summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-09-02nat: NAT44 ED improvements and fixesFilip Varga8-392/+353
Fixed FIB entry per interface, pool and static mapping registrations in NAT control plane. Improved FIB configuration handling in NAT - added functions to generalize handling of FIB & NAT, cleaned up interface callback functions. Changed "is_" macros to inline functions for easier debugging. Type: improvement Change-Id: I68a17761a975dd819139ae94e52a8a85d3f27ffc Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-09-01udp: fill rmt info if session is connection lessliuyacan1-1/+1
The app may send packet to different remote via sendto() with same socket (without calling connect()). In such scenario, remote address need to be filled in. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I49deb308668c05442f237e97acc9bfa239782482
2021-09-01vcl: ignore rx events for sessions in epoll lt listFlorin Coras1-2/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I75f935cda00c335d0aefe02bff6fa8505dd931a8
2021-09-01classify: improve "show classify table" outputDave Barach1-5/+7
Print header for each table. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I54ca04d6000a98afb4ad3d2f24caae3349548f23
2021-08-31vcl: switch part of the tests to sock apiFlorin Coras1-13/+47
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I427af3be604783d36080c284ed32fb1df525bf54
2021-08-31vlib: fixed the issue of vpp crash caused by interface up/downfangtong1-1/+1
When the interface status changes, the api of vnet_hw_interface_set_flags_helper calls the event processing function (vlib_process_signal_event_helper) for event processing. When the opinter data_vec is NULL, the _ven_len operation of an illegal address will cause vpp crash. Type:fix Signed-off-by: fangtong <fangtong2007@163.com> Change-Id: I7106b2aed7a1fc17f74bf6cb513912af97584f45
2021-08-31vmxnet3: set RX interrupt pending only when neededSteven Luong3-6/+59
When an RX thread handles more than one RX queue and has a mix of queues in interrupt mode and polling mode, the RX input routine is naturally in polling mode. In that case, there is no need to set RX interrupt pending when descriptor is available in the queue for interrupt mode. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Iedbe57941eca3152c0e8ab9096cc81f315e0a915
2021-08-31vat2: coverity errors in print_templateOle Troan1-4/+19
Dereferencing null pointer fix. Add checking of return values for all calls in print_template() Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I00073b29ab2e76d5d06af9bd3f5ae2846de4d46d
2021-08-31stats: check epoch in python vpp_stats lsOle Troan1-0/+3
The VPP Stats Python binding was missing checking epoch. Resulting it would not pick up changes in the directory. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I3226d71c77be2e80e24b5cd48fc9820833f7d30e Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-31misc: fix build error in handoffdemoSivaprasad Tummala1-4/+3
fix to pass right arguments to vlib_buffer_enqueue_to_thread Type: fix Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I2521ac8d33135843263e8f99318988ec78effbaa
2021-08-31flow: add esp spi rss typePiotr Bronowski3-52/+69
Type: feature This patch adds IPsec ESP SPI as RSS key for better IPsec inbound processing scaling. With this feature enabled, The NIC will use the packets' SPI index as the RSS key to distribute them to different queues. The dpdk-input is also updated to support this feature. Sample CLI command to enable Ipsec ESP SPI as RSS key: test flow add src-ip any dst-ip any rss types esp test flow enable eth0 index 0 Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I8b7d01cfc065e9099fad33042ce76898e16ddbf0
2021-08-31dpdk: bump to 21.08Fan Zhang1-1/+2
Type: feature This patch bumps dpdk version from 21.05 to 21.08 Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I8f655dae1489c11e7fb2ff86f8a91b597383bd99
2021-08-31stats: enable/disable segments pollsRay Kinsella3-19/+32
Add an enable/disable field to stats segments poll. The is used by the perfmon plugin to only poll for stats on an active bundle. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I6404a7db50d8e922afea5da8ec15fdabe3d97157
2021-08-31stats: stat_validate_counter_vector3 non-staticRay Kinsella2-1/+4
Make stat_validate_counter_vector3 usable outside of stats segement. Is used by the perfmon plugin to allocate a 2-dimension array of values. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: If4be2e14ba718c20bf939d162e580880eab1a6cb
2021-08-30session: fix prefetch out of struct bound on ArmTianyu Li1-1/+1
CLIB_PREFETCH (s->tx_fifo, 2 * CLIB_CACHE_LINE_BYTES, LOAD); sizeof(svm_fifo_t) is 128 bytes Note on 64B cacheline size Arm machine, CLIB_CACHE_LINE_BYTES 128 CLIB_CACHE_PREFETCH_BYTES 6 above CLIB_PREFETCH () macro will be expand to __builtin_prefetch(s->tx_fifo) __builtin_prefetch(s->tx_fifo + 64) __builtin_prefetch(s->tx_fifo + 128) << prefetch out of range __builtin_prefetch(s->tx_fifo + 192) << the same here Solution: Change to CLIB_PREFETCH (s->tx_fifo, sizeof (*(s->tx_fifo)), LOAD); Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Change-Id: I745cbce3dbe5afcab53c39189d18392f569df5aa
