- caused by regeneration of source tarball after the
marvel repo moved to a new account
Type: fix
Change-Id: I44616408d673c8d208ff73ea29d9f5cc12778cef
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Also rework the logic so the skipping of marked Ubuntu 22.04 occurs at framework level
Leave debian11 special cases as-is.
Type: fix
Change-Id: I481eb32cd1a0860935482e9f930ced409da653c9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9987d470a6)
IPFIX buffers are stored on a per worker thread basis. Currently, the
flush callbacks will flush only buffers stored for the main thread. And
buffers for worker threads will not be sent until their size reach the
path MTU configured for the exporter. So if traffic is constant, the
problem will unlikely to be visible. Buffers will be sent once they
reach the maximum size. However, if traffic stops at some point and
flush is triggered in order to make the plugin send all currently
buffered data, this will not happen. And collectors will not receive
that data. The plugin will keep the remaining data until traffic starts
again, the buffers reach the maximum size, and be sent.
With this fix, flush buffers for worker threads and for the main thread
when the flush callbacks are triggered.
This will allow to remove @tag_fixme_vpp_workers from the unit tests
that don't set timers. The tests that set timers will still be failing
for other multi-worker related problems.
Type: fix
Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 4c7305f124)
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
(cherry picked from commit ff71939c30)
Added vl_api_lcp_itf_pair_add_del_v3_t_handler method, it can return
vif_index in reply. Also added vl_api_lcp_itf_pair_get_v2_t_handler
methods, this method is able to dump only one lcp pair or dump all
lcp pairs via stream_msg.
Type: improvement
Change-Id: I1d25344ee57f8fac8b857bb3a9a03116230b4d2c
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
(cherry picked from commit 83ad79d69a)
Type: improvement
The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.
Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.
Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.
There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.
Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 205ed8f884)
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 0ded4890be)
The improvement was removed in 40129,
causing 5-40% regressions in AVF tests.
There is a memory-speed trade-off,
this change prefers speed over memory efficiency.
Ideally, the choice should be configurable,
but that is not easy to achieve, considering
how early is vlib_buffer_main_init called.
Type: fix
Fixes: 038dad7ef2
Change-Id: I4746f3634abe6d233c9d092a372de05b3d1ae4b6
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 04fd51c03c)
Argument to vcl_epoll_ctl_add_unhandled_event is often the result of an
and between events and EPOLLET which is larger than u8
Type: fix
Change-Id: I8c98f557fa1db9f3eb79c90ecdd60ac9366d4d40
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit e81f27ffb2)
Handle non-even n_elts for the larger array instead of reading past
the source buffer.
Type: fix
Fixes: f62ed3f9c1
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Ic1708a3f33fe71ca752345b5c77b6ae7a2d42bcd
77caeb1b19 has changed the behavior
in an incompatible way, breaking users (including CSIT).
The new behavior is more pythonic,
but the old behavior has to be supported
at least one release after publicly deprecating it.
Type: fix
Change-Id: I9dfdd2229065010216e49db80b14b856c545965c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Avoid situations when notifications are delayed for long enough for
transports to start closing/cleaning up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
VPP requires GNU Make to build, on GNU systems (such as Debian), GNU
Make is installed as 'make', typically with a symlink from 'gmake'.
On other systems (such as FreeBSD), 'make' is a BSD Make derriviative
and GNU Make is installed a 'gmake'.
Use $(MAKE) variable for make calls from within Makefiles. This
variable is set to the path of the calling make program, i.e.,
/usr/local/bin/gmake on a bsd system.
This is the recommended way to call make from Makefiles in the GNU Make
documentation.
Type: improvement
Change-Id: Id9162a34a0f8358f22090718087918dae31c0fce
Signed-off-by: Tom Jones <thj@freebsd.org>
When unsetting VPP_PLATFORM in cmake, it unmasks the cached value
instead, misleading the platform selection logic in src/cmake/cpu.cmake
Type: fix
Fixes: 01fe7ab88e
Change-Id: I676cd0af9ba28150f8ac07724c03df8ef24b640f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Also re-enable external echo QUIC test.
Type: test
Change-Id: I3973409c31fd7c42b97ac3ceae1a5cbad6f1b2b6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Correctly wrap data indices in test_bihash.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I740fa1cf9f8c382c12f01f607095c5995be6845f
Introduce a dump api for LLDP plugin
Type: improvement
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: If67dedd329cced59227187284646d147ef6ef92c
Don't access free'd memory in vec_prepend.
Don't allow prepend when v1 == v2 as it also causes a use-after-free.
Found via ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I21f8422c007d07d40d237e873b84c042be1fe8e8
Type: make
memif.h file is independent code which can be used outside of
VPP. Hence it uses its own cacheline size MACRO. This patch
sets the value of MEMIF_CACHELINE_SIZE in the cmake file for
memif plugin to VPP_CACHE_LINE_SIZE.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8185e78897f4571f1a0430dd7e758816e127444c
VPP requires bash for all shell scripts. Align shebang lines in build
and test scripts to look up the location of bash rather than hard coding
'/bin/bash'.
Look up the location of bash for makefiles.
Type: improvement
Change-Id: I23b705d81d60389fa8af61c680cf0abd74f0ea24
Signed-off-by: Tom Jones <thj@freebsd.org>
Fixes compilation error with GCC 14
'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument
Type: fix
Change-Id: Ie328ecc711976547df2cffe17325b786bc7a8849
Signed-off-by: nucleo <alekcejk@googlemail.com>
When sanity test is not done, API files are not loaded until the
first test case is run. Hence, it is not possible to use enums, etc.
outside of a test class.
