summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-12-02vhost: convert vhost device driver to a pluginSteven Luong14-25/+347
convert vhost device driver to a plugin as described in https://jira.fd.io/browse/VPP-2065 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
2022-12-02avf: support generic flowTing Xu8-52/+638
Support generic flow in native avf. Enable necessary RSS hash function for generic flow. Extend some structures and functions from for FDIR only to for both RSS and FDIR flows. Modify virtual channel message to align with ice kernel driver. Add functions to parse generic flow patterns. The parsing results will be delivered to the kernel driver and create corresponding flow rules. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
2022-12-01wireguard: add atomic mutexGabriel Oginski3-2/+19
The initiate handshake process can be called a numbers times for each peers, then the main VPP thread called by Wireguard starting to allocate memory. This behaviour can lead to out of memory when VPP has a lot of Wireguard tunnels concurrently. This fix add mutex to send only once handshake initiate at time for each peers. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
2022-11-30hsa: session rpc for echo client cli notificationsFlorin Coras1-7/+12
Also, use connected udp for builtin echo apps Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie24d7e97f4f27b67df9ceff3c268954485255c2d
2022-11-30stats: add boot time in stats segmentOle Troan2-1/+5
Write time into /sys/boottime on VPP start. This allows a stateless control plane agent to validate if it's reconnecting to the same VPP instance. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0 Signed-off-by: Ole Troan <ot@cisco.com>
2022-11-29udp: refactor port allocation and sharingFlorin Coras4-72/+28
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
2022-11-29session: transport endpt cleanup on owner threadFlorin Coras4-16/+83
Maintain a single writer multiple readers usage model for transport endpoints pool. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8555700ed725971341f145ea97f031042a298e83
2022-11-29wireguard: compute checksum for outer ipv6 headerArtem Glazychev3-11/+127
Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I477e92712e441c91789afdf9be389d967acfa799
2022-11-29stats: fix the memory leak in stat_client.cAndrew Yourtchenko1-0/+2
The issue can be reproduced by running "vpp_get_stats tightpoll" The root cause is that the control flow discards the "result" struct being prepared, along with pointer its allocated name. This results in a memory leak. Type: fix Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-29rdma: fix for-loop initialization in scalar pathJieqiang Wang1-20/+35
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution will fall into scalar path of processing packets. But with a wrong initialization value for n_left set to zero, i in the for-loop will equal to n_rx_packets. This leads to the bypass of required ip4 checksum validation and byte count endianness conversion in scalar path. Besides, refactor the code using while instead of for-loop to keep consistency with VPP code style. Type: fix Fixes: bf93670c515d ("rdma: fix ipv4 checksum check in rdma-input node") Signed-off-by: Lijian Zhang <lijian.zhang@arm.com> Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
2022-11-29ipsec: use correct reply messageVratko Polak2-1/+2
Type: fix Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6 Ticket: VPP-2068 Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-11-28vapi: write enumflag types to vapi headersMatthew Smith2-0/+15
Type: fix Fixes: a51f9b3747 Some IPsec message type definitions were not being written to ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and ipsec_sad_entry_add. The cause appears to be that tunnel_flags, which is defined in tunnel_types.api is a special case of enum called an enumflag. These do not appear to have been handled in the code that generates the vapi header files. This patch adds processing of enumflag objects for vapi. Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-11-28ipsec: remove redundant policy array in fast path spdPiotr Bronowski3-90/+178
Fast path spd was explicitely storing array of policy id vectors. This information was redundand, as this inofrmation is already stored in bihash table. This additional array was affecting performance when adding and removing fast path policies. The other place that needed refactoring after removing this array was cli command showing fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
2022-11-28udp: preallocate ports sparse vec mapFlorin Coras1-2/+80
Not ideal. The sparse vector used to map ports to next nodes assumes only a few ports are ever used. When udp transport is enabled this does not hold and, to make matters worse, ports are consumed in a random order. This can lead to a lot of slow updates to internal data structures which in turn can slow udp connection allocations until all ports are eventually consumed. Consequently, reallocate sparse vector, preallocate all ports and have them point to UDP_NO_NODE_SET. We could consider switching the sparse vector to a preallocated vector but that would increase memory consumption for vpp deployments that do not rely on host stack. For reference, populating one of the v4 or v6 sparse vectors in reverse order takes about 9.8s on a skylake cpu. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
2022-11-26hs-test: document host stack test frameworkMaros Ondrejicka4-9/+242
Type: docs Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I47d2794283a85a644448e60538f543644a0edfdc
2022-11-25interface: remove the pending interrupt from deleting interfaceMohsin Kazmi2-5/+16
