summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2024-03-11urpf: fix uprf_update prototypeMaxime Peim1-1/+1
Type: fix Change-Id: Idc325a096903dcdfad5157db2eb728f2e61ce974 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-10session: use no for ports in transport port allocatorFlorin Coras3-11/+17
Type: improvement Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-09session: fix port alloc for fixed lcl port reuseFlorin Coras1-2/+3
Type: fix Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-07flowprobe: fix flush callbacks when multiple workersAlexander Chernavin2-2/+86
IPFIX buffers are stored on a per worker thread basis. Currently, the flush callbacks will flush only buffers stored for the main thread. And buffers for worker threads will not be sent until their size reach the path MTU configured for the exporter. So if traffic is constant, the problem will unlikely to be visible. Buffers will be sent once they reach the maximum size. However, if traffic stops at some point and flush is triggered in order to make the plugin send all currently buffered data, this will not happen. And collectors will not receive that data. The plugin will keep the remaining data until traffic starts again, the buffers reach the maximum size, and be sent. With this fix, flush buffers for worker threads and for the main thread when the flush callbacks are triggered. This will allow to remove @tag_fixme_vpp_workers from the unit tests that don't set timers. The tests that set timers will still be failing for other multi-worker related problems. Type: fix Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2024-03-06misc: VPP 24.02 Release NotesAndrew Yourtchenko2-0/+568
Type: docs Change-Id: I4209b4edf387f2d7b88ecc338cca3b4901210ed2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 455960759b5417c767ed331748c7ee76662ffd18)
2024-03-05ip: force full reassembly before virtualMatthew Smith1-14/+5
Type: improvement The vnet buffer metadata for full IP reassembly and shallow virtual reassembly overlaps. If you have full reassembly and virtual reassembly enabled on the same interface and virtual reassembly happens to process packets first, full reassembly will stomp on the metadata populated by virtual reassembly. Virtual reassembly gets enabled implicitly when NAT feature nodes are enabled. Those NAT feature nodes rely on the virtual reassembly metadata being populated correctly in order to find L4 proto & ports. When NAT and IP full reassembly are both enabled on an interface, NAT can drop fragmented packets because the virtual reassembly metadata can be overwritten by full reassembly. Ensure that full reassembly runs before virtual reassembly. Add a runs_before dependency to ensure that ip4-full-reassembly-feature runs before ip4-sv-reassembly-feature. There was a duplicate VNET_FEATURE_INIT() for ip4-full-reassembly-feature. It seems to have been intended for enabling ip4-full-reassembly-custom as a feature node, but its contents are identical to the earlier VNET_FEATURE_INIT() for ip4-full-reassembly-feature. Removed the duplicate. Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2024-03-05dpdk: correct waiting timesGeorgy Borodin2-9/+53
When link state interval is 3 and stats interval is 10, updates for stats will be made every 12 seconds (next number after 10, that divisible by 3). And if you get counters every 30 secs, you will get ideal "saw"-line instead of real smooth chart. This commit makes smooth line on stats intervals that are divisors of the charts update interval (regardless of link state interval), and makes it possible to configure them. Type: fix Fixes: cb9cadad578297ffd78fa8a33670bdf1ab669e7e Change-Id: Ia4350467be2b0ec0c1be37c7fda63f43b3330f44 Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-03-05vpp: fix stdin vs non-interactive command clashVladislav Grishenko1-10/+13
In case of both stdin and non-interactive inputs are there vppctl parses them all, causing mixed corrupted output: $ echo foo | vppctl sh bar show: unknown input `bar' unknown input `foo' This is not desired, stdin should be ignored if there's a command but still allow stdin commands - following cases are still equal: $ vppctl foo $ echo foo | vppctl Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I98667391627150c98a57d49ae544e48ef3351f34
2024-03-05octeon: add support for VF deviceMonendra Singh Kushwaha3-6/+19
This patch adds support for VF and loopback device. Type: feature Change-Id: I1ea92f3a1161851957206300ab921c27290b0305 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-03-05vlib: fix initial stats time for the process nodesVladislav Grishenko1-1/+2
Uninitialized stats time for new dynamic processes (like unix cli) leads to invalid and too high clocks diff, breaking the stats collecting. $ sudo vppctl sh runtime | grep unix unix-cli-new-session any wait 0 0 30 2.72e3 0.00 unix-cli-process-0 active 14 0 27 3.73e15 0.00 unix-epoll-input polling 6464 0 0 3.56e6 0.00 unix-epoll-input polling 68360 0 0 1.31e3 0.00 Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ic70678b67a3fb3f78ed4a1a03077ae243ed5d7cd