2021-08-30vcl: fix vlsh conversion errorliuyacan1-3/+1
vlsh may not belong to the current vcl worker. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I75f962313e538fcd2b1cc6dffca53997648ca43e
2021-08-30session: close app wrk socket on deleteFlorin Coras3-6/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I54fa6e8f12bb52988888e7019a88d6891017944c
2021-08-30tls: use default OpenSSL built-in DH parametersOfer Heifetz1-0/+8
Type: improvement Motivation for this addition is to add support for cipher suites that use Diffie-Hellman Ephemeral (DHE) for key exchange. Using ephemeral DH key exchange yields forward secrecy as the connection can only be decrypted when the DH key is known. Configure OpenSSL to use the default built-in DH parameters for the SSL_CTX object. Change-Id: I31aadad047a6394ddf8bfa08471c239e0d1cd63c Signed-off-by: Ofer Heifetz <oferh@marvell.com>
2021-08-30tcp: Allow accepting session to send custom packetliuyacan1-1/+9
Tcp may want to send acks in established, but the app has not called accept() yet. Type: improvement Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I43b8cd386e533ca95c8ec260a0a1f695ea140358
2021-08-27vppinfra: add compress functions for u64, u16 and u8Mohsin Kazmi3-4/+352
Type: improvement Change-Id: I2640148b8959f9a8303520ba2815fe02f1e47928 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-08-27vlib: vpp banner is outputted to non-interactive vppctl sessionSteven Luong1-0/+11
Running a batch file which contains many vppctl commands, occasionally, VPP may spit out the banner for some of the commands. This happens when VPP erroneously views the vppctl session as interactive. A simple way to recreate the problem is to run a batch script as followed while [ 1 ] do vppctl create loopback interface vppctl delete loopback interface intfc loop0 done We have two processes which may display the banner, unix_cli_new_session_process and unix_cli_process. Normally, unix_cli_process parses the input tokens and displays the banner after it negotiates the terminal type with the vppctl app. unix_cli_new_session_process only displays the banner just in case the client fails to negotiate terminal type. It runs on a timer and expires in 1 second to display the banner if by then the terminal type is still not yet negotiated. The problem is when the session is killed or exitted, VPP does not remove the element that was enqueued for cli_new_session_process. The index for the connection (cf) is recycled. The timer for the queue element continues to run. When the timer expires for the queue element, it finds the wrong new session due to index recycling. If the new session has not had negotiated the terminal type, the banner is printed erroneously to the new session from cli_new_session_process. The fix is to clean up the queue element to stop cli_new_session_process from processing the wrong connection when the session is killed. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ife2f1b1c95661e442f0fc6b73505e330e6641fc1
2021-08-27snort: fix incorrect data length for snort inspectionSivaprasad Tummala1-0/+1
set the right data length to decode the packet properly. Type: fix Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I6a35fa54851496d0a958f1a64a547b7f08bb4c19
2021-08-27bufmon: add buffer monitoring pluginBenoît Ganne8-24/+422
This plugin allow to keep track of buffer usage in VPP graph nodes. The main use is to detect buffer leakages. Type: feature Change-Id: Iadcf4ab98207fab6e2fa375060879bc2a25b711e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-27snort: fix snort hang issue when interruptedSivaprasad Tummala1-1/+20
fix vpp daq to break out-of-loop when interrupted. Type: fix Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I04594a0b872d16f803d7d7c3b7d9bb60e94bc707
2021-08-26vhost: migrate to new TX infraSteven Luong3-88/+67
Take advantage of the new TX infra and support manual thread placement Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id8023846a2eb59125fcf2f80f4f11eb681cf14dc
2021-08-26ikev2: check for valid cipher + integrityBenoît Ganne2-7/+7
Type: improvement Change-Id: Ic09b2c777a7c82e8d7074164280f817f9141529b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-26ikev2: fix DNS resolution overflowBenoît Ganne1-1/+7
VPP DNS resolver expects NULL-terminated C string, whereas the ikev2 plugin only uses non-NULL terminated vectors. Type: fix Change-Id: I4a2afffb9e1b6b5dd11842621d5f13bc5a145862 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-26af_xdp: fix stale rx/tx pointers in xsk objectsBenoît Ganne1-10/+47
