summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-06-29tests: add ipsec flow performance unit testPiotr Bronowski1-0/+309
This patch adds performacne and functional tests for ip4 outbound traffic policy matching. Test setup is configurable in startup.conf and though the test parameters. Cache, fast path, fast path burst mode can be enabled and disabled, and performance for different lookup setup can be measured. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
2022-06-29ipsec: show fast path flag in cliFan Zhang1-8/+27
This patch updates the "show ipsec spd" cli to display policies maintained by fast path bihash table. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
2022-06-29ipsec: add fast path configuration parserPiotr Bronowski1-2/+19
Parser can be configured from the level of startup.conf file: fast path can be enabled and disabled. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
2022-06-29ipsec: add spd fast path matchingPiotr Bronowski3-0/+584
This patch adds matching functionality for spd fast path policy matching. Fast path matching has been introduced for outbound traffic only. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
2022-06-29ipsec: make match function inlinePiotr Bronowski2-145/+171
This patch introduces ipsec_output.h file. Matching implementation is moved there. The reason behind is the possibility of unit testing matching mechanism. Therefore we need to have functions that are in scope of our intrest there and since these are inline their implementation needs to be moved to the header file as well. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444
2022-06-29ipsec: add/delete ipsec fast path policyPiotr Bronowski6-59/+717
This patch introduces functions to add and delete fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
2022-06-28session: fix connected udp acceptsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0963bae4b56b08c0a9ab4ee1f2738013217e1fb7
2022-06-28session quic: allow custom config of rx mqs seg sizeFlorin Coras2-3/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Idc0fdebfea29c241d8a36128241ccec03eace5fd
2022-06-28docs: fix broken linksPratikshya Prasai1-11/+11
Type: docs Signed-off-by: Pratikshya Prasai <pratikshyaprasai2112@gmail.com> Change-Id: I729de9e18624c63a72ec415a05c55617cb360c47
2022-06-28ipsec: introduce spd fast path typesPiotr Bronowski1-0/+63
This patch introdcues basic types supporting fast path lookup. Fast path performs policy matching with use of hash lookup (particularly bihash tries has been used for that purpose). Fast path lookup addresses situation where huge number of policies is created (~100k or more). In such scenario adding/removing a policy and policy matching is not efficient and poorly scales (for example adding 500k policies takes a few hours. Also lookup time increases significantly). With fast path adding and matching up to 1M flows scales up linearly (adding 1M of policies takes about 150s on the test machine vs many hours in case of original implementation, also matching time is significantly improved). Fast path will not deal well with a huge number of policies that are spanning large ip/port ranges. Large range will be masked out almost entirely leaving only a few bits for calculating the hash key. Such keys will tend to gather much more policies than other keys and hash will match most of the packets anihilating advantages of hashing. Having said that we also think that it is not the real life scenario. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I600dae5111a37768ed4b23aa18426e66bbf7b529
2022-06-28ipsec: change wildcard value for any protocol of spd policyPiotr Bronowski13-79/+321
Currently 0 has been used as the wildcard representing ANY type of protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore it should not be used as a wildcard. Instead 255 is used which is guaranteed by IANA to be reserved and not used as a protocol id. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
2022-06-17quic:fix crash rx_fifo full or growfanxb1-0/+16
if when the rx_fifo grows, svm_fifo_enqueue() return -4, stream_data->app_rx_data_len += rlen type conversion occurs, Finally,stream->recvstate.data_off calculation is wrong. Type:fix Signed-off-by: fanxb <fxb_mail@163.com> Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
2022-06-15stats: fix prometheus exporter crash on large number of FIB entriesAlexander Chernavin1-2/+2
