summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2022-04-05nat: nat44 cli bug fixFilip Varga5-42/+38
Two similar CLI paths "nat44" and "nat44 add interface address" caused unexpected behavior. If "nat44 add interface address" command would fail the vlib cli processing function would call "nat44" handler. This would also clean any previously set errors from the first command and basically return same error returned by "nat44" handler for every failed command that starts with the same path string. Fixes nat44-ed and nat44-ei plugin. Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653 Ticket: VPP-2021 Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-05vppinfra: refactor address sanitizerDamjan Marion1-1/+1
Type: refactor Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05crypto-openssl: use getrandom to reseed opensslBenoît Ganne1-13/+8
Type: improvement Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion39-92/+88
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-04tls: set client ckpair only for non-test ckpFlorin Coras1-13/+15
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7287e40ad95dfe061fd8a7b0e99921d5540e030d
2022-04-04tls: null terminate openssl chiphersFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5d4e68730a75337a2e532e72f366b62d6973235e
2022-04-04vlib: remove unused fieldsDamjan Marion1-8/+0
Type: refactor Change-Id: I449fcea92a1c96dd7dd0bcad893060ad1c614351 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-01vrrp: add stats support and update APIEmanuele Di Pascale8-18/+643
Add simple counter statistics to VRRP, based on a subset of those defined in RFC8347. Add an update API that allows in-place modification of an existing instance. The method returns a vrrp_index which can be used both for retrieving statistics and to modify non-key parameters. Also add a delete method which will take that vrrp_index as parameter. Type: improvement Signed-off-by: Emanuele Di Pascale <lele84@gmail.com> Change-Id: I2cd11467b4dbd9dfdb5aa748783144b4883dba57
2022-04-01dpdk: fix vlan creation on ixgbeAlexander Chernavin1-1/+0
Type: fix VLAN programming is currently enabled for IXGBE. However, that is only supported for IXGBE_VF. With this fix, disable VLAN programming for IXGBE. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I37b1d0733988c964d2b0f5a49328effacec1cb6f
2022-04-01dpdk: fix coverity issueFan Zhang1-13/+4
Type: fix This patch fixes the following DPDK plugin issue: CID 253333: Control flow issues (DEADCODE) The change also includes some cosmetic changes for error handling. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I830020bc3ae9a508f3a905f78333fa3ae25ce784
2022-04-01nat: VRF routing & FIB improvementsFilip Varga8-281/+727
This patch affects how destination fib is choosen during session creation. Default behavior of choosing fib based on output interfaces is kept. Configuration gives you the ability to change default behavior to direct or restrict traffic between different FIB tables. NAT specific VRF routing options: a) keeping communication in the same VRF b) option to add multiple destination VRFs c) option to control the resolution order of destination VRFs TX FIB resolution is based on looking up RX FIB entry in NATs VRF table and picking the first FIB that resolves destination address. Ticket: VPP-2009 Type: improvement Change-Id: If500c48d7ce3466533ad9581c0847870788fc4fb Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-01nat: nat44-ed cleanup & fixesFilip Varga7-1303/+645
Set deprecated option on unsupported API calls. Cleaned up API calls with deprecated option. Removed in progress option from long term used API calls. Removed obsolete/unused nodes, functions, variables. Fixed set frame queue nelts function. Calling API would incorrectly not fail even though frame queue nelts can only be set before first call nat44_plugin_enable. Moved all formatting functions to _format.c file. Type: refactor Change-Id: I3ca16e0568f8d7eee3a27c3620ca36164833a7e4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-01tls: enable host verification by hostnamesatna1-3/+40
Type: improvement Signed-off-by: satna <satbeervarma9596@gmail.com> Change-Id: I1b1db60fa1a0e47fce273bc07b01887813fd3c48
2022-03-31stats: convert error counters to normal countersDamjan Marion1-23/+0
Change-Id: I9794da718805b40cc922e4f3cf316255398029a9 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan3-25/+56
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-30vppinfra: vector allocator reworkDamjan Marion1-25/+2
- support of in-place growth of vectors (if there is available space next to existing alloc) - drops the need for alloc_aligned_at_offset from memory allocator, which allows easier swap to different memory allocator and reduces malloc overhead - rework of pool and vec macros to inline functions to improve debuggability - fix alignment - in many cases macros were not using native alignment of the particular datatype. Explicitly setting alignment with XXX_aligned() versions of the macro is not needed anymore in > 99% of cases - fix ASAN usage - avoid use of vector of voids, this was root cause of several bugs found in vec_* and pool_* function where sizeof() was used on voids instead of real vector data type - introduce minimal alignment which is currently 8 bytes, vectors will be always aligned at least to that value (underlay allocator actually always provide 16-byte aligned allocs) Type: improvement Change-Id: I20f4b081bb13bbf7bc0ace85cc4e301787f12fdf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29hsa: refactor echo clientsFlorin Coras2-318/+319
