aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2022-03-29tls: Support for client certificate-key pairsarmurug1-0/+50
Type: improvement Signed-off-by: sarmurug <sarmurug@cisco.com> Change-Id: Ibbfe827b9c4c603a6fe7cc49970a46bd683194ce
2022-03-29dpdk: make log pipe non-blocking on both sidesDamjan Marion1-1/+2
Type: fix Change-Id: I857403b9d93ee4c17f2dd5ac8e6dafd66260a252 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: fix tap interface attrs in case the sw pool realloc'dVladislav Grishenko1-18/+16
Creating tap interface / sub interface causes allocation of a new software interface with possible sw interface pool reallocation. In such case accessing L3 MTU and interface flags by obsolete sw pointer is UAF. Instead, keep desired tap interface MTU value before sw intreface creation and refetch sw pointer right before sw flags inheritance. Type: fix Fixes: b89c1ddcb3b4f9138ca3ebefb2115f896ff3e1bd Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
2022-03-29crypto-openssl: fix seed calculationDamjan Marion1-1/+1
Type: fix Fixes: 91f17dc Change-Id: I860b6d5d5e9cf47d84fde0a2c92be43125038694 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: handle ipv4 routes when link goes down on subifAlexander Chernavin1-17/+43
Type: improvement Currently, the plugin can monitor link state changes on hardware interfaces for which a linux-cp pair exists. When the link goes down on one of the hardware interfaces, the plugin processes IPv4 routes that resolve through that interface according to the configurations: del-static-on-link-down and del-dynamic-on-link-down. The problem is that link state changes are not signaled for subinterfaces and the code that handles IPv4 routes is not triggered. When the link on a hardware interface goes down, it implies that subinterfaces added to that interface also will have the link in the down state. With this change, when the link goes down on a hardware interface, iterate over subinterfaces added to the interface and apply the same logic of routes processing as for hardware interfaces. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
2022-03-29linux-cp: add support for table flush if multiple interfacesAlexander Chernavin1-15/+39
Type: improvement lcp_router_table_flush() is used to remove routes from the given route table if they are resolved through the given interface with specified FIB source. Currently, if you need to remove routes from a route table that are resolved through one of the interfaces from a vector, the function has to be executed for every interface from the vector. Every execution walks the route table again. With this change, lcp_router_table_flush() accepts a vector of interfaces. Thus, the function can walk a single route table once and delete routes that resolve through one of the interfaces from the vector. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
2022-03-29perfmon: fix order in cmakelists.txtRay Kinsella1-8/+8
Fix ordering in CMakeLists.txt Type: refactor Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I8e71e4fbc048a80c4b250c2a66cfd8a522bde5f4
2022-03-29perfmon: fix non-NULL terminated C-stringBenoît Ganne1-1/+1
format() expects a NULL-terminated C-string as format string. Type: fix Change-Id: Ib428cf2debbf98850eed512907175f8ae8ba3c04 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-28linux-cp: Fix API responsePim van Pelt1-5/+7
* Correct endianness issue * lip_namespace is a vector not a string * Provide null termination to avoid unpack() failures in the client Responses in the python API now look like: lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=1, host_sw_if_index=3, vif_index=19, host_if_name='ice0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=2, host_sw_if_index=4, vif_index=20, host_if_name='ice1', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=5, host_sw_if_index=6, vif_index=21, host_if_name='ice0.1234', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: If4bf06a8b70977676ec7f5b1413cee6cc9d1714a
2022-03-28crypto-native: avoid overflow load on dataDamjan Marion1-1/+4
Type: improvement Change-Id: I5317afa02fa1525a7d8df595b56eb6546ccded57 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-27linux-cp: fix name formattingDmitry Valter1-1/+1
Format host interface name as vector rather than c-string. Otherwise non-null-terminated vector overrun triggers ASAN. Type: fix Fixes: 1705a6baefe205bb6792b547c7376eee3f328a71 Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
2022-03-25hsa: echo client connects as rpcFlorin Coras2-31/+36
Do connects in an session layer rpc instead of doing cli process sleeps. Performance with 4 workers goes from ~120k/180k first run/warmed up to ~135k/240k Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id184913e9898f8db099e29a605f3a9b1fc67be63
