summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-10-05ip: reassembly - custom context instead of VRFMohammed Hawari2-40/+137
Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05ip: reassembly - custom context of ipv6Mohammed Hawari2-26/+129
Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05build: change make verify gate os to ubuntu 22.04Dave Wallace1-2/+3
- Also fix log output to remove hardcoded compiler version Type: make Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-04rdma: unhackish build of rdma-coreMohammed Hawari4-26/+11
Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-04build: mlx dpdk-rdma compatibility matrixMohammed Hawari5-4/+16
- Verify mlx_rdma_dpdk_matrix.txt versions, build MLX drivers in dpdk if the versions match. Also output version comparison results to a file for CI job to send notification email when the versions do not match. Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-10-03tcp: replace tcp_time_now with tcp_time_now_usSteven Luong2-29/+30
It looks like tcp_time_now has been deprecated for a while and the replacement is tcp_time_now_us Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64
2022-10-03sr: new messages created to return packet statistics in sr localsid detailsChinmayaAgarwal2-0/+98
Type: improvement Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com> Change-Id: I27d5981a77d4166a92db9ecf73d9b0eed962ec19
2022-09-30fib: fix dpo-receive address in ip6-ll fibsVladislav Grishenko2-2/+9
Need to fill frp_addr for local path, it's used by dpo-receive. If not, address output can be invalid: $ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128 IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ] fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2 IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active, path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[] path:[82] pl-index:72 ip6 weight=1 pref=0 receive: oper-flags:resolved, cfg-flags:local,glean, [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 forwarding: unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]] [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 Type: fix Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-30udp: add udp encap source port entropy supportVladislav Grishenko9-41/+355
Encode entropy value in UDP source port when requested per RFC 7510. CLI already has "src-port-is-entropy", use zero UDP source port in API to avoid breaking changes, since zero port is not something to be used in wild. Also, mark UDP encapsualtion API as mp-safe as already done for CLI. Type: feature Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-29gso: clear the offload flags from segmented buffersMohsin Kazmi1-0/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2901628d23f9b81edb32d0ced3877e5799a6cec7
2022-09-29api: deprecate vl_msg_api_set_handlersDamjan Marion12-116/+168
Type: refactor Change-Id: I7b7ca9ec62cb70243c5b7e87968eab1338d67ec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-28vpp-swan: Add scripts for testingGabriel Oginski12-0/+409
Added scripts to reparing setups for testing To prepare and run containers: sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers To prepare setups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh config To clean-up settups: sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean To deleted all containers and images in Docker: sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
2022-09-28vpp-swan: Add plugin for vpp-swanGabriel Oginski13-0/+3713
Added plugin vpp-swan is a plugin that helps offloading Strongswan IPsec ESP process from Linux Kernel to VPP. Type: feature Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
2022-09-28tests: stabilize wireguard ratelimiting testAlexander Chernavin1-29/+13
Type: test "test_wg_handshake_ratelimiting_multi_peer" has been unstable recently because the test strongly relies on execution speed. Currently, the test triggers ratelimiting for peer 1 and sends handshake initiations from peer 1 and 2 mixed up. After that, the test expects that all handshake initiations for peer 1 are ratelimited and a handshake response for peer 2 is received. Ratelimiting is based on the token bucket algorithm. The more time passes between triggering ratelimiting for peer 1 and sending a mixture of handshake initiations from peer 1 and 2, the more tokens will be added into the bucket for peer 1. Depending on delays between these steps, the number of tokens might be enough to process handshake initiations from peer 1 while they are expected to be rejected due to ratelimiting. With this change, these two steps are combined into one and the logic modified. The test triggers ratelimiting for both peer 1 and 2. Packets that trigger ratelimiting and that are to be rejected are sent in one batch that is going to reduce delays between packet processing. Also, verify that number of rejected handshake messages is in expected range instead of verifying the exact number as it still may slightly vary. Also, this should finish making the wireguard tests stable on Ubuntu 22.04 and Debian 11. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802
2022-09-28af_xdp: change RLIMIT_MEMLOCK before load bpf programChen Yahui1-0/+7
default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or load complex bpf program, libbpf will return permission error. root cause is default 64 is not large enough. So we change it before load bpf program. Type: fix Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105 Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
2022-09-27tests: enable ipsec-esp 'make test' testcases on ubuntu-22.04Dave Wallace2-59/+1
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I016fd169813e369208089df122477152aaf9ffc2
2022-09-27wireguard: stop sending handshakes when wg intf is downAlexander Chernavin2-4/+199
