summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-07-02ipsec: ADD/update IPSec documentationNeale Ranns2-0/+200
Type: docs Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ica576e13953a3c720a7c093af649d1dd380cc2c0
2021-07-02interface: api cleanupFilip Tehlar4-1439/+36
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
2021-07-02sr: do not use vnet_all_api.hFilip Tehlar2-34/+33
.. as it is going to be removed. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
2021-07-02vlib: fix buffer pool alignment sizeTianyu Li1-1/+1
Alignment size should be CLIB_CACHE_LINE_BYTES(64) instead of CLIB_LOG2_CACHE_LINE_BYTES(6) Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If2d5ae324093be64454377866297f5e76ccddc93
2021-07-02crypto: fix sw async crypto with chained buffersBenoît Ganne1-31/+30
When a buffer in the chain comes with a negative current_data offset, the conversion to sgl will skip it because of resetting offset to 0. Moreover, crypto_start_offset is relative to the 1st buffer data pointer so we should not check it against subsequent buffers anyway. Type: fix Change-Id: Id177a90bfda242a5372c7e8836cf6668e98c780e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-07-02misc: Don't IPv[46] enable local0, it doesn't receive packets.Neale Ranns1-5/+0
Type: improvement local0 exists just to burn sw_if_index=0 so we catch common API errors. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
2021-07-01vmxnet3: support manual thread assignment to tx queueSteven Luong3-18/+26
Thread assignment to tx queue has always been automatic and there was no way to modify it. With this patch, it is now possible to use the cli "set interface tx-queue" to change the thread assignment to tx queue for vmxnet3 interface, thanks to the new tx infra. Type: feature Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I1544e3557f70251d4bd423cc3d9f28ee1d44db4a
2021-07-01ip: api cleanupFilip Tehlar5-1693/+88
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
2021-06-30memif: fix tx desc length for chained buffers in copy modeBenoît Ganne1-0/+1
When enqueuing chained buffer, we must update the descriptor length for each fragment descriptor in addition to the last. Type: fix Change-Id: I9bc95fe557a049eeea4abd41c695153632d52a52 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-30rdma: fix chained buffer tx path in dv modeBenoît Ganne1-24/+20
When switching to the direct verb chain buffer tx path, we must account for all remaining packets, including the packets that would wrapped around. Previously we were using the 'n' counter but ignoring the 'n_wrap' counter: if some packets would have wrapped around in the default path, it would be ignored by the chained buffer tx path. Compute the correct number of remaining packets based on the old and current txq tail instead. Also simplify the chained tx function parameters. Type: fix Change-Id: If12b41a8f143fda80290342e2904792f7501c559 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-30memif: fix chain buffer length in zero-copy modeBenoît Ganne1-0/+1
The total_length_not_including_first_buffer field must be reset before being updated otherwise it will quicly grows as stale values are reused. Type: fix Change-Id: Ic48c0822660998b0dfc0b5fdeadae6071b2d03f7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-30vcl: coverity fixesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I290e4b0dff6afe7ce755074f3aaaf945dbbf3e09
2021-06-30ipsec: Derive the TUNNEL_V6 flag from the configured address typesNeale Ranns3-3/+8
Type: improvement There's no need for the user to set the TUNNEL_V6 flag, it can be derived from the tunnel's address type. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
2021-06-29session: free ctrl event data on connect rpcFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns9-327/+1245
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-06-29tcp: add ACK flag to RST packetliuyacan1-1/+1
According to RFC 793, the ACK control bit is always sent once the connection is established. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
2021-06-29vcl: improvements to epoll ltFlorin Coras3-52/+85
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If585b9c48f67599c56a8c4b4a5139375bc4287f6
2021-06-29ipsec: increment SPD policy counters for bypass and discard actions in ↵Zachary Leaf1-0/+20