Type: fix Currently, prometheus exporter may crash because of memory exhaustion when dumps metrics if the FIB contains large number of routes. With this fix, increase memory size for prometheus exporter to be able to handle large number of FIB entries. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ia2b9a665368883c87448deee9bcf8d2ac1168357
2022-06-14docs: fix spelling errorsDave Wallace2-1/+5
- also add docs-spell to checkstyle-all make target Type: fix Fixes: 5f6422db9 Change-Id: I8e9d7d17a03ee7b55f4e1785983459c43af267f7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-06-14ip: reassembly - Add node level stats, fix customapp behaviorVijayabhaskar Katamreddy2-16/+77
Type: fix Added stats for success and failure cases Fixed Custom app behaviors for the error / drop cases Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
2022-06-13build: update makefile for ubuntu 22.04 docker executorsSaima Yunus1-2/+9
* apt '—force-yes' is deprecated in the version of apt in Ubuntu 22.04 * several Ubuntu-22.04-specific packages (e.g. python3-virtualenv, libssl-dev, clang clang-format-11) are needed in the current VPP installation as well Type: fix Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com> Change-Id: I96ead90152f692233da812cdc853792bedb47c3c
2022-06-13docs: cleaning up VPP documents by deleting unnecessary info.Saima Yunus2-2/+111
- cleaned up the 'build/run VPP' docs Type: docs Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com> Change-Id: I9dbddbe1932804b8d507cb2f1631cd7116e59072
2022-06-13rdma: bump to rdma-core 41.0Benoît Ganne1-2/+2
Type: improvement Change-Id: Ifdbb879d3018996c09f0caf55df11038ead173a2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-13dpdk: add support allow/block scan mode for vmbus devXiaoming Jiang1-0/+76
Type: improvement Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Id3f45968cd24f53350dce365b2cc9b3191ec836f
2022-06-10vcl: fix iperf3 server crash issue when it runs over vpp host stack.Liangxing Wang2-1/+19
Issue: Let iperf3 server run via ldp and vcl on top of vpp's host stack. If iperf3 client connects this iperf3 server with tcp MSS setting option, iperf3 server will always crash. Root cause: When MSS option is specified by iperf3 client, iperf3 server will recreate the listening socket firstly, then call setsockopt() to set MSS immediately. Iperf3 code can be referred here: https://github.com/esnet/iperf/blob/58332f8154e2140e40a6e0ea060a418138291718/src/iperf_tcp.c#L186. However, in vcl layer vpp_evt_q of this recreated session is not allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access. Fix: Add session vpp_evt_q null pointer check in vcl_session_transport_attr(). Add a vcl test case for this MSS option scenario. Type: fix Signed-off-by: Liangxing Wang <liangxing.wang@arm.com> Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7
2022-06-10vppinfra: fix bihash_8_16 entry format functionBenoît Ganne1-2/+1
Type: fix Change-Id: I1e8655baaf09b455f7f0052452402a372f738d0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-10hsa: allow first segments larger than 4g for proxyFlorin Coras2-14/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9c502a491ff56806a2e631f7a4c18903a2e93ab2
2022-06-10ip: improve ip ACL tracesBenoît Ganne3-10/+26
Type: improvement Change-Id: I85c73cb940d81d0b249eda0d57de135bcd798418 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-09vppinfra: missing __clib_export for clib_pmalloc_alloc_alignedDamjan Marion1-2/+2
Type: improvement Change-Id: I7489327d8b9c5f69b4ceb2159456f00f8a3612df Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-06-08udp: add cli to dump registered portsBenoît Ganne1-0/+93
Type: improvement Change-Id: Ic949e3136a7cf27011d098a50e91920f83226ea9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-08wireguard: increment interface RX countersMatthew Smith1-0/+15
Type: improvement When packets were received and processed successfully, increment the byte/packet counters for the tunnel interface. Change-Id: I42855607ac6916de641be42aac86c9942cc97140 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-06-07classify: fix sesssion details apiNathan Skrzypczak1-1/+1
We were not allocating space for the variable length payload in the response message. Type: fix Change-Id: I345102f4555f66c5632ab0882ca1dd178e98eb7b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-06-07vlib: fix crash on packet on deleted interfacePim van Pelt1-3/+6