2022-03-25crypto-native: avoid mem overflow when loading IVDamjan Marion1-11/+13
Type: improvement Change-Id: I946d91e67c332ecac0b09d50980529b9d4e74f9c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-25linux-cp: handle ipv4 routes when link goes downAlexander Chernavin5-0/+163
Type: improvement Currently, when the link goes down on an interface, routes that resolve through that interface and created with Nexthop API are removed by the kernel. However, IPv4 routes remain in the FIB because the kernel doesn't send any notifications about that. And for the plugin working with user-space applications that create routes in the kernel using Nexthop API there should be a mechanism to synchronize the FIB and the kernel in this case. With this change, add two new startup configuration options to the plugin to be able to control what should happen with static and dynamic routes managed by the plugin on link down: - del-static-on-link-down (disabled by default, delete routes created with the linux-cp static FIB source on link down), - del-dynamic-on-link-down (disabled by default, delete routes created with the linux-cp dynamic FIB source on link down). Then, monitor link state changes on interfaces for which a linux-cp pair exists. If the link goes down on one of the interfaces, process routes that resolve through that interface according to the new configurations. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8
2022-03-24crypto-native: fix index in VAES aes-cbc encryptBenoît Ganne1-3/+3
Type: fix Change-Id: Id7ae0d4c53cbca3785964f0bef92e9cd589d4ce9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-24dpdk: enable int mode for virtioPaul Atkins1-0/+1
The way of specifying which interface supports what has changed. Re-add support for adaptive mode in virtio. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I2f8ffa6311a4081b93fb08a7e92408b8bffbae64
2022-03-23dpdk: copy the enable_rxq_int flag from driver to confPaul Atkins1-0/+1
The support for interrupt mode is not being respected as it is not copied into the driver conf, which is what is checked when trying to enable it. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I2e502306e27bd98f8037d1a0a396201e099b50b5
2022-03-23vppinfra: deprecate clib_mem_is_vecDamjan Marion1-2/+0
Use of clib_mem_is_heap_object is not reliable enough for production use as it relies on just few bytes of memory allocator chunk header. Type: improvement Change-Id: I48c8adde8b6348b15477e3a015ba515eb7ee7ec2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23vppinfra: change vlib_register_node so it takes format string for node nameDamjan Marion2-6/+3
This allows specifying both c string and vector for node name and removes need for crafting temporary string. Type: improvement Change-Id: I0b016cd70aeda0f68eb6f9171c5152f303be7369 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23dpdk: fix rx/tx burst function nameTianyu Li1-2/+2
Type: fix Fixes: 65105c95fe03 ("dpdk: improve logging") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I69d616c7e6e7b5395ebf083b1ac5c3e85f99bbdd
2022-03-23vnet: Remove the unused fields from opaque2Neale Ranns1-7/+6
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb6d19de053c306e9758dbfa827ab7bcab5de856
2022-03-23api: better segregate client and server codeBenoît Ganne1-4/+4
- move memory and server specific vl_msg_api_handler_with_vm_node() to memory server code only - keep api_global_main static Apart from being cleaner, this also helps avoiding symbols conflict when both client and server libs are loaded in the same process, as is done by the prom plugin. Those symbols conflict confuse ASan and can be nasty to debug. Type: improvement Change-Id: Iaf58596cc753ad8d3fedd8d65c4bf480ac129c2c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-23perfmon: null-terminate stringDamjan Marion1-1/+1
Type: fix Change-Id: I43ebb2c2922f3b8b8eddf26ccdf044f31d7b7a10 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23crypto-native: fix dst index typo in VAESBenoît Ganne1-1/+1
Type: fix Change-Id: Ib025d8c1bc9bd651b6448d6a41fd1efa6f0b7362 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-22session: use safe realloc for poolsFlorin Coras1-7/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I313c916d268c4b2b448b93e90bc67da341b803e3
2022-03-22memif: fix the maxmimum number of txqsMohsin Kazmi1-1/+1
Type: fix With multi-txq in VPP, user should be able to create more txqs than vpp threads. MEMIF_MAX_M2S_RING should be defined to 256 instead of number of vpp threads. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I337c3a5ea691470815653ff2dbfa862bb324b240
