summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2022-12-21af_packet: move to pluginMohsin Kazmi11-0/+3582
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
2022-12-21quic: fix quic plugin with openssl 3.xDave Wallace2-0/+14
- load openssl legacy providers during quic init when building with openssl 3.0 or greater - re-enable quic 'make test' testcases on ubuntu-22.04 Type: fix Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-12-19nat: fix incorrect using about sw_if_index in nat44-ed static mapping v2 api.Huawei LI1-1/+1
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I2a96ab0dafe4db796704341c325c43a6960be312
2022-12-19nat: fix memory leak and refactor nat44-ed db init/free.Huawei LI1-22/+31
fix memory leak and refactor nat44-ed db init/free through. how to reproduce memory leak: input "set nat44 session limit 50000 vrf 1" repeatedly. Program received signal SIGABRT, Aborted. 0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6 (gdb) bt 0 0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6 1 0x00007ff4b3cc6a28 in abort () from /lib64/libc.so.6 2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417 3 0x00007ff4b43e784f in os_out_of_memory () at /usr/src/debug/vpp-23.02/src/vppinfra/unix-misc.c:221 4 0x00007ff4b43a71aa in clib_mem_heap_alloc_inline (heap=0x0, size=27263040, align=64, os_out_of_memory_on_failure=1) at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:613 5 0x00007ff4b43a7256 in clib_mem_alloc_aligned (size=27263040, align=64) at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:635 6 0x00007ff4b522fafa in alloc_aligned_16_8 (h=0x7ff46a7815b8 <snat_main+408>, nbytes=27262976) at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:59 7 0x00007ff4b522fd12 in clib_bihash_instantiate_16_8 (h=0x7ff46a7815b8 <snat_main+408>) at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:163 8 0x00007ff4b5230037 in clib_bihash_init2_16_8 (a=0x7ff465f36870) at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:245 9 0x00007ff4b52300ac in clib_bihash_init_16_8 (h=0x7ff46a7815b8 <snat_main+408>, name=0x7ff46a754871 "ed-flow-hash", nbuckets=262144, memory_size=0) at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:260 10 0x00007ff46a7013e8 in reinit_ed_flow_hash () at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3264 11 0x00007ff46a7014fd in nat44_ed_sessions_clear () at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3299 12 0x00007ff46a701044 in nat44_update_session_limit (session_limit=70000, vrf_id=1) at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3225 13 0x00007ff46a73d3d1 in nat44_set_session_limit_command_fn (vm=0x7ff473c8f740, input=0x7ff465f36ef0, cmd=0x7ff474c5ce48) at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed_cli.c:1638 14 0x00007ff4b5d56527 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740, cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=97) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650 15 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740, cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=98) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607 16 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740, cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=21) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607 17 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740, cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607 18 0x00007ff4b5d569cb in vlib_cli_input (vm=0x7ff473c8f740, input=0x7ff465f36ef0, function=0x7ff4b5dc2406 <unix_vlib_cli_output>, function_arg=0) ---Type <return> to continue, or q <return> to quit--- at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753 19 0x00007ff4b5dc7b0c in unix_cli_process_input (cm=0x7ff4b5e4ae00 <unix_cli_main>, cli_file_index=0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616 20 0x00007ff4b5dc825a in unix_cli_process (vm=0x7ff473c8f740, rt=0x7ff4797a5280, f=0x0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745 21 0x00007ff4b5d80a25 in vlib_process_bootstrap (_a=140687718901968) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221 22 0x00007ff4b439e298 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123 23 0x00007ff4698268a0 in ?? () 24 0x00007ff4b5d80b4e in vlib_process_startup (vm=0x7ff4b43a77a3 <clib_mem_size+24>, p=0x7ff4698268d0, f=0x7ff474b1e580) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246 25 0x00007ff4b5dbdbe6 in vec_max_bytes (v=0x8) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161 26 0x00007ff474b1e598 in ?? () 27 0x0000000000000004 in ?? () 28 0x00000000000000ff in ?? () 29 0x00007ff469826980 in ?? () 30 0x00007ff4b5dbddcb in _vec_set_len ( v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>, len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>, elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I52a7d229c95e4ab30f7f2cfe574440aa37bed6a2