ipsec4_input_node ipsec_spd_policy_counters are incremented only for matched inbound PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have SPD policy counters that should be incremented on match. This fix increments the counters for inbound BYPASS and DISCARD actions. Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
2021-06-29vcl: Don't use app_socket_api to notify VPP in parent when child exitedwanghanlin1-1/+5
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: Icd2fc3cc2d0a0a6060abfb262044cf9e09ab4ba2
2021-06-29vcl: Don't memset events to optimize CPU usagewanghanlin1-8/+6
In stress test case, memset may consume a lot of CPU because vls_epoll_wait is called very frequently. Type: improvement Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I9b4e1d6e1c4d7217cf0b2529d8efed792dea7b40
2021-06-28vcl: epoll fix postponed evt handlingFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d208f8ef4638e7557929f4b2bca4d640af85baa
2021-06-28ipsec: Split the SA add_del API into an separate add and delNeale Ranns3-56/+100
Type: improvement the rationale being that the del only requires the SA's ID, so it's a bit mean to require the client to fill out all the other information as well. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
2021-06-28ipsec: Enable the extended Sequence Number IPSec tests for GCMNeale Ranns1-2/+72
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie691b1c8841f5e195525bfff990f12ab918ba394
2021-06-26vrrp: prevent segfault in multicast join due to missing LL AddrJon Loeliger1-2/+5
If an IPv6 Link Layer Address is missing from an interface, treat it as a down interface. While this fails to send a VRRP multicast group join, it also prevents a seg fault. Type: fix Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Iebf69bb30604a96de6587655eb872aa818158a56
2021-06-25stats: reverts part of a fix on Python clientArthur de Kerhor1-12/+4
Puts return statements back inside code blocks under the lock Type: fix Change-Id: I76d426f336200035026b92bcb0ffe2b472a3142d Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-06-25stats: revert "add a retry mechanism in a symlink test"Beno�t Ganne1-15/+1
This reverts commit d70777aa60a87001f323f3b226d7e5cee2cd23d8. Reason for revert: wrong fix Type: fix Change-Id: Ibff1b977eae8d2cc85888165ebf83c42eb661698 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-25stats: fix race conditions in vpp-api stats clientArthur de Kerhor1-4/+12
Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ie5c197f6ec0d41d5e405b22662701d83ad94d29e
2021-06-24session: fix session formated str output truncated in cliXiaoming Jiang2-12/+16
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
2021-06-24linux-cp: stop managing adjacencies for tunnelsAlexander Chernavin1-0/+12
Type: fix Outbound packets which arrive on tun/L3 interfaces use a default adjacency for the interface & address family from the corresponding interface pair. However, there are entries in the linux-cp adj table that are created for them. Managing these entries might cause a segfault because the rewrite data might exceed the reserved space for it of 28 bytes in the linux-cp adj key (e.g. in case of GRE IPv6). With this change, stop creating adjacencies for tun/L3 interfaces in the linux-cp adj table and delegating them. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4bcd685860053ab87c65064c182e3ed53fd4fae9
2021-06-24svm: fix asan check failed @svm_map_region on armTianyu Li1-4/+3
==283032==AddressSanitizer CHECK failed: compiler-rt/lib/asan/asan_mapping.h:366 "((AddrIsInMem(p))) != (0)" (0x0, 0x0) #0 0x49c128 in __asan::AsanCheckFailed #1 0x4ae8dc in __sanitizer::CheckFailed #2 0x495dec in __asan::ShadowSegmentEndpoint::ShadowSegmentEndpoint #3 0x495e48 in __asan_unpoison_memory_region #4 0xfffff4e851f8 in svm_map_region /home/vpp/src/svm/svm.c:611:7 #5 0xfffff4e86d9c in svm_region_init_internal /home/vpp/src/svm/svm.c:797:8 #6 0xfffff4e87ce4 in svm_region_init_args /home/vpp/src/svm/svm.c:880:3 #7 0xfffff7f30d30 in vlibmemory_init /home/vpp/src/vlibmemory/memory_api.c:974:3 #8 0xfffff4fd5368 in vlib_main /home/vpp/src/vlib/main.c:1986:16 svm_global_region_base_va 0x200000000000 is not in the aarch64 mapping range, leading check failure and vpp cannot start. aarch64 asan mapping || `[0x201000000000, 0xffffffffffff]` || HighMem || || `[0x041200000000, 0x200fffffffff]` || HighShadow || || `[0x001200000000, 0x0411ffffffff]` || ShadowGap || || `[0x001000000000, 0x0011ffffffff]` || LowShadow || || `[0x000000000000, 0x000fffffffff]` || LowMem || x86 asan mapping || `[0x10007fff8000, 0x7fffffffffff]` || HighMem || || `[0x02008fff7000, 0x10007fff7fff]` || HighShadow || || `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap || || `[0x00007fff8000, 0x00008fff6fff]` || LowShadow || || `[0x000000000000, 0x00007fff7fff]` || LowMem || Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I55ddbdcd361d66d4cfaf6459b2fa20fd8b64af37
