If builtin apps refuse connections, they should be cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
(cherry picked from commit 9ffec14a2202e1268c4a2f189c39a90986090a25)
pretty=on|off has been removed from qemu and its presence
causes VM boot up issues.
Type: fix
Change-Id: I4a9f15dba5015e81fbd32278b1c74b2606c32c8f
Signed-off-by: Naveen Joy <najoy@cisco.com>
If the control agent enabled a binding on an interface multiple times,
we would add the node in the feature arc multiple times.
Type: fix
Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12
Signed-off-by: Ole Troan <otroan@employees.org>
For blocking sessions, if fifo event still active before size check it
could lead to vpp not generating an event because of race to check flag
in vpp and to eventually unset flag in vcl.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0e350b9ff92a4e08a9249345ae224589c09d305b
This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
Session state cannot be updated after async notification event is
generated for app. Instead, make sure quic sessions that accept new
streams are switched to listening state only on accept.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
As per discussion on the VPP community call,
since the message is used in CSIT tests and did
not see the changes in a while, mark as production
for the purposes of change process.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4a79aafb1a9f37ac87faea7abea28cf01d1ffb4c
As discussed on the VPP call, since CSIT tests use these messages
and they have not been changedfor quite a while, bump the version
so these messages are considered as "production" from the change
process standpoint.
Type: improvement
Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
As per discussion on the VPP call - since the APIs are used
in CSIT tests, mark them as production from the change process
perspective.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9164073425384e8aa281445a2852fee49b777e2f
As per discussion on VPP call - since the APIs are used in CSIT tests,
and there has not been changes in a while, mark them as stable from
the API change process PoV.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
As per discussion on the VPP call: since the CSIT tests use these
APIs and the APIs have not changed in quite a while, stabilize the API
from the change process point of view.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
perf_user_access_enabled is defined as u8,
clib_sysfs_read format type is %u, this is for unsigned int,
change type from u8 to u32.
Type: fix
Fixes: 268d7be66b8b ("perfmon: enable perfmon plugin for Arm")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
Previous release CSIT tests were testing async crypto in polling mode.
After 9a9604b09f15691d7c4ddf29afd99a31e7e31eed introduced adaptive mode
for crypto dispatch, the CSIT performance got way worse.
Possibly, there is another VPP bug related to adaptive mode
(it should not lose as many packets as seen in CSIT),
but the next release is too close for trying to fix that.
This change (instead of fixing adaptive mode)
allows CSIT to continue testing polling mode (after explicit API call),
while keeping the adaptive mode as default behavior.
The deprecated crypto_set_async_dispatch always disable adaptive mode,
crypto_set_async_dispatch_v2 has parameter to enable or disable it.
The mode parameter is still used for the inital state of adaptive mode.
Type: feature
Change-Id: Ib98080eefb4be291207af543884f2c3837f92f59
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The checkstyle --fix command remains confused
around the def/foreach/undef usage in convert_async_crypto_id,
but at least the other functions now look correctly indented to me.
Type: style
Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The logic for calcuating processed elements in the cache ring was broken.
In case tail and deq_tail equals and frame element pointed by the tile
is not NULL it means there is exactly one processed element in the ring.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
Use client address hash to pick the first outside address
instead of just address high octet, becasue it may denegerate
into stable 10/172/192, depending on nat address count.
Fix outside address distribution test to acually test the
distribution, not the algo, so previous distribution will
fail with 65 nat addresses and 100 clients:
FAIL: Outside address distribution based on source address
Traceback (most recent call last):
File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution
msg="Bad outside address distribution")
AssertionError: 156.25 not less than 0.33 : Bad outside address distribution
Type: improvement
Change-Id: I604b1294422f20d211db5614c47559557a78a193
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Punt support for ICMP6 messages allows for an external IPv6 RA advertisement agent.
Type: feature
Change-Id: I0cc928b747ac1f8335ee9f7c42a3231424825dbc
Signed-off-by: Ole Troan <otroan@employees.org>
Several api messages were not mp-safe although marked as such
because non-zero base id was not taken into account, and therefore
some other (from zero base id) were falsely mp-safe instead.
Keep messages as mp-safe, as they falsely were before:
10 get_first_msg_id 0 1
12 api_versions 0 1
Messages that are no longer mp-safe as they weren't marked:
15 sockclnt_create 0 1
33 proxy_arp_intfc_dump 0 1
Fix messages to be really mp-safe:
809 bridge_domain_dump 0 1
920 ip_route_add_del 0 1
921 ip_route_add_del_v2 0 1
1362 get_node_graph 0 1
1671 create_vhost_user_if 0 1
1675 create_vhost_user_if_v2 0 1
Additionally mark messages as mp-safe, seems they need no barrier:
1360 show_threads 0 1
1370 show_version 0 1
1372 show_vpe_system_time 0 1
Type: fix
Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Type: fix
Byte swapping should be done before verifying message otherwise the message length will be wrongly computed.
Change-Id: I90b2f60bd33e5362e0edd5ee425f6a6f07886f1e
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
Plugin is still in experimental state. No reason why it needs
to be default enabled.
