summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-10-16ip-neighbor: do not use sas to determine NS source addressOle Troan4-5/+6
Using the source address selection algorithm to determine the best source of an NS for address resolution risks incompatible behavior. It may choose a source address that is off-link to the other host. Which may drop it. A safer approach is to always use the link-local address as the SA. It's recommended to pick a source that an application will later use, as VPP is mostly a router, that rarely applies. And regardlessly we have no mechanism to signal from an application that triggered address resolutiuon what source address it intends to use. Type: fix Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16flowprobe: fix corrupted packets sent after feature disablingAlexander Chernavin4-2/+92
When IPFIX flow record generation is enabled on an interface and the active timer is set, flows will be saved and then exported according to the active and passive timers. If then disable the feature on the interface, the flow entries currently saved will remain in the state tables. They will gradually expire and be exported. The problem is that the template for them has already been removed. And they will be sent with zero template ID which will make them unreadable. A similar problem will occur if feature settings are "changed" on the interface - i.e. disable the feature and re-enable it with different settings (e.g. set a different datapath). The remaining flows that correspond to the previous feature settings will be eventually sent either with zero template ID or with template ID that corresponds to the current feature settings on the interface (and look like garbage data). With this fix, flush the current buffers before template removal and clear the remaining flows of the interface during feature disabling. Type: fix Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-16nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64Vladislav Grishenko6-20/+83
This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
2023-10-16npt66: icmp6 alg to handle icmp6 error messagesOle Troan2-20/+133
Support rewriting the inner packet for ICMP6 error messages. Type: feature Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16ip-neighbor: add ip neighbor flushOle Troan1-2/+11
Flushing the neighbor cache was only available through API. Add CLI command. Either flushes whole table (IP4,IP6) or all neighbors on specified interface. Type: improvement Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-14feature: remove unused codeDamjan Marion13-162/+29
Type: improvement Change-Id: If775b1d145e462346de562a3c893f302e8c7b814 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13linux-cp: check if lcp_itf_pair exists before creating tapStanislav Zaikin1-0/+9
Now we create tun/tap and then check whether lcp_itf_pair was already created. Move the check in the beginning. Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I848685a9cfdbe92a5e38ecb8e5d5322262b4e384
2023-10-13ethernet: run callbacks for subifs too when mac changesAlexander Chernavin2-4/+113
When MAC address changes for an interface, address change callbacks are executed for it. In turn adjacencies register a callback for MAC address changes to be able to update their rewrite strings accordingly. Subinterfaces inherit MAC address from the parent interface. When MAC address of the parent interface changes, it also implies MAC address change for its subinterfaces. The problem is that this is currently not considered when address change callbacks are executed. After MAC address change on the parent interface, packets sent from subinterfaces might have wrong source MAC address as the result of stale adjacencies. For example, ARP messages might be sent with the wrong (previous) MAC address and address resolution will fail. With this fix, when address change callbacks are executed for an interface, they will be also executed for its subinterfaces. And adjacencies will be able to update accordingly. Type: fix Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-13vlib: properly replicate nexts when sibling node is created on runtimeDamjan Marion1-32/+33
Change-Id: I5aff21b5ca32e7eb84b11cca8387e7ac42fbbe23 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13vlib: allow unpriviledged vlib_pci_get_device_info()Damjan Marion2-3/+4
When running unpriviledged sysfs allows reading only first 64 bytes of PCI config space. Change-Id: I62d18328925a2e4936406c2842154b20182cacb9 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13npt66: add show command and rx/tx countersOle Troan3-6/+68
Add show npt66 bindings. Add RX/TX and translation error counters. Type: improvement Change-Id: I4513b111f815a15d5a7537ce503f0c084b523aa1 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-12session: fix duplicate rx eventsFlorin Coras1-10/+0
