aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-02-10misc: VPP 22.06.1 Release NotesDave Wallace3-1/+13
Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9 (cherry picked from commit 1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
2023-02-03ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-21dpdk: link DPDK with MLX4/MLX5 libraries againVladimir Ratnikov1-1/+3
Previously it was linked and worker properly. While rdma build was simplified, link was lost so all encrypted data won't pass via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps won't created the right way. Errors: mlx5_common: Verbs device not found: 21a5:00:02.0 mlx5_common: Failed to initialize device context. EAL: Requested device 21a5:00:02.0 cannot be used Tested on Azure. Same errors appears on physical machine with Mellanox connect adapter Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47 (cherry picked from commit 413447451e3f842815f45bae5d3cd3f87a0876e5)
2022-12-20vapi: use the correct my_context_id when disconnecting API clientsMauro Sardara1-5/+75
While before the my_client_index variable was stored as global variable in api_main_t, after commit 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f the my_client_index becomes part of vapi_ctx_t. Each API client (internal/external) connected to VPP stores its client index in vapi_ctx_t. The issue is in the client disconnection. The vapi_disconnect is untouched in patch 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f, so it keeps the behavior of using the my_client_index stored in api_main_t. Ticket: VPP-2069 Type: fix Fixes: 2ca88ff97884ec9ed20a853b13cee6d86f9c9d0f Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: Idf8c1d1056cbd631cc3057cf7acc486216fa8303 (cherry picked from commit 8c626b41eaab5c74e7e023205f1c6cd655d40f44)
2022-11-21ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns3-15/+53
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35 (cherry picked from commit fe2d23f916d1991f4a1a8384eae41b5cceb80189)
2022-10-26misc: VPP 22.10 Release Notesv22.10Andrew Yourtchenko3-1/+506
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: If0f2ca0344640b064fde52b8f2c09a340ed9c71b Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-25packetforge: fix GTP-Extension header field dataTing Xu2-2/+6
Fix the incorrect fields data of GTP-Extension header. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Iafc5e852910649afcf0e583a5513b1ab33f5b5e8 (cherry picked from commit c9d916c7cc312d2396985f5cb83bcfdb98c98a1f)
2022-10-24docs: update cnat docs to current vpp versionMiguel Borges de Freitas1-5/+13
The documentation for the cnat plugin is highly outdated specially on the snat section. Type: docs Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53 (cherry picked from commit 938bff8084d6f79b368fabd4a60b49117cad11be)
2022-10-24vppinfra: fix incorrect sizeof() argument due to typoAndrew Yourtchenko1-1/+1
fixes coverity 282527 Type: fix Fixes: fecb2524ab Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I9ac72c3802e66369a8f24c92451e33f22c058f24 (cherry picked from commit 0d36720f8d28964be2df32d354583047b6194e14)
2022-10-20crypto-sw-scheduler: fix queue iteratorVladimir Ratnikov1-0/+10
When there are several workers, iterator can and will skip head iterator and it will last until BARRIER_SYNC_TIMEOUT won't expire and will cause SIGABRT with `worker thread deadlock` Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit 65bff88c3671ec6ee561e70f17c60ea9784a39dd)
2022-10-18vppinfra: send minimal needed mask to the set_mempolicy syscallDamjan Marion1-11/+14
Type: fix fixes: 561ae5d Change-Id: I0d98f5b43bc9ab5d31463b285177a11a10b864d2 Signed-off-by: Damjan Marion <dmarion@me.com> (cherry picked from commit fecb2524ab71b105422a9a4377429c1871220234)
2022-10-18vpp-swan: Add plugin for vpp-swanGabriel Oginski13-0/+3713
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893 (cherry picked from commit 4e88e041ad47bf422bbb2a0940f77aba11ea2178)
2022-10-17vlib: Counter free needs to NULL the allocated counter vectorNeale Ranns2-2/+14
otherwise the next time the counter is validated this is dangling. Type: fix Fixes: 58fd481d73 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e (cherry picked from commit 80c0ae24378f249b3be9a02774d844c13143cd99)
2022-10-13docs: fix memory traces commandBenoît Ganne1-1/+1
Type: fix Change-Id: I8fc949da209a5067c702952fbd0e6ce77b921d02 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit 70892fcada81a4bef53dcd26c32cba5e26e1eb52)
2022-10-07build: retain dpdk_mlx_default setting for ci scriptv22.10-rc2Dave Wallace2-3/+3
- tell git to ignore all build/external generated files Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3 (cherry picked from commit 14b118b4c7f5bd3927af48010092c5313884fbb2)
2022-10-05rdma: unhackish build of rdma-coreMohammed Hawari4-26/+11
Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> (cherry picked from commit 45e4e9444d961351178ee108b20525a9c929902d)
2022-10-05build: mlx dpdk-rdma compatibility matrixMohammed Hawari5-4/+16
- Verify mlx_rdma_dpdk_matrix.txt versions, build MLX drivers in dpdk if the versions match. Also output version comparison results to a file for CI job to send notification email when the versions do not match. Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 4e939ced65143fcfe9342dcccf3418a1018c8b0f)
2022-09-27vcl: repatch "align the RST behaviour with kernel"Yacan Liu1-1/+1