Type: fix
Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4
Signed-off-by: Ole Troan <otroan@employees.org>
The new arping_acd call includes the responders mac address in the reply.
Enabling a client doing address conflict detection to identify if it
is itself that is replying or that it is another host uses the IP
address.
Type: feature
Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27
Signed-off-by: Ole Troan <otroan@employees.org>
Applied the checksum delta to the source address instead of the destination address
in the RX direction.
Cleaned up tests a little.
Type: fix
Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b
Signed-off-by: Ole Troan <otroan@employees.org>
In order to be able to filter on encapsulated packet, a new node
has been added to the ip4/6-unicast arcs.
Type: feature
Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Fifos need to be synchronously allocated once a transport like tcp
accepts a session. Since events are now delivered asynchronously,
proxy apps must explicitly register a cb function that manages
fifo allocation prior to being notified of connect event.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
Upon test teardown, MAP features were not disabled, potentially
leading packets to be treated by the wrong node.
Type: test
Change-Id: I0c1c614318d1308f825c5cc0bf95688e92f6d00a
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Make sure there's at least 3% space in the tx fifo before notifying vcl
of a tx event. The threshold is somewhat arbibrary but for a 4M fifo, it
now means that ~120kB of space should be available.
Should help minimize the amount of tx notifications generated by
session layer when apps are faster.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I11dd0931dca8f989000a2481f1f495bd267589c4
For the reasons of modularity and security, it is useful
to have various functionality split into processes different from VPP.
However, this approach presents the challenges of managing those processes,
and is markedly different from simply running everything within VPP process.
This plugin is an experiment in having the VPP itself start off a monitor
process which in turn starts the child processes, and restarts them if they
quit.
If the VPP process ceases to exist, the monitor process terminates all
the descendant processes and quits itself.
This allows to preserve the "single entity to manage" approach of
simply running a barebones VPP.
An example of running it:
export DPDK_CONFIG=""
export DISABLED_PLUGINS=dpdk
export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }"
make run
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7
Type: feature
Wrap SESSION_EVT in do loop to avoid complaints about if statement
having no arguments which can happen if debugging for groups is not
enabled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I35af179b806ed47a1e20816a19291c31fdb7566a
Add an API call mpls_interface_dump() which returns a list of mpls_interface_details:
- If no sw_if_index is given, all MPLS enabled sw_if_index are returned.
- If a particular sw_if_index is given, and it doesn't exist, an empty list is returned.
- If a sw_if_index exists and has MPLS enabled, a list of that one sw_if_index is returned.
Tested:
- Create 3 loopback interfaces
- Call for ~0 and for sw_if_index 0..5 all return empty lists
- set int mpls loop0 enable
- set int mpls loop1 enable
- Call for ~0 returns 2, and the call for sw_if_index=1 and =2 (the loopbacks) returns
each a list of one sw_if_index 1 resp 2, the other values of sw_if_index return empty list
- set int mpls loop0 disable
- Call for ~0 returns 1, and the call for sw_if_index=2 (loop1) returns both a list of one
sw_if_index=2, the other values of sw_if_index return empty list
- set int mpls loop1 disable
- Call for ~0 and for sw_if_index 0..5 all return empty lists
Example Python3 API program:
```
api_response = vpp.api.mpls_interface_dump()
print(f"Response is {api_response}")
for i in [ 0, 1, 2, 3, 4, 5 ]:
api_response = vpp.api.mpls_interface_dump(sw_if_index=i)
print(f"Response[{i}] = {api_response}")
```
Type: improvement
Change-Id: If87f7d7f8972d99260e859757dbcb251c6fa54a8
Signed-off-by: Pim van Pelt <pim@ipng.nl>
lport and eport in Cli "nat44 add load-balancing static mapping" should hton()
Type: fix
Signed-off-by: Wei Li <realbaseball2008@gmail.com>
Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP.
It's restricted to a single internal to external binding and runs
as an output/input feature on the egress interface.
Type: feature
Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24
Signed-off-by: Ole Troan <otroan@employees.org>
Support compiling in Linux Mint OS
Type: improvement
Change-Id: I08721227352b00127fe0acac67269775997fd974
Signed-off-by: spencercoder <xiexiaosong@ruijie.com.cn>
This is a clone of Gerrit 35419.
(It is abandoned and I am not the owner so I cannot reopen.)
Ticket: CSIT-1816
Type: fix
Fixes: 5e0ea09d96010e99a7ce0d2f3370f0de50c46c83
Change-Id: I2265cf38a9ce3155460a1025821c2749afca0add
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Moved the kernel call for the timestamp outside of the inner loop to improve the batch proccessing, and minimizing the kernel calls.
Type: improvement
Change-Id: I0245c223fc8a178724bb8c5df2b98083be046c26
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Sw ring is renamed to the cache ring. This name better reflects the
puropse of this ring. We've introduced push/pop functions, as well as
other utility functions which remove code repetition. Error handlig
is improved: previously in case of an error all frame elements were
marked as bad, now only these for which errors occured have the error
status set.
