summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2025-01-21crypto-openssl: fixed tag and aad lengths for chacha-polyDamjan Marion1-1/+7
Type: improvement Change-Id: I6162b45875566cc705917a51b3f06e1490607c8b Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-20tls: async event handling enhancementVarun Rapelly3-599/+345
This patch updates async processing logic by adding async event handlers separately for handshake, read and write events. Type: improvement Change-Id: I6366689fec7e29fa9850cb22e20ab3659bf5245a Signed-off-by: Varun Rapelly <vrapelly@marvell.com>
2025-01-20build: fix compiler orderingFlorin Coras1-0/+6
All CI builds default to GCC instead of Clang Type: fix Fixes: ec68cec6c84e5dc9acaf7828c0118bb71fffc561 Change-Id: I63fce7feda743d05f17d0710fcf25b09674fdbfb Signed-off-by: Florin Coras <fcoras@cisco.com>
2025-01-20vcl: segfault correction in vcl_session_connected_handlerAlexey Stratulat1-1/+1
Svace found a bug related to the fact that the vcl_segment_attach_session function is passed a pointer to a session, which is null, because of this, when using it, a segmentation error will occur inside the function. This issue was fixed. Type: fix Change-Id: Icc68ced80611bb709c9fa7868816f003373077d4 Signed-off-by: Alexey Stratulat <a.stratulat@ideco.ru>
2025-01-20sflow: initial checkinPim van Pelt19-0/+3782
This is an sFlow dataplane plugin that can sample 1-in-N packets from device-input, copying them to a FIFO queue and servicing that queue from a main process which formats them as Netlink PSAMPLEs, to be picked up by a popular sidecar agent called host-sflow. Type: feature Change-Id: Ic03456472e53309678f182dc8f74d3c81fb619e6 Signed-off-by: neil.mckee@inmon.com Signed-off-by: pim@ipng.nl
2025-01-20vlib: fail in runtime if workers > neltsVladimir Smirnov1-0/+5
Type: fix With a release build, if you configure more than 55 workers, vpp will start, but will corrupt memory as a lot of internal datastrctures are allocated with assumption that there will be not more than FRAME_QUEUE_MAX_NELTS threads. Add a warning if amount of configured workers more than MAX_NELTS. Anticipate that next commit would add a compile-time configurable variable and name it VPP_MAX_THREADS. Change-Id: I015f4f9aa5e8b828c7d90c90142d7a7c1ce68f97 Signed-off-by: Vladimir Smirnov <civil.over@gmail.com>
2025-01-20af_packet: worker thread call vlib_log coredumpfenglei1-3/+14
Type: fix -When deleting a veth pair interface in linux, vpp's call to af_packet_fd_error will cause it to hang because it's a worker thread. Change-Id: I3dc9018e7e492ccbdf0f59381f9bbbfd5c1c88a5 Signed-off-by: fenglei <1579628578@qq.com>
2025-01-17af_xdp: revert "af_xdp: fix af_xdp compile waring for clang compiler"Benoît Ganne3-55/+26
This reverts commit 38097970c038de6c3c67cb8e1c7209f1df1f24d0. Type: fix Change-Id: I2401eff6d1558f0f95b8b0c88b6b5d174acbb0ef Signed-off-by: Benoît Ganne <bganne@cisco.com>
2025-01-17snort: support multiple instances per interfaceAgathiyan Bragadeesh6-168/+554
Implements load balancing between snort instances via flow hash. New CLI commands have been made to support these changes: snort attach instance <name1> [instance <name2> ... ] interface <ifname> [input|output|inout] snort attach all-instances interface <ifname> [input|output|inout] snort detach instance <name1> interface <ifname> snort detach all-instances interface <ifname> The output of "show snort interfaces" has an extra column to show the direction of each attachment: interface instances direction Ethernet0: snort1 inout snort2 inout snort3 inout Ethernet1: snort1 input snort3 output To maintain backwards compatibility for the snort api, the snort_interface_get api endpoint only returns one of the attached instances and the snort_interface_detach endpoint detaches all attached instances. Type: improvement Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com> Change-Id: I6b7c26c203496d6a1dba244620907f28c04bb478
