summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2024-04-23tls: don't upper-case cipher stringBrian Morris1-6/+1
Change-Id: Ic8308046610aa5d49d9595bcd450f9651b9915e4 Signed-off-by: Brian Morris <bmorris2@cisco.com> The string is allowed to contain lower case characters, for example "TLSv1.2" Type: fix
2024-04-23octeon: add promisc supportGuillaume Solignac1-0/+41
We add the capability to enable and disable promiscous mode on the octeon port. Type: feature Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I9a1464d2e1e8a0570ff16e221a4896aedc3ed6f8
2024-04-23ikev2: uptimeDenys Haryachyy7-8/+432
Introduced SA and child SA uptime. Type: improvement Change-Id: I28cf9f90d35ebe035a31ed0a985a5e462c8536a8 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-04-22octeon: add support for SDP deviceMonendra Singh Kushwaha2-6/+15
This patch adds support for SDP (System DPI Packet Interface Unit) device. Type: feature Change-Id: Idf1f53b151edf2992613746d5818409187b4b051 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-04-22nat: add saddr info to nat44-ed o2i flow's rewritelijh_71-0/+2
Type: fix Change-Id: Ic303ff9b21872b7cc31f23c92e48ec3737eeb8fe Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-15crypto-sw-scheduler: crypto-dispatch improvementNiyaz Murshed1-0/+7
Currently sw_scheduler runs interchangeably over queues of one selected type either ENCRYPT or DECRYPT, then switches the type for the next run. This runs perfectly when we have elements in both ENCRYPT and DECRYPT queues, however, this leads to performance degradation when only one of the queues have elements i.e either all traffic is to be encrypted or decrypted. If all operations are encryption, then 50% of the time, the loop exits without dequeueing.With this change, that dequeueing happens on every loop. This increases the performance of single mode operation (ecryption or decryption) by over 15%. This change was also added in commit https://github.com/FDio/vpp/commit/61cdc0981084f049067626b0123db700035120df to fix similar performance issue when the crypto-dispatch node is in interrupt node, however was removed by https://github.com/FDio/vpp/commit/9a9604b09f15691d7c4ddf29afd99a31e7e31eed which has its own limitations. Type: improvement Change-Id: I15c1375427e06187e9c4faf2461ab79935830802 Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-04-15linux-cp: fix seg fault in get_v2 methodsAnton Nikolaev1-2/+9
vl_api_lcp_itf_pair_get_v2_t_handler method was not be able to handle invalid sw_if_index, it caused a seg fault. With this fix, the method checks for an invalid sw_if_index and sends error back to caller. Type: fix Change-Id: I4e89b0cab34f9109c4ce2689021ecfc2786055ab Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
2024-04-11stn: fix non-NULL terminated string overflowBenoît Ganne1-1/+1
Type: fix Change-Id: I9d7e6dd099cf9f4b7f6bb06d9e8a17fac7d7e772 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-09acl: Use clib_net_to_host rather than library bswapTom Jones1-3/+3
Type: improvement Change-Id: I51345fb75843c67c6bf6a4c56380e1f0899c45b1 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-05octeon: fix memory ordering issue in tx batch freeDamjan Marion4-19/+42
Type: fix Fixes: 01fe7ab Change-Id: I4425e809f0977521ddecf91b58b26fe4519dd6e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-05octeon: fix buffer free on full tx ringDamjan Marion1-4/+4
Type: fix Fixes: 01fe7ab Change-Id: I4419107c4bcb7f85b76addfc62178b6e75e10a52 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-02map: BR rule lookup updateDan Geist4-7/+39
Update to the MAP rule lookup (in IPv6) based on the rule's source prefix instead of DMR Type: improvement Per RFC, the DMR is allowed to serve multiple MAP Basic Mapping Rules, but this capability was prevented by the above logic. Updates to the code include populating a new hash table based on the MAP rule ip6 prefix and length, changing several functions to reference this new table, and slight alterations to a few functions regarding pre-lookup bitmasking. All changes are commented with [dgeist] and are in need of peer review, especially the bitmask alterations. An attempt was made at generating an additonal MAP rule in the test_map_br test harness, but the coding appears very much oriented towards testing just one rule. I would appreciate suggestions on how to test multi-rule cases. Issue: VPP-2111 Change-Id: Id1fea280eba625e23cd893575d9b63aac7f48405 Signed-off-by: Dan Geist <dan@polter.net>
2024-04-02lb: fix using vip after freeGeorgy Borodin1-3/+3
fix use of vip after it was deleted Type: fix Fixes: 041eacc81656d2ed5bc01b96b15a7d03a1700f13 Change-Id: I5723485c5da7507fbc6c86ff6eb9f77127439f67 Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-04-01linux-cp: add support for tap num queues configVladislav Grishenko3-2/+39
This change allows to limit lcp interface queues to be used by explicit host interface workers. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I0626f66021e5a5f251470156231dc44ddaea5ee6
2024-04-01vhost: Only enable plugin on LinuxTom Jones1-0/+2
Type: improvement Change-Id: I6cf5adbd609d911e15dcc6d976cda4ad21ce89ad Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-01octeon: specify pool when alloc buffersDamjan Marion1-1/+2
Type: fix Fixes: 01fe7ab Change-Id: I72fdaca250468d91a31efcce2fb447c97ba49dc7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-01octeon: refill even if nothing dequeued from rx queueDamjan Marion1-5/+6
It may happen that rx queue is empty of free buffers due to previous alloc failure. Type: fix Fixes: 01fe7ab Change-Id: I344dcda11525444bd1358b3d36ffdf8ab9aa2677 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-30tls: fix rescheduling when no data availableFlorin Coras1-2/+5
Don't force tx rescheduling of tls session if no forward progress is made. The session will still be rescheduled by the session infra if there's pending tx data. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic57b6ee79969055cec782938668c054bcc39f206
2024-03-28acl: rework headers to enable out-of-tree usageMohammed Hawari4-8/+19
Change-Id: I1f8adf1f5650ab6c04e03c95d7a8d0bfa39b5f2d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2024-03-26nat: Include platform specific headers on FreeBSDTom Jones1-0/+5
Type: improvement Change-Id: I43f59037181ec6b76499e8ee1d82c04670119dc9 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-26vrrp: fix vrrp_garp_or_na_send()'s memory leakluoyaozu1-0/+2
need free bi after send packets Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: I98d03820366c3d106df212c4eb353ec6a228e20e
2024-03-22dpdk-cryptodev: fix coverity issuesDmitry Valter1-1/+1
Copy v23.10-rc0-154-gfeda2ff64 fix to the unbatched path Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I2f58ed9a39439b22918946f328f96e676c68add9
2024-03-22mss_clamp: fix next layer in ipv6Maxime Peim1-16/+13
Type: fix Change-Id: I06d56e6d4be2e728e13053a66273a71656ac14c4 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-20tls: avoid app session preallocationFlorin Coras2-14/+1
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras2-1/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-18build: add option to specify supported OS list for pluginDamjan Marion4-0/+8
Type: improvement Change-Id: I0d6f11d5ece19c5e0e00dfdadc9d4c09274ae8e1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-15misc: Add platform specific header on FreeBSDTom Jones1-0/+4
Type: improvement Change-Id: Ia23414e87d64567d5124b8297315ed7a426c3651 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-03-12misc: remove GNU Indent directivesDamjan Marion323-2144/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-11urpf: fix uprf_update prototypeMaxime Peim1-1/+1
Type: fix Change-Id: Idc325a096903dcdfad5157db2eb728f2e61ce974 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-07flowprobe: fix flush callbacks when multiple workersAlexander Chernavin1-0/+86
IPFIX buffers are stored on a per worker thread basis. Currently, the flush callbacks will flush only buffers stored for the main thread. And buffers for worker threads will not be sent until their size reach the path MTU configured for the exporter. So if traffic is constant, the problem will unlikely to be visible. Buffers will be sent once they reach the maximum size. However, if traffic stops at some point and flush is triggered in order to make the plugin send all currently buffered data, this will not happen. And collectors will not receive that data. The plugin will keep the remaining data until traffic starts again, the buffers reach the maximum size, and be sent. With this fix, flush buffers for worker threads and for the main thread when the flush callbacks are triggered. This will allow to remove @tag_fixme_vpp_workers from the unit tests that don't set timers. The tests that set timers will still be failing for other multi-worker related problems. Type: fix Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2024-03-05dpdk: correct waiting timesGeorgy Borodin2-9/+53
When link state interval is 3 and stats interval is 10, updates for stats will be made every 12 seconds (next number after 10, that divisible by 3). And if you get counters every 30 secs, you will get ideal "saw"-line instead of real smooth chart. This commit makes smooth line on stats intervals that are divisors of the charts update interval (regardless of link state interval), and makes it possible to configure them. Type: fix Fixes: cb9cadad578297ffd78fa8a33670bdf1ab669e7e Change-Id: Ia4350467be2b0ec0c1be37c7fda63f43b3330f44 Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-03-05octeon: add support for VF deviceMonendra Singh Kushwaha3-6/+19
This patch adds support for VF and loopback device. Type: feature Change-Id: I1ea92f3a1161851957206300ab921c27290b0305 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko4-29/+21
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04af_packet: fix the device input feature arc supportMohsin Kazmi1-32/+13
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I1c900bbe441c6797215f16e99b71149904aa745f
2024-03-04bpf_trace_filter: support bpf filter optimization and dumpVladislav Grishenko5-14/+95