Unnecessary stats counters have been removed.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
Type: feature
this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it
Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Add a new native idpf driver. This patch enables the device
initialization. Add some necessary functions and definations
for input and output. A new version of virtchnl is introduced.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Supplemented the documentation of "l2 rewrite", and added examples
Type:docs
Change-Id: If49ae0b22989b3cd1c88a27a4e51b74be32d75e7
Signed-off-by: yanlong <dyl_wlc@163.com>
As per discussion on the VPP call, since they are being
used in CSIT tests and have not seen changes in a while,
mark the messages as production from the change process
standpoint.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
When a listen session receives an ACCEPTED message, but then
receives either a RESET or DISCONNECTED message from VPP before the
session is accepted, the listen session state is switched to
VPP_CLOSING or DISCONNECT.
The subsequent CLEANUP message handler attempts to send a
disconneted or reset reply message to VPP, but since the vpp_evt_q
for the listen session is null, this leads to a crash.
Type: fix
Change-Id: Ic51f78f631fe8d15bf8c56b795f4a900c3e2f724
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch bumps DPDK version from 23.03 to 23.07.
Type: feature
Change-Id: I15140cecd008bfafb358f6348a1cb8fc08f70f02
Signed-off-by: Kai Ji <kai.ji@intel.com>
- Remove test code & non-vpp code from coverage report
- Remove driver/hardware vpp code which cannot be tested
in 'make test' from coverage report
Type: fix
Change-Id: I04b50c14bc3437b845f2afafae47297189e61e3f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Move from synchronous flushing of io and ctrl events from transports to
applications to an async model via a new session_input input node that
runs in interrupt mode. Events are coalesced per application worker.
On the one hand, this helps by minimizing message queue locking churn.
And on the other, it opens the possibility for further optimizations of
event message generation, obviates need for rx rescheduling rpcs and is
a first step towards a fully async data/io rx path.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
Type: improvement
Remove rwlock contention on timestamps. ~10% pps with
10k sessions. Use fixed-size-pools of increasing sizes
starting with 4K, and with a x2 step each time.
We don't free/shrink allocated pools.
Change-Id: I5fea51faba40430106c823275a6356e81709d118
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Maybe some function calls the wrapper funtion like read which invokes
the ldp_init_check in the other libs as a constructor before
ldp_constructor. Then the ldp has been initialized already when
ldp_constructor is invoked. And it's normal case, we shouldn't treat it
as an error.
So ldp_init should return success if ldp is initialized already instead
of an assert.
Type: fix
Change-Id: Ifa2a7b1d5471981a3f840b14a4fa5d48fb1f1374
Signed-off-by: Gao Feng <gfree.wind@outlook.com>
more generic version of clib_sysfs_link_to_name with support for
format strings...
Type: improvement
Change-Id: I0cb263748970378c661415196eb7e08450370677
Signed-off-by: Damjan Marion <damarion@cisco.com>
works with vectors of pointers...
Type: improvement
Change-Id: I530653978fcf981be299cf42a1133be000d74d0c
Signed-off-by: Damjan Marion <damarion@cisco.com>
More conveninet way to unformat file by providing filesystem path.
Takes format string for easier constuction of path...
Type: improvement
Change-Id: I433204fa20dc98e2b11c53914883d047a7fc62c6
Signed-off-by: Damjan Marion <damarion@cisco.com>
When a VCL_STATE_LISTEN_NO_MQ session receives an ACCEPTED message,
but then receives either a RESET or DISCONNECTED message from VPP
before the session is unlistened, the listen session state is
switched to DISCONNECT.
The subsequent CLEANUP message handler attempts to send a reset
reply message to VPP, but since the vpp_evt_q for the listen
session is null, this leads to a crash.
Type: fix
Change-Id: Id7e88dcb16df3eda912b3f763730ec8d8973473a
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Since gre is a plugin, nsh should not use symbol names directly.
Type: fix
Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd
Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205
Signed-off-by: Benoît Ganne <bganne@cisco.com>
So error logs are displayed on console earlier....
Type: improvement
Change-Id: If31b76c9d06254b0fec5b5b3f4e92a881b4cf786
Signed-off-by: Damjan Marion <damarion@cisco.com>
Avoid explicit manipulation of session state and generate closing event
if need be.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
Type: fix
Buffer needs to be rewinded before being passed to punt-dispatch node.
Change-Id: I43d103515d372e425f4c3b08ca1779398f1fced4
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
App transports like TLS can close sessions on tx and consequently
generate new events. That can realloc the event pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I58a97502acc1182b3d051ba1aa9e0e98c16f4593
To allow dynamic registration of device classes..."
Change-Id: Ie8435e8c55b7e300be06abe97b653c0c3ce7f732
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Small mistake was made, reported by coverty scan.
Type: fix
Change-Id: I98ca16c0275a94b2def99831f9353d4ff3fe93a9
Signed-off-by: Maxime Peim <mpeim@cisco.com>
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
It is a function in vlib, so no reason to mention vnet.