2025-01-17crypto-ipsecmb: fixed tag and aad lengths for chacha-polyDamjan Marion1-18/+73
Type: improvement Change-Id: I8c7e6c2734258bb6b4e8e404e2c9b119ee141dd1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-17hs-test: temporarily skip VppEchoQuicTestAdrian Villin1-0/+1
Type: test Change-Id: I06937c491303dfe2f0b2e847d05a4220c14e83e0 Signed-off-by: Adrian Villin <avillin@cisco.com>
2025-01-17linux-cp: add the drain backArtem Glazychev1-0/+10
Type: fix Change-Id: I60338a8c901cf5baf4974ce572f17e70116877df Signed-off-by: Artem Glazychev <glazychev@mts.ru>
2025-01-17af_xdp: fix af_xdp compile waring for clang compilerfenglei3-26/+55
Type: fix - add check variable undefine init flags for gcc and clang compiler - disable compile xdp-dump Change-Id: Icd2b81ec5cd5dc66db395a69f8af889635f664e0 Signed-off-by: fenglei <1579628578@qq.com>
2025-01-17dpdk: update rdma-core to 55.0Vladimir Smirnov2-3/+3
Newer version of RDMA contains some bugfixes. Type: feature Change-Id: I4cd6bc7608bbadd99cdddc7b97646df1583b6ce6 Signed-off-by: Vladimir Smirnov <civil.over@gmail.com>
2025-01-17crypto-openssl: add fixed tag and aad size opsDamjan Marion1-43/+69
Type: improvement Change-Id: Iea7202cd0a79d3bed85313b2b4a6e6469a701568 Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-17crypto-ipsecmb: add fixed tag and aad size opsDamjan Marion1-148/+138
Type: improvement Change-Id: Id62308775eeeada0277c2303cf8c728db4dbfcdc Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-16http: fix sending error responses to rejected requests by server appsSemir Sionek1-7/+18
Plugins such as http_static sometimes reject requests without reading all of the body. http_static in that case sends an error response and closes the connection. But the error response cannot go out due to the connection state being HTTP_REQ_STATE_TRANSPORT_IO_MORE_DATA. With this change, we make http_app_tx_callback give a response like that special treatment, allowing it to go out. Type: fix Change-Id: I72ae74b869183f5d5921837f6ac9c52f0efc7598 Signed-off-by: Semir Sionek <ssionek@cisco.com>
2025-01-16linux-cp: fix segfault while receiving nl messagesArtem Glazychev1-11/+2
- check nl socket before receiving messages - we don't need extra callback after adding an lcp pair because we start draining messages (due to epoll) right after opening socket Type: fix Change-Id: I0ecb03b758f066662015fd6c6b9d3c48cb520c0d Signed-off-by: Artem Glazychev <glazychev@mts.ru>
2025-01-16crypto: combine sync and async algos and opsDamjan Marion16-810/+440
Type: improvement Change-Id: I4d507b105e5b5ba7dd68d373c7f1ab156a9fc9f1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-16ipsec: make algo data constantDamjan Marion4-162/+193
Type: improvement Change-Id: I554418fca0cbe1a2b42eddc24eccf25ede5f678a Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-16arp: fix command resolve and config filed exist differfenglei1-1/+2
Type: fix Change-Id: I2b2b65a6c12d50146f08b64b9a1603888652b462 Signed-off-by: fenglei <1579628578@qq.com>
2025-01-16ipsec: don't add crypto key if cipher is NONEDamjan Marion1-6/+10
Type: fix Change-Id: I0c418fe71b579febc4ca02e8ad0aeba24df1945d Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-15tcp: export sdl header file for out-of-tree pluginsFlorin Coras1-0/+1
Type: fix Change-Id: I27e29690dba1ea52e874cb1db81d24fcc4366bb6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2025-01-15tests: remove decorator tag_fixme_ubuntu2404Ivan Ivanets1-27/+0
Type: test There is no need to use the tag_fixme_ubuntu2404 decorator. All tests that previously used it are now stable. Change-Id: I2f00bcdacf9690c4d3896eace5d817f7bd19058b Signed-off-by: Ivan Ivanets <iivanets@cisco.com>
2025-01-15pg: fix tr to tracefenglei12-13/+13
Type: fix Change-Id: Icd1ea24ba104123673f864d9bfd0f4da83982b7d Signed-off-by: fenglei <1579628578@qq.com>
2025-01-15octeon: add compatibility checkMonendra Singh Kushwaha1-0/+9
