aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2023-04-11linux-cp: don't create tap for non-eth ifacesStanislav Zaikin1-0/+8
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it. Type: fix Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-04-11rdma: disable compressed CQE mode for txq CQJieqiang Wang1-3/+1
Previously we encountered the issue of failing to create completion queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128 if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not satisfy the requirement of 64B size CQE by RDMA plugin. We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"), but some of CSIT test cases failed due to this code change. It turns out that we don't need to specify compressed CQE mode for txq CQ because RDMA tx doesn't have the code logic to handle compressed CQEs, which might cause unexpected behavior if it is enabled. Type: fix Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5") Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
2023-03-31nat: fix nat44 vrf handlersDaniel Béreš1-2/+2
Change of enums used in REPLY_MACRO() to appropriate one for handlers: -vl_api_nat44_ed_add_del_vrf_table_t_handler -vl_api_nat44_ed_add_del_vrf_route_t_handler Type: fix Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
2023-03-29dpdk-cryptodev: fix name formatting of session poolsGabriel Oginski1-2/+2
Originally the name for each session pool is incorrectly prepared. It doesn't have right length. It is not null terminated. The fix corrects the name formatting for each session pool. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
2023-03-24dpdk-cryptodev: fix formatting name of poolsGabriel Oginski1-2/+2
Originally the name for each session pool can be incorrect prepared. The fix changes formatting for name for each session pool. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
2023-03-23vppinfra: AES-CBC and AES-GCM refactor and optimizationsDamjan Marion4-2450/+72
- crypto code moved to vppinfra for better testing and reuse - added 256-bit VAES support (Intel Client CPUs) - added AES_GMAC functions Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-21linux-cp: fix get_default_ns api methodStanislav Zaikin1-13/+7
Type: fix Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-03-20wireguard: fix sending peer events from worker threadsAlexander Chernavin1-5/+23
Type: fix API clients can register for peer events (e.g. to be notified when connection is established). In a multi-worker setup, peer events might be triggered from a worker thread. In order to send a peer event to the clients, an API message needs to be allocated and populated. API messages allocation is only allowed from the main thread. Currently, the code does not handle the case when a peer event is trying to be sent from a worker thread. In debug builds, when this happens, it causes SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 || vlib_get_thread_index () == 0" fails. In production builds, when this happens, it might cause unexplained behavior. There is a test that is supposed to catch this but all multi-worker Wireguard tests are currently disabled. This problem is likely to be one of the reasons they were disabled. With this fix, when a peer event is triggered from a worker thread, allocate and send corresponding API message from the main thread using RPC. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
2023-03-18vppinfra: fix corner-cases in bihash lookupDave Barach2-3/+8
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL table, the code would sporadically return a transitional value (junk) from a half-deleted kvp. At most, 64-bits worth of the kvp will be written atomically, so using memset(...) to smear 0xFF's across a kvp to free it left a lot to be desired. Performance impact: very mild positive, thanks to FC for doing a multi-thread host stack perf/scale test. Added an ASSERT to catch attempts to add a (key,value) pair which contains the magic "free kvp" value. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
2023-03-15crypto-native: 256-bit AES CBC supportDamjan Marion7-86/+353
Used on intel client CPUs which suppport VAES instruction set without AVX512 Type: improvement Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-15dma_intel: fix potential invalid batch statusMarvin Liu1-5/+6
DMA batch status was set by hardware. Its value may be variable between cpus twice accesses. Saving the value of status can fix it. Type: fix Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
2023-03-14dpdk: enable Google Virtual EthernetMarvin Liu2-0/+7
Recognize and drive google virtual ethernet (gve) in google cloud. Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
2023-03-14vlib: pre-alloc dma backend batchesMarvin Liu1-0/+27
Allocate and initialize dma batch structure when adding dma config. The number of required dma batches is set by max_batches parameter. Thus dma batches are not allocated dynamically in worker thread. Application need to check the return value of vlib_dma_batch_new. Type: improvement Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
2023-03-14crypto-native: avoid crash on 12th and 13th gen Intel client CPUsDamjan Marion1-2/+4
Those CPUs are announcing VAES capability but they don't support AVX512. Type: fix Fixes: 73a60b2 Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-14memif: don't leak error strings in API handlersDamjan Marion1-4/+4
Type: fix Fixes: ab4d917 Change-Id: I226044f64e1577033798fd203a2e981c894830d6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-13avf: 512-bit SIMD version of avf_tx_prepareLeyi Rong1-0/+50