By preloading API files before running any tests, it prevents its
issue.
Type: fix
Change-Id: I8730150374e6c5f8d6933ec037811372ac2a8da0
Signed-off-by: Maxime Peim <mpeim@cisco.com>
curl sometimes uses 2 different source ports during the test.
Type: test
Change-Id: Ib27e9d22a9cc951f4729f4bd0ae99d80bf8d938b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Setting g+w permission for unix sockets didn't work. There were
two problems:
1. new flag local_only wasn't set for all AF_UNIX sockets;
2. fchmod is not a good choice for sockets.
fchmod was replaced with couple of umasks, and local_only with
socket type check.
Type: fix
Fixes: 085757bb49
Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
Normally af_packet sets next0 = next_index on each cycle. It works for the most cases.
But if vlib_validate_buffer_enqueue_x1() changes the next_index (from NEXT_ETHERNET to NEXT_DROP for example)
then the following next0 will have the wrong value, and the correct packet will be dropped.
AF_PACKET_IF_MODE_IP handles this case, but AF_PACKET_IF_MODE_ETHERNET doesn't.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ic742043e8b10a2abe56b314bb584277151a9c5eb
vapi generators were missing from the VPP_HOST_TOOLS_ONLY, which
prevents building an out-of-tree plugin with API files. We now
install them.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie613c8f64034e933124325242f2f8b3ac3955878
checkstyle.sh assumes clang-format-11 but allows it to be overridden.
Debian12 ships with a minimal version of clang-14, so set the correct
version for checkstyle.
Before:
$ make checkstyle
extras/scripts/checkstyle.sh: line 41: --version: command not found
make: *** [Makefile:720: checkstyle] Error 127
After:
$ make checkstyle
Debian clang-format version 14.0.6
*******************************************************************
* CHECKSTYLE SUCCESSFULLY COMPLETED
*******************************************************************
Type: make
Fixes: 712fc03089
Change-Id: I0c58456477011397115810dab825865b5850d10d
Signed-off-by: pim@ipng.nl
* Refactor the existing prometheus exporter to function print_metric_v1()
* Add a 'v2' flag which instead uses metric names with labels, example:
nodes_clocks{node="ip4-lookup",index="0",thread="4"} 30198798628761
nodes_vectors{node="ip4-lookup",index="0",thread="4"} 298176625181
nodes_calls{node="ip4-lookup",index="0",thread="4"} 119789874274
nodes_suspends{node="ip4-lookup",index="0",thread="4"} 0
interfaces_rx_packets{interface="tap0",index="0",thread="1"} 79582338270
interfaces_rx_bytes{interface="tap0",index="0",thread="1"} 16265349667188
* For stat names that we don't know, print their v1 equivalent, which
keeps backwards compatibility.
Details in https://ipng.ch/s/articles/2023/04/09/vpp-stats.html
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I53ed3ede8cc7853eb46c354834d89eb788ece3b1
Type: improvement
This patch implements support to check the host interface offload
capabilities.
NOTE: this check is only done once when interface is being created.
Any changes to the cap of host interface after that will not reflect
changes to af_packet interface in VPP.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ibc9953131f64f3fb3e601d34036b9f453913692a
Add clang-14 and libffi8 which ship with Debian Bookworm. The project
compiles cleanly with these versions.
Type: make
Change-Id: I17350aae30cec72987792d54d88231b3221b56b9
Signed-off-by: pim@ipng.nl
- Fix buffer overflow caused by strncpy(dst, src, strlen(src)),
use sized buffer to ensure overflow safe.
- Fix test_app getopt usage
When use example/icmp_responder in slave mode
- Fix segfault when buffer size is not specified
- Fix wrong packet send out.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I5ed47fd8e630420d7ae0203a2605d2b9abd33d2a
Increase slot variable to u32 to address combinations of num-queues and queue-size that cause slot variable to wrap when declared as u16, e.g. num-queues > 8 && queue-size is 2^12
Type: fix
Change-Id: I5bd6198d60395156a06f1a280ea2594824ceaa9d
Signed-off-by: mbly <mbly@ciena.com>
Rewind logic was not supporting count = 1, where size was > memif_buffer_size and a rewind is required.
Fixed slot-->next_buf bug for !master as well.
Type: fix
Change-Id: I65cf0d3d0c105f37125412a613e5ff8c5da9a3a2
Signed-off-by: mbly <mbly@ciena.com>
This patch provides unit tests for libmemif written in Unity
Type: test
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I19116def6e6d28efd5f460c93911245474a11321
Ensure alignment between the Intel IPsec-mb library on the
host and VPP targets.If the version of Intel ipsec-mb on the
host is misaligned with the targets,terminate the compilation
process to prevent potential library linkage issues.
Type: fix
Change-Id: I38864115d59ae09fb5556ad4a29e884ebace8155
Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com>
Signal when consuming a batch of netlink messages, in order to inhibit
lcp_sync from generating new netlink messages. This avoids link up/down
state changess from triggering an infinite loop.
Do this in the regular case of nl_route_process_msgs()
and in the special case of re-synchronizing in lcp_nl_recv_dump_replies().
Type: fix
Change-Id: I419d3f9aa350c119b3778b644c65165cb4cc1bef
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Add an urpf_interface_dump() API call, with optional sw_if_index.
If either a mode or a table is specified in any given interface
address family and direction, return it in a list, otherwise omit
it.
