The removed code caused the feature to be wrongly removed on the wg
interface.
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I998e01ec231527128eaeae78bcc7576ac00e5b12
Type: fix
virtio_if_t is shared data struct between tap, tun and virtio pci.
cxq_vring is virtio pci specific element. It shouldn't be set or
accessed in tap driver.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8b34570f61b38d8b9d79d5b0669bda0f89ebc28c
Type: fix
virtio have three different interfaces (tap, tun and native virtio).
virtio_show() is used by CLI commands to show information about these
interfaces. It uses interface type to print interface specific information.
virtio_show() should use proper type for virtio interfaces (TAP, TUN, VIRTIO).
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I2043dc2cfe2e2f6c7c9348b8494aa4a27cab31f3
lookup node uses this field later to set fib_index for buffer
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I993cf80296e1713b4f13fc6ccdf49ebeaf295467
Type: improvement
e.g.:
DBGvpp# sh int 3
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
loop2 3 down 9000/0/0/0
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie296167ab2b1b9576b46f6d4d9fb9546aef3a0da
Type: improvement
Add myself as maintainer for crypto related components.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Ib43bd30b69c52c6370e3dda9ad9ed9a04374d817
Allows to use vapi symbols in a plugin.
Type: feature
Change-Id: Ic4534f266964127af54651b7d19c3b611b277860
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
This adds a way to define default fg, bg colors
and alignement for cell tables.
It also allows removing the table title by not
setting it.
It also removes the trailing newline, for usage
inside a format("%U", format_table, ...)
Type: improvement
Change-Id: I27d7a04c4a919b34d0170b04e24a56831f581ea1
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This code seems really usefull for reuse in
other plugins, for pretty table formatting
Type: feature
Change-Id: Ib5784a0dfc81b7d5a5d1f5ccdd02072e460a50fb
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
With the move to meson, most DPDK options in external.mk are not used
anymore
Type: improvement
Change-Id: I603ccd30c9e52bdc89a69aa4bece2394b3eed1fe
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
When memif CP processes the socket connection error, it may go through
the following code paths which may eventually cause double pool_put on a
clib_file
memif_master_conn_fd_error:633 -> memif_disconnect ->
memif_socket_close -> memif_file_del_by_index ->
clib_file_del_by_index -> clib_file_del -> pool_put
After memif_master_conn_fd_error:633, the code continues on
memif_maser_conn_fd_error:651 -> memif_file_del -> clib_file_del ->
pool_put
The fix is to skip calling memif_file_del in
memif_master_conn_fd_error:651 if uf->file_descriptor == ~0 to catch
problem from all possible paths in memif_master_conn_fd_error
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0960998db1ff358a8ddd4a5e22188a244eccd270
Toeplitz hash key must respect certain properties, it cannot be purely
random. Use the default one from i40e.
Type: fix
Change-Id: Ic8e67a0426de8adfecc1fcdaa99879e13ae38cc9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This adds a new API call to add session namespaces
It now takes a netns and a sock_name.
(1) If no netns is passed, sock_name will be used as
socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id}
(2) If a netns is passed, the sock_name has to be
abstract (i.e. start with '@'). It will default to
`@vpp/session/${ns_id}` and will be created in the provided
netns.
Type: feature
Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: fix
Currently when a new TAP/TUN device is created from tap_create_if()
via the TUNSETIFF ioctl(), a name is allocated by the kernel (eg.
tap0). If the caller supplied a name this is subsequently set via
netlink, after the device has been created.
Now we request the kernel to create the new device with the caller's
requested name in the first instance, thus avoiding the need to
rename the device, and therefore avoiding a window where the device
exists with a different name.
This can be beneficial, for example, when writing systemd-udevd link
files [1]. Having the TAP/TUN devices created with the requested name
ensures they can be correctly matched by the OriginalName option.
Writing link files might be necessary, for example, to avoid VPP and
systemd-udevd racing to set the MAC address on a newly created TAP
interface. systemd-udevd can be configured to not manipulate the MAC
addresses of matched interfaces.
These changes also resolve an issue where the created device would not
be renamed if the caller requested it be moved to a different network
namespace, since vnet_netlink_set_link_name() was not called in that
case.
[1] https://www.freedesktop.org/software/systemd/man/systemd.link.html
Signed-off-by: Duncan Eastoe <duncan@graphiant.com>
Change-Id: I3d657632856d03979d6b914225c3c841c379e0a1
This commit allows a non-VPP thread to request VPP to gracefully
shutdown and return a specific process status value.
Type: improvement
Change-Id: I9bf52b789e7ee28eb272630eaea495fd94349f79
Signed-off-by: Pierre Pfister <ppfister@cisco.com>
Type: fix
The init of fib_index_by_sw_if_index wasn't
setting default value to 0. Which we now
need for setting interfaces unnumbered
Change-Id: Ie5be9b5e5373ef055557a871ad4d1c45fbfc1dee
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
When epoll_wait return -1, access array epoll_events[i] out of bound
and lead to segmentation fault.
1. Change return value to signed return value
2. Skip non fatal error e.g. EINTR
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I4ece118999402ec6054baf0efb52419151655def
Type: feature
Thought this might be useful when using
many VRF to get the list of allocated
VRFs and corresponding names
Change-Id: If9d2c6612d4215e7576315d66d1eb130fcecfa13
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
allow verbose dpdk build to be enabled. Useful for tools, like debian
blhc, that want to inspect build logs.
The '--verbose' option to 'meson compile' requires at least version
0.55.
Type: make
Change-Id: I54e91298f632e2b91247680d9295701b05353abe
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Type: fix
When the local MAC address of an interface changes the rewrite strings
of all adjacency types need to be updated - this patch fixes the missing
case of incomplete adjacencies.
I moved the update of all adj types into the adj module, since if the
complete adjs were done by the ip-neighbour module and incomplete ones
by adj module, that would mean two walks of the adj DB, as it is not
possible to walk only a specific type.
UT is updated to include the missing case.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: I36af94976c645bdd0d4d3bc0093b24d7d077e9d7
vlib_buffer_enqueue_to_next() requires to allow overflow of up to 63
elements of 'buffer' and 'nexts' array.
- add helper to compute the minimum size
- fix occurences in session and async crypto
Type: fix
Change-Id: If8d7eebc5bf9beba71ba194aec0f79b8eb6d5843
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
Currently, NAT44-ED users sessions details are returned for both active
and timed out NAT sessions. It may confuse users that expect to see only
active sessions in the response and make them think that timeouts for
NAT sessions do not work.
With this change, introduce an indicator of timing out for NAT sessions
returned in NAT44-ED user session details.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib81ed90369d4b495117538f521e5112e289cf7e6
Linux Control Plane interface creation logic is currently only able to
create untagged interfaces, and dot1q VLAN sub-interfaces. This change
makes it possible to create dot1ad VLAN sub-ints, and Q-in-AD as well
as Q-in-Q sub-interfaces as well.