This patch adds compatibility check for OCTEON model in plugin. Type: refactor Change-Id: Id583a2f42b8f66f7e045f6cf9176125680e9a16f Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2025-01-15octeon: update octeon roc versionMonendra Singh Kushwaha2-6/+7
Type: feature Change-Id: I9f3044aec29a611d4735001ff1943772b7035711 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2025-01-14http_static: read body only for POST requestsSemir Sionek1-2/+2
Type: improvement Change-Id: Id863f59d04d8e6f22c886e079367d06908b8b24b Signed-off-by: Semir Sionek <ssionek@cisco.com>
2025-01-14ipsec: add test for tun sa ip6 fast-path spd policy matchingPiotr Bronowski1-0/+46
In case SA defines a tunnel, policy matching should be performed based on the tunnel header defined by the SA. This change tests the matching for ip6 fast path SPD implementation. Type: test Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I311b221bce565de0e8235fd162305eb10550edd9
2025-01-13ip: fix local csum checkFlorin Coras1-5/+12
For packets with invalid checksums, in src local check, do not override errors on fast path and do not cache result. Type: fix Change-Id: I4de9351b190ba398d6f89eec80055016cacf028b Signed-off-by: Florin Coras <fcoras@cisco.com>
2025-01-13crypto: remove AEAD opt typesDamjan Marion3-218/+185
Type: improvement Change-Id: I32ccf1d58a34bc6f64946ffd711dbd2b4f5864f6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-12octeon: fix octeon build issueMonendra Singh Kushwaha1-4/+3
This patch adapts new changes introduced in crypto framework as part of 6676d951. Type: fix fixes: 6676d951 Change-Id: I7bbe8d87250e072b2891c0eedee1e14642fab4bc Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2025-01-10crypto: key storage improvementsDamjan Marion9-49/+62
Type: improvement Change-Id: I49d8415ce1d64dc797a0cc43f5382daeaddbe11a Signed-off-by: Damjan Marion <damarion@cisco.com>
2025-01-10dev: assign tx queue to all threadsMonendra Singh Kushwaha1-5/+9
This patch assigns tx queue to all thread and enables tx queue sharing if needed. Type: fix Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com> Change-Id: I8cb561c29c2a508b8b478c646121b1caa61b8520
2025-01-09hs-test: http tps test with tlsMatus Fabian1-1/+21
Type: test Change-Id: I0b4044c2924855f4be03c301f75e6a3e31aa29a9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2025-01-09build: expose VPP_PLATFORM to out-of-tree pluginsGuillaume Solignac3-21/+35
We move the VPP_PLATFORM logic from src/CMakeLists.txt to cmake/cpu.cmake so that out-of-tree plugins can leverage it as well. Type: improvement Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I767a75f45c07aed7db4034b18ab4b5c67fda06ee
2025-01-09sr: fix aarch64 build issueGuillaume Solignac1-0/+1
GCC complains about a maybe-unitialized variable Type: fix Change-Id: Id77e4a48bdefea74d881190675320036f60ee3d5 Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
2025-01-09hs-test: fix skipping docker image buildingAdrian Villin1-11/+11
- building docker images will now be properly skipped Type: test Change-Id: I57ae71814bdf5eefaac16472dfb56e86564219e6 Signed-off-by: Adrian Villin <avillin@cisco.com>
2025-01-09hs-test: copy vpp-data to docker images lastAdrian Villin2-3/+6
Type: test Change-Id: I773321d21c75e081fa54fae1d9862b4bc75e3794 Signed-off-by: Adrian Villin <avillin@cisco.com>
2025-01-09hsa: proxying UDP in HTTP/1.1Matus Fabian15-166/+991
Type: feature Change-Id: Ic0ff9b9bfbad9fbc602fbcec0d8906cd21d63a2c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2025-01-08vlib: update input node counts based on stateMonendra Singh Kushwaha1-0/+7
Type: fix Change-Id: I09497ae8d6a685324f8c7d9e0b3208a3ec465f0e Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2025-01-08octeon: fix compilation for octeonMonendra Singh Kushwaha2-5/+4