2021-06-24vcl: fix vcl_session_write_ready when connectingliuyacan1-0/+4
Applications like curl will poll the fd after a non-blocking connect, so we need to avoid returning the wrong event. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I7ea146fc954fda631b3d88b46bb80adfbcdf137c
2021-06-24l2: api cleanupFilip Tehlar5-1748/+25
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
2021-06-24linux-cp: add callbacks for pair managementMatthew Smith2-15/+41
Type: improvement Allow callbacks to be registered which will be called when an interface pair is added or deleted. Change-Id: I1c413ac2ada802021f9e56e2f878ce67e5eda2f5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-23virtio: api cleanupFilip Tehlar4-363/+13
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
2021-06-23mss_clamp: iterate enabled direction as a vector, not poolJon Loeliger1-2/+2
Type: fix Fixes: bf55e9931ce203049385fbf55dde291ead556679 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I5410a7a5a8cdc1d41abcc42fe5b42e6e2991dc06
2021-06-23nat: ICMP handling fixesKlement Sekera4-24/+110
If ICMP comes from a router on path, source address must not be rewritten in o2i path to avoid getting wrong checksum. Fix ICMP checksum computations. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
2021-06-23mpls: api cleanupFilip Tehlar4-688/+10
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
2021-06-23span: api cleanupFilip Tehlar4-226/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
2021-06-22syslog: api cleanupFilip Tehlar3-47/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
2021-06-22tcp: api cleanupFilip Tehlar4-93/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
2021-06-22session: avoid reordering unlisten and connect msgFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
2021-06-22virtio: api cleanupFilip Tehlar3-606/+22
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
2021-06-22misc: punt: api cleanupFilip Tehlar4-93/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
2021-06-22dpdk: enable igc devicesMatthew Smith2-27/+29
Type: improvement Set port type and supported flow actions on 2.5G Intel NICs which are managed by the igc PMD. Change-Id: Id144eaa158e24a3f10effb6b517d1c62fba0d2e8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-22devices: af_packet api cleanupFilip Tehlar3-229/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0
2021-06-22qos: api cleanupFilip Tehlar3-108/+11
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39505763371c98b75ff7b697dacd3eeb0d41d40a
2021-06-22api: asan: use vec_set_len() so ASan can keep track of buffer lenBenoît Ganne1-6/+6
ASan poison/unpoison vectors based on the vector length, but _vec_len() bypass ASan annotations, contrary to vec_set_len(). Type: fix Change-Id: I5265a5adcddef1aa11c77e0c3827346b1a66c306 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-22vcl: validate vep handle when copying sessions on forkwanghanlin1-0/+31
When copying sessions from parent on fork, we should validate vep handle in order to EPOLL_CTL_DEL in vcl_session_cleanup correctly when child exit. Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I7696ecd898460c9a296d2800e46c7140e2218ed7
2021-06-22vcl: move child wrk cleanup from sighandler to vls_epoll_waitwanghanlin1-1/+42
Main process may enter sighandler with a lock, such as lock in localtime or in mspace_free, and child wrk cleanup may try to get such locks and cause deadlock. The patch move cleanup to vls_epoll_wait to wait app's next call. Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I9b208038a0f49b0ace44684189234aeac9d94730
2021-06-22devices: tapv2 api cleanupFilip Tehlar3-453/+12
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0a2c1cbbe798ddf9d08da78bf0b458a0f54fa13a