2022-12-15nat: disable nat44-ed/ei features on interface deletionVladislav Grishenko2-0/+98
After deleting a sw interface with nat44 features, the next created sw interface will get the same sw_index reused and therefore will erroneously have the same nat features enabled. Type: fix Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-12-14vcl: enable gso for 'sendmsg' in LDP mode.Dou Chao1-0/+1
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg which is a combination of gso_buffer and gso_size. but if HostStack regardless the gso_size to the buffer and split the buffer with default mss, that cause peer client failed on parsing the package. Type: improvement Signed-off-by: Dou Chao <chao.dou@intel.com> Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459 Signed-off-by: Dou Chao <chao.dou@intel.com>
2022-12-12linux-cp: set severity of noisy message to debugMatthew Smith1-1/+1
Type: improvement The log buffer and event buffer get lots of messages written like "Processed 2 messages" by linux-nl when its enabled. This can crowd out more important messages and should only actually be stored if debug messages are desired. Change from logging with NL_INFO() to NL_DBG(). Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f
2022-12-09nat: fixed return values of enable/disable callFilip Varga3-13/+17
NAT44 enable/disable return status was used instead of appropriate VNET_API_ERROR_ code. Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
2022-12-09http_static: clean up http redirect generationDave Barach1-1/+56
Don't redirect to "favicon.ico/index.html" if you can't find "favicon.ico". If asked to serve up a nonexistent path, see if the path ends with a known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request on the spot: "Error 404 Not Found." Do not issue a redirect. This change will not break the obvious corner case: if the browser asks for "its_a_dir.mp3/index.html" - and the file exists - the server will produce it. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526
2022-12-08http_static: derive mime type from file extensionsDave Barach4-8/+132
Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0f087477e257f5119d7d6182d19f8796773a1f19
2022-12-07http_static: misc bug fixesDave Barach2-1/+3
The request vector generated by hss_ts_rx_callback() must be NULL terminated. The hss_main_t use_ptr_thresh member must be a u64 since unformat_memory_size() expects it. Otherwise, the adjacent u8 enable_url_handlers may have an accident. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf
2022-12-06http_static: fix http(s) redirectsDave Barach4-15/+37
Add an http redirect template to generate correct-looking "301 Moved Permanently" replies. Supply a default value of 1<<31 for the use_ptr_thresh config parameter. Expose hss_session_get() so friend plugins which register GET / POST handlers with the http_static server can add data to the session fifos. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f
2022-12-02session: move connects to first workerFlorin Coras2-14/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-12-02quic: update to quicly v0.1.4Dave Wallace4-24/+36
Type: improvement Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-12-02vhost: convert vhost device driver to a pluginSteven Luong12-0/+6999
convert vhost device driver to a plugin as described in https://jira.fd.io/browse/VPP-2065 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
2022-12-02avf: support generic flowTing Xu8-52/+638
Support generic flow in native avf. Enable necessary RSS hash function for generic flow. Extend some structures and functions from for FDIR only to for both RSS and FDIR flows. Modify virtual channel message to align with ice kernel driver. Add functions to parse generic flow patterns. The parsing results will be delivered to the kernel driver and create corresponding flow rules. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
2022-12-01wireguard: add atomic mutexGabriel Oginski3-2/+19
The initiate handshake process can be called a numbers times for each peers, then the main VPP thread called by Wireguard starting to allocate memory. This behaviour can lead to out of memory when VPP has a lot of Wireguard tunnels concurrently. This fix add mutex to send only once handshake initiate at time for each peers. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