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko16-82/+49
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04vppinfra: SHA2-256 ARM ISA supportDamjan Marion1-55/+104
Change-Id: I0fcda3e7afaab037bd12d0079d6639c6cbe8647e Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-04af_packet: fix the device input feature arc supportMohsin Kazmi1-32/+13
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I1c900bbe441c6797215f16e99b71149904aa745f
2024-03-04misc: fix icmpMaxime Peim4-4/+4
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04bpf_trace_filter: support bpf filter optimization and dumpVladislav Grishenko6-15/+127
BPF filter w/o optimization can take x2 - x3 more instructions, causing significant slow down in fast path. Enable pcap optimization by default via cli and introduce api v2 with pcap optimization control, keep v1 for a while as it exists in previous release already. Intriduce bpf filter cli dump, similar to tcpdump -d. Also fix memleak, function name typo, cli pcap format hint and add related tests. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
2024-03-04vppinfra: add os_get_online_cpu_core() and os_get_online_cpu_node()Damjan Marion6-22/+47
Type: improvement Change-Id: I6f99f09c7724ce656a4f41a1d5f9c88d74c00faf Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-04ip: fix warning on interface ipv6 prefix removeVladislav Grishenko1-1/+1
Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko8-5/+297
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-03-03svm: fix svm queue overwrite while adding 2 elementsVladislav Grishenko1-2/+2
Adding two elements to the full svm queue passes exact bounds check, therefore tail gets overwritten w/o any waiting. Fix it with requiring at lease two free slots. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I704ee606c47b523952cb965f848339ae1988cb60
2024-03-03udp: fix ipv6 udp punt showSamvel Vartapetov1-1/+1
Type: fix Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru> Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
2024-03-01session: add api cb for listen and unlistenFlorin Coras4-17/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-03-01crypto-native: fix AES-CBC encrypt loopDamjan Marion1-6/+6
Type: fix Change-Id: I11cc52ff3867277e6591efb061f96cadfcc70c88 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-29dhcp: Compare DIUD_LL as a network shortTom Jones1-1/+1
The existing comparision triggers the following clang assertion: error: result of comparison of constant 50331648 with expression of type 'u16' (aka 'unsigned short') is always true Section 9.1 of RFC3315 describes the DUID type field as: "A DUID consists of a two-octet type code represented in network byte" correctly convert the local type to a network short for the comparison. Type: fix Change-Id: I7cb048035bd5e06372e29471ae6004ee1b2191b9 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-28octeon: add flow offload infraMonendra Singh Kushwaha7-3/+581
Type: feature Change-Id: I3485e1627eafc5125255985003573247e7562db2 Signed-off-by: Kommula Shiva Shankar <kshankar@marvell.com> Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-28crypto: CLI to change dispatch modeNiyaz Murshed1-0/+39
This change aims to affect crypto_sw_scheduler behavior, but all the edits end up in vnet/crypto. After 9a9604b introduced adaptive mode for crypto dispatch, the performance of async mode at lower rate got worse. A work around for CSIT test is done by changing dispatch mode via explicit API call in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02 In this change, the CLI is brought back to allow user to fix the dispatch mode. set crypto async dispatch mode <polling|interrupt|adaptive> Type: improvement Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras5-22/+60
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-27session: fix transport closed and disconnect raceFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
2024-02-27dev: add per-port vnet flowMonendra Singh Kushwaha6-4/+97
Type: feature Change-Id: If63f39211288ab2eba8bc1ab50a2a4c7755abc66 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-26tcp: fix fin retransmit when out of buffersFlorin Coras1-4/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I787825dea7f82748537cc4372104cc6647cf2132
2024-02-26hsa: Undef libepoll-shims close on FreeBSDTom Jones1-0/+11
libepoll-shim has some hacks to enable functionality, one of these redefines close as a macro. This conflicts with a close call back. On FreeBSD undefine this macro at point of use. Type: improvement Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-26virtio: fix the packed ring supportMohsin Kazmi1-0/+18
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: If27702d2a9755e0e0a6eaeab4cf26b4974444b44
2024-02-26memif: don't include prctl.hTom Jones2-2/+0
Type: improvement Change-Id: I3ab8df625524b5ff85e62760f5e29daf0d650773 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-23tls: initialize app session app wrkFlorin Coras1-1/+2
