aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-28session svm: segment manager and fifo segment leaksFlorin Coras2-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
2021-02-27vlib: fix clear trace buffer race conditionBenoît Ganne1-4/+15
Type: fix Change-Id: I2384e052bee91a275c3b97a00542819b1d646c88 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-26vppinfra: mem leak in show memory main-heapFlorin Coras1-1/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I23d1dda86c781ac077dbee7cb0e1ddeaa328c660
2021-02-26udp: avoid locking connected udp sessions on rxFlorin Coras3-2/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26virtio: place the event fds on worker threads for pci deviceMohsin Kazmi1-0/+11
Type: improvement Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-26svm: fix shared hdr migrationFlorin Coras2-7/+9
Avoid changing the header on attach as it may be in use. Instead, as for chunks, allocate header to be collected on detach. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib316ecb5d61ae161032869b6f6a1863f1105a1d9
2021-02-26nat: optimize flow matching in ED NATKlement Sekera5-81/+87
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-26nat: NAT44ED fail if using old plugin optionFilip Varga4-450/+498
Fail if obsolete flag is used. Type: fix Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-26interface: Fix rxq deletionNathan Skrzypczak1-2/+11
Type: fix Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26interface: fix sh int rxNathan Skrzypczak2-2/+2
Type: fix Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns18-98/+85
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26crypto: fix coverity issue 218445Piotr Bronowski1-3/+0
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: return 4294967295U;. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
2021-02-25sr: Fix the coverity issue on srv6-mobile pluginTetsuya Murakami1-2/+2
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
2021-02-25tests: Add tests for IPSec async mode using the crypto SW schedulerNeale Ranns5-108/+191
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iabc8f2b09ee10a82aacebd36acfe8648cf69b7d7
2021-02-25ipsec: ipsec.h tidy upNeale Ranns6-56/+86
Type: refactor - remove the extern declaration of the nodes. keep the use of them to the files that declare them - remove duplicate declaration of ipsec_set_async_mode - remove unsued ipsec_add_feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
2021-02-25ikev2: Use the IPSec functions for UDP port managementNeale Ranns2-46/+2
Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
2021-02-25linux-cp: fix vector-used-a-C-string overflowBenoît Ganne2-4/+3
lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-25ipsec: enable input features on tunnelsBrian Russell6-30/+335
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga44-5781/+10760
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24virtio: enable the interrupt support for uio_pci_genericMohsin Kazmi1-11/+4
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan2-5/+39
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-24wireguard: coverity fixArtem Glazychev1-11/+12
explicit null dereferenced Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
2021-02-24crypto: A more memory efficient layout of the frame element structNeale Ranns2-18/+26
Type: improvement Also: - state as enum so my GDB life is easier - typo; s/indice/indices/; Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
2021-02-24docs: move pnat doc link into dev doc sectionDave Wallace2-2/+2
- "PNAT: 1:1 match and rewrite programmable NAT" link was hanging out on the top level of the doc tree. Move it to VPP->Developer Documentation. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
2021-02-23l2: coverity woe in l2_api.cSteven Luong1-23/+20
Coverify complains deref_ptr before null check. deref_ptr: Directly dereferencing pointer reg. 1214 vl_reg = vl_api_client_index_to_registration (reg->client_index); 1215 ALWAYS_ASSERT (vl_reg != NULL); 1216 CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL) check_after_deref: Null-checking reg suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 1217 if (reg && vl_api_can_send_msg (vl_reg)) I believe the check is for vl_reg instead of reg because vl_reg may be NULL after the call vl_api_client_index_to_registration. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
2021-02-23hsa: fifo detach cleanupFlorin Coras2-0/+27
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I907b2e560d6ecd748aa7c6d775c4f7122a39b4cb
2021-02-23vcl: segment index leak on attachFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If8840d455f8841264136adb19cc9a2046ba37b11
2021-02-23vcl: fix coverity warningFlorin Coras1-7/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id9f922eafe4a68661d2858d72fc548a372e9596a
2021-02-23misc: run make test-refresh-deps to update the python dependenciesAndrew Yourtchenko2-138/+152