Type: fix Currently, when a wg interface is administratively disabled initially or during operation, handshake packets continue to be sent. Data packets stop being sent because routes pointing to the wg interface will not be used. But data keys remain. With this fix, when a wg interface is administratively disabled during peer creation, avoid connection initialization to the peer. Data keys and timers should be empty at this point. When a wg interface is disabled during operation, disable all peers (i.e. stop all timers, clear data keys, etc.). Thus, state should be identical in both cases. When a wg interface is administratively enabled, enable all peers (i.e. get ready to exchange data packets and initiate a connection). Also, cover these scenarios with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
2022-09-27crypto-openssl: use no padding for encrypt/decryptVladimir Ratnikov1-6/+1
Internaly, vpp uses it's own padding, so all the data is padded using blocksize in /src/vnet/ipsec/ipsec.c Openssl should add it's own padding, but the data is already padded. So on decrypt stage when padding should be removed, it can't be done. And it produces error `bad decrypt` Previous versions of openSSL decrypted data almost at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex and produced the same error, but data was already decrypted. Now it's not, so some algorithms could have some problems with it PS. openSSL 3.x.x Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: If715a80228548b4e588cee222968d9da9024c438
2022-09-27af_xdp: compile error undeclared identifier 'SOL_XDP'Chen Yahui1-0/+3
Type: fix Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com> Change-Id: Ia447420f692f1487d343886845d648d766e43c27 Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
2022-09-27vnet: fix ip4 version and IHL checkDmitry Valter2-3/+11
Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
2022-09-27wireguard: fix re-handshake timer when response sentAlexander Chernavin2-23/+48
Type: fix As per the protocol: A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms, if a response has not been received... Currently, if retransmit handshake timer is started, it will trigger after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake initiation via wg_send_handshake() given that no responses have been received. wg_send_handshake() will verify that time stored in REKEY_TIMEOUT has passed since last handshake initiation sending and if has, will send a handshake initiation. Time when a handshake initiation was last sent is stored in last_sent_handshake. The problem is that last_sent_handshake is not only updated in wg_send_handshake() when sending handshake initiations but also in wg_send_handshake_response() when sending handshake responses. When retransmit handshake timer triggers and a handshake response has been sent recently, a handshake initiation will not be sent because for wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT has not passed yet. Also, the timer will not be restarted. wg_send_handshake_response() must not update last_sent_handshake, because this time is used only when sending handshake intitiations. And the protocol does not say that handshake initiation retransmission and handshake response sending (i.e. replying to authenticated handshake initiations) must coordinate. With this fix, stop updating last_sent_handshake in wg_send_handshake_response(). Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds and did not receive any handshake initiations. Then they fail. Also, long-running tests that send wrong packets and do not expect anything in reply may now receive handshake intiations, consider them as replies to the wrond packets, and fail. Those are updated to filter out handshake initiations in such verifications. Moreover, after sending wrong packets, error counters are already inspected there to confirm packet processing was unsuccessful. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6
2022-09-27vcl: repatch "align the RST behaviour with kernel"Yacan Liu1-1/+1
The previous patch[37164] was a bit flawed. Type: fix Signed-off-by: Yacan Liu <liuyacan@corp.netease.com> Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667
2022-09-27tests: disable failing tests on ubuntu-22.04 debian-11Dave Wallace11-8/+116
Type: test Change-Id: I7b2314a731c83b3dcd69c999edb8ebed53839724 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-09-26api: replace print functions wth formatDamjan Marion39-301/+201
Type: improvement Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-26api: keep api common code in vlibapiDamjan Marion8-22/+18
Type: refactor Change-Id: I6edbff9a02fcb3c592ccfe8f47ddb3f848be1b6d Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-23bfd: add tracing support to bfd-processKlement Sekera5-104/+162
Outgoing packets can be now traced via: trace add bfd-process <count> Type: improvement Change-Id: Ia19af6054289b18f55e518dbea251a2bee9b9457 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2022-09-21ipsec: introduce fast path ipv6 inbound matchingPiotr Bronowski5-95/+274
This patch introduces fast path matching for inbound traffic ipv6. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve the perfromance. Type: feature Change-Id: Iaef6638033666ad6eb028ffe0c8a4f4374451753 Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
2022-09-21misc: Initial 23.02-rc0 commitv23.02-rc0Andrew Yourtchenko2-1/+1
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ie89d68ea4e462dfd7276a75f420268f15394258d
2022-09-20docs: enhance install vpp docsfatelei3-34/+51
Type: docs Change-Id: Ic1439ce658d9d53208b29d85440a6cc225ed5b74 Signed-off-by: fatelei <fatelei@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-09-20nat: adding docs for nat44-ed sub pluginFilip Varga4-0/+734
Type: docs Change-Id: Icfa2bdc9367f8438b53da7c89caec263ed6ab056 Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-09-20fib: add cli support for explicit link typeBenoît Ganne1-0/+12
This adds the ability to specify we want an IPv4 route via an IPv6 adj and vice-versa. Type: improvement Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-20arp: check for manually added proxy-arp entriesBenoît Ganne1-1/+1
When manually adding neighbor entries for proxy-arp, those will be fib-adj entries. Check for proxy-arp instead of dropping immediately. Type: improvement Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-20misc: experimental script to get the list of the reviewers for a commitAndrew Yourtchenko1-0/+240