If ip4_neighbor_probe (or any other) is sending packet to a deleted interface, ASSERT trips and dataplane crashes. Example: create loopback interface instance 0 set interface ip address loop0 10.0.0.1/32 set interface state GigabitEthernet3/0/1 up set interface state loop0 up set interface state loop0 down set interface ip address del loop0 10.0.0.1/32 delete loopback interface intfc loop0 set interface state GigabitEthernet3/0/1 down set interface state GigabitEthernet3/0/1 up comment { the following crashes VPP } set interface state GigabitEthernet3/0/1 down This sequence reliably crashes VPP: (gdb)p n->name $4 = (u8 *) 0x7fff82b47578 "interface-3-output-deleted” If the interface doesn't exist, return ~0 and be tolerant of this in the two call sites of counter_index() Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I90ec58fc0d14b20c9822703fe914f2ce89acb18d
2022-06-07sr: SRv6 TEF behavior supportAhmed Abdelsalam3-3/+87
Adding support for the SRv6 TEF (Timestamp, Encapsulation and Forward) behavior defined in draft-filsfils-spring-path-tracing (https://datatracker.ietf.org/doc/draft-filsfils-spring-path-tracing/). Type: feature Change-Id: I7f38b593147daf8d27af9c983448cf82947e5bed Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
2022-06-05wireguard: fix crash by not sending arp via wg interfaceAlexander Chernavin3-9/+63
Type: fix Currently, neighbor adjacencies on a wg interface are converted into a midchain only if one of the peers has a matching allowed prefix configured. If create a route that goes through a wg interface but the next-hop address does not match any allowed prefixes, an ARP/ND request will try to be sent via the wg interface to resolve the next-hop address when matching traffic occurs. And sending an ARP request will cause VPP to crash while copying hardware address of the wg interface which is NULL. Sending an ND message will not cause VPP to crash but the error logged will be unclear (no source address). With this fix, convert all neighbor adjacencies on a wg interface into a midchain and update tests to cover the case. If there is no matching allowed prefix configured, traffic going such routes will be dropped because of "Peer error". No changes if there is matching allowed prefix configured. Also, fix getting peer by adjacency index. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd
2022-06-03hsa: dealloc proxy fifos on right threadFlorin Coras2-1/+46
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia66c12e1da126d0d8d101b645e6dc8454c3826d6
2022-06-03hsa: refactor proxy session lookup and cleanupFlorin Coras2-103/+52
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic68627bbca676cc78b0be05bc1fa0f386f5d27fa
2022-06-03session: fix double free in CLIFilip Tehlar1-7/+2
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I646ac946d0b07929dfdd1966a4f4a3b697768040
2022-06-02ipfix-export: Fix frame leak in flow_report_process_send()Jon Loeliger1-1/+9
The flow_report_process_send() function always allocates a frame. However, when no template_send is needed, template_bi is ~0. When this happens, no vectors are placed in the frame. When the frame is then "put", a check for n_vectors == 0 prevents the frame from actually being placed back on the free list. Fix that by using a direct call to vlib_frame_free() when there are no frame vctors. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
2022-06-01session: make sure fifos are freed on right threadFlorin Coras1-0/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c573641bd95fe899823b66f6c59a2525a18d293
2022-06-01stats: swap used and total statsLeland Krych1-2/+2
Type: fix reported stats seem to have mixed up used and total counters Signed-off-by: Leland Krych <leland.krych@gmail.com> Change-Id: I221c7b114c0da2ed53171d7f047a4bda07ee6cb2
2022-06-01papi: vpp_serializer.py - replace slow bytes() with fast bytearray()Viktor Velichkin1-8/+8
https://docs.python.org/3/library/stdtypes.html "if concatenating bytes objects, you can similarly use bytes.join() or io.BytesIO, or you can do in-place concatenation with a bytearray object. bytearray objects are mutable and have an efficient overallocation mechanism" Type: improvement Signed-off-by: Viktor Velichkin <avisom@yandex.ru> Change-Id: Id20d337f909cce83fcd9e08e8049bb0bf5970fbc
