summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak6-82/+129
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-22nat: change nat44-ed test pool addressFilip Varga1-1/+1
NAT pool address overlaps with pg4 network 10.0.0.1/24 this is not desirable because of upcoming change [1]. This change uncovered configuration issue with hairpinning test that would fail because of already configured pg4 interface that shares subnet with nat pool address. Packets would incorectly end up in bad pg interface causing the test to fail. This patch changes nat pool address to 10.0.10.3 that doesn't belong to any of the subnets configured on pg interfaces in nat tests. [1] https://gerrit.fd.io/r/c/vpp/+/34441 Type: test Change-Id: I49e63dacbf0847116adbcf1954ff5defd833a657 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-11-22vlib: add virtual time supportBenoît Ganne14-76/+158
Type: feature Change-Id: Iabd76558e9c72ed8286cfeeb1fbaa4fde4832a90 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-11-22wireguard: add local variable in handshake processGabriel Oginski1-2/+4
Originally handshake process gets pointer to value of index peer. In the meantime this pointer can be invalid due to resize hash table for wireguard and passed poison value to another function. The fixes add local variable to keep index of peer instead of value from pointer. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I1b2535c44b4f987d19077c75c778aaa5ed71a457
2021-11-22gso: implement gso segementation copy with checksumMohsin Kazmi3-18/+240
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Iec9dacde170533ca16e8117787e62da8af69ae96
2021-11-22vlib: fix coverity warningKlement Sekera1-1/+1
Use correct signed type to allow testing for a failure (-1) from readlinkat(). Type: fix Fixes: 5714a49f14 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I06f1c8d91e907c151012ff9758c6b52caca4d625
2021-11-22dpdk: fix coverity warningKlement Sekera1-0/+2
Add a hint so that it's obvious that fall through in switch statement is intentional. Type: fix Fixes: 34c54dff5c Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I12271227424761fb89b03a390f626c2ab466472c
2021-11-22snort: fix coverity warningKlement Sekera1-2/+11
Add error handling for incomplete read. Type: fix Fixes: 839b1473e9 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibf1b2f633793510244ea1aa6af0902021aeb67ad
2021-11-22snort: fix coverity warningKlement Sekera1-2/+2
Add a cast to avoid coverity warning about potential integer underflow. Type: fix Fixes: 839b1473e9 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iae913e51c1e25aaeca6ce70438451c640d347383
2021-11-22vppinfra: annotate pool_dup() for asanBenoît Ganne1-22/+24
When using AddressSanitizer, pool objects are poisoned, but pool_dup() deep copy is ok. Type: fix Change-Id: Id801c4ab35666474a297d885c4b92878e44feab6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-11-22vppinfra: fix the memory leak while doing clib_bihash_freeHan Wu1-0/+1
Type: fix Signed-off-by: Han Wu <wuhan9084@163.com> Change-Id: I6ad3c313dcab5ed193c135676c1cebd0a141fea1
2021-11-22ipfix-export: support sending of ipv6 pktsPaul Atkins1-62/+176
The current code that sends ipfix packets assumes IPv4. Modify this so that it generates and sends packets based on whether the destination address is IPv4 or IPv6. Where code is common across multiple places pull it out into helper functions. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I216c6c4c1b58cacedca22019f74a38c64a368b7e
2021-11-22ipfix-export: Change exp to use ip_addressPaul Atkins8-73/+92
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific version. Modify the current code so that it writes into the v4 specific part of the address, i.e. we are not yet fully supporting IPv6. For the exporter configured via the original API (the one that is always in slot0) we will not support IPv6 addresses. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
2021-11-22ipfix-export: rename variables when building bufsPaul Atkins1-40/+40
Rename the local variables used when building ipfix export packets to make it clear that they are v4 specific variables. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I3a5a623aeb0b6f2b7fcdafb3fc19c500934c529b
2021-11-22ipfix-export: refactor params to the callback fnsPaul Atkins9-86/+46
When a new flow-report is created the caller provides 2 callback functions. These functions both take a pointer to the exporter, plus a pointer to the source and dest address. However the pointers to the address are not adding any value as these are always set to the src/dest addresses of the exporter (which is already being passed). Remove these parameters and leave the callback functions to get the addresses out of the exporter. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
2021-11-22ipfix-export: Add APIs to get/send buffersPaul Atkins3-0/+234
The ipfix exporter should be doing most of the work of building packets and sending them rather than leaving every client of the exporter to do all the work themselves. Start to move towards that by adding APIs to get and send buffers. Store the state of this in new per thread data on the report so that we can send with minimal use of atomics. We do need an atomic for the sequence number in the packet though as that contains the number of data_records sent for the 'stream', not just for a single core. As the state is stored on the flow_report_t the caller needs to know which report they are using, so add a field to the args struct used to create the report that is used to pass back the report index on success. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I222b98a3f0326b3b71b11e0866a8c9736bed6dc1