It makes the plugin a bit more robust by catching a few common errors,
such as creating an lcp on a sub-interface without its parent having
one, and creating an lcp on a sub-interface that is not exact-match.
This change has a bunch of smaller improvemnets as well. I documented
my work in this post:
https://ipng.ch/s/articles/2021/08/12/vpp-1.html
It shows that after the change is merged, all VPP interface types now
create and operate cleanly as LCP interfaces as well.
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I322669f7316d44c227090b83d6a574fb9c00e76a
Type: fix
Advertisements are dropped by anti spoofing check in some situations.
When a VR has "accept mode" enabled, we must add the virtual IP addresses
to the interface when the VR transitions to master state. When this
happens, fib_sas4_get() starts selecting the newly added virtual IP
address as the source address for packets sent on the interface, so
advertisements are sent with that source address.
When the virtual IP address is being used as a NAT pool address on a peer
in the backup state, the peer sees the address as a local address and
drops incoming advertisements with that source address.
RFC 5798 section 5.1.1.1 says advertisements should use the primary
IPv4 address of the interface they are being sent on as the source
IP address. Since the virtual IP address is only temporarily added
while the VR is in the master state, the virtual IP address should
probably not be considered the primary address of the interface. The
definition of Primary IP Address in section 1.6 says that selecting
the first address is a valid selection algorithm. Do that instead of
calling fib_sas4_get().
Change-Id: Id92f0e3237c7fd491dd8d695bb27307d494f8573
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
add CLI "set interface name <current-int-name> <new-int-name>
and the corresponding binary API to allow custom interface name
setting for any interface.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I2b39da59879fd4526bcb5aa5854b6bd21e72ea73
Added memory bandwidth boundedness bundle, closely related to cache-hierarchy.
This bundle works on ICX only, due to an ICX specific counter.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Id385bd5f4e645ac020774e311c623afb64b79b1e
Adding support for Linux papi TMAM on Intel Snowridge. Adds the ability to
indicate that a bundle should be thread or node bundle type based on available
cpu features (rdpmc support).
Type: feature
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ib871b2644fdb2410fbb580e0d21c3a8e2be13aba
Coverity does not seem happy about exotic control
flows in switch/case statements
Change-Id: Ie006190058f811aacf85125ebc58330d9c53510f
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 0b42ac565b
This change restores the af_packet tx path prior
in use prior to Change
Idf0bdd88990254a614962c2f7bc3e0292ccfd61a but
fixes the stalling issue by ensuring that the next
tx frame pointer is only incremented when a new tx
frame is used. This change also enables the
af_packet PACKET_QDISC_BYPASS option, for better
performance.
Change-Id: I65dde648ed66d21654847a900ceda5a8980ae6ec
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
When an input supports adaptive mode and enters
in polling, some rx queues may be missing from
the node's rx_poll_vector. To solve the issue,
a full poll vector is being computed in
vnet_hw_if_update_runtime_data, and returned
by vnet_hw_if_get_rxq_poll_vector when the
node is polling in adaptive mode.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I249bcb20ae0dd28afb0a5ca32993092bafd2f6b1
Fixed FIB entry per interface, pool and
static mapping registrations in NAT control plane.
Improved FIB configuration handling in NAT -
added functions to generalize handling of FIB & NAT,
cleaned up interface callback functions. Changed "is_"
macros to inline functions for easier debugging.
Type: improvement
Change-Id: I68a17761a975dd819139ae94e52a8a85d3f27ffc
Signed-off-by: Filip Varga <fivarga@cisco.com>
The app may send packet to different remote via sendto() with
same socket (without calling connect()). In such scenario, remote
address need to be filled in.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I49deb308668c05442f237e97acc9bfa239782482
When the interface status changes, the api of vnet_hw_interface_set_flags_helper calls the event processing function (vlib_process_signal_event_helper) for event processing. When the opinter data_vec is NULL, the _ven_len operation of an illegal address will cause vpp crash.
Type:fix
Signed-off-by: fangtong <fangtong2007@163.com>
Change-Id: I7106b2aed7a1fc17f74bf6cb513912af97584f45
When an RX thread handles more than one RX queue and has a mix of
queues in interrupt mode and polling mode, the RX input routine is
naturally in polling mode. In that case, there is no need to set RX
interrupt pending when descriptor is available in the queue for
interrupt mode.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iedbe57941eca3152c0e8ab9096cc81f315e0a915
Dereferencing null pointer fix.
Add checking of return values for all calls in print_template()
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I00073b29ab2e76d5d06af9bd3f5ae2846de4d46d
The VPP Stats Python binding was missing checking epoch.
Resulting it would not pick up changes in the directory.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I3226d71c77be2e80e24b5cd48fc9820833f7d30e
Signed-off-by: Ole Troan <ot@cisco.com>
fix to pass right arguments to vlib_buffer_enqueue_to_thread
Type: fix
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I2521ac8d33135843263e8f99318988ec78effbaa
Type: feature
This patch adds IPsec ESP SPI as RSS key for better IPsec
inbound processing scaling. With this feature enabled,
The NIC will use the packets' SPI index as the RSS key
to distribute them to different queues.
The dpdk-input is also updated to support this feature.
Sample CLI command to enable Ipsec ESP SPI as RSS key:
test flow add src-ip any dst-ip any rss types esp
test flow enable eth0 index 0
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I8b7d01cfc065e9099fad33042ce76898e16ddbf0
Type: feature
This patch bumps dpdk version from 21.05 to 21.08
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I8f655dae1489c11e7fb2ff86f8a91b597383bd99
Add an enable/disable field to stats segments poll. The is used by the
perfmon plugin to only poll for stats on an active bundle.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I6404a7db50d8e922afea5da8ec15fdabe3d97157
Make stat_validate_counter_vector3 usable outside of stats segement. Is
used by the perfmon plugin to allocate a 2-dimension array of values.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: If4be2e14ba718c20bf939d162e580880eab1a6cb
CLIB_PREFETCH (s->tx_fifo, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
sizeof(svm_fifo_t) is 128 bytes
Note on 64B cacheline size Arm machine,
CLIB_CACHE_LINE_BYTES 128
CLIB_CACHE_PREFETCH_BYTES 6
above CLIB_PREFETCH () macro will be expand to
__builtin_prefetch(s->tx_fifo)
__builtin_prefetch(s->tx_fifo + 64)
__builtin_prefetch(s->tx_fifo + 128) << prefetch out of range
__builtin_prefetch(s->tx_fifo + 192) << the same here
Solution:
Change to CLIB_PREFETCH (s->tx_fifo, sizeof (*(s->tx_fifo)), LOAD);
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Change-Id: I745cbce3dbe5afcab53c39189d18392f569df5aa
vlsh may not belong to the current vcl worker.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I75f962313e538fcd2b1cc6dffca53997648ca43e
Type: improvement
Motivation for this addition is to add support for cipher suites
that use Diffie-Hellman Ephemeral (DHE) for key exchange.