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd
2022-11-25hs-test: auto register test actionsFilip Tehlar8-78/+62
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Icb5db6f69eda93181aba69b1f8676a73c0a4561b
2022-11-24sr: srv6 path tracing apiJulian Klaiber4-0/+160
Implements the API for SRv6 Path Tracing Type: feature Signed-off-by: Julian Klaiber <julian@klaiber.me> Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
2022-11-23gso: add gso documentationMohsin Kazmi4-0/+157
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84
2022-11-23vpp-swan: Fix segfault for multiple addressesTimur Celik1-2/+2
In order to loop over the list of `vl_api_ip_address_details_t`, increment the pointer by one instead of `i`. Type: fix Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7 Signed-off-by: Timur Celik <mail@timurcelik.de>
2022-11-23linux-cp: fix FIB_ENTRY_FLAG_ATTACHEDAlexander Skorichenko1-0/+10
Type: fix     Fib entries for attached routes when sourced from FIB_SOURCE_API or FIB_SOURCE_CLI get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source. Such a route added from linux-cp doesn't get this flag.     Fix this flag for linux-cp sources by passing it to the fib entry's update/create function in lcp_router_route_add(). Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
2022-11-22policer: adding documentationMaxime Peim14-4/+236
Type: docs Several kinds of policers are implemented in VPP. However, they could differ from the RFCs it is said they are from. Additionally, the CLI command's help has been updated with the current list of acceptable parameters. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
2022-11-22acl: fix set acl-plugin cli unformat free.Huawei LI1-1/+2
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
2022-11-21tests: add VCL Thru Host Stack TLS in interrupt modeFilip Tehlar1-0/+22
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7d5a9e9fedfc85bd7fad88f8eae1e46476ec0b7b
2022-11-21ipsec: improve ipsec policy adding performanceXiaoming Jiang1-19/+15
Type: improvement Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
2022-11-18tls: memory leak due to missing call to vnet_crypto_key_delSteven Luong1-1/+6
We add the crypto key to the vnet crypto library via vnet_crypto_key_add. However, when the session is disconnected, we don't call vnet_crypto_key_del and the memory is leaked in vnet_crypto library as well as in pico tls key store. It seems dispose crypto is the appropriate place to add vnet_crypto_key_del. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
2022-11-18ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns3-15/+53
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
2022-11-15session: add transport main structureFlorin Coras1-39/+37
Leave tp_vfts vector out for now. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f
2022-11-14crypto-ipsecmb: fix plugin crash in VirtualBoxMaros Ondrejicka2-1/+2
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec Multi-Buffer library checks for both AVX2 and BMI2 sets during init. VirtualBox VM doesn't provide BMI2 by default to guest operating system. Result is that VPP plugin decides to use AVX2 initialization and library then doesn't do it. Since flush_job remains empty, the self-check fails and with that the whole VPP crashes on start-up. Type: fix Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
2022-11-14hs-test: skip vcl reattach testFilip Tehlar1-0/+1
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I594ecc347f367887890a3182e7c24028bf9a7f50
2022-11-13build: fix lib install dir and add vat2 lib install when build rpm.Huawei LI1-6/+15
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I5ac557756ff2b3de13ce328a27ffdd289ab3173e
2022-11-11http: use safe pool reallocFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I572017433a1ba0f8576522f02138928e303e10ab
2022-11-11srtp: use safe pool reallocsFlorin Coras1-2/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I15fea1f90640ea54cafe3ea929e871ec6e86fc67
2022-11-11session: safe pools for cut-through sessionsFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6dd400285ae475974c416f9b94e8a5b4b6257ca1
2022-11-10session: reduce safe pool expand rateFlorin Coras1-2/+1
Make sure they only double in size. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33
2022-11-10misc: ignore clangd cache folderMaros Ondrejicka1-0/+1
Type: make Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: Id6ee2cbf3bf14083a470ef45ef1b6ff3ff8d03aa
2022-11-10linux-cp: fix lcp_itf_pair_create()'s memory leakluoyaozu1-0/+3
need free args.error if args.rv < 0 Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: I8ceebfc36f51798d8d1a8e4c41bec33d74344396
2022-11-10hs-test: add http client connect testFilip Tehlar5-36/+111
Type: test Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If705d311065e128b4b6df7d8d80910e4be72d3e6
2022-11-10http: support client connectFilip Tehlar6-53/+981
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0738c0aefb41ab6c0ff717cfccd1df75ddb481fa
2022-11-10nat: updating my maintainer email addressFilip Varga1-1/+1
Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: I1f5069df2dc743ecd1269e947dd375cb1b84970f
2022-11-09tests: initial asf framework refactoring for 'make test'Pratikshya Prasai45-47/+1907
Type: refactor Change-Id: I41455b759a5d302ad5c4247c13634c471e7d49a8 Signed-off-by: Pratikshya Prasai <pratikshyaprasai2112@gmail.com> Signed-off-by: Saima Yunus <yunus.saima.234@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-11-09sr: fix added for configuring vlan sub interface as iif interface in ↵ChinmayaAgarwal1-8/+0