xsk objects keep pointers to the rx and tx objects. If we re-allocate the rx and tx vectors after initializing the associated xsk object, the pointers in the xsk object will be staled. To avoid this, we allocate the vectors to the max expected size instead of growing them. Type: fix Change-Id: If30433a28c186787d66c12dbab34bf210c95b519 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-26sr: extend the srv6 sid list structureAhmed Abdelsalam2-42/+51
Extend the srv6 sid list structure with policy type to support different SR policy types Type: feature Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I6a8cf82b1269e1c46f3757df0047b306f613112b
2021-08-26acl: fix prefetch out of struct bound on ArmTianyu Li1-1/+1
fa_session_t *sess; CLIB_PREFETCH (sess, 2 * CLIB_CACHE_LINE_BYTES, STORE); sizeof(fa_session_t) is 128 bytes i) on 64B cacheline size Arm machine, above CLIB_PREFETCH () macro will be expand to __builtin_prefetch(sess) __builtin_prefetch(sess + 64) __builtin_prefetch(sess + 128) << prefetch is out of range of *sess. __builtin_prefetch(sess + 192) << ii) on 128B cacheline size Arm machine, CLIB_PREFETCH () expands to __builtin_prefetch(sess) __builtin_prefetch(sess + 128) << still out of bound Solution: Change to CLIB_PREFETCH (sess, sizeof(*sess), STORE); Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Change-Id: I4b3d4fc55747f3d9ad1bcf24f8834601a03ef55e
2021-08-25fib: fix source address get error for p2p ifjxm1-0/+24
Type: fix Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I5a6a1ce9f232d4ed0fd4707cd5aa9b46cc8a2a5a
2021-08-23af_xdp: fix xsk_socket__delete left un-cleanuparikachen1-3/+3
Type: fix while xsk fd closed by clib_file_del_by_index fisrt, xsk_get_mmap_offsets will get wrong off in xsk_socket__delete, so munmap wrong place. Signed-off-by: arikachen <eaglesora@gmail.com> Change-Id: I95464e9b4eec99814bd32d7402c0d60a0605cef5
2021-08-20ip: check if interface has link-local addressStanislav Zaikin1-1/+6
Type: fix Change-Id: I9d3344374738f8cf883cffb4715c76b50bb4bfce Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2021-08-20build: include vat2 in RPM file listMatthew Smith1-0/+1
Type: fix Building an RPM with 'make pkg-rpm' fails because /usr/bin/vat2 is installed but is not included in %files. Add it. Change-Id: I686b291e4419d39141f0f87da963b413d11ab0f8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-08-20ikev2: fix use-after-freeBenoît Ganne1-2/+3
Type: fix Change-Id: Ia3bacefdad674807de873b5c457b8470f66193f3 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20rdma: decrease inliningBenoît Ganne1-26/+19
Remove aggressive inlining outside of the main loop to improve build time (from 146s to 22s). Type: refactor Change-Id: I3824516a85b5e8d02894e66f19d891569c1a68fb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20vppinfra: fix clib_random_buffer_get_data cachingBenoît Ganne1-2/+2
When using cached bytes: - do not overflow - do not return the same bytes twice Type: fix Change-Id: I2a87b47a79300e56a2201b8fc3cb6cb15b592e28 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20buffers: fix buffer linearizationBenoît Ganne2-131/+376
vlib_buffer_chain_linearize() truncates partial data in chained buffers in corner cases when current_data is negative. Strengthen test cases to reproduce the errors and fix it. Type: fix Change-Id: Ida621923711c5755508224bdc3842b31003c6c0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20perfmon: fix perf event user page readBenoît Ganne1-45/+76
When mmap()-ing perf event in userspace, we must adhere to the kernel update protocol to read consistent values. Also, 'offset' is an offset to add to the counter value, not to apply to the PMC index. Type: fix Change-Id: I59106bb3a48185ff3fcb0d2f09097269a67bb6d6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20vlib: add format_vnet_buffer_no_chainBenoît Ganne9-27/+40
- add format_vnet_buffer and format_vnet_buffer_no_chain to mirror format_vlib_buffer and format_vlib_buffer_no_chain - format_vnet_buffer used to be the "no chain" version, replace all of its current use with the corresponding format_vnet_buffer_no_chain - add a function to dump vnet buffer details from gdb Type: improvement Change-Id: I143ce845f80e7ef937ea33a557b6e3b5988c5b8f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20ikev2: decrease inliningBenoît Ganne1-26/+26
IKEv2 is not optimized for dataplane processing and do not really benefit from aggressive inlining. Let the compiler decide to improve build time (from 205s to 30s). Type: refactor Change-Id: I5286880b35d338d669ec9382bf049d4486c04947 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-20build: fix external plugin buildBenoît Ganne1-0/+1
Type: fix Fixes: 88b2e3682be6303973fc59c3c62141d64a9e10d7 Change-Id: I4b29924246e2cdc307cf238c5cb8624f14317452 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-19nat: handle ED in2out ICMP errors with workersMatthew Smith2-0/+67