TESTED:
create loopback interface instance 0
create loopback interface instance 1
create loopback interface instance 2
create loopback interface instance 3
ip6 table add 8298
set urpf ip4 rx loose loop1
set urpf ip6 tx off loop2 table 8298
API call urpf_interface_dump(sw_if_index=~1) returns:
[
urpf_interface_details(_0=658, context=2, sw_if_index=2, is_rx=True, mode=<vl_api_urpf_mode_t.URPF_API_MODE_LOOSE: 1>, af=<vl_api_address_family_t.ADDRESS_IP4: 0>, table_id=0),
urpf_interface_details(_0=658, context=2, sw_if_index=3, is_rx=False, mode=<vl_api_urpf_mode_t.URPF_API_MODE_OFF: 0>, af=<vl_api_address_family_t.ADDRESS_IP6: 1>, table_id=8298)
]
Type: improvement
Change-Id: I1ded5c445dc07dab73ea41b817b5827b72ca79d4
Signed-off-by: pim@ipng.nl
One less pointer chase when accepting sessions.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
Adds support for connectionless listener port reuse. Until now, cl
listeners had fifos allocated to them and therefore only one app worker
could ever listen, i.e., a session cannot have multiple fifos.
To circumvent the limitation, this separates the fifos from the listener
by allocating new cl sessions for each app worker that reuses the app
listener. Flows are hashed to app worker cl sessions but, for now, this
is not a consistent/fixed hash.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
Currently, when flowprobe_export_send() calls vlib_time_now(), a pointer
to the main thread's vlib_main_t is always passed (the one cached in
flow_report_main). However, that code can also be executed from a worker
thread. And passing a pointer to the main thread's vlib_main_t to
vlib_time_now() from a worker thread may cause time synchronization
issues. Also, running a debug binary will cause an assertion failure in
vlib_time_now() in this case.
With this fix, flowprobe_export_send() passes the pointer to the current
thread's vlib_main_t to vlib_time_how().
This doesn't allow to remove @tag_fixme_vpp_workers from the unit tests
yet as they will be failing for other multi-worker related problems.
Type: fix
Change-Id: Ia35e3a4176777b88cf8ca8af8af7c42c495cbc6a
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Fix minor differences between Ubuntu 18.04 LTS and Ubuntu 22.04 LTS when
using the scheme to test new code.
Type: docs
Change-Id: I5810b6f3d76d8d98fa764b61828b1ca32507bd91
Signed-off-by: Dave Barach <dave@barachs.net>
Quic does not seed random value, so if the plugin is loaded
separately RAND_bytes will fail.
Type: fix
Change-Id: If600cbde1fef30afb6316fc1a355261b008c3191
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Incase the ack for the fin is lost twice or want to dup ack
packets with incorrect ack/seq # at different times and
session state is already closed, this fifo event is set for
the first ack that went out and prevents queuing of further events.
Type: fix
Change-Id: I102019fca26918a51e055a751db7209011bd43ad
Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
Use lowercased hex in uuid in sysfs/vmbus names
Type: fix
Change-Id: Ic4b7b995441723dc1b29ff8a75346cc8ba7f85f1
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
- gmake set CC=cc as the default therefore the test/test-debug
makefile targets will build using gcc (cc == gcc for debian/ubuntu
distros) unless set explicitly to clang due to use of 'CC=$(CC)' in
test macro.
Note: the CI builds vpp images prior to running 'make test', thus
the CI does test vpp built using clang. This basically makes local
runs of 'make test' build using clang as well.
Type: make
Change-Id: I7221098c200be23b53bb616e41a42a6d65a03699
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch allows the formatting of deleted Load-balancer
objects. This is needed in the case a trace references a DPO
that went away in the interim.
Type: improvement
Change-Id: I6d67519b8d62f69aafde3c8fe3065bc85a7adbde
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
In the API there is a difference between enum and enumflags.
The latter one allowing multiple set entitires, while enum
only allows one.
Type: fix
Change-Id: I5db88c15c85fc6c7130b7b35febcd1ea02ef8f76
Signed-off-by: Ole Troan <otroan@employees.org>
This merge request adds the feature to manipulate localsids and policies for SRv6 mobile via API.
Type: feature
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Change-Id: Ibb46bf71ae1d9d4591ce2c8ccf66f520887dad70
The _v3 was not handling endianness on flags (e.g. mode).
Marking _v3 as deprecated, but keeping it
as there might be users who learned to preprocess their flag values.
+ Also, format PCI product_name as a vector, not a string.
Type: fix
Change-Id: I50c4b44f3570f02518dbd9a43239c1a37612d24a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
If ho cleans up on first worker before owner of established session
receives connected notification, the ho session is prematurely cleaned
up.
Wait for established ctx to be allocated before freeing ho.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
Even if the device name is specified in the startup config it may
be appended to if the device is a switch domain member. This leads
to unexpected device naming if an explicit device name was requested.
Type: fix
Change-Id: Ib56b4ac41c17008db55dc69497721e3cb7d540c1
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
This patch introduces a fix for correcting a counter for the number
of processed vectors in the crypto-dispatch node.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Icaeb925a352a9ac766652f43c4e752f6727cdeb9
Use the correct string type for vlib_get_node_by_name. Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I679d27050487e013e3320a4c558d78fa60c5e98a
This patch prevents the sw interfaces format
function to fail when the interface was deleted.
It also prints the swifindex alongside the 'DELETED'
keyword.
Printing deleted swifindex should not happen, but it is still
helpful to have these safeguards for troubleshooting in the case
invariants get corrupted (e.g. fib entry refcounts, ...)