Also, remove the flake8 from requirements.txt as it looks like upstream package is not installable... Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I1a2132f30f7f9431d892e962a29c7d859e6a43db Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-23tests: delete test/requirements-2.txtAndrew Yourtchenko1-316/+0
Python2 has not been supported for a while now, time to spring clean... Change-Id: Iafb18bd730c69b5aeefa6ccbfadbaaf30c92c2c8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Type: improvement
2021-02-23vlib: fix offload flags value resetBenoît Ganne1-2/+11
When a buffer is freed and re-allocated for a new packet, opaque2 is not reset, so the offload flags can be set to a stale value. Make sure the offload flags are reset to the current value on 1st set. Type: fix Fixes: 6809538e646bf86c000dc1faba60b0a4157ad898 Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-22vcl: fix vls_intercept_sigchld_handler be called recursivelynandfan1-0/+5
The old_sa is rewrite with vls_intercept_sigchld_handler when parent process fork child second time, parent process will call vls_intercept_sigchld_handler recursively when received child signal. Type: fix Signed-off-by: nandfan <fanyufei521@outlook.com> Change-Id: Ia58a254d58058489aa2d91b76a3b3cab1e38f802
2021-02-22api: fix memory leak in vl_api_cli_inband_t_handlerAndrew Yourtchenko1-0/+1
I noticed the memory leak while sending a lot of cli_inband APIs: DBGvpp# memory-trace on main-heap ... send a lot of API cli_inband ... DBGvpp# show memory main-heap Thread 0 vpp_main base 0x7f85c8302000, size 1g, locked, unmap-on-destroy, name 'main heap' page stats: page-size 4K, total 262144, mapped 33129, not-mapped 229015 numa 0: 33129 pages, 129.41m bytes total: 1023.99M, used: 125.78M, free: 898.22M, trimmable: 897.59M Bytes Count Sample Traceback 9751632 145034 0x7f85d01696e8 clib_mem_alloc_aligned_at_offset + 0x80 vec_resize_allocate_memory + 0xa8 _vec_resize_inline + 0x240 va_unformat + 0xe4 unformat + 0x159 vlib_cli_dispatch_sub_commands + 0x11e vlib_cli_input + 0x8f vl_api_cli_inband_t_handler + 0xd9 vl_msg_api_handler_with_vm_node + 0x488 void_mem_api_handle_msg_i + 0x6f vl_mem_api_handle_msg_main + 0x38 vl_api_clnt_process + 0x28d 9723904 145034 0x7f85cd677238 clib_mem_alloc_aligned_at_offset + 0x80 vec_resize_allocate_memory + 0xa8 _vec_resize_inline + 0x240 unformat_init_string + 0x10d vl_api_cli_inband_t_handler + 0xc1 vl_msg_api_handler_with_vm_node + 0x488 void_mem_api_handle_msg_i + 0x6f vl_mem_api_handle_msg_main + 0x38 vl_api_clnt_process + 0x28d vlib_process_bootstrap + 0x5d 0x7f8608b0e038 290077 total traced objects Solution: free the input data structure. Type: fix Change-Id: I42de5572e8760237e793a53c1a94bce65a4ac5fa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-22vcl: cleanup fifos detached from segmentsFlorin Coras4-3/+60
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I412024731c1f561680736ad7bfabb99b595e3dff
2021-02-22svm: free shared fifo on detachFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I639560ee3dd0a1d605ec2866dce5cdd13fda8201
2021-02-22vcl: support sockopt of SO_REUSEPORT and SO_DOMAINwanghanlin3-0/+26
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I800cfffb07bf7d4c4d1454b73febdba03f7d6b75
2021-02-22ip-neighbor: add set ip neighbor-config CLI commandIvan Shvedunov1-0/+54
Type: improvement Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
2021-02-20svm: return chunks to slice on fifo detachFlorin Coras2-18/+14
Ensure chunk alloc distribution is maintained on fifo detach. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5aa5524e06a703dc50e90da6d177663d2d997aa4
2021-02-19dpdk: fix cryptodev offset updateFan Zhang1-11/+8
Type: fix This patch fixes the missed crypto and integ offset update for every packet. Previously the offset is updated only when the key is changed. This is ok for encryption but not always true for decryption. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Iccd0011f4ae488746ce487a14b94ddd24fb0c07c
2021-02-19tests: add input policer thread handoff testsBrian Russell1-2/+74
Test worker thread handoff on an interface input policer. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
2021-02-19policer: add thread handoff for device inputBrian Russell4-13/+71
Add worker thread handoff for policers on the device input feature arc on an interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
2021-02-19policer: move handoff checks into policer codeBrian Russell4-47/+41
The IP punt policer currently checks if it needs to do worker thread handoff based on the thread index stored in the policer. Move this functionality into the policer code so it can be common for all users of the policer. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
2021-02-19tests: test input policerBrian Russell2-0/+78
Apply a policer to an interface, check it's policing packets. Remove it and check it no longer polices packets. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
2021-02-19policer: add api to configure input policingBrian Russell4-0/+76
Add a new API to apply a policer to an input interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700