Type: fix With endpoint dependent NAT44, When there are multiple workers we look for a flow which matches the packet in order to figure out which worker should handle the packet. If the packet is an ICMP error, it may be associated with an existing flow by inspecting the L3/L4 headers that are included in the message payload. This was not being done for in2out packets in nat44_ed_get_in2out_worker_index(), so some packets which were related to an open session were not being associated with that session and were being passed to a different thread than the one where the session was created. Later on, when the packet was processed by the fast path in2out node, the L3/L4 headers in the payload are inspected and the fast path node finds the existing session. Since that session is owned by a different thread than the one the packet is being processed by, the in2out fast path node can potentially access the wrong session and/or memory adjacent to the session pool. This can cause a SEGV. Make nat44_ed_get_in2out_worker_index() look at the inner headers when processing an ICMP error. THis is already done in nat44_ed_get_out2in_worker_index() and in the fast path in2out node. Change-Id: Icdc1abebcbce452ee7be7cb23fc563e09bf575f2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-08-19acl: add API call for setting the toggle to select between linear and ↵Andrew Yourtchenko3-1/+148
bihash-based lookups In some cases (ACL of a few lines long with a lot of different subnet masks), linear lookup may be more efficient than the hash-based lookup. Expose the API to allow the control plane to choose what lookup algorithm to use. Type: improvement Change-Id: I540dd1b4ce63c5106a556d550f911f3a578b33e0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-08-18vhost: interrupt mode support with mqSteven Luong3-138/+209
vhost interrupt mode support with mq does not work when coalesce frame is not configured to 0. When packed-ring is configured, we were also setting the wrong flag for want-interrupt. No need to trigger an interrupt to RX infra if there is at least one queue in the same thread that is doing polling. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8e64250f2aa6bf611a777a53e4d2c1076d83305f
2021-08-18vat2: add shared memory argumentOle Troan5-99/+226
Add prefix argument to specifiy shared memory segment. Add long arguments. Add argument to dump apis. Add help. Add template argument E.g: vat2 --template sw_interface_add_del_address { "_msgname": "sw_interface_add_del_address", "sw_if_index": 0, "is_add": false, "del_all": false, "prefix": "0.0.0.0" } Usage: vat2 [OPTION] <message-name> <JSON object> Send API message to VPP and print reply -d, --debug Print additional information -p, --prefix Specify shared memory prefix to connect to a given VPP instance -f, --file File containing a JSON object with the arguments for the message to send --dump-apis List all APIs available from connected VPP instance Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I2d32483a727bc16990c9a30dfa9bc1fa7b1fa85a Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-17nat: fix counters increment for output featureAlexander Chernavin4-69/+94
Type: fix The NAT plugin stores packet counters and a counter represents a vector indexed by interface index. When an interface is assigned a NAT role, the counters are validated to be long enough for the given interface index. When a packet traverses NAT in2out and output feature is disabled, the appropriate counters are updated by the RX interface index. In this case, translation happens on the inside interface and its index was ensured to be valid in all of the counters during NAT role assignment. When a packet traverses NAT in2out and output feature is enabled, the appropriate counters are updated by the RX interface index too. In this case, translation happens on the outside interface and the packet could be received on any interface, even with no NAT role assigned. If that's the case and its index is greater than the greatest index validated in the counters, a new counter value will be written to memory that does not belong to the counter. As a result, a crash will occur at some point. With this change, use TX interface index to update the counters when output feature is enabled. TX interface is an actual interface where translation happens and its index is always valid in the counters. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I53a52af949fe96419e1b5fef4134ab4062198f51
2021-08-17docs: fix missing dependency on pip-tools for docs-venvDave Wallace1-0/+2
Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iadb72fd0cb434a7ca2f6cbda7d78209f0746f0c6
2021-08-17ip: reassembly cleanupKlement Sekera4-246/+139
Remove unused parameters and fix warnings. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2d0e7b84b56817999283ecb6be606159dcb26a28
2021-08-17build: install ethernet/ethernet_types_api.hMohammed Hawari1-0/+1
ip/ip_types_api.h is already installed by the build system Change-Id: Iec43e0ad50e32473d93ea8f7281b5a6477ddc87f Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement