aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2023-12-01flowprobe: fix corrupted packets sent after feature disablingAlexander Chernavin3-2/+54
When IPFIX flow record generation is enabled on an interface and the active timer is set, flows will be saved and then exported according to the active and passive timers. If then disable the feature on the interface, the flow entries currently saved will remain in the state tables. They will gradually expire and be exported. The problem is that the template for them has already been removed. And they will be sent with zero template ID which will make them unreadable. A similar problem will occur if feature settings are "changed" on the interface - i.e. disable the feature and re-enable it with different settings (e.g. set a different datapath). The remaining flows that correspond to the previous feature settings will be eventually sent either with zero template ID or with template ID that corresponds to the current feature settings on the interface (and look like garbage data). With this fix, flush the current buffers before template removal and clear the remaining flows of the interface during feature disabling. Type: fix Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16 Signed-off-by: Alexander Chernavin <achernavin@netgate.com> (cherry picked from commit f68afe85a6e4d5e00fdad1af19a76eb40fdfa388)
2023-12-01flowprobe: fix sending L2 flows using L2_IP6 templateAlexander Chernavin1-11/+13
Currently, L2 flows are exported using L2_IP6 template if L3 or L4 recording is enabled on L2 datapath. That occurs because during feature enable, L2 template is added and its ID is not saved immediately. Then L2_IP4 and L2_IP6 templates are added overwriting "template_id" each time. And in the end, the current value of "template_id" is saved for L2 template. The problem is that "template_id" at that point contains the ID of L2_IP6 template. With this fix, save the template ID immediately after adding a template for all variants (datapaths). Also, cover the case with a test. Type: fix Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e Signed-off-by: Alexander Chernavin <achernavin@netgate.com> (cherry picked from commit 120095d3d33bfac64c1f3c870f8a332eeaf638f0)
2023-12-01memif: contention between memif_disconnect and memif RX/TX threadsSteven Luong1-0/+11
memif_disconect may be called without barrier sync. It removes stuff in mq without protection which may cause troubles for memif RX/TX worker threads. The fix is to protect mq removal in memif_disconnect. Type: fix Change-Id: I368c466d1f13df98980dfa87e8442fbcd822a428 Signed-off-by: Steven Luong <sluong@cisco.com> (cherry picked from commit 34c721fb47155135bf2173ca7b9a31aaacfde190)
2023-10-25tls: Fix SSL_CTX leak on every client sessionBrian Morris2-11/+12
Type: fix Change-Id: I35b3920288269073cdd35f79c938396128d169c9 Signed-off-by: Brian Morris <bmorris2@cisco.com> (cherry picked from commit 733e093e7099552a4609dc5efadf9261df7778d4)
2023-10-25dpdk-cryptodev: improve dequeue behavior, fix cache stats loggingPiotr Bronowski4-76/+88
This patch provides minor improvements to the logic governing dequeuing from the ring. Previously whenever a frame was dequeued we've been trying to dequeue from the ring another one till inflight == 0. Now threshold is set for 8 frames pending in the cache to be consumed by the vnet. This threshold has been chosen based on cache ring stats observation in the system under load. Some unnecessary logic for setting deq_tail has been removed. Also logging has been corrected, and cache ring logic simplied. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda (cherry picked from commit 7cc17f6df9b3f4b45aaac16ba0aa098d6cd58794)
2023-10-09tls: propagate reads to app irrespective of stateFlorin Coras2-3/+2
Session input node handles rx notifications even if session not fully accepted/connected Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6560c45db8f8e0b7f0dc3bdd0939f13ca2f43f15 (cherry picked from commit aa7b88120ad83a29a05522bed4e5aa71524b8aba)
2023-10-09tls: limit openssl engine max read burstFlorin Coras1-3/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3 (cherry picked from commit c1b038001e1f18effb3c9ff5daa9e9cac1cd66e8)
2023-09-19npt66: ensure feature is not configured multiple timesOle Troan2-12/+23
If the control agent enabled a binding on an interface multiple times, we would add the node in the feature arc multiple times. Type: fix Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-13nat: fix nat44_ed set_session_limit crashVladislav Grishenko1-8/+4
Setting session limit should return error for unknown fib. Optimize max_translations_per_fib expanding and drop unnecessary trailing fib entry. Type: fix Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-13quic: fix quic sessions state updatesFlorin Coras1-11/+5
Session state cannot be updated after async notification event is generated for app. Instead, make sure quic sessions that accept new streams are switched to listening state only on accept. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
2023-09-13adl: stabilize the APIAndrew Yourtchenko1-1/+1
As discussed on the VPP call, since CSIT tests use these messages and they have not been changedfor quite a while, bump the version so these messages are considered as "production" from the change process standpoint. Type: improvement Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-09-13wireguard: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on VPP call - since the APIs are used in CSIT tests, and there has not been changes in a while, mark them as stable from the API change process PoV. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
2023-09-13crypto-sw-scheduler: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on the VPP call: since the CSIT tests use these APIs and the APIs have not changed in quite a while, stabilize the API from the change process point of view. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
2023-09-13hsa: fix coverity issue CID-313635Dave Wallace2-2/+8
Type: fix Change-Id: Ieb50ab548bb34bdbb44d973037ee452d48f412ea Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-09-13idpf: make plugin default disabled until issues are fixedDamjan Marion1-0/+1
Type: improvement Change-Id: I2daa8fc338289555649135e7f0898e139807fdce Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2023-09-13perfmon: fix perf_user_access_enabled typeTianyu Li1-1/+1
perf_user_access_enabled is defined as u8, clib_sysfs_read format type is %u, this is for unsigned int, change type from u8 to u32. Type: fix Fixes: 268d7be66b8b ("perfmon: enable perfmon plugin for Arm") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
2023-09-12crypto-sw-scheduler: improve function indentationVratko Polak1-159/+156
The checkstyle --fix command remains confused around the def/foreach/undef usage in convert_async_crypto_id, but at least the other functions now look correctly indented to me. Type: style Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-09-07dpdk-cryptodev: fix cache ring stats cli commandPiotr Bronowski1-14/+12
The logic for calcuating processed elements in the cache ring was broken. In case tail and deq_tail equals and frame element pointed by the tile is not NULL it means there is exactly one processed element in the ring. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
2023-09-06nat: improve nat44-ed outside address distributionVladislav Grishenko1-1/+3
Use client address hash to pick the first outside address instead of just address high octet, becasue it may denegerate into stable 10/172/192, depending on nat address count. Fix outside address distribution test to acually test the distribution, not the algo, so previous distribution will fail with 65 nat addresses and 100 clients: FAIL: Outside address distribution based on source address Traceback (most recent call last): File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution msg="Bad outside address distribution") AssertionError: 156.25 not less than 0.33 : Bad outside address distribution Type: improvement Change-Id: I604b1294422f20d211db5614c47559557a78a193 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-06api: fix mp-safe mark for some messages and add moreVladislav Grishenko1-3/+6
Several api messages were not mp-safe although marked as such because non-zero base id was not taken into account, and therefore some other (from zero base id) were falsely mp-safe instead. Keep messages as mp-safe, as they falsely were before: 10 get_first_msg_id 0 1 12 api_versions 0 1 Messages that are no longer mp-safe as they weren't marked: 15 sockclnt_create 0 1 33 proxy_arp_intfc_dump 0 1 Fix messages to be really mp-safe: 809 bridge_domain_dump 0 1 920 ip_route_add_del 0 1 921 ip_route_add_del_v2 0 1 1362 get_node_graph 0 1 1671 create_vhost_user_if 0 1 1675 create_vhost_user_if_v2 0 1 Additionally mark messages as mp-safe, seems they need no barrier: 1360 show_threads 0 1 1370 show_version 0 1 1372 show_vpe_system_time 0 1 Type: fix Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-05npt66: make plugin default disabledOle Troan1-0/+1
Plugin is still in experimental state. No reason why it needs to be default enabled. Type: fix Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04arping: api to return responder mac addressOle Troan3-0/+68