2022-06-01vlib: add VLIB_NUM_WORKERS_CHANGE_FN() handlerDamjan Marion4-10/+15
Allows features to update their data structures after change in number of worker threads. Type: improvement Change-Id: Icd4d197e28608f5bbb1edd13eb624cd98e33cafe Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-06-01ip: unformat_ip_address should no modify its argument on failureBenoît Ganne2-16/+18
When failing to match an ip address, we should not reset the ip address that could have been initialized by a previous match. Type: fix Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-05-31nat: disable nat44-ei-in2out-output ttl checkAlexander Skorichenko1-3/+3
Type: fix A packet passing through nat44-ei-in2out-output, has its ttl value validated in earlier nodes. "ip4-input" node checks ttl for locally generated packets. "ip4-rewrite" node validates ttl in forwarded packets. Thus for example, the ED counterpart disables ttl checks in its "nat44-ed-in2out-output" node. This patch updates nat44 EI conditions for ttl checks to those currently used in nat44 ED case, meaning no extra ttl validation for in2out when output-feature is enabled. Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
2022-05-30vppapigen: fix make go-api for go1.18Nathan Skrzypczak1-58/+71
This patch updates the go-api-files logic for supporting go1.18. Notable changes are that `go get ...` changed to `go install` and that we need to bump the govpp binapigen version to integrate a go1.18 fix. This patch also simplifies the cli execution syntax Type: fix Change-Id: I1d8aac65490fe3ea4c1965a4775b6bf8d5c05d26 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-05-27build: add python3-pip dependencySaima Yunus1-1/+1
- python3 pip module is missing on a new Ubuntu installation Type: fix Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com> Change-Id: I5a9886cd5f9226dc0a968c2f70a7c436a06ddf50
2022-05-27ip: reassembly - Fixing buffer leaks, corruption in v6 reasmVijayabhaskar Katamreddy2-42/+117
Type: fix *Buffer leaks and corruptions during internal errors, either overriding or missing to add the buffer to the list Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
2022-05-26ip: reassembly - pacing reassembly timeouts for v6Vijayabhaskar Katamreddy1-9/+35
Type: fix Pace the main thread activity for reassembly timeouts, to avoid barrier syncs Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
2022-05-25docs: update spelling word list and fix typosDave Wallace4-727/+740
- update wordlist and fix typos so that 'make docs-spell' passes - sort spelling_wordlist.txt - update docs maintainers list Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
2022-05-25misc: Initial 22.10-rc0 commitv22.10-rc0Andrew Yourtchenko2-1/+1
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia1f2a8006edb8e57545a04a16edfb9704c3e904e
2022-05-24docs: make docs build incrementalNathan Skrzypczak5-51/+69
This patch makes the `make docs` directive incremental avoiding re-running the siphon when the source hasn't changed, and leveraging sphinx internal cache. It adds a `make rebuild-docs` directive for cases where this caching logic might break, e.g. in CI. The virtualenv doesn't also get recreated on each build, which might be enough when writing docs, provided automated process leverage its rebuild counterpart. Type: improvement Change-Id: Ie90de3adebeed017b249cad81c6c160719f71e8d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-05-24tests: fix ipsec sdp cases with parrallel jobTianyu Li2-10/+10
Serveral IPSec SPD cases re-use the same test class name, leads to test error when do parrallel test with TEST_JOBS=16, change the test class names to unique values. Type: fix Fixes: 7cd35f5d688d9e3bddf66602655274dae944b086 Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: Ia5768654ddb6274531222761cc82b226d97325a9
2022-05-24tests: fix default failed dir settingKlement Sekera2-8/+7
When running tests via run.sh, default setting of None would cause failed directory symlink to appear in vpp workspace with an ugly name. This patch places the symlink in temporary directory. Type: fix Fixes: b23ffd7ef216463c35b75c831e6a27e58971f4ec Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ic1715eba7ac1f82f71855e2aeb9b659d27bbb3af
2022-05-24devices: add af-packet v3 apiMohsin Kazmi2-0/+114
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I4679acbe4fd4400d57c0a79b0a6c74c8f1639703