2022-11-30hsa: session rpc for echo client cli notificationsFlorin Coras1-7/+12
Also, use connected udp for builtin echo apps Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie24d7e97f4f27b67df9ceff3c268954485255c2d
2022-11-29wireguard: compute checksum for outer ipv6 headerArtem Glazychev2-2/+41
Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I477e92712e441c91789afdf9be389d967acfa799
2022-11-29rdma: fix for-loop initialization in scalar pathJieqiang Wang1-20/+35
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution will fall into scalar path of processing packets. But with a wrong initialization value for n_left set to zero, i in the for-loop will equal to n_rx_packets. This leads to the bypass of required ip4 checksum validation and byte count endianness conversion in scalar path. Besides, refactor the code using while instead of for-loop to keep consistency with VPP code style. Type: fix Fixes: bf93670c515d ("rdma: fix ipv4 checksum check in rdma-input node") Signed-off-by: Lijian Zhang <lijian.zhang@arm.com> Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
2022-11-23linux-cp: fix FIB_ENTRY_FLAG_ATTACHEDAlexander Skorichenko1-0/+10
Type: fix     Fib entries for attached routes when sourced from FIB_SOURCE_API or FIB_SOURCE_CLI get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source. Such a route added from linux-cp doesn't get this flag.     Fix this flag for linux-cp sources by passing it to the fib entry's update/create function in lcp_router_route_add(). Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
2022-11-22acl: fix set acl-plugin cli unformat free.Huawei LI1-1/+2
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
2022-11-18tls: memory leak due to missing call to vnet_crypto_key_delSteven Luong1-1/+6
We add the crypto key to the vnet crypto library via vnet_crypto_key_add. However, when the session is disconnected, we don't call vnet_crypto_key_del and the memory is leaked in vnet_crypto library as well as in pico tls key store. It seems dispose crypto is the appropriate place to add vnet_crypto_key_del. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
2022-11-18ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns1-14/+24
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
2022-11-14crypto-ipsecmb: fix plugin crash in VirtualBoxMaros Ondrejicka1-1/+1
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec Multi-Buffer library checks for both AVX2 and BMI2 sets during init. VirtualBox VM doesn't provide BMI2 by default to guest operating system. Result is that VPP plugin decides to use AVX2 initialization and library then doesn't do it. Since flush_job remains empty, the self-check fails and with that the whole VPP crashes on start-up. Type: fix Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
2022-11-11http: use safe pool reallocFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I572017433a1ba0f8576522f02138928e303e10ab
2022-11-11srtp: use safe pool reallocsFlorin Coras1-2/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I15fea1f90640ea54cafe3ea929e871ec6e86fc67
2022-11-10linux-cp: fix lcp_itf_pair_create()'s memory leakluoyaozu1-0/+3
need free args.error if args.rv < 0 Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: I8ceebfc36f51798d8d1a8e4c41bec33d74344396
2022-11-10http: support client connectFilip Tehlar5-53/+979
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0738c0aefb41ab6c0ff717cfccd1df75ddb481fa
2022-11-10nat: updating my maintainer email addressFilip Varga1-1/+1
Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: I1f5069df2dc743ecd1269e947dd375cb1b84970f
2022-11-09sr: fix added for configuring vlan sub interface as iif interface in ↵ChinmayaAgarwal1-8/+0
End.AD.Flow localsid Type: fix Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com> Change-Id: Ifad23978b98c5e05d86f6254bfb65baa0b380436
2022-11-09acl: verify that src and dst have sane and same address familyAndrew Yourtchenko1-1/+5
API refactoring moved the address-family tag from rule level down to prefix level. This necessarily warrants the check that they are the same. Also, add a check that the address family is sane. Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-07prom: fix stats vector leakFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I620447c9aa8606a125063cdd724bfe74f8a870f6
2022-11-07nat: fix per-vrf session bookkeepingJing Peng3-34/+26