The new arping_acd call includes the responders mac address in the reply. Enabling a client doing address conflict detection to identify if it is itself that is replying or that it is another host uses the IP address. Type: feature Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04npt66: checksum applied to src address instead of dst address on rxOle Troan1-3/+1
Applied the checksum delta to the source address instead of the destination address in the RX direction. Cleaned up tests a little. Type: fix Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04tracenode: filtering featureMaxime Peim10-0/+606
In order to be able to filter on encapsulated packet, a new node has been added to the ip4/6-unicast arcs. Type: feature Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-09-04session: fix allocation of proxy fifosFlorin Coras4-20/+43
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-31fateshare: a plugin for managing child processesAndrew Yourtchenko4-0/+621
For the reasons of modularity and security, it is useful to have various functionality split into processes different from VPP. However, this approach presents the challenges of managing those processes, and is markedly different from simply running everything within VPP process. This plugin is an experiment in having the VPP itself start off a monitor process which in turn starts the child processes, and restarts them if they quit. If the VPP process ceases to exist, the monitor process terminates all the descendant processes and quits itself. This allows to preserve the "single entity to manage" approach of simply running a barebones VPP. An example of running it: export DPDK_CONFIG="" export DISABLED_PLUGINS=dpdk export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }" make run Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7 Type: feature
2023-08-26nat: nat44-ed bug fixWei Li1-3/+4
fix lb static mapping "nat44_ed_sm_o2i_add" laddr and lport Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I249a00919e8154d92cbce03f6db196c13612948f
2023-08-26nat: nat44-ed cli bug fixWei Li1-1/+5
lport and eport in Cli "nat44 add load-balancing static mapping" should hton() Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
2023-08-25cnat: fix cnat_endpoint_encodeBenoît Ganne1-1/+1
Type: fix Change-Id: I4ab713811626c097c7927228f3819b7785bbb951 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-25npt66: network prefix translation for ipv6Ole Troan8-0/+643
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP. It's restricted to a single internal to external binding and runs as an output/input feature on the egress interface. Type: feature Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24 Signed-off-by: Ole Troan <otroan@employees.org>
2023-08-22dpdk-cryptodev: fix coverity issuesPiotr Bronowski2-5/+8
This patch addresses coverity issues CID 322716 and CID 322717. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I59d6f40c1af8e829d8cb3c042a52e144aeaf1e6b
2023-08-18nat: documention fixSteven Luong1-4/+4
s/nat44 enable sessions/nat44 plugin enable sessions/ Type: docs Change-Id: I93dbd161f085bff5b98df50cd29c9bedf5038307 Signed-off-by: Steven Luong <sluong@cisco.com>
2023-08-18dpdk-cryptodev: improve cryptodev cache ring implementationPiotr Bronowski4-239/+353
Sw ring is renamed to the cache ring. This name better reflects the puropse of this ring. We've introduced push/pop functions, as well as other utility functions which remove code repetition. Error handlig is improved: previously in case of an error all frame elements were marked as bad, now only these for which errors occured have the error status set. Unnecessary stats counters have been removed. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
2023-08-18cnat: add host tag to bitmap in cnat snatHediBouattour3-0/+17
Type: feature this patch adds a new tag "host" to interfaces for cnat-snat if an interface is tagged pod and host we do not snat traffic outgoing through it Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2023-08-17idpf: add native idpf driver pluginTing Xu13-0/+6242
Add a new native idpf driver. This patch enables the device initialization. Add some necessary functions and definations for input and output. A new version of virtchnl is introduced. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
2023-08-16tests docs: update python3 venv packagesDave Wallace4-8/+3