2022-03-21vppinfra: use clib_mem_allocDamjan Marion11-11/+11
Type: refactor Change-Id: I26a2a410f8f4070d10696f796d5887842cad3916 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-21wireguard: dont stacksmash bad peer base64 keysJon Loeliger1-1/+1
Just like commit 252647482b24bb3474e8f13bc86100718176832f did for Wireguard interface keys, prevent stack smashing the peer keys. Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
2022-03-21wireguard: improve peer dump detailsJon Loeliger2-11/+22
- Add peer_index, table_id, and keep-alive. - Fix some lingering cut-n-paste issues in the API file. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I6fc0729ba0268bbcda0248f680979c44e68b6b0c
2022-03-21hsa: add support for SAPI in vpp_echoFilip Tehlar5-48/+491
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If24a43b7f79e05092306562c192de03994dec550
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18memif: fix rx/txqueue RC on connectedNathan Skrzypczak1-9/+12
Type: fix Calling vnet_hw_if_register_tx_queue should be done with the worker barrier held, as virtio-pre-input might be grabbing a queue while a memif connect event is triggered. Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-17nat: fix ICMP error translationKlement Sekera1-0/+3
Add missing translation of ICMP inner IP layer. Change responsible test so that it actually tests something. Type: fix Fixes: 4881cb4c6f Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
2022-03-15flow: add generic flow pattern for 5G flow enhancementTing Xu1-0/+16
In order to support the requirement of RSS and packet steering of new protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern is introduced in vnet flow. The generic flow pattern is based on DDP (Dynamic Device Personalization) function and Parser Library module in DPDK. Using generic flow pattern, we do not need to create new packet and field type and offset in API parser for every new protocols. We can create flows for any protocol immediately as long as supported by DDP. The generic flow can be used to support 5G related protocols in different scenarios. The input of this generic pattern are two binary strings for spec and mask. Spec is the binary presentation of the target packet type, and mask is used to mark the target fields. In this patch DPDK plugins is enabled for POC. Next step we will enable generic flow in native IAVF, which is the main target. Here is an example. If we want to create a flow for GTPU QFI, spec is: 00000000000100000000000208004500003C00000000001100000101010102020202000 008680028000034FF001C00000000000000850100010045000014000000000000000001 01010102020202 mask is: 00000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000007F0000000000000000000000000000 00000000000000 A naming API POC is created via VAPI to help create the rule with the target packet format similar to Scapy. It is based on a function module called PacketForge. In this way, the user no need to create binary string spec and mask by themselves. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
2022-03-15memif: fix memif_process_desc indexingMauro Sardara1-4/+2
The index i was incremented in the wrong place, and the check on the presence of a next buffer in the chain was actually done for the next desc_status rather than the current one. Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
2022-03-14crypto: Enabling IOMMU DMA translation table update for QAT cardGovindarajan1-1/+2
With DPDK plugin, VPP does the DMA page map in IOMMU, only when DPDK supported ethernet devices are present. As a result, Mellanox NIC and QAT combo doesn't work. As part of this fix, DPDK supported crypto device check is added to do the DMA page map. Type: fix Signed-off-by: mgovind <govindarajan.mohandoss@arm.com> Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
2022-03-14hsa: fix error messageFilip Tehlar1-3/+3
Fixes a minor issue that causes printing an error message when there is no error. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
2022-03-14dpdk: improve rx burst count per loopFan Zhang1-4/+5
Type: improvement This patch improves the per dpdk-input loop number of packets received from the port. The change mimics how packets rx happened before VPP 22.02/DPDK 21.11: instead of trying to rx huge number of packets (256) in one go, rx more times with up to 32 packets max each time. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
2022-03-11map: fix memory leakBenoît Ganne1-1/+2
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report. Type: fix Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-11vlib: remoove unused fieldDamjan Marion1-1/+1
