summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-03-03ipsec: remove ipsec vnet scriptRay Kinsella2-80/+14
An updated ipsec script was identical to the existing ipsec_tun_protect script. Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the default ipsec vnet script. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
2022-03-03linux-cp: resync with kernel after nl socket errorAlexander Chernavin2-27/+503
Type: improvement Currently, if an error happens on the netlink notification socket, the socket gets reopened. A portion of notification messages have been lost because of this and will never arrive on the socket. VPP will be out of sync with the kernel networking state. With this change, synchronize VPP state and the kernel networking state if there was an error polling or reading the notification socket. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
2022-03-03ip: Path MTU DPO allocation function is publicNeale Ranns2-7/+23
Type: refactor check for pool expansion in the DPO allocation, just in case. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
2022-03-03linux-cp: make check of message ts null-tolerantAlexander Chernavin1-0/+3
Type: improvement For some message types, timestamps are checked on netlink message to decide whether the message should be applied. For notification messages timestamps are expected to be always available. With this change, before accessing the timestamp, make sure the message info object that carries it is not null. If it is null, pass the check. This is to be ready to process dump replies that will not need the timestamp check and will have the message info object set to null. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
2022-03-03linux-cp: reflect hw link state on tap on pair creationAlexander Chernavin1-0/+14
Type: fix Currently, a tap interface created to be a member of a linux-cp pair has default link state (down) and default link speed (10Mb/s). Then the plugin monitors the link state of the paired hardware interface and if it changes, the new link state is reflected on the tap interface. And when the new link state is "up", the link speed is also reflected on the tap interface. The problem is that this scheme implies that the hardware interface's link state is "down" at the moment of the linux-cp pair creation and then changes. But there are cases when the link state is already "up" at that moment. If that is the case, the link speed on the tap interface will remain the default one until the link comes down and then comes up. With this fix, when a linux-cp pair is created, reflect current link state of the hardware interface being paired on the created tap interface. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
2022-03-02linux-cp: lcp fib fixesVladimir Ratnikov1-5/+6
Some possible side effects for multicast routes appears to be in lcp_router_table_add_or_lock. so ff00/8 route will be processed for ospf purposes the right way Ignore IPv6 kernel routes Skip adding auto routes into FIB Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
2022-03-02vcl: fix segment detach post api disconnectFlorin Coras2-9/+36
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0982f0f5c8186f9ed962db49a14f35aa19f6a276
2022-03-02wireguard: improve sending WG interface dump detailsJon Loeliger2-2/+11
Include the user_instance in wireguard interface details. In addition to dumping all wireguard interface details, also allow selective dumping of just one interface. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Iaf1093c6ae3eb00a685f34b2e0171285b02fae2b
2022-03-02tap: fix tun set mtuBenoît Ganne1-1/+1
Type: fix Fixes: 1cd0e5dd533f4209dde453eaa43215e52cd42985 Change-Id: I64318585fb3b12369b78735c681f3b747c67b53b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-02build: fix missing dependency for libraryGuillaume Solignac1-0/+4
When building a VPP library out of tree using add_vpp_library, the build sometimes fails because the library API files are not necessarily generated before compiling this library. This is fixed by adding the lib API files as dependencies of the lib compilation. Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I69dffaecbfd547f10115504494a47358c4624258
2022-03-01hsa: add tps support for random closesFlorin Coras1-23/+94
Useful for stress testing. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0b1701682494a9fbf7deac311b4afd3036c50b56