BPF filter w/o optimization can take x2 - x3 more instructions, causing significant slow down in fast path. Enable pcap optimization by default via cli and introduce api v2 with pcap optimization control, keep v1 for a while as it exists in previous release already. Intriduce bpf filter cli dump, similar to tcpdump -d. Also fix memleak, function name typo, cli pcap format hint and add related tests. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I92b2b519e92326f1b8e1a4dda6a3e3edc52f87ad
2024-03-04vppinfra: add os_get_online_cpu_core() and os_get_online_cpu_node()Damjan Marion1-6/+5
Type: improvement Change-Id: I6f99f09c7724ce656a4f41a1d5f9c88d74c00faf Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-01crypto-native: fix AES-CBC encrypt loopDamjan Marion1-6/+6
Type: fix Change-Id: I11cc52ff3867277e6591efb061f96cadfcc70c88 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-29dhcp: Compare DIUD_LL as a network shortTom Jones1-1/+1
The existing comparision triggers the following clang assertion: error: result of comparison of constant 50331648 with expression of type 'u16' (aka 'unsigned short') is always true Section 9.1 of RFC3315 describes the DUID type field as: "A DUID consists of a two-octet type code represented in network byte" correctly convert the local type to a network short for the comparison. Type: fix Change-Id: I7cb048035bd5e06372e29471ae6004ee1b2191b9 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-28octeon: add flow offload infraMonendra Singh Kushwaha7-3/+581
Type: feature Change-Id: I3485e1627eafc5125255985003573247e7562db2 Signed-off-by: Kommula Shiva Shankar <kshankar@marvell.com> Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras3-0/+50
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-26hsa: Undef libepoll-shims close on FreeBSDTom Jones1-0/+11
libepoll-shim has some hacks to enable functionality, one of these redefines close as a macro. This conflicts with a close call back. On FreeBSD undefine this macro at point of use. Type: improvement Change-Id: I7b4f7cd874f3451d76c580cf999369426d9e89c2 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-26memif: don't include prctl.hTom Jones2-2/+0
Type: improvement Change-Id: I3ab8df625524b5ff85e62760f5e29daf0d650773 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-19crypto-openssl: refactor openssl API usageLijian Zhang2-44/+205
For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec use cases, the openssl API calls of doing ctx init and key expansion are moved to initialization stage. In current implementation , the ctx is initialized with "key" and "iv" in EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv) in data plane, while the ctx can be initialized with 'key' and 'iv' separately, which means there could be two API calls: 1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0) 2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv) As the 'key' for certain IPSec SA is fixed and known, so call #1 can be placed in IPSec SA initialization stage. While call #2 should be kept in data plane for each packet, as the "iv" is random for each packet. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a
2024-02-19wireguard: notify key changes to crypto engineLijian Zhang1-0/+6
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
2024-02-16vppapitrace: Fixed trace dump API result issue.Denys Haryachyy1-2/+2
Set last thread id and last packet position in TRACE_DUMP_REPLY. To enable collection of traces from multiple workers using iterator. Type: fix Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-14tls: fix compilation errorNiyaz Murshed1-1/+2
After changes done in https://gerrit.fd.io/r/c/vpp/+/40281 , mbedtls plugin is failing to build if enabled. Discussion https://lists.fd.io/g/vpp-dev/topic/104344802#24060 Type: fix Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com> Change-Id: Iee58b69301ac64f058bca0a7f7a0dedd2def4b35
2024-02-14ikev2: dump state and profile name in CLI and APIDenys Haryachyy5-2/+255
Type: improvement Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-12af_packet : fix crash on interface creationhsandid1-4/+6
Type: fix Attempting to create a host-interface with an invalid af_packet name causes a crash, as we attempt to read the contents of a null ptr. Change-Id: Ia31ae21684c2b66baa1ceaadf29e19fae33c4ed4 Signed-off-by: hsandid <halsandi@cisco.com>
2024-02-12ip_session_redirect: export symbolsBenoît Ganne2-2/+5
Add/del functions can be used from external modules. Type: improvement Change-Id: I267bcfacd58970bcacae13744d8acc690b87d2fc Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-09ikev2: accept rekey request for IKE SAAtzm Watanabe3-24/+265
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA, establish a new equivalent IKE SA with the peer to whom the old IKE SA is shared using a CREATE_CHILD_SA within the existing IKE SA. An IKE SA so created inherits all of the original IKE SA's Child SAs, and the new IKE SA is used for all control messages needed to maintain those Child SAs. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af