Exploiting AVX-512 operations on avf_tx_prepare(). Type: improvement Signed-off-by: Leyi Rong <leyi.rong@intel.com> Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
2023-03-10af_packet: fix the broken functionality upon admin downMohsin Kazmi2-41/+25
Type: fix In vpp, file descriptor handler closes the fd upon error if there is no error handling function is registered. This patch fixes the issue for af_packet interface by registering the error handling function. Errors will also be gracefully logged. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
2023-03-08quic: use tx instead of builtin_tx event with timersFlorin Coras1-3/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e
2023-03-07avf: enable rss action of flowXinyao Cai4-152/+2925
This patch enables RSS action of avf flow. Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: I65de18d0c2eaa415893959563ea917a6b1956550
2023-03-07avf: fix cli memory leak with incorrect optionsTianyu Li1-37/+19
Remove extra line_input and unformat_user. Type: fix Fixes: b4ff07a2f843 ("Intel Adaptive Virtual Function native device driver plugin") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I9e502f3b254d0b1c7d8fd4b80925338a18da8269
2023-03-06lb: keep AddressSanitizer happyBenoît Ganne2-3/+2
vec_alloc() does not mark vector as accessible contrary to vec_validate(). Also removes redundant memset(0) as vector allocation always zeroed new memory. Type: fix Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06af_packet: fix the first packet offsetMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb
2023-03-06af_xdp: fix netns configurationBenoît Ganne1-1/+2
- clib_open_netns() expects a NULL-terminated C-string - if no netns was given, we should not try to format it otherwise we'll get "(nil)" as netns name. Type: fix Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flagBenoît Ganne7-130/+7
IV requirements vary wildly with the selected mode of operation. For example, for AES-CBC the IV must be unpredictable whereas for AES counter mode (CTR or GCM), it can be predictable but reusing an IV with the same key material is catastrophic. Because of that, it is hard to generate IV in a generic way, and it is better left to the crypto user (eg. IPsec). Type: improvement Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06memif: fix input vector rate of memif-input nodeLiangxing Wang1-1/+4
Explicitly set the ptd->n_packets to 0 if no packet is received in memif_device_input_inline(). Otherwise ptd->n_packets just keeps last time rx packets number, then this stale number is added to memif_input_node->vectors_since_last_overflow in every dispatch_node() call for memif_input_node. Type: fix Signed-off-by: Liangxing Wang <liangxing.wang@arm.com> Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
2023-03-06dpdk: plugin init should be protect by thread barrierXiaoming Jiang1-0/+2
Witout thread barrier, when dpdk_process_node initiating dpdk lib, workers thread may also be initiating. Main and workers threads may both setting error_main info, that will cause memory ASAN issue. Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
2023-03-06flow dpdk: introduce IP in IP support for flowXinyao Cai1-20/+149
This patch introduces IP in IP packet support for flow cli and dpdk plugin. Specifically, the following IP in IP packet types are supported: MAC-IPv4-IPv4-TCP/UDP/None, MAC-IPv4-IPv6-TCP/UDP/None, MAC-IPv6-IPv4-TCP/UDP/None, MAC-IPv6-IPv6-TCP/UDP/None, IP in IP flow rules can be created by using the following new keywords in vppctl: in-src-ip, in-dst-ip : to provide information for inner IPv4 header in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header in-proto : to specify inner transport layer protocol type (TCP or UDP) in-src-port, in-dst-port : to provide information for inner TCP/UDP header An example to create flow rule for MAC-IPv6-IPv6-TCP: test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default Another example to create flow rule for MAC-IPv6-IPv6: test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
2023-03-06vppinfra: fix clib_bitmap_will_expand() result inversionVladislav Grishenko1-0/+50
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(), so every put except ones that leads to free_bitmap reallocation will get false positive results and vice versa. Unfortunatelly there's no related test and existing bitmap tests are failing silently with false positive result as well. Fortunatelly neither clib_bitmap_will_expand() nor pool_put_will_expand() are being used by current vpp codebase. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
2023-03-06snort: fix descriptor offset may be truncated if buffers num too largejiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb
2023-03-06memif: autogenerate socket_idsNathan Skrzypczak5-0/+181
This patch adds an API memif_socket_filename_add_del_v2 that allows autogenerating memif socket_id when passing ~0 in the socket_id field. It opportunistically walks the hash to find a free ID to use, and returns it in the reply. socket_filename also becomes a variable length string, to accomodate for longer names (in case a netns gets passed) Type: feature Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-03-02wireguard: add barrier to sync dataGabriel Oginski6-32/+43
The current implmentation of the hash table is not thread-safe. This design leads to a segfault when VPP is handling a lot of tunnels for Wireguard, where one thread modifies the hash table and other threads start the lookup at the same time. This fix adds a barrier sync to the hash table access when Wireguard adds or deletes an element. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
2023-03-01docs: fixed to use unified "pcap trace" commandNobuhiro MIKI1-1/+1
Type: docs Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace") Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
2023-02-27wireguard: fix potential leaks of async frameGabriel Oginski1-12/+12
The current implementation can cause memory leaks of async frames and exhaust the async frames pool. Wireguard can early get async frame, even when later it turns out it is not needed. Then such frame won't be freed. This fix changes the moment of acquiring async frame from the pool, so it doesn't leak. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
2023-02-23srtp: fix build on ubuntu-22.04Dave Wallace1-1/+1
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed the 'ekt' field in srtp_policy_t to 'deprecated_ekt'. Type: fix Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-02-16wireguard: move buffer when insufficient pre_data leftAlexander Skorichenko1-14/+24
Currently wg-output-tun() doesn't check if a buffer has enough space for prepending an ethernet header (wg header over ipv6 vxlan header case leaves only 8 bytes free). In such a case move buffer's content. Type: fix Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0 Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
2023-02-13rdma: always use 64 byte CQEs for MLX5Nathan Brown1-5/+23
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA plugin to be unable to create completion queues. Since the RDMA plugin expects the CQEs to be 64 bytes, set the cqe_size explicitly when creating the CQ. This avoids any issues with different values for the MLX5_CQE_SIZE environment variable. Type: improvement Signed-off-by: Nathan Brown <nathan.brown@arm.com> Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
2023-02-08avf dpdk: fix incorrect handling of IPv6 src address in flowTing Xu2-3/+4
In current flow creating process in native avf and dpdk-plugins, when parsing the input arguments, it does not copy IPv6 src address correctly, so that IPv6 src address will not be configured in any flow rule, and any packet with the same address will not be matched. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
2023-02-08avf: fix incorrect flag for flow directorTing Xu1-2/+1
When parsing flow action type in avf, there is an incorrect flag for flow director, which makes flow director rule created unexpectedly. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
2023-02-08avf: fix checksum offload configurationTing Xu2-3/+1
Fix some configurations of avf checksum offload to get the correct udp and tcp checksum. Change Tx checksum offload capability since avf supports ipv4, tcp and udp offload all. Remove the operation to swap bit of checksum. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
2023-02-08avf: fix bit calculation function fls_u32Ting Xu1-1/+1
In avf the function fls_u32 is used to calculate the power of 2. Fix the expression of this function. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
2023-02-06vppinfra: refactor clib_socket_init, add linux netns supportDamjan Marion5-139/+80
Type: improvement Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-02-03nat: fix accidental o2i deletion/reuseDmitry Valter1-0/+6
Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
2023-02-02tls: openssl: fix SSL_read partial read scenarioOfer Heifetz1-8/+10
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
2023-02-02linux-cp: fix auto-sub-intStanislav Zaikin2-1/+5
lcp_itf_pair_pool could grew during sub-interface creation. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
2023-02-02af_xdp: fix default xdp program unload failYulong Pei1-20/+45
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in af_xdp_load_program(), previous if did not load custom XDP program, ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default xdp program will be not unloaded when delete af_xdp interface. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
2023-02-01memif: improve error reportingDamjan Marion4-122/+62
Type: improvement Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-02-01wireguard: update ESTABLISHED flagArtem Glazychev1-5/+3
We cannot confidently say that if we have received and processed the handshake_initiation message, then the connection has been established. Because we also send a response. The fact that the connection is established can only be considered if a keepalive packet was received. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
2023-01-26dns: keep AddressSanitizer happyBenoît Ganne2-16/+23
Type: fix Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-26dpdk: add intf tag to dev{} subinputNathan Skrzypczak2-0/+6
This patch allows to pass a tag when specifying the dpdk `dev { }` interface configuration. It allows a control plane generating a vpp.conf file to retreive the resulting mapping between dpdk interfaces & sw_if_indices in VPP without having to change the interface name exposed to the user. Type: feature Change-Id: I55907417de0083b82d4a127172816cec3459acf3 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-01-26wireguard: sending the first handshakeArtem Glazychev3-10/+13
After creating a peer, we send a handshake request. But it's not quite right to call wg_send_keepalive() directly. According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms. Since it's the first one - we don't need to take REKEY_TIMEOUT into account, but we still have jitter. It also makes no sense to immediately send keepalives, because the connection is not created yet. Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60