Type: improvement
Change-Id: I66711049db2eebe0ad17e37c3a260ac81d1e5134
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: fix
Fetch 'pg-input' node index instead
of using a hardcoded value
Change-Id: I1ca27ddb54806530b546085d83e83b880acc4573
Signed-off-by: hsandid <halsandi@cisco.com>
The hit_count does not implement the corresponding processing logic, and here the missing is fixed
Type: fix
Fixes: missing
Change-Id: I04a8e11d6b48c2a15c371cbeb2467fa89a9d82bb
Signed-off-by: yanlong <dyl_wlc@163.com>
First genaration of AVF APIs we currently use doesn't support more...
Type: improvement
Change-Id: I1ae27f322403a2b455fcad8b028fa2004b449789
Signed-off-by: Damjan Marion <damarion@cisco.com>
With socket api, applications should not expect reply after worker del
msg. VCL in particular closes the socket after it enqueues the message.
Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
LDP workers is used as vector but was initialized as a pool. There was
no side effect but ASAN does not properly unpoison memory and this
triggers false used-after-poison crashes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie769dad0e86ab970de9929800d0a4131f846e70e
We might have less than 1 mss when attempting write but more after
write, as application could be actively enqueuing more data. Relax
assert.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I54a83c4460f8e022a88758f0ebd7828df711dbb9
During recovery, send unsent data even if less than mss available as
application is not guaranteed to provide more.
This should speed up recovery when all data in flight was lost.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7a3c73a0d04d93d51a5910d85450c173c3ad8e93
fix asan failure when params number is less then 3:
functions that are set as format_half_open pointer values have
different number of arguments
Type: fix
Fixes: de9a849a18
Change-Id: I6b6e1adf4ffc0c1ec847613f00fe269af640d42b
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
Pass a correct form of node variant config in tests
Type: fix
Signed-off-by: d-valter@yandex-team.ru
Change-Id: I8cdc240b18a1664e57a5814d6cd644891c99f515
Fixes: 8800f732f8
Properly set type
path->fp_type = FIB_PATH_TYPE_SPECIAL
for paths with (path->fp_cfg_flags & FIB_PATH_CFG_FLAG_DROP)
Type: fix
Change-Id: Id61dbcda781d872b878e6a6410c05b840795ed46
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
When a periodic BFD packet cannot be sent because the interface is
disabled, the allocated buffer needs to be freed. This currently will
occur for IPv4 sessions. However, buffers will leak for IPv6 sessions as
in this case, bfd_transport_control_frame() and bfd_transport_udp6()
will not indicate failure.
With this fix, stop always returning success in bfd_transport_udp6() and
start returning the actual return value.
Type: fix
Change-Id: I5fa4d9206e32cccae3053ef24966d80e2022fc81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
The previous fix was adding the sentinel before refilling rx,
which gave the NIC time to overwrite it with a new descriptor.
Ticket: VPP-2087
Type: fix
Fixes: 8b4d474abd
Change-Id: I32bde4a763a62fb66c5c3871d9f10af6066e2d47
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Make sure ct client segment handles do not collide if multi worker
application establishes cut-through sessions to only one server segment
manager.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I905379f9ed73c64d57a826a3e97d53dab3a87517
The previous change made CSIT virtio tests fail,
but those tests are not part of trending.
Ticket: VPP-2088
Type: fix
Fixes: a181eaa59b
Change-Id: If0439a030c051894e07007da9cf0a2e4dc1434c3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
This is because mlx5_pci is also compatible with another
series of NICs such as ConnectX-5 and ConnectX-6.
Type: fix
Change-Id: I10f0468bbe36ab61c72fb3dc0aa898f8e2f9e88c
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Type: fix
In esp_encrypt_inline(), an index and pointer to the last processed SA
are stored. If the next packet uses the same SA, we defer on updating
counters until a different SA is encountered.
The pointer was being retrieved, then the SA was checked to see if the
packet should be dropped due to no crypto/integ algs, then the index was
updated. If the check failed, we would skip further processing and now
the pointer refers to a different SA than the index. When you have a
batch of packets that are encrypted using an SA followed by a packet
which is dropped for no algs and then more packets to be encrypted using
the original SA, the packets that arrive after the one that was dropped
end up being processed using a pointer that refers to the wrong SA data.
This can result in a segv.
Update the current_sa_index at the same time that the sa0 pointer is
updated.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I65f1511a37475b4f737f5e1b51749c0a30e88806
DHCPv4 aka BOOTP is somewhat awkward. A DHCP client
on an interface must receive DHCP packets to
the broadcast address or to a unicast address.
Apparently before it's been assigned to itself.
Add this new API to allow external DHCP clients
enable the DHCP client detect feature per interface.
Type: improvement
Change-Id: If55aac03f25a045496be483940e4f5e7e18885b9
Signed-off-by: Ole Troan <otroan@employees.org>
The recent TX flows generation fix introduced "l3_hdr_offset" which
represents the offset of the IP header in the buffer's data. The problem
is that it is erroneously defined as a 16-bit unsigned integer. If the
calculated offset is negative, "l3_hdr_offset" will get a value close to
UINT16_MAX. And the code will search the IP header somewhere beyond the
buffer's data. For example, this will occur in the case when an ICMP
error is being sent in response to a received packet.
With this fix, make "l3_hdr_offset" a signed integer.
Type: fix
Change-Id: I6f1283c7ba02656d0f592519b5863e68348c5583
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Currently, when IPFIX records generation is enabled for an interface in
the TX direction, some rewritten traffic is being sent from that
interface, and the Ethernet header's location has changed due to
rewriting, generated TX flows will contain fields with wrong and zero
values. For example, that can be observed when traffic is rewritten from
a subinterface to a hardware interface (i.e. when tags are removed). A
TX flow generated in this case will have wrong L2 fields because of an
incorrectly located Ethernet header. And zero L3/L4 fields because the
Ethernet type will match neither IP4 nor IP6.