- Package update performed by 1. updating pip, pip-tools, setuptools 2. 'make test-refresh-deps' on ubuntu 22.04 3. fixing 'make test' and 'make docs' issues on ubuntu 22.04 4. 'make test-refresh-deps' on ubuntu 20.04 - Add dependency for 'make test-refresh-deps' to insure python venv is set up. - Update of python formatter, black, caused reformating of 41 python code files. Type: make Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-16nat: mark several messages as productionAndrew Yourtchenko1-4/+0
As per discussion on the VPP call, since they are being used in CSIT tests and have not seen changes in a while, mark the messages as production from the change process standpoint. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
2023-08-11session: fix coverity warningsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I910c8ce1713c6d346cc5ea4eb58a89c1c30a10a1
2023-08-10crypto-sw-scheduler: avoid crypto work on vpp_mainVratko Polak1-16/+18
+ Checkstyle demanded indentation edits. Type: fix Ticket: VPP-2083 Fixes: 9a9604b09f15691d7c4ddf29afd99a31e7e31eed Change-Id: Ie2d33d290330247d36435a073675b732bb64ae93 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-08-09session: async rx event notificationsFlorin Coras6-17/+82
Move from synchronous flushing of io and ctrl events from transports to applications to an async model via a new session_input input node that runs in interrupt mode. Events are coalesced per application worker. On the one hand, this helps by minimizing message queue locking churn. And on the other, it opens the possibility for further optimizations of event message generation, obviates need for rx rescheduling rpcs and is a first step towards a fully async data/io rx path. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
2023-08-09cnat: remove rwlock on tsNathan Skrzypczak7-61/+133
Type: improvement Remove rwlock contention on timestamps. ~10% pps with 10k sessions. Use fixed-size-pools of increasing sizes starting with 4K, and with a x2 step each time. We don't free/shrink allocated pools. Change-Id: I5fea51faba40430106c823275a6356e81709d118 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-09cnat: add ip/client bihashNathan Skrzypczak4-52/+68
This replace the cnat ip4/ip6 to client lookups previously done with a regular hash, by a bihash lookup. Type: improvement Do the client lookup in a bihash instead of a hash. Change-Id: I730c1893525c002b44ada8e290a36802835e88e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-08cnat: flag to disable rsessionNathan Skrzypczak10-31/+54
This adds a flag on the translation asking the VIP & input-feature nodes not to create the return session when translating / load-balancing an incoming flow. This is needed with maglev & DSR Type: feature Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-08ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMACBenoît Ganne5-15/+3076
Type: improvement Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-07vppinfra: add clib_file_get_resolved_basenameDamjan Marion1-1/+1
more generic version of clib_sysfs_link_to_name with support for format strings... Type: improvement Change-Id: I0cb263748970378c661415196eb7e08450370677 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-08-07cnat: Support offloaded check sumsNathan Skrzypczak4-215/+155
This patch removes zero checks for new_addr, new_port meaning sessions with zero values will rewrite the packet with a 0 value instead of leaving it in place. This allows to reduce branchiness in the code, and sessions are fully resolved at creation time anyway. This also adds support for checksum offloads: - IP checksum offload : we always compute the checksum to avoid issues with drivers. We'll revert this if we realize cost gets too important. - TCP/UDP checksum offload : we add the implementation for pseudo header checksum computation. This is needed for the drivers that do not re-compute this pseudo-checksum before the packet is TX-ed (e.g. a few DPDK drivers). Type: improvement Change-Id: I6543f3aec8c120ec50f4219108609138283620ef Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-04nsh: fix nsh gre referencesBenoît Ganne1-10/+14
Since gre is a plugin, nsh should not use symbol names directly. Type: fix Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-02quic: fix closing of streamsFlorin Coras1-3/+1
Avoid explicit manipulation of session state and generate closing event if need be. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
2023-07-28vlib: pci cleanup and improvementsDamjan Marion3-28/+4
Change-Id: Ieafbed6f2db3dec65e4b43d84a4661f6a1bbe891 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-07-27hsa: add total bytes parameter to vcl_test_clientFilip Tehlar1-1/+17
Type: test Change-Id: Ib1131eedb8eeaa9adfed9cfc47beeb1c7c8adb5c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>