2022-03-01virtio: refactor codeMohsin Kazmi19-355/+351
Type: refactor Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3788cc857023fafcc8eb6d6ff4524425026a75d8
2022-03-01vat2: include src/vlibmemory/vlib.api messagesDave Wallace1-0/+3
- cli_inband is missing from vat2 Type: improvement Change-Id: I1f22dee3ee29f3cf0f1f7c6076d5f2b2b2bf969d Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-02-28tls: handle read write ssl errorsFlorin Coras3-3/+42
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2022-02-28tls: Receive only when the app_session is availableSaravanan Murugesan1-0/+5
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: Icfd5e3c0bb034684c7bc43be46927294536ba08a
2022-02-28tls: Handle transport disconnect during client HS failuresSaravanan Murugesan1-1/+2
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I5f7f4b925b3d250c5b8616d1fb35edbde50a7a23
2022-02-25misc: VPP 22.02 Release NotesAndrew Yourtchenko2-0/+658
type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I32291160f0d22a804929d0a040472ff952f02544 Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com> (cherry picked from commit 7911f29c518c6b2a678e13874f7f16eba03dab75)
2022-02-24vapi: Missing include file in vlib.api.vapi.hDave Wallace1-17/+17
- A call to vapi_msg_control_ping_hton() is generated in a static inline function in vlib.api.vapi.h, which is defined/generated in memclnt.api.vapi.h without including memclnt.api.vapi.h in vlib.api.vapi.h. This breaks the compilation of plugins which include only vlib.api.vapi.h (e.g. hicn_plugin from the HICN project). Type: fix Fixes: a1400cecb Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I5574f4ed496183ea93265f493bf3624254a865a2
2022-02-24hsa: add support for vrfs in tpsFlorin Coras1-44/+98
The app keeps on using the default app ns but each listen will be done in the vrf configured. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0947e03188d55231b299916351115038e0b1f5da
2022-02-24hsa: fix tps data offset on connection reuseFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe92497cc5446ac5c734f8fe5c63c0167204dd09
2022-02-24session: fix session layer socket readFilip Tehlar2-3/+32
This fixes an issue caused by session layer reading expected part of data (cert + key) before the client actually sends it. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
2022-02-24tests: better reporting for unexpected packetsKlement Sekera3-22/+37
Raise a new UnexpectedPacketErrror, when a packet is captured unexpectedly. This pretty-prints a terse description of said packet. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ibac19fc5bbd82a150fec3c90940a37af6344fd4f
2022-02-23build: export missing header files required by hicn_pluginDave Wallace1-0/+2
- HICN project's hicn_plugin requires vnet header files fib/fib_entry_track.h and udp/udp_encap.h to be included in build-root/install-vpp*-*/vpp/include/vnet Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iabd3f8fe0aee8d727758fc6ef202e859d68d63a3
2022-02-23http hsa: use octet-stream content type for tpsFlorin Coras2-2/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I925618e426b325f4fafb9ed39a2d7c2d7c7b38f3
2022-02-23http: improvement reset and close handlingFlorin Coras2-13/+31
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I37ff8099c6c8044881379b4cd47ca8843746c315
2022-02-23http hsa: support multiple listeners for http tpsFlorin Coras4-32/+195
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie89326ed4e599231fc20de67c5dadbb428568bec
2022-02-23wireguard: fix dereferences null pointerGabriel Oginski2-14/+21
Type: fix Fixed coverity-issue CID 248517. Originally possible passing null pointer to one function and directly dereferences it. This patch fixes the issue by add a new condition to check this pointer. Change-Id: If506abaf08c9f003860b641971af291f68613c18 Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
2022-02-22vrrp: fix thread synchronization issueMatthew Smith3-27/+33
Type: fix Fixes: 39e9428b90bc When a VRRP advertisement is received by a worker thread, the worker calls vl_api_rpc_call_main_thread() so the main thread will process the packet and make adjustments to VR state if necessary. The data being passed to the main thread included a pointer to the VRRP header in the received packet buffer. Since the main thread processes the RPC request asynchronously from the worker thread, it's possible for the worker to drop the packet and for the buffer to be overwritten before the main thread can process it. Copy the fields which may be needed by the main thread into a struct instead of passing a pointer to a packet buffer. Change-Id: I4e899e967df5a54776b521825a80e9cce1a94f5f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-02-22wireguard: prevent stacksmashing on poorly formed base64 keysJon Loeliger1-1/+1
Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d Signed-off-by: Jon Loeliger <jdl@netgate.com>
2022-02-22linux-cp: Only enable/disable the punt feature on the 0<->1 transitionNeale Ranns1-9/+14
Type: fix otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
2022-02-22vxlan: crash on assigning IP address to interfaceEd Warnicke2-8/+6
Revert "vxlan: crash on configuring vxlan tunnel on l3 mode" This reverts commit b8de7d43e4955bb4025cd0e0e7390279841b6d7d. Reason for revert: VPP-2014 Type: fix Fixes: b8de7d43e4955bb4025cd0e0e7390279841b6d7d Change-Id: Ic4d10f28985ee10e0550a1bbfd465ada915e4aa6 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2022-02-22fib: fix adj_get crashRajith P R1-1/+1
adj_get() crashed in worker thread. The index is valid but was freed. 0x00007fba5fb07921 in __GI_abort () at abort.c:79 0x00007fba528de7c3 in os_panic () at /development/libvpp/src/vpp/vnet/main.c:618 0x00007fba506f2a19 in debugger () at /development/libvpp/src/vppinfra/error.c:84 0x00007fba506f2797 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fba521cecd9 "%s:%d (%s) assertion `%s' fails") at /development/libvpp/src/vppinfra/error.c:143 0x00007fba51d88254 in adj_get (adj_index=79) at /development/libvpp/src/vnet/adj/adj.h:472 0x00007fba51d87642 in icmp6_neighbor_solicitation_or_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40, is_solicitation=0) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:134 0x00007fba51d8f479 in icmp6_neighbor_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:348 Type: fix Signed-off-by: Rajith P R <rajith@rtbrick.com> Change-Id: Ibe29854137ee9680f7947450eb7e256b8c0ade31
2022-02-22fib: fix mpls db label overflowDmitry Valter1-1/+1
mpls fib DB size was 2^20 instead of intended 2^21. Therefore large mpls labels caused DB to overflow and write to other tables or some random objects. Or crash with ASAN. Sometimes. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
2022-02-21lisp: fix ip and udp checksum computationFlorin Coras1-7/+0
Type: fix Fixes: 6fdcc3d Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I820c505482801ff2ab8dac41a0016bb3a741a4ee
2022-02-21tests: add enhanced packet counter verificationKlement Sekera3-40/+175
Add support for inline packet counter verification to send_and_* functions. Diff dictionary is a dictionary of dictionaries of interesting stats: diff_dictionary = { "err" : { '/error/counter1' : 4, }, sw_if_index1 : { '/stat/segment/counter1' : 5, '/stat/segment/counter2' : 6, }, sw_if_index2 : { '/stat/segment/counter1' : 7, }, } It describes a per sw-if-index diffset, where each key is stat segment path and value is the expected change for that counter for sw-if-index. Special case string "err" is used for error counters. This then allows more precise packet counter verification by first defining a "zero" dictionary, e.g. for ED NAT: cls.no_diff = StatsDiff({ pg.sw_if_index: { '/nat44-ed/in2out/fastpath/tcp': 0, '/nat44-ed/in2out/fastpath/udp': 0, '/nat44-ed/in2out/fastpath/icmp': 0, '/nat44-ed/in2out/fastpath/drops': 0, '/nat44-ed/in2out/slowpath/tcp': 0, '/nat44-ed/in2out/slowpath/udp': 0, '/nat44-ed/in2out/slowpath/icmp': 0, '/nat44-ed/in2out/slowpath/drops': 0, '/nat44-ed/in2out/fastpath/tcp': 0, '/nat44-ed/in2out/fastpath/udp': 0, '/nat44-ed/in2out/fastpath/icmp': 0, '/nat44-ed/in2out/fastpath/drops': 0, '/nat44-ed/in2out/slowpath/tcp': 0, '/nat44-ed/in2out/slowpath/udp': 0, '/nat44-ed/in2out/slowpath/icmp': 0, '/nat44-ed/in2out/slowpath/drops': 0, } for pg in cls.pg_interfaces }) and then to specify only changed counters directly when calling one of send_and_* functions: self.send_and_assert_no_replies( self.pg0, pkts, msg="i2o pkts", stats_diff=self.no_diff | { "err": { '/err/nat44-ed-in2out-slowpath/out of ports': len(pkts), }, self.pg0.sw_if_index: { '/nat44-ed/in2out/slowpath/drops': len(pkts), }, } ) operator | is overloaded by StatsDiff class to perform a deep merge operation, so in above case, dictionaries for "err" and self.pg0.sw_if_index do not overwrite whole sub-dictionaries, rather the contents are merged, assuring that all the remaining counters are verified to be zero. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I2b87f7bd58a7d4b34ee72344e2f871b2f372e2d9