Using ephemeral DH key exchange yields forward secrecy as the
connection can only be decrypted when the DH key is known.
Configure OpenSSL to use the default built-in DH parameters for the
SSL_CTX object.
Change-Id: I31aadad047a6394ddf8bfa08471c239e0d1cd63c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Tcp may want to send acks in established, but the app
has not called accept() yet.
Type: improvement
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I43b8cd386e533ca95c8ec260a0a1f695ea140358
Running a batch file which contains many vppctl commands, occasionally,
VPP may spit out the banner for some of the commands. This happens
when VPP erroneously views the vppctl session as interactive.
A simple way to recreate the problem is to run a batch script as followed
while [ 1 ]
do
vppctl create loopback interface
vppctl delete loopback interface intfc loop0
done
We have two processes which may display the banner,
unix_cli_new_session_process and unix_cli_process. Normally,
unix_cli_process parses the input tokens and displays the banner after
it negotiates the terminal type with the vppctl app.
unix_cli_new_session_process only displays the banner just in case the
client fails to negotiate terminal type. It runs on a timer and expires
in 1 second to display the banner if by then the terminal type is still
not yet negotiated.
The problem is when the session is killed or exitted, VPP does not remove
the element that was enqueued for cli_new_session_process. The index
for the connection (cf) is recycled. The timer for the queue element
continues to run. When the timer expires for the queue element, it
finds the wrong new session due to index recycling. If the new
session has not had negotiated the terminal type, the banner is printed
erroneously to the new session from cli_new_session_process.
The fix is to clean up the queue element to stop cli_new_session_process
from processing the wrong connection when the session is killed.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ife2f1b1c95661e442f0fc6b73505e330e6641fc1
set the right data length to decode the packet properly.
Type: fix
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I6a35fa54851496d0a958f1a64a547b7f08bb4c19
This plugin allow to keep track of buffer usage in VPP graph nodes. The
main use is to detect buffer leakages.
Type: feature
Change-Id: Iadcf4ab98207fab6e2fa375060879bc2a25b711e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Take advantage of the new TX infra and support manual thread placement
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id8023846a2eb59125fcf2f80f4f11eb681cf14dc
xsk objects keep pointers to the rx and tx objects. If we re-allocate
the rx and tx vectors after initializing the associated xsk object, the
pointers in the xsk object will be staled.
To avoid this, we allocate the vectors to the max expected size instead
of growing them.
Type: fix
Change-Id: If30433a28c186787d66c12dbab34bf210c95b519
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Extend the srv6 sid list structure with policy type to support
different SR policy types
Type: feature
Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
Change-Id: I6a8cf82b1269e1c46f3757df0047b306f613112b
fa_session_t *sess;
CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE);
sizeof(fa_session_t) is 128 bytes
i) on 64B cacheline size Arm machine,
above CLIB_PREFETCH () macro will be expand to
__builtin_prefetch(sess)
__builtin_prefetch(sess + 64)
__builtin_prefetch(sess + 128) << prefetch is out of range of *sess.
__builtin_prefetch(sess + 192) <<
ii) on 128B cacheline size Arm machine, CLIB_PREFETCH () expands to
__builtin_prefetch(sess)
__builtin_prefetch(sess + 128) << still out of bound
Solution:
Change to CLIB_PREFETCH (sess, sizeof(*sess), STORE);
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Change-Id: I4b3d4fc55747f3d9ad1bcf24f8834601a03ef55e
Type: fix
while xsk fd closed by clib_file_del_by_index fisrt,
xsk_get_mmap_offsets will get wrong off in xsk_socket__delete,
so munmap wrong place.
Signed-off-by: arikachen <eaglesora@gmail.com>
Change-Id: I95464e9b4eec99814bd32d7402c0d60a0605cef5
Type: fix
Building an RPM with 'make pkg-rpm' fails because /usr/bin/vat2 is
installed but is not included in %files. Add it.
Change-Id: I686b291e4419d39141f0f87da963b413d11ab0f8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Remove aggressive inlining outside of the main loop to improve build
time (from 146s to 22s).
Type: refactor
Change-Id: I3824516a85b5e8d02894e66f19d891569c1a68fb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When using cached bytes:
- do not overflow
- do not return the same bytes twice
Type: fix
Change-Id: I2a87b47a79300e56a2201b8fc3cb6cb15b592e28
Signed-off-by: Benoît Ganne <bganne@cisco.com>
vlib_buffer_chain_linearize() truncates partial data in chained buffers
in corner cases when current_data is negative.
Strengthen test cases to reproduce the errors and fix it.
Type: fix
Change-Id: Ida621923711c5755508224bdc3842b31003c6c0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When mmap()-ing perf event in userspace, we must adhere to the kernel
update protocol to read consistent values.
Also, 'offset' is an offset to add to the counter value, not to apply
to the PMC index.
Type: fix
Change-Id: I59106bb3a48185ff3fcb0d2f09097269a67bb6d6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- add format_vnet_buffer and format_vnet_buffer_no_chain to mirror
format_vlib_buffer and format_vlib_buffer_no_chain
- format_vnet_buffer used to be the "no chain" version, replace all of
its current use with the corresponding format_vnet_buffer_no_chain
- add a function to dump vnet buffer details from gdb
Type: improvement
Change-Id: I143ce845f80e7ef937ea33a557b6e3b5988c5b8f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
IKEv2 is not optimized for dataplane processing and do not really
benefit from aggressive inlining. Let the compiler decide to improve
build time (from 205s to 30s).
Type: refactor
Change-Id: I5286880b35d338d669ec9382bf049d4486c04947
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
With endpoint dependent NAT44, When there are multiple workers we look
for a flow which matches the packet in order to figure out which worker
should handle the packet. If the packet is an ICMP error, it may be
associated with an existing flow by inspecting the L3/L4 headers that
are included in the message payload.
This was not being done for in2out packets in
nat44_ed_get_in2out_worker_index(), so some packets which were related
to an open session were not being associated with that session and were
being passed to a different thread than the one where the session was
created. Later on, when the packet was processed by the fast path in2out
node, the L3/L4 headers in the payload are inspected and the fast path
node finds the existing session. Since that session is owned by a
different thread than the one the packet is being processed by, the
in2out fast path node can potentially access the wrong session and/or
memory adjacent to the session pool. This can cause a SEGV.
Make nat44_ed_get_in2out_worker_index() look at the inner headers when
processing an ICMP error. THis is already done in
nat44_ed_get_out2in_worker_index() and in the fast path in2out node.
Change-Id: Icdc1abebcbce452ee7be7cb23fc563e09bf575f2
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup
may be more efficient than the hash-based lookup. Expose the API to allow the control plane
to choose what lookup algorithm to use.