The same code is executed to generate flows for both input and output
features. And the same mechanism is applied to identify the Ethernet
header in the buffer's data. However, such general code usually works
with the buffer's data conditionally based on the direction. For most
input features, the buffer's current_data will likely point to the IP
header. For most output features, the buffer's current_data will likely
point to the Ethernet header.
With this fix:
- Keep relying on ethernet_buffer_get_header() to locate the Ethernet
header for input features. And start using vlib_buffer_get_current()
to locate the Ethernet header for output features. The function will
account for the Ethernet header's position change in the buffer's
data if there is rewriting.
- After fixing Ethernet header determination in the buffer's data,
L3/L4 fields will contain non-zero but still incorrect data. That is
because IP header determination needs to be fixed too. It currently
relies on the fact that the Ethernet header is always located at the
beginning of the buffer's data and that l2_hdr_sz can be used as an
IP header offset. However, this may not be the case after rewriting.
So start calculating the actual offset of the IP header in the
buffer's data.
- Add a unit test to cover the case.
Type: fix
Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Do not force cleanup of tcp half-open connection if tcp's cleanup
notification to tls is pending.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
Updated the gtpu plugin code to support the PDU Session user plane protocol, required for 5G, as
specified in 3GPP TS 38.415 version 17.0.0. This enables some initial support of 5G gNodeB's with
the gtpu plugin.
New features:
- Basic support for the GTP-U Extension Header Flag.
Packets with one extension can now be decapsulated.
This enables basic support of the PDU Session user plane protocol (3GPP TS 38.415 version 17.0.0).
New tunnels can be created with a PDU enable flag and a 6-bit QoS Flow Identifier (QFI).
With this, encapsulated packets will have the PDU Session extension header, and the QFI set.
- Ability to forward GTP-U packets that are not handled by the plugin directly.
Only GTP-U packets with a message type of 255 (G-PDU) are handled directly.
However, 3GPP TS 29.281 defines several other message types like echo and error indication.
A new feature is added to optionally forward unknown or unsupported packets to a new IP address.
This works separately for unknown GTP-U message types, unknown TEIDs, and packets with an unknown
GTP-U header.
This allows both echo and error indications from a 5G gNodeB to be handled by a different system
outside VPP.
- Simple way to get metrics for active tunnels and on tunnel close.
In 5G session/tunnel lifetime is often short and created frequently.
The normal API becomes too slow and inaccurate when too many tunnels are created and deleted
every second.
Improvements:
- A clean ground structure to handle multiple message type in the future.
The code path for G-PDU packets is optimized for performance, representing the typical case.
Unsupported GTP-U packets enter a slow path that decodes the nature of the error.
This presents a easy hook to handle other message types in the future.
- Improved error reporting
When using traces there is more details in the tunnel descriptions.
- Updated the API with several enums.
Fixes:
- gtpu0->length field in IPv6 was computed with IPv4 header lengths in the encapsulation code.
- vec_set_len (t->rewrite, ...) size was computed with the IPv4 header size also for IPv6 tunnels.
Issues:
- This PR does not enable full support of the 3GPP specification.
In particular it only supports a single QoS/QFI flow for each tunnel.
It ignores all incoming extension header flags.
- API functions might change again when/if more support of the 3GPP TS 38.415 spec is added.
Note that I have bumped the API version to 2.1.0 as it seems to be the correct approach based on
my API changes.
Type: feature
Signed-off-by: Rune E. Jensen <runeerle@wgtwo.com>
Change-Id: I91cd2b31f2561f1b3fb1e46c4c34a5a3c71b4625
- notify app on failed connect
- avoid cleanup of ctx before transport cleanup to be able to handle
pending rx notifications.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
In some anti-replay, some functions weren't using the boolean
telling if the window was huge or not. Hence, limiting the constant
propagation at compilation.
Type: fix
Change-Id: Ie5f2dda38339bb32113c6f7b2b82c82135fc92a8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Notify app that transport is closed when tcp moves to closed state.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18cbe1ac16b1a48ecd06af4c1b5535e12e4b0e75
Make sure underlying transport connection is not removed on rescheduled
read event.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
- test_http_static.py: If namespace creation fails, try to delete the namespace and create it again
- vpp_qemu_utils.py: Added "isinstance()" to "delete_namespace()" to match "create_namespace()"
Type: test
Change-Id: I88ff7a36f5d52816fee16283efba6af025496491
Signed-off-by: adrianvillin <avillin@cisco.com>
af_packet does not process data until the interface is UP. If after interface creation, but before it is UP, the host interfaces are flooded, then blocking case may occur - VPP interface will never be able to process the data.
If the EDGE_TRIGGERED flag is set, the event will not arrive, because nothing new is happening anymore (probably because the queue is already full).
Therefore, we need to use LEVEL_TRIGGERED (default value), which indicates that there is still unprocessed data (accumulated after interface creation, but before it was UP).
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ied459fd194149d09f226bcb0a5907b3e327b148a
As a result of recent fixes, all currently stored flows of an interface
are deleted when the feature is being disabled for the interface. This
includes stopping the timer and freeing the flow entries for further
reuse. The problem is that meta information is not cleared in the flow
entries being deleted. For example, packet delta count will keep its
value. The next flow that gets one of these pool entries will already
have a non-zero packet count. So the counting of packets will start from
a non-zero value. And incorrect packet delta count will be exported for
that flow.
