aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-03-07nat: fix worker selectionKlement Sekera7-89/+73
Use correct ports from SVR. Perform lookup of existing session for all cases to pick any created bypasses and derive correct thread indexes. Type: fix Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-07nat: test - add show traceKlement Sekera1-0/+1
Add missing show trace. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2f216bfc1bc70ebcbf5593214d46601f44f0b6e2
2021-03-07dispatch-trace: move dispatch trace pcap code to pluginDamjan Marion10-573/+614
Type: refactor Change-Id: I02a527f57853ebff797f0d85761b71127916d6ce Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-06nat: use correct node indexes for queuesKlement Sekera1-2/+2
Type: fix Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-05vppapigen: expose the values of per-message "options" in the api.json filesAndrew Yourtchenko2-1/+2
Also fix the vapi parser's assumption about what the container with CRC is supposed to look like.. Change-Id: I3a23ef6c1502232742c03d227eb3654fb757709c Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-03-05avf: don't memcpy if adminq output buffer size is 0Damjan Marion1-1/+1
Type: fix Change-Id: I0df14ff87d0bf51eeb392f72434febf6c4a2957a Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05fib: format function for adjacency flagsNeale Ranns2-0/+18
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib01ed3231321f0f38c4b1deb885c4cf718cc0147
2021-03-05interface: move vnet_pcap_t to vnetDamjan Marion5-30/+33
It naturally belogns there... Type: refactor Change-Id: I05f7ba01103a5e9b3756f1ea69c8cc5d8f26f0a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05tests: improve the robustness of process cleanup on INT/TERM signalsAndrew Yourtchenko1-1/+17
Change-Id: I3049d3d7d1212236dcc63ebf5560f87561928520 Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-03-05mss_clamp: TCP MSS clamping pluginNeale Ranns8-0/+1336
Type: feature Configure TCP MSS clamping on an interface as follows: set interface tcp-mss-clamp [rx|tx] <interface-name> ip4 [enable|disable|rx|tx] ip4-mss <size> ip6 [enable|disable|rx|tx] ip6-mss <size> Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-03-05api: crchcecker ignore version < 1.0.0 and outside of src directoryOle Troan6-94/+180
- For check patchset ignore files outside of src directory - For check patchset ignore files that have version < 1.0.0 - fix Pylint warnings - Modify vppapigen_crc to include version in JSON output Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I171cf6397e129e2438b2a494c5656236a7810f7b
2021-03-05l2: coverity woe in l2_rw_mod_entrySteven Luong1-3/+0
Coverity complains that the statement if (!e) return -1; is never true and is logically dead code in the subject function. It is right. e is assigned in both the if and else statementes immediately above and can never be null. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic2d0e76eff696ee689a68a07913876dcecf5c647
2021-03-05dpdk: fix rte mempool for rx_queuesVladimir Ratnikov1-1/+9
Change dpdk_ops_vpp_get_count() return value from 0 to actual available pool size; For some drivers/envs(azure,vmbus) rx_queue size will be zero and the only 1 element will be created (0 + 1) When more than one packet will arrive, it will cause SEGFAULT Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
2021-03-05ipsec: Support async mode per-SANeale Ranns12-244/+397
Type: feature This feautre only applies to ESP not AH SAs. As well as the gobal switch for ayncs mode, allow individual SAs to be async. If global async is on, all SAs are async. If global async mode is off, then if then an SA can be individually set to async. This preserves the global switch behaviour. the stratergy in the esp encrypt.decrypt nodes is to separate the frame into, 1) sync buffers, 2) async buffers and 3) no-op buffers. Sync buffer will undergo a cyrpto/ath operation, no-op will not, they are dropped or handed-off. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
2021-03-05ipsec: Submit fuller async framesNeale Ranns6-178/+231
Type: improvement In the current scheme an async frame is submitted each time the crypto op changes. thus happens each time a different SA is used and thus potentially many times per-node. thi can lead to the submision of many partially filled frames. change the scheme to construct as many full frames as possible in the node and submit them all at the end. the frame owner ship is passed to the user so that there can be more than one open frame per-op at any given time. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic2305581d7b5aa26133f52115e0cd28ba956ed55
2021-03-05marvell: check return value of vlib_trace_bufferRobert Shearman1-8/+10
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a compiler error for an unused result of the function. Type: fix Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
2021-03-05marvell: spelling fixesRobert Shearman2-3/+3
Fix places where "Marvel" is used incorrectly instead of "Marvell". Type: style Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-05marvell: fix implicit declaration of functionRobert Shearman1-0/+1
Fix compile error due to implicit declaration of vnet_hw_if_get_rxq_poll_vector by including the header file that declares this. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
2021-03-05crypto: revert "fix ops flags in crypto sw scheduler"Damjan Marion1-2/+7
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea. Type: fix Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-04docs: Update macos doc to clang-formatNathan Skrzypczak1-15/+13
Type: docs Change-Id: Ibf825ac8b1591e8109be0b3b8d56ee85ae5145a4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04misc: add ikev2 tests usecasesFilip Tehlar26-0/+640
Type: test Ticket: VPP-1893 Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-04ikev2: fix incorrect api messageFilip Tehlar1-1/+1
Type: fix Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04crypto: fix ops flags in crypto sw schedulerBenoît Ganne1-7/+2
The sw crypto scheduler converts crypto frames to individual crypto operations. This is done by reusing per-thread vectors for crypto, integrity and chained operations. The crypto op flags must be reset to frame flags minus invalid values depending of the operation. The previous tentative also cleared the chained buffer flag, breaking jumbo support. Type: fix Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04crypto: add support for aes-ctr+sha-1 chainsBenoît Ganne1-16/+19
Type: feature Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04hsa: fix builtin echo apps with multiple workersFlorin Coras3-27/+88