End.AD.Flow localsid Type: fix Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com> Change-Id: Ifad23978b98c5e05d86f6254bfb65baa0b380436
2022-11-09acl: verify that src and dst have sane and same address familyAndrew Yourtchenko1-1/+5
API refactoring moved the address-family tag from rule level down to prefix level. This necessarily warrants the check that they are the same. Also, add a check that the address family is sane. Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-09ip: fix unformat_ip_address forcing version to IP4 for some IP6 addressesAndrew Yourtchenko2-18/+20
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether the address is ipv4 or ipv6 within unformat_ip_address - however, its logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified) will result in "true" result. This is probably not an issue for most of the cases (the unspecified address is quite rare), however if the unformat_ip_address is used as part of the prefix parsing, the ::/0 is a fairly often utilized construct, which gets parsed as 0.0.0.0 Solution: return the old logic, but use a temporary variable to avoid overwriting the target memory on failure. Type: fix Fixes: dd2f12ba6ab952d9d66f4d9ba89ffde6309b1ff2. Change-Id: I272f740dfdf07036cec68516e153f0701a53233d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-08policer: improvement show policer cli.Huawei LI1-3/+3
cli show policer's help info is not consistent with it's arguments. Type: improvement Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd
2022-11-07prom: fix stats vector leakFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I620447c9aa8606a125063cdd724bfe74f8a870f6
2022-11-07nat: fix per-vrf session bookkeepingJing Peng3-34/+26
Each NAT44 ED session has a per_vrf_sessions_index referencing an element in the thread-local vector per_vrf_sessions_vec. However this index can be possibly invalidated by vec_del1() in per_vrf_sessions_cleanup(), before a session is registered. Such a stale index can cause an assertion failure in function per_vrf_sessions_is_expired() when we use it to locate the per_vrf_sessions object. A possible sequence to reproduce is: 1. Create two NAT44 ED sessions s1, s2 so that two per_vrf_sessions are created: index 0: between VRF pair 10 and 11 (expired=0, ses_count=1) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s1->per_vrf_sessions_index == 0 s2->per_vrf_sessions_index == 1 2. Delete the first session via CLI, now the two per_vrf_sessions become: index 0: between VRF pair 10 and 11 (expired=0, ses_count=0) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s2->per_vrf_sessions_index == 1 3. Delete the VRF 11: index 0: between VRF pair 10 and 11 (expired=1, ses_count=0) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s2->per_vrf_sessions_index == 1 4. Create a new session s3 between VRF pair 20 and 21 so that the first per_vrf_sessions will be deleted: index 0: between VRF pair 20 and 21 (expired=0, ses_count=2) For the sessions we have: s2->per_vrf_sessions_index == 1 s3->per_vrf_sessions_index == 0 Here, note that the actual index of per_vrf_session is changed due to vec_del1(). The new session is added after the cleanup so it gets the correct index. But the index held by the existing session is not updated. 5. Trigger the fast path of the session s2. To achieve this, session s2 could be created in step 1 by ping -i20 -Iiface_in_vrf_10 1.1.1.1 and steps 2-4 should then be performed within the 20-second interval. This patch fixes this by changing per_vrf_sessions_vec to a pool so that indicies are kept intact. Type: fix Signed-off-by: Jing Peng <jing@meter.com> Change-Id: I4c08f9bfd50134bcb5f08e50ad61af2bddbcb645
2022-11-07nat: fix byte order error.Huawei LI1-6/+4
fix byte order error about the struct snat_address_t's member net. for example configurations: set interface ip table loop1 1 set interface ip addr loop1 10.10.10.2/24 nat44 add address 10.10.10.2 tenant-vrf 1 the snat address's net should be "as_u8 = {0xa, 0xa, 0xa, 0x0}", but now it's "as_u8 = {0x0, 0xa, 0xa, 0x2}" because of missing transition of byte order about the member net of snat_address_t. (gdb) p/x *snat_main->addresses $3 = {addr = {data = {0xa, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a0a, as_u8 = {0xa, 0xa, 0xa, 0x2}, as_u16 = {0xa0a, 0x20a}, as_u32 = 0x20a0a0a}, net = {data = {0x0, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a00, as_u8 = {0x0, 0xa, 0xa, 0x2}, as_u16 = {0xa00, 0x20a}, as_u32 = 0x20a0a00}, sw_if_index = 0x3, fib_index = 0x1,addr_len = 0x18} (gdb) Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I4f25f0639ae90a7f2e8715b44f825571283d994d
2022-11-06ip6-nd: set router flag on NA if appropriateMatthew Smith3-1/+19
Type: fix The router flag on a neighbor advertisement can be used by neighbors to detect that a router has changed to a host (RFC 4861 section 4.4). If a neighbor adds routes after receiving a router advertisement sent by VPP and subsequently receives a neighbor advertisement sent by VPP, it may remove any routes it added based on the RA if the NA does not have the router flag set. It appears that this is how windows behaves. When sending a neighbor advertisement, set the router flag if sending RAs is enabled on the interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d
2022-11-05ip6-nd: initialize radv_info->send_radv to 1Dave Barach1-0/+3
Otherwise, the newly configured interface will never send RADV's. See below. In the typical case, suppress = 0 and is_no = 0, which propagates the current value of radv->send_radv: radv_info->send_radv = (suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv; No other bit of code will set send_radv, at least in straightforward ways. Type:fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d