With this fix, clear meta information too when clearing interface state.
Also, update the corresponding test to cover this case.
Type: fix
Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
The array bounds and string overread check on GCC 12 report a dozen of
false positives that result in VPP build failures on ubuntu 22.04.
Work around this build issue by unconditionally disabling these two
warnings if C compiler is GCC 12 or newer version.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I999e847bb625ebdf3ef5f11b11598c553f306670
GCC 12 complains about such errors while the code itself looks good.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I021719fdbf7d9bd93a12eac76aeac8cbca13a810
DPDK added new Rx checksum flags[1] to handle cases like the virtual
drivers. Current check of flags is not strict enough for flags like
RTE_MBUF_F_RX_IP_CKSUM_NONE and will always be true no matter the
checksum in packet is good or bad.
Fix this issue by comparing the result of AND operation with the
correspinding Rx checksum flags.
Before this patch, packet trace prints the offload flags as below:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_IP_CKSUM_NONE (0x0090) no IP cksum of RX pkt.
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_NONE (0x0108) no L4 cksum of RX pkt.
After this patch, packet offload flags would be like:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Type: fix
[1] 5842289a54
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I3182022d9ccd46b2fc55bb3edfbfac9062ed7c89
Allow settings default values explicitly in positive_int_or_default and
positive_float_or_default.
It allows setting setting default 0 test retries explicitly despite it
being not positive.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Id23a9fdae0ef174eea8992c1f9fc2530aade6194
- Make framework.py classes a subset of asfframework.py classes
- Remove all packet related code from asfframework.py
- Add test class and test case set up debug output to log
- Repatriate packet tests from asf to test directory
- Remove non-packet related code from framework.py and
inherit them from asfframework.py classes
- Clean up unused import variables
- Re-enable BFD tests on Ubuntu 22.04 and fix
intermittent test failures in echo_looped_back
testcases (where # control packets verified but
not guaranteed to be received during test)
- Re-enable Wireguard tests on Ubuntu 22.04 and fix
intermittent test failures in handshake ratelimiting
testcases and event testcase
- Run Wiregard testcase suites solo
- Improve debug output in log.txt
- Increase VCL/LDP post sleep timeout to allow iperf server
to finish cleanly.
- Fix pcap history files to be sorted by suite and testcase
and ensure order/timestamp is correct based on creation
in the testcase.
- Decode pcap files for each suite and testcase for all
errors or if configured via comandline option / env var
- Improve vpp corefile detection to allow complete corefile
generation
- Disable vm vpp interfaces testcases on debian11
- Clean up failed unittest dir when retrying failed testcases
and unify testname directory and failed linknames into
framwork functions
Type: test
Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Do not add ip header as that's added by tcp output and fix checksum.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9439acf5c66184af0350b1d4d7406b3feb2e79a1
As long as ack and segment are legitimate accept ooo data as we
transition to established.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I85cdc65d70cb8ae689a9ce9bbe4f86228b1ac533
- Use of well known UDP port numbers causes random
failure of mdata and bufmon tests
Type: test
Change-Id: I21a01c54e5f166aea101d3caace85b53f3f7285d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
Modified "VPP with Containers" doc section to run on Ubuntu 22.04 LTS.
Change-Id: Ic09b88cf0e3b492711222a1bb24552de964a7d03
Signed-off-by: hsandid <halsandi@cisco.com>
This fix differentiates UDP and UDP-encapsulated ESP packets processing.
While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as
other plain-text protocols is NOT dispatched against SPD policies.
Key logic is taken from RFC 3948, and is based on the fact
that the checksum of UDP packet encapsulating ESP packet must be zero.
Type: fix
Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com>
Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
In this patch, IPsec related test files have been modified to send UDP-encapsulated
ESP packets,and validate against Inbound and Outbound policies that are configured
with Bypass, Discard and Protect action.
Type: test
Change-Id: I4b8da18270fd177868223bfe1389dc9c50e86cc5
Signed-off-by: vinay Tripathi <vinayx.tripathi@intel.com>
This inline function is introduced to simplify code readability and allows to splitting of
UDP and ESP processing in the next step.
Type: improvement
Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d
Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
Type: improvement
Since RFC4303 does not specify the anti-replay window size, VPP should
support multiple window size. It is done through a clib_bitmap.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
Currently, TCP flags of a flow entry don't get reset once the flow is
exported (unlike other meta information about a flow - packet delta
count and octet delta count). So TCP flags are accumulated as long as
the flow is active. When the flow expires, it is exported the last time,
and its pool entry is freed for further reuse. The next flow that gets
this pool entry will already have non-zero TCP flags. If it's a TCP
flow, the flags will keep being accumulated. This might look fine when
exported. If it's a non-TCP flow, that will definitely look erroneous.
With this fix, reset TCP flags once the flow is exported. Also, cover
the reuse case with tests.
Type: fix
Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Setting and using the SOURCE_DATE_EPOCH variable takes
care of most of the magic necessary.
https://reproducible-builds.org/docs/source-date-epoch/
vpp-ext-deps packages after this change is being built with that
date set to date of the last modification of the
subtree (similar logic to deriving the "number" for
the package version)
For the rest of the packages, pinning the following
three variables should result in bit-identical
artifacts across multiple runs:
export SOURCE_DATE_EPOCH=$(date +%s)
export VPP_BUILD_HOST="buildhost"
export VPP_BUILD_USER="builduser"
Add a blurb in the docs describing this new functionality.
Type: improvement
Change-Id: I71b085f0577b2358aa98f01dafd8e392239420a6
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
If an interface address is added, the glean adjacency for it's covering
prefix is updated with that address. In the case of multiple addresses
within the same prefix being added, the most recently added one will end
up being used as the sender protocol address for ARP requests.