Type: refactor Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10dpdk: fix program vlans on ixgbevfDzmitry Sautsa1-2/+7
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF. Type: fix Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com> Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
2022-03-09stats: refactorDamjan Marion7-39/+33
Type: refactor Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-07linux-cp: handle ipv4 routes when interface is disabledAlexander Chernavin1-2/+88
Type: improvement Currently, when an interface is brought down administratively, IPv4 routes that resolve through that interface remain in the FIB. However, the kernel removes those routes but doesn't send any notifications about that. Desynchronization between the kernel and VPP happens. With this change, when a notification received from the kernel indicating that an interface was brought down, in addition to bringing the VPP interface down, walk the IPv4 FIB bound to that interface and remove any entries that resolve through that interface and were added with one of the linux-cp FIB sources. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
2022-03-04linux-cp: fix issue of possibly closing negative fdAlexander Chernavin1-5/+14
Type: fix Primarily fix an issue reported by Coverity in lcp_nl_open_sync_socket() that close() could possibly be run with negative fd. Also, add more checks and error logging there. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
2022-03-04linux-cp: stop signaling read event on every notifAlexander Chernavin1-7/+9
Type: improvement Currently, read event signal is sent on every notification message received and added in the queue. With this change, signal read event only when all currently available notification messages are received. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
2022-03-04linux-cp: stop ignoring ENOBUFS while reading notifAlexander Chernavin1-9/+2
Type: improvement Currently, while reading notifications, ENOBUFS error is ignored and reading continues. This was done to minimize the number of notifications that are lost due to reopening the socket. Now that synchronization is implemented to recover from socket errors, ignoring ENOBUFS and reading as much notifications as possible is not actual. Before synchronization, all currently enqueued notification are discarded in any case. With this change, stop reading notifications if any error occurs. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
2022-03-04ping: correct the fib-index used for the replyNeale Ranns1-15/+27
Type: fix if original packet was to the link local, then the fib index in the buffer is that of the LL table, we can't use that to foward the response if the new destination is global, so reset to the fib index of the link. In other case, the fib index we need has been written to the buffer already. Add a test for IPv6 ping in an MPLS-VPN where int inout interface is not the the same VRF as the response should be sent. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
2022-03-04linux-cp: ignore neighbors if ip addr is multicastAlexander Chernavin1-0/+17
Type: improvement When dump of neighbors is requested, the replies will also include neighbor entries for IPv6 multicast addresses: GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16 GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35 GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02 Such entries are not reported in netlink notification messages and VPP is unlikely to use these. With this change, ignore neighbor entries when the IP address is a multicast address. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
2022-03-03linux-cp: detect and delete stale entries after syncAlexander Chernavin1-0/+95
Type: improvement During synchronization, only the current actual set of entries is loaded. If some entries are no longer present in the set being loaded but present in VPP, they should be removed to fully syncronize. With this change, add handlers for sync begin and end events. Begin handlers will mark the entries as stale. End handlers will remove the entries that are still marked as stale. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
2022-03-03linux-cp: resync with kernel after nl socket errorAlexander Chernavin2-27/+503
Type: improvement Currently, if an error happens on the netlink notification socket, the socket gets reopened. A portion of notification messages have been lost because of this and will never arrive on the socket. VPP will be out of sync with the kernel networking state. With this change, synchronize VPP state and the kernel networking state if there was an error polling or reading the notification socket. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e