Type: fix
Fixes: bf179a91d8d224c64d08643a2bb52580f68ce96b
Change-Id: Ic5f601d94d88b667f7ce44a017a0e1d5b4db5da1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The extra format line was added for no reason from patch ff27c9f8e.
Type: fix
Fixes: ff27c9f8e
Change-Id: Ib25149cc8a17c29d0c8a0dbc06f0ea12ca4f328c
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value changes
from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
In the current implementation there is a bug related to the incorrect
message handling due to the wrong id.
The fix changes logic responsible for handling incoming API messages
by correcting their ids.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iea29506053c9fd2e1d01bce83e7f4a6e1de39321
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
When _VEC128 instructions are not enabled logic is buggy.
The function always returned 1.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I603200637e8d65813f4e49ef15d798e74b79b9cf
When msg->msg_controllen is set in recvmsg, the caller wants to receive
additional information about the messages. However, they might not
always be available. In that case, we should clear cmsg since
the caller uses CMSG_NXTHDR which might access uninitialized fields in
cmsg.
Type: fix
Change-Id: Ifdf9634bfcb1427f7ae3812014a46bfd7f4bc473
Signed-off-by: Steven Luong <sluong@cisco.com>
This patch addresses the issue when the list of available interfaces
is not up to date. Due to this issue adding a new route fails
and finally the connection is not established.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
This patch addresses the issue where the message ID registration
in the register_event function is incorrect. Due to this incorrect
registration, the lookup for the corresponding callback on received
messages fails, eventually leading to a segmentation fault
and double-free memory space.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If95182f972f64adb44d514e18c831cc9627d8f0f
In the current implementation there is a bug in the function
responsible for getting software interface index by the name of the
interface. Incorrect function is used to send the API message, also
the handler with replied message is incorrect.
The fix changes function to send dump message and also adds handler
with replied message in the correct way.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
- Move the VPP API Change Process documentation
from the wiki page into the in-tree VPP docs
Type: docs
Change-Id: I42f661618b8632230bebe3aa8fbad455b9a05d01
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
There is a mode field in ipip_tunnel_details. The handler for the dump
API does not do anything to populate it so it always contains 0
(TUNNEL_API_MODE_P2P). This is correct for p2p tunnels but is wrong for
multipoint tunnels.
Populate the field with the correct mode.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I6c1288a0d3929db0f67100748b5760c36b594f97
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
stats entries /if/names are never deleted as it is a vector of the
sw_if_index value. When the interface is deleted and then created again
later, and if the new interface takes a different sw_if_index, we may
end up with duplicate entries for the same interface name. For example,
the following configuration sequence causes problem
create loopback interface
create loopback interface
delete loopback interface intfc loop0
delete loopback interface intfc loop1
create loopback interface
vpp_get_stats dump /if/names
[0]: local0 /if/names
[1]: loop0 /if/names
[2]: loop0 /if/names
The fix is to set the delete /if/names entry to deleted when the interface is deleted.
Type: fix
Change-Id: I7d811b12d56e3cf8c7deffe14736ea0f24814d02
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value
changes from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Iab006c036d4068af2fe3caaefc871a95b26cc578
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
List of changed messages:
- ip_punt_redirect_dump
- ip_punt_redirect_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Icf91f760b9bd328110b0f9fc2e421bb954033d21
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
List of changed messages:
- memclnt_create
- memclnt_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0031cc2f1604ca4c34574c8e1ee28e358c2bbe5d
List of changed messages:
- pg_create_interface
- pg_create_interface_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I574927f0820c54d748f27fd96a45afec5243b645
List of changed messages:
- sr_policies_dump
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I16ae1bed83ad8c73e3254b6d195251702de84f97
List of changed messages:
- ipsec_sad_entry_add_del_v2
- ipsec_sad_entry_add_del_v2_reply
- ipsec_sa_v2_dump
- ipsec_sa_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I8fd6906e9684ef7ebc0688dc8b0637ae2dc8d0a2
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
There is an API call to change neighbor database configuration (i.e.
limit on peer number, aging, and recycling). With this change, make
getting current values of these settings available via the API.
Type: improvement
Change-Id: Ie9394e086b68cf9b28ad98dea162f203f8043cbb
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
List of changed messages:
- tap_create_v2
- tap_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I7b1b22cc4a0e31f5c19fe48e7a0f30631576f9df
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
If a frame should be sent to 'ethernet-input' set the
ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX flag. It will force 'ethernet-input'
to use a fast-path for such frames.
This patch also aligns the behaviour with other input nodes.
Type: improvement
Change-Id: Icff0fa31204d5304a2ea0a4f4e7bc418dedbfe32
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
An SA is normally bound to the first thread using it. However, one
could want to manually bind an SA to a specific worker.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
- Updated/rebased version of https://gerrit.fd.io/r/c/vpp/+/34199
Type: test
Change-Id: I43913ecfd11a4578bdb10c4be76253fe38d57976
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Packet-generator does not support TCP options.
Along with its support, a formatting function has been added.
Further work will be needed to update header formatting functions
to take into account TCP connection options. For now, TCP options
are taken on a per-packet basis.