Be less aggressive with rx events on connect/accept notification. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
2023-10-12flowprobe: fix sending L2 flows using L2_IP6 templateAlexander Chernavin2-13/+81
Currently, L2 flows are exported using L2_IP6 template if L3 or L4 recording is enabled on L2 datapath. That occurs because during feature enable, L2 template is added and its ID is not saved immediately. Then L2_IP4 and L2_IP6 templates are added overwriting "template_id" each time. And in the end, the current value of "template_id" is saved for L2 template. The problem is that "template_id" at that point contains the ID of L2_IP6 template. With this fix, save the template ID immediately after adding a template for all variants (datapaths). Also, cover the case with a test. Type: fix Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12dpdk: add Mellanox BlueField NICsAlexander Kozyrev1-0/+12
List BlueField NICs as a supported PCI devices. Type: feature Change-Id: Ida2300df516ab9cd2fcde1f816bbdc081016039a Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
2023-10-12session: ignore connecting half_open session in session_tx_fifo_dequeue_internalSteven Luong1-1/+3
s->tx_fifo is 0 for the connecting half open session. Type: fix Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb Signed-off-by: Steven Luong <sluong@cisco.com>
2023-10-11tls: Fix SSL_CTX leak on every client sessionBrian Morris2-11/+12
Type: fix Change-Id: I35b3920288269073cdd35f79c938396128d169c9 Signed-off-by: Brian Morris <bmorris2@cisco.com>
2023-10-11session: ignore app rx ntf if transport closedFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id56a101a6350903b00f7c96705fb86039e70e12c
2023-10-11session: fix tx deq ntf assert for clFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I97a04ed0417f1a3433665f6aa1a9424138fd54cb
2023-10-10lb: fix intermittent per-port-vip idx lookup failureDave Wallace1-0/+1
- Causes per-port-vip testcases to fail when the uninitialized reserved field in the stack variable key for the hash lookup was a non-zero stack memory location. Type: fix Change-Id: I56afa15e7df60bc2340514f2c7ce5e71a9cb47a9 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-10session: maintain old state on premature closeFlorin Coras1-7/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2ea821e0499a3874c4579f5480ea86f30ebe615f
2023-10-09vppinfra: fix coverity issue CID 323952Dave Wallace1-1/+1
Type: fix Fixes: 08600ccfa Change-Id: I53ba0d96507b55ab7cd735073d6c4cf20a3cc948 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-09buffers: buffer allocation improvementsDamjan Marion2-38/+47
- pass buffer pool name trough va - make buffers naturaly aligned - fix calculation of total number of buffers Type: improvement Change-Id: I6aebf249ebd67823b4632ac08905bfa3aa7d1ee5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-08tls: propagate reads to app irrespective of stateFlorin Coras2-3/+2
Session input node handles rx notifications even if session not fully accepted/connected Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6560c45db8f8e0b7f0dc3bdd0939f13ca2f43f15
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-07session: propagate delayed rx evts after connect/acceptFlorin Coras1-5/+20
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4a2e8f864df7269ec5a3c4fd4d8785a67b687d58
2023-10-07session: handle accept and connect errorsFlorin Coras2-6/+29
If builtin apps refuse connections, they should be cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
2023-10-06cnat: add flow hash config to cnat translationhedi bouattour5-9/+119
Type: feature this patch adds a hash config field to cnat translation to use it in load balancing instead of always using default one Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2023-10-05vpp-swan: fix config to run containersGabriel Oginski1-2/+2
This patch changes config to run containers on Ubuntu 22.04. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I3be48099cb48d2c4a04526c15780244614bef3d4
2023-10-04vppinfra: fix string termination in clib_file_get_resolved_basenameDamjan Marion1-0/+2
Type: fix Fixes: 40f4810 Change-Id: Idf51462c8154663de23154f17a894b7245c9fbf0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-03session: make port range configurableNathan Skrzypczak3-1/+16
Type: feature This patch makes the port range used by the transport layer configurable in the manner of sysctl's ip_local_port_range. Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-10-03build: add ability to disable some plugins from packaging and testsAndrew Yourtchenko11-2/+65