The previous patch[37164] was a bit flawed. Type: fix Signed-off-by: Yacan Liu <liuyacan@corp.netease.com> Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667 (cherry picked from commit ab15770ec63367498dd277c83a577a52594953e8)
2022-09-21misc: Initial changes for stable/2210 branchv22.10-rc1Andrew Yourtchenko1-0/+1
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I5b0e4a503867d339b901ef1a5a9ebc938bcd068b
2022-09-20docs: enhance install vpp docsfatelei3-34/+51
Type: docs Change-Id: Ic1439ce658d9d53208b29d85440a6cc225ed5b74 Signed-off-by: fatelei <fatelei@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-09-20nat: adding docs for nat44-ed sub pluginFilip Varga4-0/+734
Type: docs Change-Id: Icfa2bdc9367f8438b53da7c89caec263ed6ab056 Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-09-20fib: add cli support for explicit link typeBenoît Ganne1-0/+12
This adds the ability to specify we want an IPv4 route via an IPv6 adj and vice-versa. Type: improvement Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-20arp: check for manually added proxy-arp entriesBenoît Ganne1-1/+1
When manually adding neighbor entries for proxy-arp, those will be fib-adj entries. Check for proxy-arp instead of dropping immediately. Type: improvement Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-20misc: experimental script to get the list of the reviewers for a commitAndrew Yourtchenko1-0/+240
The script accepts zero or one argument (the commit hash), and outputs the detected components, the component maintainers, and the final suggested reviewer list. See the script for the example output. Change-Id: Ief671fe837c6201bb11fd05d02af881822b0bb33 Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-20packetforge: add packetforge for generic flow to extrasTing Xu98-0/+4330
Add a new tool packetforge to extras. This tool is to support generic flow. Packetforge is a library to translate naming or json profile format flow pattern to the required input of generic flow, i.e. spec and mask. Using python script flow_create.py, it can add and enable a new flow rule for an interface via flow VAPI, and can delete an existed flow rule as well. Command examples are shown below. Json profile examples can be found in ./parsegraph/samples. Naming format input: python flow_create.py --add -p "mac()/ipv4(src=1.1.1.1,dst=2.2.2.2)/udp()" -a "redirect-to-queue 3" -i 1 python flow_create.py --del -i 1 -I 0 Json profile format input: python flow_create.py -f "./flow_rule_examples/mac_ipv4.json" -i 1 With this command, flow rule can be added or deleted, and the flow entry can be listed with "show flow entry" command in VPP CLI. Packetforge is based on a parsegraph. The parsegraph can be built by users. A Spec can be found in ./parsegraph as guidance. More details about packetforge are in README file. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ia9f539741c5dca27ff236f2bcc493c5dd48c0df1
2022-09-20vcl: align the RST behaviour with kernelYacan Liu1-1/+13
When ESTABLISHED TCP connection is terminated by an RST packet, EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) + EPOLLRDHUP(if requested). libevent will interpret the two cases as different EV combinations. Below is the code snippet for libevent v2.12: if (what & EPOLLERR) { ev = EV_READ | EV_WRITE; } else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) { ev = EV_READ | EV_WRITE; } else { if (what & EPOLLIN) ev |= EV_READ; if (what & EPOLLOUT) ev |= EV_WRITE; if (what & EPOLLRDHUP) ev |= EV_CLOSED; } Type: fix Signed-off-by: Yacan Liu <liuyacan@corp.netease.com> Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05
2022-09-20tests: run tests against a running VPPNaveen Joy4-12/+291
Usage: test/run.py -r -t {test_filter} Instead of starting a new instance of VPP, when the -r argument is provided, test is run against a running VPP instance. Optionally, one can also set the VPP socket directory using the -d argument. The default location for socket files is /var/run/user/${uid}/vpp and /var/run/vpp if VPP is started as root. Type: improvement Change-Id: I05e57a067fcb90fb49973f8159fc17925b741f1a Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-09-19misc: add test framework for host stackFilip Tehlar27-0/+1974
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I5a64a2c095cae3a4d5f8fdc73e624b010339ec8e
2022-09-19cnat: coverity fixNathan Skrzypczak1-0/+4
Type: fix Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-09-19tests: skip tests failing on ubuntu 22.04Dave Wallace4-2/+87
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I218059de5d05680d661f302293475b6c2a7bf81d
2022-09-19igmp: validate ip router alert option lengthVladislav Grishenko2-15/+50
It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
2022-09-19abf: add API parameter n_paths range checksJon Loeliger3-43/+56
Also check for non-zero rpath length in CLI cmd. While there, no need to use "else" after a return. Also while there, notice and fix numerous input_line buffer leaks and fix them. Type: fix Fixes: 669d07dc016757b856e1014a415996cf9f0ebc58 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
2022-09-19build: install missing headersBenoît Ganne1-1/+6
Type: fix Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19teib: fix segv during failed deletion of entryMatthew Smith1-2/+1
Type: fix If an attempt is made to delete a teib entry and the entry does not exist, a message is logged. The format string contained an extra "%U", which results in a segv. Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-19arp: update error reason when checking for proxy-arpBenoît Ganne2-2/+5