Type: improvement
Change-Id: Id800887853c4941d893be353ce6d8624ed8bbc5d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
cdf73b973181ff4c67147900408216e37bae897a has added the qemu tests as part of the default test run,
which results in "make test" failure in more restricted environments which do not allow the
namespace creation.
Add a config flag to skip those tests, and skip them if the namespace creation fails.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ie631f7fb2a80864f77c79619eba4a43712e950e5
Make sure half-open sessions are marked as transport closed once
connected notification is provided. This ensures that if they've been
scheduled for tx, the event is ignored.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
TCP nodes consume the buffers so they have no nexts. To avoid long drop
path through vlib graph, add drop node.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
Otherwise, we will get an error. The program could remain from the previous run.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I68e4072bd3b327592013804d67ccab7eb0ed3a0e
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL should be treated as a
config option that is not frequently changed. Or alternatively, it
should be set together with SVM_FIFO_WANT_DEQ_NOTIF to elicit a one time
tx notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie4132c7789ee87227a875ff981eb98f9f4d898a9
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Type: feature
With this change, packets that are larger than a single buffer can fit
will be able to be sent and received over a Wireguard tunnel. Also,
cover this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
List of changed messages:
- nat44_add_del_static_mapping
- nat44_user_session_dump
- nat44_user_session_details
- nat44_user_session_v2_dump
- nat44_user_session_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I317ae93a0e763c3759a8c24fd550e1c97f6f4987
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
In some cases, in the trace dump v2 dump function, we iterate over the
client cache even though this one could be empty.
Type: fix
Change-Id: Ice5cefa25bb93dabe86fe565347cdc32faa674ac
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Type: test
This application creates two memif interfaces which connect
to an external application i.e. VPP.
Usage:
1) Start VPP with following config.
create interface memif id 0 master
create interface memif id 1 master
set int state memif0/0 up
set int state memif0/1 up
create packet-generator interface pg0
set int state pg0 up
create packet-generator interface pg1
set int state pg1 up
set int l2 xconn pg0 memif0/0
set int l2 xconn memif0/0 pg0
set int l2 xconn pg1 memif0/1
set int l2 xconn memif0/1 pg1
packet-generator new { \
name memif \
limit -1 \
node ethernet-input \
size 64-64 \
interface pg0 \
worker 0 \
data { \
IP4: 42:01:0a:00:00:0a -> 02:fe:4b:6e:4d:c1 \
UDP: 172.16.2.2 -> 172.16.0.2 \
UDP: 1234 -> 1234 \
length 30 checksum 0 incrementing 1 \
} \
}
2) Compile and Run the test_app in another terminal.
mkdir -p extras/libmemif/build
cd extras/libmemif/build
cmake ..
make
sudo ./examples/test_app
3) Run in VPP cli
vpp# packet enable
4) Run monitor to see the throughput and pps
vpp# monitor interface memif0/0
Or
vpp# monitor interface memif0/1
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4b9062fca8ad3020225adb7b1b09e5d66b1a7d48
The plugin creates and manages adjacencies for the physical interface in
each interface pair (they are part of the x-connect feature). When a
link update notification is received from the host system, MAC address
of the corresponding physical interface is updated (as needed) as well
as previously created adjacencies for it (because a new rewrite string
needs to be generated).
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered in the plugin. After MAC address update on the parent
interface, packets sent from subinterfaces might have wrong source MAC
address. For example, IPv6 Neighbor Solicitation messages will be sent
with the wrong (previous) MAC address and neighbor discovery will fail.
With this fix, when the plugin updates adjacencies for a physical
interface, it will also update adjacencies for the subinterfaces with
existing interface pair.
Type: fix
Change-Id: Ia5f617197e33cb79b9b025c02c2c126c31a551ec
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Epoll events might not have been cleared by user so always compute event
flags locally and assign to user provided epoll event.
Type: fix
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3b594a0fd7be345a0e0ad81d1d3636e9354cc15d
When dumping packets from multiple threads using the API, first all
packets from thread 0 are dumped then all ones from thread 1, etc
Until we reach the limit specified by the API call, so we could never
get packets trace from threads with higher ids.
However, the tracedump CLI dump a maximum number of packets from all
threads, which we can expect from the API to do.
We also add a trace_clear_cache API so the client gets an answer when
he only wants to clear its packet cache.
Type: improvement
Change-Id: I0d4df8f6210a298ac3f22cd651eb4d8f445e1034
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Peer fib index and nh fib index should be different when nh-table-id is
specified.
Type: fix
Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
There was already a basic type defined, but nothing more.
This implements callbacks similar to
ip4_enable_disable_interface_callback_t.
Type: feature
Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d
Signed-off-by: Adrian Pistol <vifino@posteo.net>
The order of the parameters when calling the ip_neighbor_probe_dst for
an aged neighbor is wrong and given that it runs on the master thread,
probes for IPv6 neighbors were never sent, leading to a certain neighbor
strike out and death and its removal from the neighbor cache.
Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360
Type: fix
Fixes: fd2417b2a42
Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
- Make error message more human readable.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Iefc276b3a85ff82b927028a72bb91ed87ebd04ba
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Rename extra_vpp_punt_config to a more generic name extra_vpp_config to
better fit its purpose. It's fit for general use and already used that
way by quic and vcl tests anyway.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ib0a5789b0dbb3a8c3cae654dea4e32ac5e56dd41
The built stat_segment_data_t is leaked if stat_segment_access_end()
returns false.
Type: fix
Signed-off-by: Duncan Eastoe <duncan@graphiant.com>
Change-Id: I70adabbe7947d3e8a798cdfb3eaa14c683dce9da
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
If openssl tls server handshake fails, track the fact that the context
does not have an app session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f493059a3610067b59caffbbe441ce9e0868252
On epoll ctl mod, set want deq flag before checking if unhandled events
are needed.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id1491837c7156a66c21e0e45af60b04b1c18601c
Reset deq notification flag even if session is no longer epolled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e9aed1849aa2817176f3a54ae41910df5e704a0
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
format_hexdump currently requires the length parameter to be uword
(64-bits) hence all callers must make sure to cast the length to uword.
Use u32 instead to benefit from C automatic integer promotion: any
length smaller or equal to u32 will be promoted to int fitting in u32).
Only callers using a length of u64 needs to downcast.
It also makes it similar to other variants.
Type: fix
Change-Id: I09b52fdde3970cec0be4150a29126ff63106c75b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Add the missing AArch64 support for printing program counter.
Type: improvement
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Idb63737ed72e10fa29fd61e1eab5af059e2b8e28
In some cases with Generic FLow, it is only required to show the pattern
of spec and mask, but no need to add the flow. Therefore, add an option
in packetforge so that users can show spec and mask only.
Type: improvement
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I7b3040689eb82d0b58924712ee6fc9cfa0a42fa1
Print fib-index, next node index and opaque.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
Prior to dpdk-22.11, VPP can count on rte_eth_dev_socket_id to return
numa node 0 if the device didn't set it. Ever since below patch is
committed in dpdk
https://patchwork.dpdk.org/project/dpdk/patch/20220929120512.480-1-olivier.matz@6wind.com/#152498
the aforementioned assumption is no longer true. If the device didn't
set the numa node, VPP gets -1 from the aforementioned API call. This
causes VPP to crash.
This fix is to set the numa node to 0 if the API returns -1, or SOCKET_ID_ANY
Type: fix
Change-Id: I2fde2870e5a3eb98473fe8d119fef594bfba9a8d
Signed-off-by: Steven Luong <sluong@cisco.com>
Move GRE folder under vnet to the plugin folder, and modify some of path
of the #inlude<header> to the new path.
Add a plugin.c file to register a plugin.
JIRA: VPP-2044
Type: improvement
Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5
Signed-off-by: Chuhao Tang <nicotang@cisco.com>
In some cases an .api file may contain only counter definitions.
If so do not generate the setup_msg functions.
Type: improvement
Change-Id: Idf89a7a5ab135428e9577726bc356acfd7c30113
Signed-off-by: Ole Troan <otroan@employees.org>
- remove non-inclusive language in message and improve
clarity of the error message
Type: style
Change-Id: I3f4895d6a502c2583a8b6b3c325a3f30ced03f84
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- Update rdma-core library to 45.0 to work with DPDK 23.03
Type: feature
Change-Id: I6bd54c509b93de905e1b0194dce414e4a6e11990
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch bumps DPDK version from 22.11 to 23.03.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I10203a6408ceb5a40fe392924130652b91ebc993
This patch prepares code for bumping DPDK version to 23.03, but the DPDK version of this patch keeps at 22.11 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I589afba165e85138437e731531414a033f64f8d3
Make sure half-open table is cleaned up on close and cleanup of
half-open.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
Update rdma-core library to 43.0 to work with DPDK 22.11.
Type: feature
Change-Id: Iad8bb9c7745dd5bc5f8c0935a31362fd92447ff6
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
After the clib_socket_init syntax changed, the behavior of VCL
socket creation was broken. This patch introduces app_namespace_add_del_v4
to address the behavioral change.
Type: refactor
Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I9f0f786b50aa77383b16e0f844c85f236f7aa8d0
This patch bumps DPDK version from 22.07 to 22.11.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I82df2c0678e1cc1b3739a5b0677f0c4a4180a489
A plugin can set "VAT_AUTO_TEST_ OFF" to disable building of the autogenerated
Type: improvement
Change-Id: I856fbfd83bbc5c7df0759e550b20ac75df77d9d7
Signed-off-by: Ole Troan <otroan@employees.org>
traceroute sends 3 packets rapidly that triggers and depends on ICMP error
generation. The current ICMP4 throttle setting at 1-e3 throttles the last
ICMP error and makes traceroute sit in a timeout.
Type: fix
Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2
Signed-off-by: Ole Troan <otroan@employees.org>
Type: fix
Currently sw_scheduler runs interchangeably over queues of one selected
type either ENCRYPT or DECRYPT. Then switches the type for the next run.
