat44-ed plugin is
enabled via appropriate api/cli
call.
Type: fix
Change-Id: I0d4ab0684ba5ae23fc2ecc668554a34537c2904a
Signed-off-by: Filip Varga <fivarga@cisco.com>
signs were changed here when calculating the offset:
d78ba5aa01ff1415bff0b06069ce21e0a78df89c
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I62b7a409caaf478e40efbdd6000922dcc7e92860
The vnet_crypto_key_add should only be called from the main thread.
This patch works around this limitation by allocating one key per worker
and updating it on the fly everytime we need to do a crypto operation.
This solution is far from ideal, but quicly has a strong assumption that
it can use a key immediately after determining it, so making the key
creation asynchronous is not a possibility.
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7
Type: fix
We need to set rmt address before sending connect, otherwise VPP
would connect to 0.0.0.0:0 and return invalid remote ip.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I85ae6931c2ba9f2f77c9ab19a2f801f50745449c
We only support one vls worker per process and therefore should not
share lock between processes.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I57bb536cf3bf04e8de031b07cb885f80b4fa03c9
Handle case where extra data is present in buffer which is not part of
IP/ICMP headers.
Type: fix
Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76
Change-Id: Icfef811470056d38c60fc45cc302139ed7594385
Signed-off-by: Klement Sekera <ksekera@cisco.com>
The ipsec startup.conf config currently exists in ipsec_tun.c. This is
because currently the only ipsec{...} options are tunnel related.
This patch moves the ipsec config to a common file (ipsec.c) for future
extensibility/addition of non-tunnel related config options.
Type: refactor
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
This commit introduces 2 fixes:
1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel.
But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it.
In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid.
2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one.
Also, fix for the pipe test include setting the right unnumbered interface for the pipes
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
This patch fixes the dpdk cryptodev raw data path dequeue problem.
The fix involves DPDK QAT PMD changes and is to be upstreamed
as a patch. The patch is also sent to DPDK mailing list.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I1a9253c8a7fbc2aa43f19f90da45e64e2840356a
1.Not only the session in state VCL_STATE_LISTEN_NO_MQ
has no queue. Session in CLOSED also didn't.
2.Refresh vls->wrk_index in child process, or this value will
become invalid if parent exit.
3.Set vlsh->vls_wrk_index once vls_worker_alloc() is called, then
vls_get_worker_index() can be simplified.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: If4f5e134915eafd74ce38f585d65ce8836b2e553
In high traffic scenarios, if app crashed or hang on somewhere, app_mq
will quickly accumulate to full, after which vpp worker will try 100
times before giving up allocating slot for every msg. This will cause
vpp main thread barrier sync to fail.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
App namespaces can now be associated to a linux ip netns, e.g.:
app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns>
If session layer's app sock api is enabled, this triggers the creation
of an abstract listening socket in the netns that has been configured.
For the example above that would be @vpp/session/<ns_id>.
Consequently, vcl, or other apps attaching to vpp, can connect to said
abstract socket from an ip netns without the need to share unix domain
socket files. In particular, for vcl it's enough to set app-socket-api
to @vpp/session/<ns_id> in the conf file.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
* Add clib_socket_init support for abstract sockets
if name starts with an '@'
* Add clib_socket_init_netns to open socket in netns
* Add clib_netns_open
Type: feature
Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
For an unknown reason the trace/replay flags where missed
when moving API message registration code from manually
cut and pasted to aut-generated.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib7625a57d3a263aac154682007459648953b1803
Verify that headers are not truncated and that checksums are valid.
Correct checksum computation in translation code.
Type: fix
Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Zero copy interface which exposes VPP buffers to snort instance(s).
Includes VPP DAQ which is compiled only if libdaq 3 API headers are
available.
Type: feature
Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Type: refactor
Refactor neighbour advertisement code into inline function
to be used solely in feature nodes.
Change-Id: I1e84c54f9807b4e3d90c37526c78a7afcb0ba087
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Type: improvement
Request use of RX interrupts for virtio if the system will support it,
which is done by applying the same check as in the virtio driver,
namely whether multiple interrupts are supported. This allows the use
of RX adaptive/interrupt mode instead of just polling, which is useful
in virtualised environments where functionality may be more important
than performance and so using polling mode is wasteful.
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I29527b6f04b0b1d0c9f9424751b2bd252ed10505
The function ip4_neighbor_advertise may be called with NULL addr. In
that case, it looks up addr from fib by calling fib_sas4_get which
returns true or false to indicate whether there is an ip address
associated with the interface or not. But the caller to fib_sas4_get
does not check the return code and blindly assumes there is always an
ip address associated with the interface. As a result, it ends up
sending GARP to the bogus ip address if there is no ip address
associated with the interface.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
Fixing nat44-ed identity map in2out communication.
TCP packets would get dropped because of the order
of testing TCP state.
Type: fix
Change-Id: Ib11e7e75c66945224fecc0bb311733672e315c7d
Signed-off-by: Filip Varga <fivarga@cisco.com>