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
2021-03-04bonding: coverity woe in bond_dev_class fuctionSteven Luong1-5/+14
Coverity complans the line h = hashes; uses uninitialized variable if the prior ASSERT statement is hit. ASSERT is compiled out coverity as well as in release image. So the complain is legitimate. Change the ASSERT to drop the frame and log an error instead. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
2021-03-04dpdk: fix include directories with system dpdkRobert Shearman1-0/+1
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules to the include directories to allow use of system DPDK where the headers aren't under standard include directories. Type: fix Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1 Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04marvell: remove unused variableRobert Shearman1-1/+0
Fix compile error in mrvl_pp2_delete_if caused by unused variable by removing that variable. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04libmemif: verify length of transmitted buffersJakub Grajciar1-3/+4
In memif_tx_burst verify that total buffer size (data_offset + data_len) does not exceed buffer size. If not valid returns MEMIF_ERR_INVAL_ARG. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ifae8f92344a401febbc1efd22c301356ccf83d44
2021-03-04memif: Validate descriptors within process boudarySteven Luong1-20/+27
We hit a crash when the client sends us a bogus deescriptor which causes us to access memory beyong the mapping. While the client clearly should not do that, it is rather cheap for VPP to validate the descriptor instead of crash and burn. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id09035810939f5f98530f212f0b23e606132251d
2021-03-04dpdk: enable AVX-512 on ICLRay Kinsella1-0/+5
Enable DPDK AVX-512 Vector PMDs on Intel Icelake Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
2021-03-04build: add libmemif as part of build-coverity targetAndrew Yourtchenko1-0/+1
Change-Id: I81a3b5d0845724da40b483832a8eaed081e6e4ed Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-03-04dpdk: deprecate ipsec backendFan Zhang11-478/+580
Type: refactor DPDK crypto devices are now accessible via the async infra, so there is no need for the DPDK ipsec plugin. In addition this patch fixes the problem that cryptodev backend not working when master core and worker cores lies in different numa nodes. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
2021-03-04vppinfra: fix compiling error due to incompatible udphdr field namesJieqiang Wang1-6/+3
Compiling VPP on CentOS 7 will fail shown as below. The root cause is that uh_sport/uh_dport field names for struct udphdr are chosen only if macro __FAVOR_BSD in /usr/include/netinet/udp.h is defined for glibc version less than 2.19. Fix this issue by using source and dest field names in struct udphdr for compatibility reasons. FAILED: vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o ccache /opt/rh/devtoolset-9/root/bin/cc -Dvppinfra_EXPORTS -I/vpp/src -I. -Iinclude -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=corei7 -mtune=corei7-avx -O2 -fstack-protector -D_FORTIFY_SOURCE=2 -fno-common -flto -fno-fat-lto-objects -fPIC -fvisibility=hidden -ffunction-sections -fdata-sections -MD -MT vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -MF vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o.d -o vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -c /vpp/src/vppinfra/unix-formats.c /vpp/src/vppinfra/unix-formats.c: In function 'format_udp4_packet': /vpp/src/vppinfra/unix-formats.c:319:19: error: 'struct udphdr' has no member named 'uh_sport' 319 | u16 source = udp->uh_sport; | ^~ /vpp/src/vppinfra/unix-formats.c:320:17: error: 'struct udphdr' has no member named 'uh_dport' 320 | u16 dest = udp->uh_dport; Type: fix Change-Id: Ifc99c7286ea3fac463096152267033ac0518c230 Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com>
2021-03-04libmemif: socket filename length 108Jakub Grajciar2-27/+3
Dynamic size array was causing trouble in strlcpy. LINUX allows for max 108 filename length, so we can use that to make the array constant size. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: I76b1fc41f9d93cfbc9ad11bdca0c96a1fc261e84
2021-03-03udp: allocate rx lock only for non-connectedFlorin Coras1-3/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
2021-03-03misc: include debian/quilt packaging directory in .gitignoreNeale Ranns1-0/+3
Type: style Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I04e859bbba913acf32e14c4460bba45f5cb45ff6
2021-03-03api: fix crash when cf removedwanghanlin1-2/+16
cf may be removed when: 1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal message, secondly reading 0 bytes because of socket client crash, then cf removed without clear message added to pending event data vectors before 2. clib_file_write called Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I4523e9bb322e98357575925f3113f710d70dd679
2021-03-03nsh: Resolve SA errors in NSH plugin.Vengada Prasad Govindan1-15/+0
Type: fix Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a Signed-off-by: Vengada Govindan <venggovi@cisco.com>
2021-03-03dhcp: calls to vnet_feature_enable_disable needs to be protectedSteven Luong1-1/+7
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync protection. This can cause data contention with the worker threads. Wrap all calls to vnet_feature_enable_disable with barrier sync and barrier release. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I74545b074599273429f47e3e726551156bc11bbc
2021-03-02misc: update john lo email address in maintainersOle Troan1-2/+2
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ic880de0f895feb6eabaa2b4f9f19ccefc048d444
2021-03-02ikev2: fix authFilip Tehlar1-1/+1
Old auth data is needed when generating new one. Type: fix Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-02classify: fix crash if no pcap filter has been configuredBenoît Ganne1-1/+2
If no pcap filters have ever been configured and we try to enable pcap capture with a filter, cm->classify_table_index_by_sw_if_index is not initialized yet. Type: fix Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-02classify: fix multiple filters supportBenoît Ganne3-67/+78
This fix the classify filter if we attach several different filters. This also fix some issues with l3 and l4 parsing. Type: fix Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-28session svm: segment manager and fifo segment leaksFlorin Coras2-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de