This works fine in polling mode as missed frames get processed on the
next run. In interrupt mode if all of the workers miss a frame on the
first run the interrupt flag is lowered so the frame remains pending in
queues waiting for another crypto event to raise the interrupt.
With this fix force sw_scheduler in interrupt mode check the second half
of the queues if the first pass returned no results. This guarantees a
pending frame gets into processing before interrupt is reset.
Change-Id: I7e91d125702336eba72c6a3abaeabcae010d396a
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
This patch add in missing src/dst port assignment in SA for udp port
if encap.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
Fix corner case when a test would be skipped if it was not possible to
start it due to insufficient cpus available in the middle of the loop.
Type: fix
Change-Id: Ie4580685ff55688375d649d7009131d9fe1e4f33
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Support multiple comma-delimited filter expressions,
e.g. to run both bfd and ip4 tests, it's now possible to do:
make test TEST=bfd,ip4
Same goes for wildcards, e.g.:
make test TEST=bfd,..test_longest_prefix_match,..test_icmp_error
Type: improvement
Change-Id: I0cceaa443cb612dca955f301c7407959f9a71a6e
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
When trying to start perfmon with a bundle that has a unique type while
specifying that type as argument, the command fails
(e.g. perfmon start bundle branch-mispred type node).
This error occurs because the returned value of
unformat_perfmon_active_type is actually a perfmon_bundle_type_t, but
it was treated as a perfmon_bundle_type_flag_t by a test in the CLI
function.
However, this test is useless and thus can just be removed.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I5d8b9815871621e8ee7b935586f4cedbc0e7a53d
Introduce async model into memif by utilizing new DMA API. Original
process is broken down to submission stage and completion stage. As
multiple submissions may in flight simultaneously, per thread data is
no longer safe, now replace thread data into each dma data structure.
As slave side already support zero copy mode, DMA option is only added
in master side.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I084f253866f5127cdc73b9a08c8ce73b091488f3
This patch prepares code for bumping DPDK version to 22.11, but the DPDK version of this patch keeps at 22.07 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I08787c6584bba66383fc0a784963f33171196910
Apache ab sometimes fails during extensive performace testing.
This patch makes sure hs-test perf tests always pass.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0921682f0f07df3af45b342b9a7ddfa1af037ceb
Set the mask of calculating the next cqe index to the corresponding CQ
size instead of rxq size.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I67494f029967af64051f51452eba1fd699984cd9
With 'api-trace { on }' in startup.conf, running 'api trace dump' in
vppctl was causing VPP to seg fault. vl_msg_print_trace() was calling
m->endian_handler() without checking whether its null.
Checking if its non-null prevents a crash, but the trace dump prints
the message IDs for trace_plugin_msg_ids in network byte order. There is
an auto-generated endian function for that message. Set it on the call
to vl_msg_api_config() for trace_plugin_msg_ids so the IDs will be
printed in host byte order in trace dump output.
Type: fix
Fixes: fe45f8f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I0ab463985e9a983155feba13ac4eb99ab883ace6
Previously, .src_ip_sticky may have been left uninitialized.
Type: fix
Fixes: 613e6dc0bf928def5d337312d522e1a15df87b00
Change-Id: Ifd866d6322fe9ff723f92b7ab3fd77e720a3cfa4
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
To make out of tree plugins require a particular version, they need
access to the version they are built with. Install version.h.
Type: fix
Change-Id: I5916d0a16aed7e054ede452af956fee56cd078f0
Signed-off-by: Ole Troan <ot@cisco.com>
When a stats entry is removed it is marked empty.
The stats client did not check for that and returned an empty string.
This resulted in blank lines in vpp_get_stats. Fix by returning null instead
and checking value.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I08a39ba3ef4421bf275747a6300f97fe36791b50
for testing purposes, disabled by default
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Change-Id: Id616e2b3b21ae0f0b44e2b55ecefd501afacc7f2
RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.
This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.
Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.
Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
The unformat type for "%d" should be u32 or int.
Type: fix
Signed-off-by: Ted Chen <znscnchen@gmail.com>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
- fixing endianess
Type: improvement
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
Some components, like dhcp, log constantly changing strings which in
turn forces elog string table to grow unbound.
To avoid this, as a workaround, only turn on elog logging if requested.
Actual fix that adds configuration for logging subclasses should come in
a later patch.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.
Type: fix
Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.
Type: fix
Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
The time wheel should not be started in the loop while processing expired events.
can be set p->stop_timer_handle = ~0 to solve.
Type: fix
Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: fix
The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.
Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.
Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.
If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().
After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.
Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit
field on initialization, so this jump corrupts registers and causes segfault.
There I add clib_warning and abort if longjmp context hasn't been set.
Type: fix
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd
Location changed and binary renamed to test_infra
Also it is built by default.
Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <damarion@cisco.com>
DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.
Type: fix
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
Recognize and drive google virtual ethernet (gve) in google cloud.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.
Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <damarion@cisco.com>
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
Also make sure that only sessions with fifos try to set deq notification
flag on fifo
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
Type: test
Add a helper wrapper script for vppctl called vppcli to vpp docker image
with proper cli socket path.