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I30cc31c438d357d48576fba84e54809455960eaa
2022-03-29tls: Support for client certificate-key pairsarmurug1-0/+50
Type: improvement Signed-off-by: sarmurug <sarmurug@cisco.com> Change-Id: Ibbfe827b9c4c603a6fe7cc49970a46bd683194ce
2022-03-29dpdk: make log pipe non-blocking on both sidesDamjan Marion1-1/+2
Type: fix Change-Id: I857403b9d93ee4c17f2dd5ac8e6dafd66260a252 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: fix tap interface attrs in case the sw pool realloc'dVladislav Grishenko1-18/+16
Creating tap interface / sub interface causes allocation of a new software interface with possible sw interface pool reallocation. In such case accessing L3 MTU and interface flags by obsolete sw pointer is UAF. Instead, keep desired tap interface MTU value before sw intreface creation and refetch sw pointer right before sw flags inheritance. Type: fix Fixes: b89c1ddcb3b4f9138ca3ebefb2115f896ff3e1bd Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
2022-03-29crypto-openssl: fix seed calculationDamjan Marion1-1/+1
Type: fix Fixes: 91f17dc Change-Id: I860b6d5d5e9cf47d84fde0a2c92be43125038694 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: handle ipv4 routes when link goes down on subifAlexander Chernavin1-17/+43
Type: improvement Currently, the plugin can monitor link state changes on hardware interfaces for which a linux-cp pair exists. When the link goes down on one of the hardware interfaces, the plugin processes IPv4 routes that resolve through that interface according to the configurations: del-static-on-link-down and del-dynamic-on-link-down. The problem is that link state changes are not signaled for subinterfaces and the code that handles IPv4 routes is not triggered. When the link on a hardware interface goes down, it implies that subinterfaces added to that interface also will have the link in the down state. With this change, when the link goes down on a hardware interface, iterate over subinterfaces added to the interface and apply the same logic of routes processing as for hardware interfaces. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
2022-03-29linux-cp: add support for table flush if multiple interfacesAlexander Chernavin1-15/+39
Type: improvement lcp_router_table_flush() is used to remove routes from the given route table if they are resolved through the given interface with specified FIB source. Currently, if you need to remove routes from a route table that are resolved through one of the interfaces from a vector, the function has to be executed for every interface from the vector. Every execution walks the route table again. With this change, lcp_router_table_flush() accepts a vector of interfaces. Thus, the function can walk a single route table once and delete routes that resolve through one of the interfaces from the vector. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
2022-03-29perfmon: fix order in cmakelists.txtRay Kinsella1-8/+8
Fix ordering in CMakeLists.txt Type: refactor Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I8e71e4fbc048a80c4b250c2a66cfd8a522bde5f4
2022-03-29perfmon: fix non-NULL terminated C-stringBenoît Ganne1-1/+1
format() expects a NULL-terminated C-string as format string. Type: fix Change-Id: Ib428cf2debbf98850eed512907175f8ae8ba3c04 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-28linux-cp: Fix API responsePim van Pelt1-5/+7
* Correct endianness issue * lip_namespace is a vector not a string * Provide null termination to avoid unpack() failures in the client Responses in the python API now look like: lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=1, host_sw_if_index=3, vif_index=19, host_if_name='ice0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=2, host_sw_if_index=4, vif_index=20, host_if_name='ice1', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=5, host_sw_if_index=6, vif_index=21, host_if_name='ice0.1234', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: If4bf06a8b70977676ec7f5b1413cee6cc9d1714a
2022-03-28crypto-native: avoid overflow load on dataDamjan Marion1-1/+4
Type: improvement Change-Id: I5317afa02fa1525a7d8df595b56eb6546ccded57 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-27linux-cp: fix name formattingDmitry Valter1-1/+1
Format host interface name as vector rather than c-string. Otherwise non-null-terminated vector overrun triggers ASAN. Type: fix Fixes: 1705a6baefe205bb6792b547c7376eee3f328a71 Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
2022-03-25hsa: echo client connects as rpcFlorin Coras2-31/+36
Do connects in an session layer rpc instead of doing cli process sleeps. Performance with 4 workers goes from ~120k/180k first run/warmed up to ~135k/240k Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id184913e9898f8db099e29a605f3a9b1fc67be63
2022-03-25crypto-native: avoid mem overflow when loading IVDamjan Marion1-11/+13
Type: improvement Change-Id: I946d91e67c332ecac0b09d50980529b9d4e74f9c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-25linux-cp: handle ipv4 routes when link goes downAlexander Chernavin5-0/+163