2021-11-22ipfix-export: add mutliple ipfix_exporters testsPaul Atkins1-0/+192
Now that we support multiple exporters add some basic tests to verify that we can create/delete multiple exporters and that the streaming commands work. Type: test Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I577f38440790080bfdcf87a8a6828da6cb6f1707
2021-11-22ipfix-export: add a new API to dump all exportersPaul Atkins2-1/+86
Add a new API to dump all the exporters. As the destination struct type is not the same as for the existing dump/details API no attempt is made to use the existing code to populate the structure. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I409f80285b107a530e0e4f3c6a047a803815a0ec
2021-11-22ipfix-export: support creating multiple exportersPaul Atkins4-45/+169
The existing api set_ipfix_exporter only allows for the creation of a single exporter. In some cases it is desirable to export data to multiple different destinations. Allow users to create multiple ipfix exporters to support this. Add a new api that allows for the creation of multiple exporters, and store them in a pool of exporters. The exporter created by the old API will always be in index 0 of the pool. Exporters created by the new API will be given the next available index in the pool, and will return this index to the API caller so that they can track the exporter they created. The collector_address is the key for the exporter, so changes can be made by doing a further call to the API with the same collector_address. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Id71c98cffcf8d141d890b40fb90a40b90a91d1d6
2021-11-22ipfix-export: refactor ipfix_exporter_t_handler fnPaul Atkins1-34/+34
Split this api handler into 2 parts. The first is the top level handler and the second is the internal helper function that does all the work. This is in preparation for having a similar API that allows multiple exporters to exist at the same time. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ibd4037682742f4c2f52b4cd1346d35fb2029461d
2021-11-22ipfix-export: pass an exp to flow_report_add_delPaul Atkins10-251/+209
Pass an ipfix_exporter to this function so that callers can choose which exporter they are modifying. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
2021-11-22ipfix-export: make stream fns exporter awarePaul Atkins1-18/+11
The functions that work on streams were getting the set of streams directly from flow_report_main. Modify them to take an ipfix_exporter as an argument, and then any processing they do is only for this exporter. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I32bd9a6ba32a15ec4d4ec9556a9b75f3d83fcd6e
2021-11-22ipfix-export: refactor fields in flow_report_mainPaul Atkins9-133/+183
Pull out the fields in flow_report_main_t that are specific to a single exporter and move them into a new structure that represents an exporter. Add a pool of exporters to flow_report_main_t and do a pool_get() to get the entry at index 0, so that the existing users of the code need only change the path at which they access the old fields and have no need to make further code changes. In functions that were accessing the fields that now make up the ipfix_exporter create a local var that points to the first (always valid) exporter and use this as the base for the fields rather than finding them from flow_report_main. This is in preparation for supporting multiple flow_exporters. Note that at the moment the code supports multiple 'streams' for a given exporter, where each stream has its own source port, domain id and template space. But all streams within an exporter have the same destination address, so this is not the same as multiple exporters. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
2021-11-19tls: add option to config additional segment sizeFlorin Coras2-4/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-11-19build: (opensuse) Revert build remove opensuse build infraLaszlo Kiraly6-3/+472
Added missing deps Removed Thumbleweed support Changed python2 to python3 Added Dockerfile for suse-leap build Type: make Change-Id: Ie73d2382a73ebc9d4475ace1a8f818fe38cf40c0 Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
2021-11-19fib: Don't use [midchain] adjacencies to change an interface's feature arcNeale Ranns30-301/+400
Type: fix Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface. Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node). rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive. There's also a fix in config string handling to: 1- prevent false sharing of strings when the end node of the arc is different. 2- call registered listeners when the end node is changed For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084
2021-11-19af_xdp: integrate with new tx infraarikachen3-31/+83
Type: improvement Signed-off-by: arikachen <eaglesora@gmail.com> Signed-off-by: Benoît Ganne <bganne@cisco.com> Change-Id: If8d57bcf033864935bd5e3a9912b2c1a7c712f44
2021-11-18af_xdp: introduce to netns apiarikachen7-10/+227