The script accepts zero or one argument (the commit hash), and outputs the detected components, the component maintainers, and the final suggested reviewer list. See the script for the example output. Change-Id: Ief671fe837c6201bb11fd05d02af881822b0bb33 Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-20packetforge: add packetforge for generic flow to extrasTing Xu98-0/+4330
Add a new tool packetforge to extras. This tool is to support generic flow. Packetforge is a library to translate naming or json profile format flow pattern to the required input of generic flow, i.e. spec and mask. Using python script flow_create.py, it can add and enable a new flow rule for an interface via flow VAPI, and can delete an existed flow rule as well. Command examples are shown below. Json profile examples can be found in ./parsegraph/samples. Naming format input: python flow_create.py --add -p "mac()/ipv4(src=1.1.1.1,dst=2.2.2.2)/udp()" -a "redirect-to-queue 3" -i 1 python flow_create.py --del -i 1 -I 0 Json profile format input: python flow_create.py -f "./flow_rule_examples/mac_ipv4.json" -i 1 With this command, flow rule can be added or deleted, and the flow entry can be listed with "show flow entry" command in VPP CLI. Packetforge is based on a parsegraph. The parsegraph can be built by users. A Spec can be found in ./parsegraph as guidance. More details about packetforge are in README file. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ia9f539741c5dca27ff236f2bcc493c5dd48c0df1
2022-09-20vcl: align the RST behaviour with kernelYacan Liu1-1/+13
When ESTABLISHED TCP connection is terminated by an RST packet, EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) + EPOLLRDHUP(if requested). libevent will interpret the two cases as different EV combinations. Below is the code snippet for libevent v2.12: if (what & EPOLLERR) { ev = EV_READ | EV_WRITE; } else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) { ev = EV_READ | EV_WRITE; } else { if (what & EPOLLIN) ev |= EV_READ; if (what & EPOLLOUT) ev |= EV_WRITE; if (what & EPOLLRDHUP) ev |= EV_CLOSED; } Type: fix Signed-off-by: Yacan Liu <liuyacan@corp.netease.com> Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05
2022-09-20tests: run tests against a running VPPNaveen Joy4-12/+291
Usage: test/run.py -r -t {test_filter} Instead of starting a new instance of VPP, when the -r argument is provided, test is run against a running VPP instance. Optionally, one can also set the VPP socket directory using the -d argument. The default location for socket files is /var/run/user/${uid}/vpp and /var/run/vpp if VPP is started as root. Type: improvement Change-Id: I05e57a067fcb90fb49973f8159fc17925b741f1a Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-09-19misc: add test framework for host stackFilip Tehlar27-0/+1974
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I5a64a2c095cae3a4d5f8fdc73e624b010339ec8e
2022-09-19cnat: coverity fixNathan Skrzypczak1-0/+4
Type: fix Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-09-19tests: skip tests failing on ubuntu 22.04Dave Wallace4-2/+87
Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I218059de5d05680d661f302293475b6c2a7bf81d
2022-09-19igmp: validate ip router alert option lengthVladislav Grishenko2-15/+50
It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
2022-09-19abf: add API parameter n_paths range checksJon Loeliger3-43/+56
Also check for non-zero rpath length in CLI cmd. While there, no need to use "else" after a return. Also while there, notice and fix numerous input_line buffer leaks and fix them. Type: fix Fixes: 669d07dc016757b856e1014a415996cf9f0ebc58 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
2022-09-19build: install missing headersBenoît Ganne1-1/+6
Type: fix Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19teib: fix segv during failed deletion of entryMatthew Smith1-2/+1
Type: fix If an attempt is made to delete a teib entry and the entry does not exist, a message is logged. The format string contained an extra "%U", which results in a segv. Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-19arp: update error reason when checking for proxy-arpBenoît Ganne2-2/+5
When we follow arp feature arc for proxy-arp, we should still update the error reason in case proxy-arp cannot handle the arp request and drops it. Type: improvement Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19linux-cp: fix some CLI error messagesMatthew Smith1-79/+71
Type: fix If unrecognized input was provided to the commands which add or delete a pair, the error message was being created incorrectly and only displayed something like "unknown input `'". Provide the correct argument to format_unformat_error so that the actual unrecognized input is printed. There also was no error or useful information printed if only the base command were provided without any additional arguments. This should print a warning about what required data was missing. Reorganize code to handle this and to make sure that memory gets freed appropriately. Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-18lisp: fix coverity 277315Andrew Yourtchenko1-0/+5
Handle the case of the mapping not being found by GID. Type: fix Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-16virtio: add support for per queue packet counterMohsin Kazmi5-0/+28
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9
2022-09-15vcl: add hugepage for vcl configure and svmJunfeng Wang10-8/+33
add hugepage for vcl configure and svm Type: feature Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
2022-09-15session: support dma optionMarvin Liu3-20/+257
add dma support to session, acclerate host-stack with dma Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
2022-09-15prom: fix coverity 277312, 277317Andrew Yourtchenko1-0/+2
If one attempts to add a pattern with zero length, first time it will succeed, and the second time it will cause an invalid memcmp call. Solution: do not allow to add zero-length patterns. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2