Type: improvement
Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
vhost interrupt mode support with mq does not work when coalesce frame
is not configured to 0.
When packed-ring is configured, we were also setting the wrong flag
for want-interrupt.
No need to trigger an interrupt to RX infra if there is at least one
queue in the same thread that is doing polling.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I8e64250f2aa6bf611a777a53e4d2c1076d83305f
Add prefix argument to specifiy shared memory segment.
Add long arguments.
Add argument to dump apis.
Add help.
Add template argument
E.g:
vat2 --template sw_interface_add_del_address
{
"_msgname": "sw_interface_add_del_address",
"sw_if_index": 0,
"is_add": false,
"del_all": false,
"prefix": "0.0.0.0"
}
Usage: vat2 [OPTION] <message-name> <JSON object>
Send API message to VPP and print reply
-d, --debug Print additional information
-p, --prefix Specify shared memory prefix to connect to a given VPP instance
-f, --file File containing a JSON object with the arguments for the message to send
--dump-apis List all APIs available from connected VPP instance
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I2d32483a727bc16990c9a30dfa9bc1fa7b1fa85a
Signed-off-by: Ole Troan <ot@cisco.com>
Type: fix
The NAT plugin stores packet counters and a counter represents a vector
indexed by interface index. When an interface is assigned a NAT role,
the counters are validated to be long enough for the given interface
index.
When a packet traverses NAT in2out and output feature is disabled, the
appropriate counters are updated by the RX interface index. In this
case, translation happens on the inside interface and its index was
ensured to be valid in all of the counters during NAT role assignment.
When a packet traverses NAT in2out and output feature is enabled, the
appropriate counters are updated by the RX interface index too. In this
case, translation happens on the outside interface and the packet could
be received on any interface, even with no NAT role assigned. If that's
the case and its index is greater than the greatest index validated in
the counters, a new counter value will be written to memory that does
not belong to the counter. As a result, a crash will occur at some
point.
With this change, use TX interface index to update the counters when
output feature is enabled. TX interface is an actual interface where
translation happens and its index is always valid in the counters.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I53a52af949fe96419e1b5fef4134ab4062198f51
ip/ip_types_api.h is already installed by the build system
Change-Id: Iec43e0ad50e32473d93ea8f7281b5a6477ddc87f
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement
b8e7a45d56 has removed dh-systemd from the DEB_DEPENDS,
however this causes the make pkg-deb to fail on a clean lxd or docker install of debian10 as follows:
dpkg-buildpackage: info: source package vpp
dpkg-buildpackage: info: source version 21.10-rc0~252-g76b19ceaf
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by fd.io VPP <vpp-dev@fd.io>
dpkg-buildpackage: info: host architecture amd64
dpkg-source --before-build .
dpkg-checkbuilddeps: error: Unmet build dependencies: dh-systemd
dpkg-buildpackage: warning: build dependencies/conflicts unsatisfied; aborting
dpkg-buildpackage: warning: (Use -d flag to override.)
FAILED: CMakeFiles/pkg/CMakeFiles/pkg-deb
cd /root/t/t/vpp/build-root/build-vpp-native/vpp/CMakeFiles && dpkg-buildpackage -us -uc -b
ninja: build stopped: subcommand failed.
make[1]: *** [/root/t/t/vpp/build-data/packages/vpp.mk:46: vpp-package-deb] Error 1
Thanks to Nick Brown for the help!
Type: fix
Fixes: b8e7a45d56
Change-Id: I08b3a1efcdf6e6096b4ab28263764c1d66be43ef
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
X710/XL710 devices have source pruning enabled by default and DPDK
provides no option to disable it. This prevents VRRP from working
properly.
Disable source pruning while setting up the main VSI.
Change-Id: Iaf89f7dae8992e3bd0b9fae83878daa27a5bb931
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: fix
Creating a sub-int without exact-match set, and subsequently adding an
IPv4 or IPv6 address will crash VPP. This fix catches this situation and
refuses to allow the caller to add an IPv4 or IPv6 address on an
ethernet sub-int that does not have exact-match set.
TESTED:
Before this change, the following crashes VPP:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8::1/64
<crash>
```
After the change, VPP refuses to act:
```
DBGvpp# cre sub TenGigabitEthernet3/0/0 1 dot1q 10
TenGigabitEthernet3/0/0.1
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 192.0.2.1/30
set interface ip address: sub-interface without exact-match doesn't support IP addressing
DBGvpp# set interface ip address TenGigabitEthernet3/0/0.1 2001:db8:1/64
set interface ip address: sub-interface without exact-match doesn't support IP addressing
```
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I42997db314225cd186ebb54013b5717ace7f7bd6
Implement a simple source address selection algorithm
for IPv4 and IPv6.
IPv6 does not yet implement RFC6724 but supports link-locals.
ping now chooses correct source address for link-local destination.
Added ping support for link-local multicast (e.g. allnodes).
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I1a3382c1f7d4ace0386c2c19e4e47b045b73a3ed
Signed-off-by: Ole Troan <ot@cisco.com>
- Upgrade python package requirements for test & docs
- Clean up docs generation warnings
- Consolidate python requirements for docs in test
requirements specs.
- Upgrade pip
Type: make
Change-Id: I74a3924b43ed93d15b32ec9f6fc41ed1ba95b69b
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: fix
Originally the decryption doesn't check the hmac for chacha20-poly1305.
This patch fixes the problem by adding flag to crypto op to check hmac.
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I63e06fc011b288b1c9dc1b96a92923f224ef656b
Refactoring and cleaning up address allocation functions &
ip table update callbacks.
Type: refactor
Change-Id: I9a11700a5f335b64d0d84e04d8e16d040624e01b
Signed-off-by: Filip Varga <fivarga@cisco.com>
Type: fix
Replace vec ops with pool ops when iterating over pool of
interfaces in plugin_disable() functions.
With this change plugin disabling function and interface role
disabling functions iterate over identical sets of registered
interfaces, preventing 'interface couldn't be found' errors.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I4e191bcc5322ff1f9f7730c6fda5e6af86a8eec9
Type: improvement
Check SSL_CTX_use_* API return value and exit on error.
Check BIO_new return code.
Release allocated BIO on error cases.
Change-Id: I9c48e91727e0eeba5d7d74d06fc37634e3c20978
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Type: fix
debian/compat contents were set to 10, but debhelper build dependency,
which is the same thing, was set to only 9. Both are not needed,
debian/compat being deprecated, so use only the latter.
At compat level 10, dh-systemd is integrated directly into debhelper, so
build dependency not needed (And in Debian Bullseye dh-systemd
transitional package is completely removed).