In some situation, we support to deploy vpp as per host and handler packet in container, so we use xdp to redirect the flow. Type: improvement Signed-off-by: arikachen <eaglesora@gmail.com> Change-Id: Iab42d6a0abb2b330a284d519018a90aff2fa4371
2021-11-18session: deprecate mq segments basevaFlorin Coras2-15/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5b6cb8dd9db7e003a470ca4aeb8472fa7cb9a128
2021-11-18session: improve wrk mq segment allocationFlorin Coras3-53/+62
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9e5438a2f82762aa8a88bbacf4290151ef30969e
2021-11-18ip: comparing IP prefixes should not modify themNeale Ranns5-13/+40
Type: improvement make the ip_prefix_cmp take const paramenters. plus some other miscellaneous functions. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
2021-11-17session: fix state check in switch poolFlorin Coras1-3/+3
This affect udp only Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5e05e9c77b733b9e10c14cc9ef610c9bff216fa0
2021-11-17session: support close during migrationFlorin Coras2-9/+41
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ife1e046b62bb0679419fd1346e973d0e3ea55489
2021-11-17session: try to coalesce ct accept rpcsFlorin Coras1-7/+44
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I11de851949afd90a37c102ed0c00969a4cc73df4
2021-11-17ip6: ip6_not_enabled_node is a sibling of ip6-dropPaul Atkins1-6/+2
The node ip6_not_enabled should be marked as sibling of ip6-drop as both are start nodes of the ip6-drop arc. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
2021-11-17ipfix-export: remove unused code in flow_report.hPaul Atkins1-2/+0
There are no implementations for this function so remove it. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I793b015ea1657edd1de719c2a574799aeb8b74d5
2021-11-17ipfix-export: tidy code style in flow_report.cPaul Atkins1-46/+46
Indent sections of code properly in vec_foreach loops. Type: style Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I90183ace164df753f3f47b6c4a6305ded21d744d
2021-11-17ipfix-export: set msg id correctly for dump msgPaul Atkins1-1/+2
When sending the reply to the VL_API_IPFIX_EXPORTER_DUMP message the message id has to be added to the message base. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I9565be7887046739b5f309e021f34ed75c9e370e
2021-11-17misc: Volunteer as maintainer for ipfix-exportPaul Atkins1-0/+1
Type: improvement I volunteer myself as another maintainer of the ipfix-export code. Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I1d0b7f1d426447cb6b52a7b4c4fdcd8b73bc122e
2021-11-17nat: VPP crashes when route is not reachableDaniel Béreš1-0/+3
The problem was reproducible only with icmp packet type when det44 in, out interfaces were swapped. Dst addr was unknown but packet has been forwarded. Type: fix Ticket: VPP-1958 Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech> Change-Id: Ie446cf2ac866955cc668fe2848f954a2ef92e3fa
2021-11-17nat: det44 plugin session scavenging fixFilip Varga1-15/+27
det44 plugin process node would only run once on the first plugin enable call. this patch ads the required calls into while loop in the process node funciton. Type: fix Change-Id: I38c94b29fd1e2c842a1330e8628e3019f23f2b69 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-11-17misc: Add maintainer entry for ipfix-exportPaul Atkins1-0/+5
Type: improvement Add Ole as a maintainer for the ipfix-export code Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I659292666d32cd223dfa31e00c7b5d005d1fbad5
2021-11-16vlib: fix coverity warningKlement Sekera1-1/+0
Remove now unused computation result. Type: fix Fixes: 3f8b8d30cade20afa8975a5e7a6d79346cec8f3e Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iea142cb044d31e364fdc5b8b6dd69681e77d745f
2021-11-16build: upgrade to enchant-2Dave Wallace1-9/+9
- Remove enchant from RPM builds since docs are generated on ubuntu-20.04 in CI jobs. - Clean up DEB_DEPENDS copy-pasta - Add clang-11 for newest Ubuntu/Debian OS variants Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I802f0b356bd412dbc23ee98d209f7cc3ab24ba4c
2021-11-16docs: consume fd.io version listNathan Skrzypczak2-6/+35
Type: feature This adds a version snippet in the vpp docs, based on a json description fetched from fd.io/vpp_versions.json This relies on https://github.com/FDio/site/pull/108 being merged Change-Id: I6dd22f09927841aef96011ed57af2cbdc5d409f5 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-16perfmon: fix coverity warningKlement Sekera1-2/+9
Check for possible hash lookup failure to avoid NULL dereference. Type: fix Fixes: e15c999c30 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib806b4d124be26fbccf36fe9d19af1aec63f487b
2021-11-16build: Remove ubuntu-18.04 install dependenciesDave Wallace1-6/+2
- Per agreement at VPP community meeting, end support for ubuntu-18.04 Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I20ae1531e571ba0aad233d47c2e5b73ee3f964b6
2021-11-16session: add per worker ct contextFlorin Coras1-26/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie20dc1e369735965bd780f04cd8703c099065fcc
2021-11-16vapi: verify message size when receivedKlement Sekera3-18/+51
Verifying message size including VLA size allows to dismiss some coverity warnings in generated code. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I824658881254b3e7a9bfca228a266cfee448cc2e
2021-11-15docs: add jira linkNathan Skrzypczak1-0/+2
Type: improvement Change-Id: I9c53ff39e6d064437b5a2fdc29ecc2301b5cbd16 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>