When custom-packaging the VPP artifacts, it can be useful to exclude some of the core plugins from packaging/testing, for some reasons. A removal of a plugin(s) from the worktree needs to be tracked as a separate change, and thus is tricky from the maintenance point of view. This change adds the ability to "pretend they do not exist" - plugins which are added to the comma-separated environment variable "VPP_EXCLUDED_PLUGINS" will not be added to the build process and not packaged. The tests do not have the 1:1 relationship as plugins, so they might need to be modified separately. This change includes some of these modifications as an example. Type: feature Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
2023-10-03vppinfra: add foreach_int macroDamjan Marion2-0/+7
foreach_int(x, 1, 3, 5, 7) { fformat(stdout, "x is %u\n", x); } Type: improvement Change-Id: Idc355f4a284f421b150e3acb7a3a57bcede408c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-03vppinfra: splat and gather vector inlinesDamjan Marion2-0/+24
Type: improvement Change-Id: I4b00b3a6ff63fc8b313c89217ccdea356c0783a3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-03nat: nat66 cli bug fixFilip Varga1-5/+5
Two similar CLI paths in nat66 plugin cause unexpected behavior. Bug fix following [1] fix. [1] https://gerrit.fd.io/r/c/vpp/+/35859 Change-Id: I771dd230fa6edb6bab3936652770a388d6e41a3f Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2023-10-03stats: added optional CLI arg "port" to specify non-default portFahad Khan1-6/+8
There are cases where default port for prometheus exporter is not available e.g. when multiple vpp are running on single node. Type: improvement Change-Id: I39701486f9dfaf4dc9f08aab56e88126687b507a Signed-off-by: Fahad Khan <fahadnaeemkhan@gmail.com>
2023-10-02tls: limit openssl engine max read burstFlorin Coras2-4/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-10-01flow dpdk avf: add support for using l2tpv3 as RSS typeXinyao Cai3-0/+3
This patch adds support for using l2tpv3 as RSS type Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
2023-10-01build: modify N_PREFETCH on Arm N2 to achieve best perfJieqiang Wang1-3/+2
From GCC 12, march=armv9-a option is supported, which includes the sve and crc options needed. Furthermore, VPP L3Fwd benchmark results on N2 based servers show that N_PREFETCH set to 6 gives the best performance. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I9c4fcad84d4db1189d956dabab22b26d020fbfd6
2023-10-01fib: Crash when specify a big prefix length from CLI.Gavril Florian4-1/+33
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
2023-09-28crypto: update maintainer emailFan Zhang1-6/+6
Update my email address in maintainer document. Type: improvement Change-Id: I8ba518fa4c9cb414342383e1461f3f94b661ac33 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2023-09-28dpdk-cryptodev: improve dequeue behavior, fix cache stats loggingPiotr Bronowski4-76/+88
This patch provides minor improvements to the logic governing dequeuing from the ring. Previously whenever a frame was dequeued we've been trying to dequeue from the ring another one till inflight == 0. Now threshold is set for 8 frames pending in the cache to be consumed by the vnet. This threshold has been chosen based on cache ring stats observation in the system under load. Some unnecessary logic for setting deq_tail has been removed. Also logging has been corrected, and cache ring logic simplied. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
2023-09-28dpdk: add ConnectX-6LX and ConnectX-7 supportAlexander Kozyrev1-3/+9
List Mellanox ConnectX-6LX and ConnectX-7 as a supported PCI devices. Type: feature Change-Id: Ieeca3f214d08f29238c387354055ac1320cab75f Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
2023-09-26tls: init connection for prealloced app sessionsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
2023-09-26ping: Simple binary API for running ping based on eventsNikitaSkrynnik6-70/+319
Type: improvement Change-Id: I02846a2420637470cb0f9472c86471b6a3421a75 Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>
2023-09-26crypto-ipsecmb: bump intel-ipsec-mb version to 1.4Ranjan Raj2-53/+61
Type: feature This patch update the Intel IPsec-MB lib to v1.4 Remove v0.54 and v0.55 support, as the compatible IMB APIs are deprecated in v1.4 Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com> Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
2023-09-26fib: fix mpls label dpo drop protoVladislav Grishenko1-2/+2
Next drop node should be related to payload protocol. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
2023-09-25fib: fix mpls label dpo packets prefetchingVladislav Grishenko1-16/+16
Four packets are batched after 696e88da9799056036f329676213f3c0c0a1db9c, so prefetch is required for the next 4-7 packets, not for 2-5. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
2023-09-24fib: Don't use an address from an attached prefix when sending ARP requests.Neale Ranns3-4/+34
Change-Id: I4c3144794dd0bd7de6150929e53f6d305c496b17 Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7b0c2c2dec5e867970599b8f2f2da17f2ff0b17c