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1a51aa54bc91c1c812698501a56401c525d498e8
If not, worker threads may continue own loops after deinit and/or
thread0 exit with related crashes due no rpc capability, unmapped
shared memory, etc. Main loop exit handlers that uses barrier sync
will be happy too as long as recursive barrier sync is supported.
Type: feature
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I255a796b06936d96715683e3f062128060233dc6
format_udp_connection takes 2 arguments from the caller.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7
Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5
- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea
vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.
Type: fix
Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- allocates the memory trace spinlock independently from the main heap
- disable tracing on a per thread basis
- make sure we hold the memory trace spinlock when changing tracing
Type: fix
Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- clib_open_netns() expects a NULL-terminated C-string
- if no netns was given, we should not try to format it otherwise we'll
get "(nil)" as netns name.
Type: fix
Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.
Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:
DBGvpp# sh cli-sessions
PNI FD Name Flags
708 14 unix-cli-local:10558 iSLpa
710 15 unix-cli-127.0.0.1:33252 ISlpA
DBGvpp# sh terminal
Terminal name: unix-cli-127.0.0.1:33252
Terminal node: unix-cli-process-1
Terminal mode: char-by-char
Terminal width: 158
Terminal height: 43
ANSI capable: yes
Interactive: yes
History enabled: yes
History limit: 50
Pager enabled: yes
Pager limit: 100000
CRLF mode: CR+LF
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b
There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called
Type: fix
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
MAC-IPv4-IPv4-TCP/UDP/None,
MAC-IPv4-IPv6-TCP/UDP/None,
MAC-IPv6-IPv4-TCP/UDP/None,
MAC-IPv6-IPv6-TCP/UDP/None,
IP in IP flow rules can be created by using the following new keywords in vppctl:
in-src-ip, in-dst-ip : to provide information for inner IPv4 header
in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
in-proto : to specify inner transport layer protocol type (TCP or UDP)
in-src-port, in-dst-port : to provide information for inner TCP/UDP header
An example to create flow rule for MAC-IPv6-IPv6-TCP:
test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default
Another example to create flow rule for MAC-IPv6-IPv6:
test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
When VPP builds its external packages from source, it will download the
package, patch it, configure it, build and install it. For DPDK, it will
depend on rdma-core if mlx4/mlx5 PMD is enabled. So phony target
dpdk-config needs to have the prerequisites of rdma-core-install and
ipsec-mb-install(x86 only), which are both phony targets. This leads to
redundant behavior of recipes executing twice in dpdk-config.
Replace the phony target with hidden file *.install.ok to avoid that.
Type: improvement
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ibf3b766ab7a4ccfcbffe08f6cdb90da72ca1ce29
SElinux added support for defining what files can be mmap()'d a while back.
This change defines those files that VPP maps.
This is needed for EL9 support
Type: fix
Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: Iedd26914e29347169c4cc138628df7823ddd5691
Currently only RHEL/CentOS 8 and Fedora are supported.
EL9 is a middle ground and thus require some different dependencies.
Type: feature
Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: I7be79e61994800bb796d4e9141f0ff6ad8bdead2
When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.
Type: improvement
Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.
It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.
socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)
Type: feature
Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.
The VPP symlink metric:
/interfaces/local0/rx_unicast
that points to
/if/rx_unicast
Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.
App does not need to be notified of the event.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
After gerrit 38370 (729b9c94), apps are registered via ldp using program
name. Update tests to support that.
Also add make file help for UNCONFIGURE.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
Treat certain configuration files, which contain runtime-dependent
information, as templates. The information is filled at runtime and the
files are copied into containers.
This allows to avoid hard-coding IP addresses into configuration files.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1dae8f15f4f76c0bf1779d7c68b7f3859bf5a861
Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace
This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93
- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405
Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
This converts remaining tests to configation of VPP from test context.
Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
This converts more tests to configure VPP from test context.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6
pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again
Type: improvement
Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <najoy@cisco.com>
Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.
This converts just some of the test cases, rest is to follow.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.
Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.
This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa"
key into strongswan.conf. If this is turned off, SAs will be
installed without tunnel information and can be used to
"ipsec tunnel protect". For the route-based IPsec, it will be
used with turning "policies" off in swanctl.conf.
Type: feature
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Update custom XDP program example to work with libbpf 0.8.0 and
libxdp 1.2.9.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ib8d03f0be7f71fe996dfb7da0cfe35165711ebb0
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
In the defination of mac node, the order of dst and src address is
reversed. Swap their order in this patch.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
- clean up nomenclature & use f-strings where applicable
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This patch allows to pass a tag when specifying
the dpdk `dev { }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
per https://jira.fd.io/browse/VPP-2058
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
@ -33,7 +33,7 @@ Delete all the generated files with the following:
View the results
----------------
If there are no errors during the build process, you should now have an ``index.html`` file in your ``vpp/docs/_build/html`` directory, which you can then view in your browser.
If there are no errors during the build process, you should now have an ``index.html`` file in your ``vpp/build-root/docs/html`` directory, which you can then view in your browser.
Whenever you make changes to your ``.rst`` files that you want to see, repeat this build process.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