This patch adapts new changes introduced in crypto framework as part of 0cf4eef7. Type: fix fixes: 0cf4eef7 Change-Id: I41a17c9b340f54014c9d2ae21546ec39ccef3f43 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2025-01-08build: add vpp-crypto-engines to debian/control.inVratko Polak1-0/+8
Crypto engines have been moved into a new component, but the component needs Debian packaging information. Type: fix Fixes: 0cf4eef73a4c1bd2831a4618af50939a2aab01c6 Change-Id: I041284f91be4cdb16d5a4771b518dd99571efa99 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2025-01-08ipsec: fix spd fast path single match compare for ipv6Piotr Bronowski1-15/+91
Fast path match single compare (the last step of policy matching in spd fast path) is only implemented for IPv4 addresses. This change adds support to also do a single match on IPv6 addresses. Type: fix Change-Id: I5aeb6e1e9afccfd2b2082e26502c5b7e9a8b2d4c Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Vinayak Udandkar <vinayakx.udandkar@intel.com>
2025-01-08vcl: fix vls wrk index on forkFlorin Coras1-3/+6
Type: fix Change-Id: If634dac31fd54466428db0726ac441a1247985b8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2025-01-08build: allow to redefine max_lcores for DPDKVladimir Smirnov1-1/+9
In current versions of DPDK (at least as of 24.11), max amount of cores available determined at compile_time. Unless machine type 'native' is used, it is statically set per platform and for most of them equals to 128. Add a new option to allow user to redefine max amount of lcores available to DPDK. Type: make Change-Id: Ic4356e12ca75a5c84aeb3bee72de432a23aa6f8a Signed-off-by: Vladimir Smirnov <civil.over@gmail.com>
2025-01-08tests: reduce sleep interval in ikev2 sa rekey testIvan Ivanets8-5/+230
Type: test The sleep interval for this test is set to 0.1 seconds instead of the default 2 seconds. This change is necessary because the test verifies the expiration of old IPsec SAs (self.fail("old IPsec SA not expired")) within a strict timeframe. A longer sleep interval, such as 2 seconds, would significantly delay the loop iterations, reducing the granularity of checks for SA expiration and increasing the risk of false failures. By setting the sleep interval to 0.1 seconds: - The test can perform frequent checks for the status of IPsec SAs - It reduces the likelihood of the test prematurely failing Change-Id: I92ac3de0f33838620b51083d240043e62f37c490 Signed-off-by: Ivan Ivanets <iivanets@cisco.com>
2025-01-07vcl: support pre/post cb before mq waitFlorin Coras7-60/+284
Allow vls to register cb functions with vcl pre/post mq sleep. These can be used to drop/reacquire locks prior/after waiting on vcl mq events. This then allows multi-thread, as opposed to multi-worker, applications to share sessions between threads without deadlocking, e.g., multiple threads trying to read/write/close non-blocking sessions. Caveat: connects still need to be improved. Type: improvement Change-Id: I589aa9dfd0553b0fad54f02ed16c3cda9761a83d Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2025-01-07hs-test: cleanup nsim testFlorin Coras1-6/+0
After nsim fixes in gerrit 42052 echo tests with nsim should be stable with multiple workers and should no longer require a ping to work. Type: improvement Change-Id: Ice4b353153c57b547df60d21723fa8cf953ca5d0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2025-01-07vppinfra: fix float rounding in format functionPierre Pfister1-5/+6
The current VPP formating for floats tries to round number to the closest value (depending on the number of requested digits), but fails to do so when the last printed digit is 9 (because carries are hard...). This commits fixes this by adding 0.5 * 10^n_fraction_digits to the value and then ignoring digits past the printed ones. Note that when the number is exactly midway, like 9.5, the value is rounded up, as this seems to be the clib behavior as well. Type: fix Change-Id: I03ce04ea6a24b84eeffd548d3f7bd306c58ce36d Signed-off-by: Pierre Pfister <ppfister@cisco.com>