When we follow arp feature arc for proxy-arp, we should still update the error reason in case proxy-arp cannot handle the arp request and drops it. Type: improvement Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19linux-cp: fix some CLI error messagesMatthew Smith1-79/+71
Type: fix If unrecognized input was provided to the commands which add or delete a pair, the error message was being created incorrectly and only displayed something like "unknown input `'". Provide the correct argument to format_unformat_error so that the actual unrecognized input is printed. There also was no error or useful information printed if only the base command were provided without any additional arguments. This should print a warning about what required data was missing. Reorganize code to handle this and to make sure that memory gets freed appropriately. Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-18lisp: fix coverity 277315Andrew Yourtchenko1-0/+5
Handle the case of the mapping not being found by GID. Type: fix Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-16virtio: add support for per queue packet counterMohsin Kazmi5-0/+28
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9
2022-09-15vcl: add hugepage for vcl configure and svmJunfeng Wang10-8/+33
add hugepage for vcl configure and svm Type: feature Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
2022-09-15session: support dma optionMarvin Liu3-20/+257
add dma support to session, acclerate host-stack with dma Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
2022-09-15prom: fix coverity 277312, 277317Andrew Yourtchenko1-0/+2
If one attempts to add a pattern with zero length, first time it will succeed, and the second time it will cause an invalid memcmp call. Solution: do not allow to add zero-length patterns. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2
2022-09-15nat: fix nat44-ed port range with multiple workersVladislav Grishenko5-9/+207
The number of available dynamic ports is set to (0xffff - 1024) = 64511, which is not divisable by the pow2 number of workers - the only integer divisors are 31 and 2081. So, total dynamic port range of all workers will be less than it: 1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536 2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535 4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533 8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529 ... As seen, with multiple workers there are unused trailing ports for every nat pool address and that is the reason of out-of-bound index in the worker array on out2in path due (port - 1024) / port_per_thread math. This was fixed in 5c9f9968de63fa627b4a72b344df36cdc686d18a, so packets to unused ports will go to existing worker and dropped there. Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6: 6. Port Number Ranges o the System Ports, also known as the Well Known Ports, from 0-1023 (assigned by IANA) o the User Ports, also known as the Registered Ports, from 1024- 49151 (assigned by IANA) o the Dynamic Ports, also known as the Private or Ephemeral Ports, from 49152-65535 (never assigned) According that let's allocate dynamic ports from 1024 and have full port range with a wide range of the workers number - 64 integer divisors in total, including pow2 ones: 1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536 2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536 3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536 4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536 5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534 6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536 7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536 8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536 ... Modulo from 5c9f9968de63fa627b4a72b344df36cdc686d18a is still required when the numbers of workers is not the integer divisor of 64512. Type: fix Fixes: 5c9f9968de63fa627b4a72b344df36cdc686d18a Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-15ip-neighbor: fix debug log format outputluoyaozu1-4/+3
Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4
2022-09-14ip: show fib index in ip4 reassembly traceDamjan Marion1-28/+25
Type: improvement Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-14ipsec: make chacha20-poly1305 available via APIVladimir Ratnikov4-14/+27
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
2022-09-12vlib: add vlib_frame_bitmap_is_bit_setDamjan Marion1-0/+8
Type: improvement Change-Id: I2f3fab893a10b060f91b07ee17b8727d241830ea Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski10-164/+1472
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-09-09fib: fix path copy function to deal with provided DPO in exclusive pathDamjan Marion1-0/+6
DPO in the new copy was not locked ... Type: fix Fixes: 0bfe5d8 Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-09vlib: don't leak node frames on reforkDmitry Valter10-16/+129
Free node frames in worker mains on refork. Otherwise these frames are never returned to free pool and it causes massive memory leaks if performed under traffic load Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
2022-09-09vppinfra: add clib_array_mask_set_u32()Damjan Marion1-0/+33
Type: improvement Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377 Signed-off-by: Damjan Marion <damarion@cisco.com>