2022-02-21tests: add a generalised counter assert functionKlement Sekera1-2/+11
Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I5e0fd1019372df0cd403725b8cac52363af13718
2022-02-21tests: allow not removing vpp objects after testKlement Sekera1-1/+3
Some tests might want to keep vpp config in between test functions. Add a flag to allow that. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I90243cd667dce922b43b381f3d52f4ac0f6bf3a7
2022-02-21nat: make tcp/udp/icmp packet counters consistentKlement Sekera2-4/+12
TCP/UDP packets which are dropped are not counted towards TCP/UDP counters. Apply same behaviour to ICMP packets. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I487fa7135ac8e49431a621fac213638d2dab31c8
2022-02-18hsa: fix coverity warningsFilip Tehlar1-0/+4
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4ede67c901456d57e457c648d28153423d45fb41
2022-02-18perfmon: show distribution of uops delivered to frontendRay Kinsella4-8/+109
Breakdown the distribution of uops delivered to the frontend. Collerates directly with the source of the uops. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I93a57dbe56dfa0f378527844aa4e63f45a548e55
2022-02-18dpdk: support devargs for vmbusVladimir Ratnikov1-19/+29
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I2fd12a5b30aacdbaecb9156b829bfc06dfea377f
2022-02-18fib: Use the VLIB logger for adjacency debuggingNeale Ranns2-13/+13
Type: improvement remove the [un]lock logs, they are not useful. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
2022-02-18vnet: add set_max_frame_size callbacks for several interfacesArtem Glazychev3-0/+27
This is required after distinguishing between max_frame_size and MTU Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
2022-02-18wireguard: fix passing null pointerGabriel Oginski2-10/+11
Type: fix Fixed coverity-issue CID 248517. Originally possibly passing null pointer to one function and directly dereferences it. This patch fixes the problem by add a new condition. Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I02fc6fb5d1cfd6138ea4ba2b1946fd8a7ef34d3b
2022-02-18tests: Consolidate the implementations of send_and_expect_XNeale Ranns4-53/+18
Type: test there were multiple instances of send_and_expect_load_balancing and a send_and_expect_one_itf which has the same functionality as send_and_expect_one. Put one implementation of both in framework.py (where the other send_and_X functions reside). Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7f629d440220bee29368067f475059322e1134f7
2022-02-18ipsec: fix vector after remove entry in spdGabriel Oginski1-1/+1
Originally after remove the policy entry in spd, macro "vec_del1" can change localization of the last entry in vector and finally the entry list has not been sorted. This patch fixes this issue by change executed macro "vec_delete" instead of "vec_del1". Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
2022-02-17wireguard: Fix wireguard device name to use user-instanceJon Loeliger1-1/+2
If the user supplies an instance number when creating a wireguard interface, it should be used in the device name. If no user-instance is given, the device instnce (tunnel number) is used. For example: vpp# wireguard create instance 17 listen-port 23023 src 1.2.3.4 private-key MDEwMjAzMDQwNTA2MDcwODA5MTAxMTEyMTMxNDE1MTY= wg17 Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Ibf51868bf7b4b9e8a3f85557d05667207873bc91
2022-02-17tls http srtp: fix session index for listenersFlorin Coras3-3/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-17tests: make tests less make dependentKlement Sekera48-525/+814
Implement command line argument parsing instead of passing arguments via environment variables. Add script for running tests without having to invoke make. Deprecate running tests via make. Type: improvement Change-Id: I2e3054a61a2ae25d460e9be00be7d7705fbf943e Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-02-17vcl: add support for reconnectFilip Tehlar5-6/+133
Supported only when eventfd option is enabled. Type: feature Change-Id: Ic9d6e38604e978f7bc8e54d74fe9b8f3fc53622d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>