See: https://manpages.debian.org/testing/debhelper/debhelper.7.en.html#COMPATIBILITY_LEVELS
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I5809b739334076d7fa8389b076a97f1648726e6e
than 16-8-8-8
Type: feature
the memory trade-off is:
for 8-8-8-8 tries
DBGvpp# sh ip fib mtrie mem
ipv4-VRF:0 mtrie:8068 hash:3499
totals: mtrie:8068 hash:3499 all:11567
for 16-8-8
DBGvpp# sh ip fib mtrie mem
ipv4-VRF:0 mtrie:333056 hash:3499
totals: mtrie:333056 hash:3499 all:336555
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I5271a4322d786de6e47613cff9bd432762dbed2a
Type: feature
The difference being the MTRIE type they contain.
THE FIB continues to use the 16-8-8 version.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I5a54d4e6e6cc639f18a3fb65ef2925507a7ef1de
Type: improvement
there's a time-space trade-off between the 16-8-8 and 8-8-8-8 stride.
FIB continues to use the 16-8-8. Other features are now free to make the
choice.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6691a163486ce62e75e629f6ef0c990f253df8e5
Type: improvement
the existing mtrie functions use the existing 16_8_8 mtrie. Rename them
to make that explicit. Then we can add the 8_8_8_8 types and functions
alongside.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If5ce7a282d5d3742dc65bcd0523220235d9c510d
Type: fix
When freeing an uninstantiated bihash
created with dont_add_to_all_bihash_list = 1
we get a warning. This removes the
warning & the search for the bihash on
cleanup.
Change-Id: Iac50ce7e30b97925768f7ad3cb1d30af14686e21
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
When a packet goes through interface-output, whether it should be
captured or not will be evaluated twice: in interface-output and in
interface-output-template (<interface_name>-out) node.
interface-output should only capture packets if there is an interface
filter, otherwise it should defer evaluation to
interface-output-template.
Type: fix
Change-Id: Ia720c5d184a236335e1d7d44d8c04caf87af5630
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: refactor
as opposed to wrtiing out the mtrie steps one by one each time.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I1248861350f9189f9a67ac6e68940813af279e03
Type: fix
There's no such thing as a conflict between the FIB and adj tables. This
is code that should have been removed way back in 16.04.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4524e7921b03b89106dd1f35aa1171d0945367cf
Even when periodic RAs are disabled VPP would respond to
router solicitations. Making it impossible to have an IPv6
enabled interface with hosts connected to it without VPP
acting as a default router.
This change drops RS messages if the radv_info->send_radv is
off.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa
Signed-off-by: Ole Troan <ot@cisco.com>
l4 match parsing should not try to consume the whole input, otherwise
it breaks cli such as:
'classify session ... match l4 dst_port 22 action set-ip4-fib-id 2'
Type: fix
Change-Id: I81a1b5779811f7df8286a371f85fafe09c947b87
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Return unsupported error if user calls one
of the configuration functions that can
run only after nat44-ed plugin is
enabled via appropriate api/cli
call.
Type: fix
Change-Id: I0d4ab0684ba5ae23fc2ecc668554a34537c2904a
Signed-off-by: Filip Varga <fivarga@cisco.com>
signs were changed here when calculating the offset:
d78ba5aa01
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I62b7a409caaf478e40efbdd6000922dcc7e92860
The vnet_crypto_key_add should only be called from the main thread.
This patch works around this limitation by allocating one key per worker
and updating it on the fly everytime we need to do a crypto operation.
This solution is far from ideal, but quicly has a strong assumption that
it can use a key immediately after determining it, so making the key
creation asynchronous is not a possibility.
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7
Type: fix
We need to set rmt address before sending connect, otherwise VPP
would connect to 0.0.0.0:0 and return invalid remote ip.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I85ae6931c2ba9f2f77c9ab19a2f801f50745449c
We only support one vls worker per process and therefore should not
share lock between processes.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I57bb536cf3bf04e8de031b07cb885f80b4fa03c9
Handle case where extra data is present in buffer which is not part of
IP/ICMP headers.
Type: fix
Fixes: 05b5a5b3b4
Change-Id: Icfef811470056d38c60fc45cc302139ed7594385
Signed-off-by: Klement Sekera <ksekera@cisco.com>
The ipsec startup.conf config currently exists in ipsec_tun.c. This is
because currently the only ipsec{...} options are tunnel related.
This patch moves the ipsec config to a common file (ipsec.c) for future
extensibility/addition of non-tunnel related config options.
Type: refactor
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
This commit introduces 2 fixes:
1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel.
But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it.
In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid.
2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one.
Also, fix for the pipe test include setting the right unnumbered interface for the pipes
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
This patch fixes the dpdk cryptodev raw data path dequeue problem.
The fix involves DPDK QAT PMD changes and is to be upstreamed
as a patch. The patch is also sent to DPDK mailing list.
Type: fix
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I1a9253c8a7fbc2aa43f19f90da45e64e2840356a
1.Not only the session in state VCL_STATE_LISTEN_NO_MQ
has no queue. Session in CLOSED also didn't.
2.Refresh vls->wrk_index in child process, or this value will
become invalid if parent exit.
3.Set vlsh->vls_wrk_index once vls_worker_alloc() is called, then
vls_get_worker_index() can be simplified.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: If4f5e134915eafd74ce38f585d65ce8836b2e553
In high traffic scenarios, if app crashed or hang on somewhere, app_mq
will quickly accumulate to full, after which vpp worker will try 100
times before giving up allocating slot for every msg. This will cause
vpp main thread barrier sync to fail.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
App namespaces can now be associated to a linux ip netns, e.g.:
app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns>
If session layer's app sock api is enabled, this triggers the creation
of an abstract listening socket in the netns that has been configured.
For the example above that would be @vpp/session/<ns_id>.
Consequently, vcl, or other apps attaching to vpp, can connect to said
abstract socket from an ip netns without the need to share unix domain
socket files. In particular, for vcl it's enough to set app-socket-api
to @vpp/session/<ns_id> in the conf file.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
* Add clib_socket_init support for abstract sockets
if name starts with an '@'
* Add clib_socket_init_netns to open socket in netns
* Add clib_netns_open
Type: feature
Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
For an unknown reason the trace/replay flags where missed
when moving API message registration code from manually
cut and pasted to aut-generated.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib7625a57d3a263aac154682007459648953b1803
Verify that headers are not truncated and that checksums are valid.
Correct checksum computation in translation code.
Type: fix
Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Zero copy interface which exposes VPP buffers to snort instance(s).
Includes VPP DAQ which is compiled only if libdaq 3 API headers are
available.
Type: feature
Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Type: refactor
Refactor neighbour advertisement code into inline function
to be used solely in feature nodes.
Change-Id: I1e84c54f9807b4e3d90c37526c78a7afcb0ba087
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Type: improvement
Request use of RX interrupts for virtio if the system will support it,
which is done by applying the same check as in the virtio driver,
namely whether multiple interrupts are supported. This allows the use
of RX adaptive/interrupt mode instead of just polling, which is useful
in virtualised environments where functionality may be more important
than performance and so using polling mode is wasteful.
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I29527b6f04b0b1d0c9f9424751b2bd252ed10505
The function ip4_neighbor_advertise may be called with NULL addr. In
that case, it looks up addr from fib by calling fib_sas4_get which
returns true or false to indicate whether there is an ip address
associated with the interface or not. But the caller to fib_sas4_get
does not check the return code and blindly assumes there is always an
ip address associated with the interface. As a result, it ends up
sending GARP to the bogus ip address if there is no ip address
associated with the interface.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
Fixing nat44-ed identity map in2out communication.
TCP packets would get dropped because of the order
of testing TCP state.
Type: fix
Change-Id: Ib11e7e75c66945224fecc0bb311733672e315c7d
Signed-off-by: Filip Varga <fivarga@cisco.com>
When reading vm->pending_rpc_requests in main thread,
the content may be changed by other workers.
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I27e9d357b5ecec0f97cd8b950019b35f72fc5f76
Session in LISTEN_NO_MQ state has no vpp_evt_q.This
would cause a segfault when vcl try to send msg to
vpp.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I0d21831dbed148cd1b0ca7c083aeeef9e813ef2f
Refactored & fixed NAT44ED configuration
functions used for handling interfaces and
nodes.
Type: refactor
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
Fix the saturate add/sub wrappers in vector_neon.h by using the correct
intrinsics.
Type: fix
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Reviewed-by: Tianyu Li <Tianyu.Li@arm.com>
Change-Id: I38a85633948472d4bdb1c199a806633d3070013f
Silence the coverity test with setting the interface index
in a variable before the boundary check.
Type: fix
Change-Id: I9bd6db08bfef93142581dada0b6a7d78b7de91e7
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Put plugin init order inside plugin instead of in vnet
Type: improvement
Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com>
Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
Type: improvement
Allow the use of the base-virtaddr config option to be passed through
to DPDK. This is useful to allow use of devices with an IOMMU in
nested VMs without resorting to PA IOVA mode.
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I32b6513377e6d20bf155e12c45f902d51ea982c4
while one mprotect PROT_NONE on hdr->next or hdr->prev,
the other one with the PROT_NONE is unmap at the same time,
cause SIGSEGV.
Type: fix
Signed-off-by: arikachen <eaglesora@gmail.com>
Change-Id: I21c0497da140c9654b566e47f767a90346715ed8
This patch removes the papi transport shared memory plugin.
It also removes any dependency on CFFI.
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ia81701c0dc506871e511495d837e41420e1fdf72
Signed-off-by: Ole Troan <ot@cisco.com>
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iacc58d27ac51c8a1c571087f98297e046b3477c2
Using the cli "set interface tx-queue", it is not possible to assign
tx queue to the last worker thread.
The reason is that vdm->first_worker_thread_index is 1. Adding that
to clib_bitmap_last_set (bitmap) exceeds vdm->last_worker_thread_index
when the CLI specifies the last worker thread.
Also make the threads argument optional to enable user to unbind a queue
from any thread.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I796259c20f571289c8f5a97b9418caf452d0ab3d
Type: fix
For a TAP device the MTU is set via the ethernet_register for TUN we
need to do it explicitly (like we do for other tunnel types).
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie6a13c795acb35b53f8d99b05c70c3e73a7b428e
When removing a l3xc path we must release the corresponding dpo.
Type: fix
Change-Id: Ib6309797cb11374264c786e064f262ad13c6f0a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Failure due to the method vrrp_adv_packet scope and self reference.
Type: fix
Signed-off-by: rajaselvam <rajaselvam@gmail.com>
Change-Id: I4ec14ea37928142651eb08fcc5736bc9c24ab062
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
.. as it is going to be removed.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
Alignment size should be CLIB_CACHE_LINE_BYTES(64)
instead of CLIB_LOG2_CACHE_LINE_BYTES(6)
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If2d5ae324093be64454377866297f5e76ccddc93
When a buffer in the chain comes with a negative current_data offset,
the conversion to sgl will skip it because of resetting offset to 0.
Moreover, crypto_start_offset is relative to the 1st buffer data pointer
so we should not check it against subsequent buffers anyway.
Type: fix
Change-Id: Id177a90bfda242a5372c7e8836cf6668e98c780e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
local0 exists just to burn sw_if_index=0 so we catch common API errors.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
Thread assignment to tx queue has always been automatic and there
was no way to modify it. With this patch, it is now possible to use
the cli "set interface tx-queue" to change the thread assignment to
tx queue for vmxnet3 interface, thanks to the new tx infra.
Type: feature
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1544e3557f70251d4bd423cc3d9f28ee1d44db4a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
When enqueuing chained buffer, we must update the descriptor length for
each fragment descriptor in addition to the last.
Type: fix
Change-Id: I9bc95fe557a049eeea4abd41c695153632d52a52
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When switching to the direct verb chain buffer tx path, we must account
for all remaining packets, including the packets that would wrapped
around.
Previously we were using the 'n' counter but ignoring the 'n_wrap'
counter: if some packets would have wrapped around in the default path,
it would be ignored by the chained buffer tx path.
Compute the correct number of remaining packets based on the old and
current txq tail instead.
Also simplify the chained tx function parameters.
Type: fix
Change-Id: If12b41a8f143fda80290342e2904792f7501c559
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The total_length_not_including_first_buffer field must be reset before
being updated otherwise it will quicly grows as stale values are reused.
Type: fix
Change-Id: Ic48c0822660998b0dfc0b5fdeadae6071b2d03f7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
There's no need for the user to set the TUNNEL_V6 flag, it can be
derived from the tunnel's address type.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
Type: fix
two problems;
1 - just because anti-reply is not enabled doesn't mean the high sequence
number should not be used.
- fix, there needs to be some means to detect a wrapped packet, so we
use a window size of 2^30.
2 - The SA object was used as a scratch pad for the high-sequence
number used during decryption. That means that once the batch has been
processed the high-sequence number used is lost. This means it is not
possible to distinguish this case:
if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl))
{
...
if (post_decrypt)
{
if (hi_seq_used == sa->seq_hi)
/* the high sequence number used to succesfully decrypt this
* packet is the same as the last-sequnence number of the SA.
* that means this packet did not cause a wrap.
* this packet is thus out of window and should be dropped */
return 1;
else
/* The packet decrypted with a different high sequence number
* to the SA, that means it is the wrap packet and should be
* accepted */
return 0;
}
- fix: don't use the SA as a scratch pad, use the 'packet_data' - the
same place that is used as the scratch pad for the low sequence number.
other consequences:
- An SA doesn't have seq and last_seq, it has only seq; the sequence
numnber of the last packet tx'd or rx'd.
- there's 64bits of space available on the SA's first cache line. move
the AES CTR mode IV there.
- test the ESN/AR combinations to catch the bugs this fixes. This
doubles the amount of tests, but without AR on they only run for 2
seconds. In the AR tests, the time taken to wait for packets that won't
arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of
these tests from 10-15 to about 5 sceonds.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
According to RFC 793, the ACK control bit is always sent once
the connection is established.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
ipsec_spd_policy_counters are incremented only for matched inbound
PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have
SPD policy counters that should be incremented on match.
This fix increments the counters for inbound BYPASS and DISCARD actions.
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
In stress test case, memset may consume a lot of CPU because
vls_epoll_wait is called very frequently.
Type: improvement
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I9b4e1d6e1c4d7217cf0b2529d8efed792dea7b40
Type: improvement
the rationale being that the del only requires the SA's ID, so it's a
bit mean to require the client to fill out all the other information as
well.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
If an IPv6 Link Layer Address is missing from an interface,
treat it as a down interface. While this fails to send a
VRRP multicast group join, it also prevents a seg fault.
Type: fix
Fixes: 39e9428b90
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
Puts return statements back inside code blocks under the lock
Type: fix
Change-Id: I76d426f336200035026b92bcb0ffe2b472a3142d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Type: fix
Outbound packets which arrive on tun/L3 interfaces use a default
adjacency for the interface & address family from the corresponding
interface pair. However, there are entries in the linux-cp adj table
that are created for them. Managing these entries might cause a
segfault because the rewrite data might exceed the reserved space for
it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6).
With this change, stop creating adjacencies for tun/L3 interfaces in
the linux-cp adj table and delegating them.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
Applications like curl will poll the fd after a non-blocking
connect, so we need to avoid returning the wrong event.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I7ea146fc954fda631b3d88b46bb80adfbcdf137c
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
Type: improvement
Allow callbacks to be registered which will be called when an
interface pair is added or deleted.
Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.
Fix ICMP checksum computations.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
Type: improvement
Set port type and supported flow actions on 2.5G Intel NICs which are
managed by the igc PMD.
Change-Id: Id144eaa158e24a3f10effb6b517d1c62fba0d2e8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
ASan poison/unpoison vectors based on the vector length, but _vec_len()
bypass ASan annotations, contrary to vec_set_len().
Type: fix
Change-Id: I5265a5adcddef1aa11c77e0c3827346b1a66c306
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When copying sessions from parent on fork, we should validate vep handle
in order to EPOLL_CTL_DEL in vcl_session_cleanup correctly when child
exit.
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I7696ecd898460c9a296d2800e46c7140e2218ed7
Main process may enter sighandler with a lock, such as lock in localtime
or in mspace_free, and child wrk cleanup may try to get such locks and
cause deadlock.
The patch move cleanup to vls_epoll_wait to wait app's next call.
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I9b208038a0f49b0ace44684189234aeac9d94730
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0bdf870e2e9b0ebc11a3ce252fbd0667a83de4e6
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I03f51393a92bae45608d9fc9f53164f3b0add3cd
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1de45c4db57444d2d2c9fb91b8a66a4f01be699b
TTL was already decremented in ip4-rewrite so it's okay if it's 1.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0db7343e907524af5adb2f4771b45712927d5833
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iacaefbf04834f000a14f151c4b848f280ac46d63
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5dd30870443a22a7da65f6b5a6d3967991e2aceb
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I7a0a189ce635a4a74e63ac4cb133686b8b7ba53a
When creating a new node, a corresponding node symlink is created when
the nodes counters update. To be sure we are able to access this
symlink, a retry mechanism was added.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Ieb08d8554b4fd13d01e79062b5f820b235be9a13
In some part of VPP we are accessing memory past what was allocated for
efficiency when we know it is safe to do so. We need to tell ASan about
it so it does not complain.
The initial attempt was too simple and could not manage cases where the
poisoned memory was scattered. This new attempt is more robust as we
save and restore the full shadow state.
Note it will still not work properly if we poison/unpoison memory while
in an overflow context, but this should not be a big issue as overflow
should only be temporary.
Type: fix
Change-Id: I636f44eb59aa8455a4d13929a3791b56619af7b4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0994241df94ad7536be323b9d7c48caf38cc4267
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I76be91715953c7cbe704961d1a56c48334656e19
Use autogenerated code.
Does not change API definitions.
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Idf0c24c9c8f8f3c267285c6a231c9c1a364a902a
Use autogenerated code.
Does not change API definitions.
Type: improvement
Change-Id: I864979ce490651bf1f5fed107620e9bc4ca4bf93
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Allocate per app pair segments with space for more than one fifo.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib96fe12b899cb14ff20c0be607814011e2c3fc6a
mfib interface flags are parsed before the interface name. For some
specific names, this creates a bug when adding routes.
ex: ip route add 10.0.2.0/24 via FortyGigabitEthernetd8/0/0
The 'F' at the beginnig of the interface name is parsed as the
"Forward" flag. Because of that, the interface name parsed is
"ortyGigabitEthernetd8/0/0" which results in a parsing error.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Ib76c2f86416455841f910f7b466b467001072b70
Type: fix
Currently, is_interface_addr() tests if a given IPv4 address belongs to
an interface by a given sw_if_index. However, there are several issues:
* only the first found address on the interface is actually tested,
* sw_if_index is always cached even if the interface hasn't been
assigned any addresses yet.
With this change, is_interface_addr() tests all IPv4 addresses on an
interface by a given sw_if_index and caches sw_if_index only if there
are addresses present.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: If1acc4a534647a5f0ce8e9b565b867c92a016dc3
Type: fix
Currently, there might be a crash in NAT ED mode:
* if a session for an unknown proto packet cannot be created in2out,
* if a session for an unknown proto packet cannot be found out2in.
With this change, translate packets only if a session is given in NAT
ED mode.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iafb332db1ae9a3e76435964ad636037d1b8a51e8
sm_directory_vector_by_name is a C-string hashtable, make sure the names
are NULL-terminated.
Type: fix
Change-Id: If44456ef9da69ed012f2b981b58ce732663af67d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Length check must also take current_data into account.
Type: fix
Change-Id: I7a1b1752868892d40f59490d05452ef24565cca6
Signed-off-by: Benoît Ganne <bganne@cisco.com>
In the current implement, tcp would start or up an one tick
retransmit timer for that connection if vlib_buffer_alloc()
return 0. Now the tick is 0.1ms, this means that if VPP is
in a buffer shortage state, there would be a large number of
burst timer expirations.
This commit limits the minimum interval of the retransmission
timer to 100ms.
Type: fix
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Ia11d693fe46119c5dc16b24ca93c30c31109057a
This commit does following:
- Change the behavior of shutdown() with SHUT_RDWR flag.
- Check SHUT_RD flag when read()
- Change the errno when write() after SHUT_WR
- Remove unused code
All the above modification passed the packetdrill test.
Type: improvement
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I0c81f52e563562e58580d70976526b898e65e915
Type: feature
this allows VPP to simulate linux tun devices.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3adf38b49a254804370f78edd5d275d192fd00a6
When recycling a debug CLI process node, unix_cli_file_add() needs to
delete and recreate the related node_by_name hash table entry.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I635da4918509d5b22eae37627c2d9b3608380ca6
TCP and (D)TLS clean up half-opens on main without a lock/barrier so
cleanup initiated from first worker, e.g., cut-throughs, can corrupt the
session pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e5162831c0e201b22454f17fe55bfac44b85fa9
Type: fix
This prevents reordering when a push flag is received.
GRO appends the segment with the push flag to the existing
flow and flushes it immediately.
Change-Id: I61b36209b3381f340594a9cb3ed816d43b02bdff
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
when the configuration of tx queues is larger than the worker-threads,
the clib_spinlock_lock_if_init will not be executed, and then this function
will executed the clib_spinlock_unlock_if_init, so this may caused the issue.
Type: fix
Signed-off-by: fangtong <fangtong2007@163.com>
Change-Id: I3ce244cd5e1f410e9f14bd060b929238f069b9fa
VRRP prefix length is 5 bytes, doesn't make sense
to compare with 6 bytes mac address
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I70a9c9ca769f34a81cd568f9e6b9a3538e6ec710
The path pool can expand during in fib_path_attached_next_hop_get_adj()
when calling adj_nbr_add_or_lock(). If dpo points to a path->fp_dpo, its
reference becomes stale.
Use a temporary copy instead.
Type: fix
Change-Id: Ie966cb5f3f7b416425964dca12f1f586bfc2010c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The adj can be deleted during fib_walk_sync(), make sure it can happen
only after clearing the SYNC_WALK_ACTIVE flag.
Type: fix
Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
If an async crypto frame is allocated during ESP encrypt/decrypt but
a buffer/op is not subsequently added to the frame, the frame leaks. It
is not submitted if the count of async ops is zero nor is it
returned to the frame pool. This happens frequently if >= 2 worker
threads are configured and a vector of buffers all have to be handed
off to other threads.
Wait until it is almost certain that the buffer will be added to the
frame before allocating the frame to make it more unlikely that an
allocated frame will not have any operations added to it.
For encrypt this is sufficient to ressolve the leak. For decrypt there
is still a chance that the buffer will fail to be added to the frame, so
remove the counter of async ops and ensure that all frames that were
allocated get either submitted or freed at the end.
Change-Id: I4778c3265359b192d8a88ab9f8c53519d46285a2
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Test added to the unittest plugin / test_vlib.py
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I73445e57918347c102ff6f5e8c9ddb9bd96f1407
Type: style
reduce the number of files recompiled after changing pg.h from 1110 to
102.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
- return VPPCOM_EEXIST if attempting to re-add a session
- return VPPCOM_ENOENT if the session to be removed is not epolled
- generate EPOLLIN if adding it through a mod operation on a session
that has data and did not have the event previously set.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I728a06b8cf84af8d8c1dea7406e284de8886dffc
When both chained and non-chained buffers are processed in the same
vector, make sure the non-chained buffers are processed as non-chained
crypto ops.
Type: fix
Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
ninja: error: '/home/vpp/src/vpp-api/vapi/fake.api.json',
needed by 'CMakeFiles/vpp-api/vapi/fake.api.vapi.h',
missing and no known rule to make it
Recent fake.api.json has been moved from test/ to src/,
update make wipe to reflect the movement.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I1e8ef414a3f8a2fce11767e0778fe21e14d54e6f
- Required to fix CI jobs failing due to errant
upgrade of glibc-devel which cannot be found.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iea5ae51de25b7ade1f75e3ce34d8383ed97f12ef
Type: fix
Outbound packets from the host have an adjacency lookup performed so
buffer metadata can be filled in and output features can be applied.
If no adjacency is found for a packet, it gets dropped. This breaks
DHCP and possibly other things since the DHCP reply to a discover
request is sent to a destination MAC address that is determined by
the contents of the request packet rather than any existing neighbor
table entry.
If adjacency lookup for outbound packets does not find an entry, use
the default adjacency for the interface & address family.
Change-Id: Ia53a4df3a5bad2991768cfe4a84c560b879e656f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
When adding a route via a udp encap instance, FIB_ENTRY_FLAG_IMPORT
should not be set. In particular, fib_route_attached_cross_table should
always return false for such paths.
Modified test_udp_encap to leverage the bug that needed to be fixed.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iaa9489e96d1cff09751f92c62caf7999d924fd7f
Added syslogs
Added support for symlinks
Relocated make commands in a local Makefile
Dumping stats on index instead of paths
Updated README
Added go.mod and go.sum with relevant dependencies for the module
Type: fix
Change-Id: I2c91317939b2f4d765771ab7038372ae27d3109d
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Make sure we don't return error if app tries to setsockopt it.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1a9a6a8da03380b0b6a6d01efed9b672a3f0b1f9
We do not want to encap headers containing wrong checksums.
Additionnally, this clears the checksums offlads flags, which
was something missing since the outer headers checksums were
calculated during the encap. Hence, those should not be
recalculated afterwards.
Type: fix
Change-Id: I7fd07987b4f13f76c6990a1c08dc2f960bdd8de1
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
snat_set_frame_queue_nelts has been replaced with
nat44_ed_set_frame_queue_nelts.
Type: fix
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
Change-Id: I8d970be71376fdbb2bfd383d4d5824a8def93bb3
Unless a software interface is actually unnumbered, do not set
ip[46]_main.lookup_main.if_address_pool_index_by_sw_if_index [sw_if_index]
to ~0
Fixes this scenario:
loop create
set int state loop0 up
create sub-interface loop0 1
set interface ip addr loop0.1 192.168.1.1/24
delete sub-interface loop0.1
set int ip addr loop0 192.168.1.1/24
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I46141d862fa57d70b93d7bb0c105403708165264
Possibility to register a port via CLI or API to decap incoming UDP
packets:
- For CLI, a user needs to specify the inner protocol (only MPLS
supported for now)
- For API, the protocol is specified by index
Added unittests
Type: feature
Change-Id: Ifedd86d8db2e355b7618472554fd67d77a13a4aa
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Type: feature
This patch bumps DPDK version to 21.05 and updated VPP to
accomodate the changes in DPDK latest version.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: If217441f70c9ab531196dca7ec7a486ec9931cff
Type: fix
This patch fixes the missing symbol of dpdk_plugin.so when
creating symmetric key. The solution is to add dependency
of libssl to dpdk cryptodev and disable cryptodev engine
when libssl is not presented.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I30aa6e3e3af1faefa82883bad613e1d82235a2ec
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Andrew Yourtchenko