Type: fix Change-Id: I8832839738b96495bd775a778dd736bb25e1236c Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-23svm: Use ftruncate to expand svm on FreeBSDTom Jones1-1/+10
Linux doesn't support the Linux idiom of using lseek and a write to set the size of a file, instead use ftruncate to accomplish the same effect. This change is taken from the Nanoteq VPP port commit: https://github.com/ftk-ntq/vpp/commit/04a1b19b37e791accc61b91f3f413d8bc8b1ff8f Type: improvement Change-Id: Ie0b83e751b8b8f20b6814e5c9f760035747dfad9 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-23vcl: Use FreeBSD specific errno value for bad fdTom Jones1-0/+7
Type: improvement Change-Id: I7693f2647f65f662c9b20f77bbf7e1a530b58259 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-23build: Discover libepoll-shim on FreeBSDTom Jones3-4/+19
FreeBSD doesn't offer epoll, but an implementation which uses kqueue is available as an external library. On FreeBSD in subsystems which require epoll have cmake look for libepoll-shim. Type: improvement Change-Id: Iafd5406a9e2ebaa53fd94034489ffbbf87a7d040 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-23vlib: Use platform specific headers for sched.hTom Jones1-6/+18
FreeBSD only defines posix scheduling policies, remove the others from the for each look to allow build. Type: improvement Change-Id: Ifdb9414417e8b6ffdf216fd001708b347c496b97 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-23build: Add support to add_vpp_library for platform specific sourcesTom Jones1-4/+13
Add support for adding Linux and FreeBSD specific sources to add_vpp_library and support for installing Linux specific headers. Don't add support for FreeBSD specific headers until we have some to install. Type: improvement Change-Id: I38549cf4d71999b71b3298e529323956e54ddc36 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-22ip6: ECMP hash support for ipv6 fragmentsBenoît Ganne2-11/+27
Type: improvement Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-20tls: fix transport endpoint getFlorin Coras1-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
2024-02-20pg: fix stream pg interfaceMaxime Peim4-11/+16
When an other interface is specified to generate packets from, we should bind its sw_if_index to the pg interface to use. Fix if_index_by_sw_if_index variable name, and force to specify a pg interface to source traffic from. Type: fix Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-02-19build: Enable building on AlmaLinux 9Kaj Niemi1-1/+10
AlmaLinux is identical to Rocky and can be made to work with the same build dependencies Type: feature Change-Id: I24bb8781a02c15f887c9c26cc98621e6256f4115 Signed-off-by: Kaj Niemi <kajtzu@a51.org>
2024-02-19vnet: include platform specific un.hTom Jones1-0/+5
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's max path is 4 bytes shorter than Linux's. Type: improvement Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-19vppinfra: Stub out get_current_cpu and get_current_numa on FreeBSDTom Jones1-0/+8
FreeBSD has its own set of syscalls for getting current CPU and NUMA domain information. Stub out these calls and return CPU 0 and NUMA domain 0 as placeholders until we bring in FreeBSD specific calls. Type: improvement Change-Id: Id61df0273b0bcc6acf4844ee626e4f246f9f217b Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-19dev: fix type for uint32 arg valueMonendra Singh Kushwaha1-1/+1
Type: fix Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-19build: bump octeon-roc version to 0.3Monendra Singh Kushwaha1-2/+2
This patch updates cache line size in octeon-roc library. Type: fix Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com> Change-Id: Ifbb6e7d2a5436a88ef10d22c414112edc23e0b35
2024-02-19crypto-openssl: refactor openssl API usageLijian Zhang2-44/+205
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec use cases, the openssl API calls of doing ctx init and key expansion are moved to initialization stage. In current implementation , the ctx is initialized with "key" and "iv" in EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv) in data plane, while the ctx can be initialized with 'key' and 'iv' separately, which means there could be two API calls: 1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0) 2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv) As the 'key' for certain IPSec SA is fixed and known, so call #1 can be placed in IPSec SA initialization stage. While call #2 should be kept in data plane for each packet, as the "iv" is random for each packet. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
2024-02-19wireguard: notify key changes to crypto engineLijian Zhang3-0/+18
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith2-11/+36
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-18udp: use transport port refcnt on acceptFlorin Coras3-2/+11
Use udp transport refcnt instead of local port refcnt when accepting new connections. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9