Type: improvement Currently, when the link goes down on an interface, routes that resolve through that interface and created with Nexthop API are removed by the kernel. However, IPv4 routes remain in the FIB because the kernel doesn't send any notifications about that. And for the plugin working with user-space applications that create routes in the kernel using Nexthop API there should be a mechanism to synchronize the FIB and the kernel in this case. With this change, add two new startup configuration options to the plugin to be able to control what should happen with static and dynamic routes managed by the plugin on link down: - del-static-on-link-down (disabled by default, delete routes created with the linux-cp static FIB source on link down), - del-dynamic-on-link-down (disabled by default, delete routes created with the linux-cp dynamic FIB source on link down). Then, monitor link state changes on interfaces for which a linux-cp pair exists. If the link goes down on one of the interfaces, process routes that resolve through that interface according to the new configurations. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8
2022-03-24crypto-native: fix index in VAES aes-cbc encryptBenoît Ganne1-3/+3
Type: fix Change-Id: Id7ae0d4c53cbca3785964f0bef92e9cd589d4ce9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-24dpdk: enable int mode for virtioPaul Atkins1-0/+1
The way of specifying which interface supports what has changed. Re-add support for adaptive mode in virtio. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I2f8ffa6311a4081b93fb08a7e92408b8bffbae64
2022-03-23dpdk: copy the enable_rxq_int flag from driver to confPaul Atkins1-0/+1
The support for interrupt mode is not being respected as it is not copied into the driver conf, which is what is checked when trying to enable it. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I2e502306e27bd98f8037d1a0a396201e099b50b5
2022-03-23vppinfra: deprecate clib_mem_is_vecDamjan Marion1-2/+0
Use of clib_mem_is_heap_object is not reliable enough for production use as it relies on just few bytes of memory allocator chunk header. Type: improvement Change-Id: I48c8adde8b6348b15477e3a015ba515eb7ee7ec2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23vppinfra: change vlib_register_node so it takes format string for node nameDamjan Marion2-6/+3
This allows specifying both c string and vector for node name and removes need for crafting temporary string. Type: improvement Change-Id: I0b016cd70aeda0f68eb6f9171c5152f303be7369 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23dpdk: fix rx/tx burst function nameTianyu Li1-2/+2
Type: fix Fixes: 65105c95fe03 ("dpdk: improve logging") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I69d616c7e6e7b5395ebf083b1ac5c3e85f99bbdd
2022-03-23vnet: Remove the unused fields from opaque2Neale Ranns1-7/+6
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb6d19de053c306e9758dbfa827ab7bcab5de856
2022-03-23api: better segregate client and server codeBenoît Ganne1-4/+4
- move memory and server specific vl_msg_api_handler_with_vm_node() to memory server code only - keep api_global_main static Apart from being cleaner, this also helps avoiding symbols conflict when both client and server libs are loaded in the same process, as is done by the prom plugin. Those symbols conflict confuse ASan and can be nasty to debug. Type: improvement Change-Id: Iaf58596cc753ad8d3fedd8d65c4bf480ac129c2c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-23perfmon: null-terminate stringDamjan Marion1-1/+1
Type: fix Change-Id: I43ebb2c2922f3b8b8eddf26ccdf044f31d7b7a10 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23crypto-native: fix dst index typo in VAESBenoît Ganne1-1/+1
Type: fix Change-Id: Ib025d8c1bc9bd651b6448d6a41fd1efa6f0b7362 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-22session: use safe realloc for poolsFlorin Coras1-7/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I313c916d268c4b2b448b93e90bc67da341b803e3
2022-03-22memif: fix the maxmimum number of txqsMohsin Kazmi1-1/+1
Type: fix With multi-txq in VPP, user should be able to create more txqs than vpp threads. MEMIF_MAX_M2S_RING should be defined to 256 instead of number of vpp threads. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I337c3a5ea691470815653ff2dbfa862bb324b240
2022-03-21vppinfra: use clib_mem_allocDamjan Marion11-11/+11
Type: refactor Change-Id: I26a2a410f8f4070d10696f796d5887842cad3916 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-21wireguard: dont stacksmash bad peer base64 keysJon Loeliger1-1/+1
Just like commit 252647482b24bb3474e8f13bc86100718176832f did for Wireguard interface keys, prevent stack smashing the peer keys. Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
2022-03-21wireguard: improve peer dump detailsJon Loeliger2-11/+22
- Add peer_index, table_id, and keep-alive. - Fix some lingering cut-n-paste issues in the API file. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I6fc0729ba0268bbcda0248f680979c44e68b6b0c
2022-03-21hsa: add support for SAPI in vpp_echoFilip Tehlar5-48/+491
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If24a43b7f79e05092306562c192de03994dec550
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18memif: fix rx/txqueue RC on connectedNathan Skrzypczak1-9/+12
Type: fix Calling vnet_hw_if_register_tx_queue should be done with the worker barrier held, as virtio-pre-input might be grabbing a queue while a memif connect event is triggered. Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-17nat: fix ICMP error translationKlement Sekera1-0/+3
Add missing translation of ICMP inner IP layer. Change responsible test so that it actually tests something. Type: fix Fixes: 4881cb4c6f Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9