Similar behavior occurs when an interface address is deleted. The glean
adjacency is updated to some appropriate entry under it's covering
prefix. If there were multiple interface addresses configured, we may
update the address on the adjacency even though the address currently in
use is not the one being deleted.
Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag
identifies whether a source interface entry is being used as the address
for the glean adjacency for the covering prefix.
Update logic so that the glean is only updated on adding an interface
address if there is not already a sibling entry in use which has the
flag set. Also, only update the glean on deleting an interface address
if the address being deleted has the flag set.
Also update unit test which validates expected behavior in the case
where multiple addresses within a prefix are configured on an interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
In current pattern parsing function in DPDK, some of the variables of
packet length are defined as uint8_t, which are too small for some
large-size packets, such as srv6. Change the type to uint16_t.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I06819e9716da098ca456c0405f0e6fd9a8eb0bc9
Check if crypto ops vector is matching actual ops instead if blindly
dereferencing it.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Ib88ab44137d9360ee96228e72349a62b2fa7a7e0
Currently, when L2 and L4 recording is enabled on the L2 datapath, the
L2 template will contain L4 fields and L2 flows will be exported with
those fields always set to zero.
With this fix, when L4 recording is enabled, add L4 fields to templates
other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6
templates). And export L2 flows without L4 fields. Also, cover that case
in the tests.
Type: fix
Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
memif_disconect may be called without barrier sync. It removes stuff in mq
without protection which may cause troubles for memif RX/TX worker threads.
The fix is to protect mq removal in memif_disconnect.
Type: fix
Change-Id: I368c466d1f13df98980dfa87e8442fbcd822a428
Signed-off-by: Steven Luong <sluong@cisco.com>
Using the source address selection algorithm to determine the best source
of an NS for address resolution risks incompatible behavior.
It may choose a source address that is off-link to the other host.
Which may drop it.
A safer approach is to always use the link-local address as the SA.
It's recommended to pick a source that an application will later use,
as VPP is mostly a router, that rarely applies. And regardlessly we have
no mechanism to signal from an application that triggered address resolutiuon
what source address it intends to use.
Type: fix
Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54
Signed-off-by: Ole Troan <otroan@employees.org>
When IPFIX flow record generation is enabled on an interface and the
active timer is set, flows will be saved and then exported according to
the active and passive timers. If then disable the feature on the
interface, the flow entries currently saved will remain in the state
tables. They will gradually expire and be exported. The problem is that
the template for them has already been removed. And they will be sent
with zero template ID which will make them unreadable.
A similar problem will occur if feature settings are "changed" on the
interface - i.e. disable the feature and re-enable it with different
settings (e.g. set a different datapath). The remaining flows that
correspond to the previous feature settings will be eventually sent
either with zero template ID or with template ID that corresponds to the
current feature settings on the interface (and look like garbage data).
With this fix, flush the current buffers before template removal and
clear the remaining flows of the interface during feature disabling.
Type: fix
Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This prevents ipfix flood with the repeating events and allows
to enable nat64 max_session and max_bibs events. Also fix wrong
endian for det44 and nat64 ipfix tests, now should be fine with
extended tests enabled.
Max session per user event @ nat44-ei requires more precise rate
limiter per user address, probably with sparse vec, not handled.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
Support rewriting the inner packet for ICMP6 error messages.
Type: feature
Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843
Signed-off-by: Ole Troan <otroan@employees.org>
Flushing the neighbor cache was only available through API.
Add CLI command. Either flushes whole table (IP4,IP6)
or all neighbors on specified interface.
Type: improvement
Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685
Signed-off-by: Ole Troan <otroan@employees.org>
Now we create tun/tap and then check whether lcp_itf_pair was already
created. Move the check in the beginning.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I848685a9cfdbe92a5e38ecb8e5d5322262b4e384
When MAC address changes for an interface, address change callbacks are
executed for it. In turn adjacencies register a callback for MAC address
changes to be able to update their rewrite strings accordingly.
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered when address change callbacks are executed. After MAC address
change on the parent interface, packets sent from subinterfaces might
have wrong source MAC address as the result of stale adjacencies. For
example, ARP messages might be sent with the wrong (previous) MAC
address and address resolution will fail.
With this fix, when address change callbacks are executed for an
interface, they will be also executed for its subinterfaces. And
adjacencies will be able to update accordingly.
Type: fix
Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
When running unpriviledged sysfs allows reading only first
64 bytes of PCI config space.
Change-Id: I62d18328925a2e4936406c2842154b20182cacb9
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Be less aggressive with rx events on connect/accept notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
Currently, L2 flows are exported using L2_IP6 template if L3 or L4
recording is enabled on L2 datapath. That occurs because during feature
enable, L2 template is added and its ID is not saved immediately. Then
L2_IP4 and L2_IP6 templates are added overwriting "template_id" each
time. And in the end, the current value of "template_id" is saved for L2
template. The problem is that "template_id" at that point contains the
ID of L2_IP6 template.
With this fix, save the template ID immediately after adding a template
for all variants (datapaths). Also, cover the case with a test.
Type: fix
Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
List BlueField NICs as a supported PCI devices.
Type: feature
Change-Id: Ida2300df516ab9cd2fcde1f816bbdc081016039a
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
s->tx_fifo is 0 for the connecting half open session.
Type: fix
Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb
Signed-off-by: Steven Luong <sluong@cisco.com>
- Causes per-port-vip testcases to fail when the
uninitialized reserved field in the stack variable
key for the hash lookup was a non-zero stack memory
location.
Type: fix
Change-Id: I56afa15e7df60bc2340514f2c7ce5e71a9cb47a9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- pass buffer pool name trough va
- make buffers naturaly aligned
- fix calculation of total number of buffers
Type: improvement
Change-Id: I6aebf249ebd67823b4632ac08905bfa3aa7d1ee5
Signed-off-by: Damjan Marion <damarion@cisco.com>
If builtin apps refuse connections, they should be cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
Type: feature
this patch adds a hash config field to cnat translation
to use it in load balancing instead of always using default one
Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
This patch changes config to run containers on Ubuntu 22.04.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3be48099cb48d2c4a04526c15780244614bef3d4
Type: feature
This patch makes the port range used by the transport layer
configurable in the manner of sysctl's ip_local_port_range.
Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
When custom-packaging the VPP artifacts, it can be useful to exclude
some of the core plugins from packaging/testing, for some reasons.
A removal of a plugin(s) from the worktree needs to be tracked as
a separate change, and thus is tricky from the maintenance
point of view.
This change adds the ability to "pretend they do not exist" -
plugins which are added to the comma-separated environment
variable "VPP_EXCLUDED_PLUGINS" will not be added to the build
process and not packaged.
The tests do not have the 1:1 relationship as plugins,
so they might need to be modified separately. This change
includes some of these modifications as an example.
Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
Two similar CLI paths in nat66 plugin cause
unexpected behavior. Bug fix following [1] fix.
[1] https://gerrit.fd.io/r/c/vpp/+/35859
Change-Id: I771dd230fa6edb6bab3936652770a388d6e41a3f
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
There are cases where default port for prometheus exporter is not
available e.g. when multiple vpp are running on single node.
Type: improvement
Change-Id: I39701486f9dfaf4dc9f08aab56e88126687b507a
Signed-off-by: Fahad Khan <fahadnaeemkhan@gmail.com>
This patch adds support for using l2tpv3 as RSS type
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
From GCC 12, march=armv9-a option is supported, which includes the sve
and crc options needed. Furthermore, VPP L3Fwd benchmark results on N2
based servers show that N_PREFETCH set to 6 gives the best performance.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9c4fcad84d4db1189d956dabab22b26d020fbfd6
The VPP is crashing when specify a very big prefix length, like
ip route add 1.1.1.1/55 via 2.2.2.2
Type: fix
Signed-off-by: Gavril Florian <gflorian@3nets.io>
Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
Update my email address in maintainer document.
Type: improvement
Change-Id: I8ba518fa4c9cb414342383e1461f3f94b661ac33
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
This patch provides minor improvements to the logic governing dequeuing
from the ring. Previously whenever a frame was dequeued
we've been trying to dequeue from the ring another one till
inflight == 0. Now threshold is set for 8 frames pending in the cache
to be consumed by the vnet. This threshold has been chosen based on
cache ring stats observation in the system under load.
Some unnecessary logic for setting deq_tail has been removed.
Also logging has been corrected, and cache ring logic simplied.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
List Mellanox ConnectX-6LX and ConnectX-7 as a supported PCI devices.
Type: feature
Change-Id: Ieeca3f214d08f29238c387354055ac1320cab75f
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Type: feature
This patch update the Intel IPsec-MB lib to v1.4
Remove v0.54 and v0.55 support, as the compatible IMB APIs
are deprecated in v1.4
Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com>
Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
Next drop node should be related to payload protocol.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
Four packets are batched after 696e88da97,
so prefetch is required for the next 4-7 packets, not for 2-5.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
Correct trace functions correspond with the encap type rather than with
the payload type.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Iea1eb08a2ce9d147984ef604c7a39c62c7330e80
@ -19,7 +19,7 @@ Then install packages for containers such as lxc:
# apt-get install bridge-utils lxc
As quoted from the `lxc.conf manpage <https://linuxcontainers.org/it/lxc/manpages/man5/lxc.conf.5.html>`_, "container configuration is held in the config stored in the container's directory.
As quoted from the `lxc.conf manpage <https://linuxcontainers.org/lxc/manpages/man5/lxc.conf.5.html>`_, "container configuration is held in the config stored in the container's directory.
A basic configuration is generated at container creation time with the default's recommended for the chosen template as well as extra default keys coming from the default.conf file."
"That *default.conf* file is either located at /etc/lxc/default.conf or for unprivileged containers at ~/.config/lxc/default.conf."
@ -31,10 +31,10 @@ Look at the contents of *default.conf*, which should initially look like this:
..code-block::console
# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
As you can see, by default there is one veth interface.
@ -44,36 +44,36 @@ You can do this by piping *echo* output into *tee*, where each line is separated
..code-block::console
# echo -e "lxc.network.name = veth0\nlxc.network.type = veth\nlxc.network.name = veth_link1" | sudo tee -a /etc/lxc/default.conf
# echo -e "lxc.net.0.name = veth0\nlxc.net.1.type = veth\nlxc.net.1.name = veth_link1" | sudo tee -a /etc/lxc/default.conf
Inspect the contents again to verify the file was indeed modified:
This section will cover connecting two Linux containers with VPP. A container is essentially a more efficient and faster VM, due to the fact that a container does not simulate a separate kernel and hardware. You can read more about `Linux containers here <https://linuxcontainers.org/>`_.
This section has been tested with Ubuntu 22.04 LTS.
See https://github.com/MarvellEmbeddedProcessors/marvell-vpp
__EOF__
DEB=${PKG}_${VER}_${ARCH}.deb
dpkg-deb -b ${STAGE} ${DEB}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