Each NAT44 ED session has a per_vrf_sessions_index referencing an element in the thread-local vector per_vrf_sessions_vec. However this index can be possibly invalidated by vec_del1() in per_vrf_sessions_cleanup(), before a session is registered. Such a stale index can cause an assertion failure in function per_vrf_sessions_is_expired() when we use it to locate the per_vrf_sessions object. A possible sequence to reproduce is: 1. Create two NAT44 ED sessions s1, s2 so that two per_vrf_sessions are created: index 0: between VRF pair 10 and 11 (expired=0, ses_count=1) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s1->per_vrf_sessions_index == 0 s2->per_vrf_sessions_index == 1 2. Delete the first session via CLI, now the two per_vrf_sessions become: index 0: between VRF pair 10 and 11 (expired=0, ses_count=0) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s2->per_vrf_sessions_index == 1 3. Delete the VRF 11: index 0: between VRF pair 10 and 11 (expired=1, ses_count=0) index 1: between VRF pair 20 and 21 (expired=0, ses_count=1) For the sessions we have: s2->per_vrf_sessions_index == 1 4. Create a new session s3 between VRF pair 20 and 21 so that the first per_vrf_sessions will be deleted: index 0: between VRF pair 20 and 21 (expired=0, ses_count=2) For the sessions we have: s2->per_vrf_sessions_index == 1 s3->per_vrf_sessions_index == 0 Here, note that the actual index of per_vrf_session is changed due to vec_del1(). The new session is added after the cleanup so it gets the correct index. But the index held by the existing session is not updated. 5. Trigger the fast path of the session s2. To achieve this, session s2 could be created in step 1 by ping -i20 -Iiface_in_vrf_10 1.1.1.1 and steps 2-4 should then be performed within the 20-second interval. This patch fixes this by changing per_vrf_sessions_vec to a pool so that indicies are kept intact. Type: fix Signed-off-by: Jing Peng <jing@meter.com> Change-Id: I4c08f9bfd50134bcb5f08e50ad61af2bddbcb645
2022-11-07nat: fix byte order error.Huawei LI1-6/+4
fix byte order error about the struct snat_address_t's member net. for example configurations: set interface ip table loop1 1 set interface ip addr loop1 10.10.10.2/24 nat44 add address 10.10.10.2 tenant-vrf 1 the snat address's net should be "as_u8 = {0xa, 0xa, 0xa, 0x0}", but now it's "as_u8 = {0x0, 0xa, 0xa, 0x2}" because of missing transition of byte order about the member net of snat_address_t. (gdb) p/x *snat_main->addresses $3 = {addr = {data = {0xa, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a0a, as_u8 = {0xa, 0xa, 0xa, 0x2}, as_u16 = {0xa0a, 0x20a}, as_u32 = 0x20a0a0a}, net = {data = {0x0, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a00, as_u8 = {0x0, 0xa, 0xa, 0x2}, as_u16 = {0xa00, 0x20a}, as_u32 = 0x20a0a00}, sw_if_index = 0x3, fib_index = 0x1,addr_len = 0x18} (gdb) Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I4f25f0639ae90a7f2e8715b44f825571283d994d
2022-11-05hsa: echo client crash when it fails to connect to remoteSteven Luong1-1/+1
When echo client fails to connect to remote, it should quit. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I787423bdc61a58eea48bab7bd8b73137626c02b4
2022-11-04nat: cleanup of deprecated featuresFilip Varga3-296/+0
Type: refactor 1) Removed deprecated API. - These specific APIs do not have repleacement because features that they controled aren't part of current NAT44-ED implementation anymore. 2) Removed unused typedef of port allocation funciton. - Missed left over removed. Change-Id: Ib3f763449065eda7cdcb2c6565a9cae51baf23d6 Signed-off-by: Filip Varga <filipvarga89@gmail.com>
2022-11-03tls: crash in mbedtls due to ctx is already freeSteven Luong1-1/+0
_clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fffb3a7e1b5 "%s:%d (%s) assertion `%s' fails") at src/vppinfra/error.c:143 mbedtls_ctx_get (ctx_index=0) at src/plugins/tlsmbedtls/tls_mbedtls.c:114 tls_ctx_get (ctx_handle=536870912) at src/vnet/tls/tls.c:310 tls_app_session_cleanup (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/tls/tls.c:624 app_worker_cleanup_notify (app_wrk=0x7fffbef95f80, s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/application_worker.c:445 session_cleanup_notify (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/session.c:262 session_free_w_fifos (s=0x7fffbf102040) at src/vnet/session/session.c:268 session_delete (s=0x7fffbf102040) at src/vnet/session/session.c:287 session_transport_delete_notify (tc=0x7fffbdf63c40) at src/vnet/session/session.c:1159 tcp_handle_cleanups (wrk=0x7fffbef46d40, now=133.30033046694487) at src/vnet/tcp/tcp.c:1298 tcp_update_time (now=133.30033046694487, thread_index=2 '\002') at src/vnet/tcp/tcp.c:1309 session_update_time_subscribers (smm=0x7ffff7f75ce0 <session_main>, now=133.30033046694487, thread_index=2) at src/vnet/session/session_node.c:1817 session_queue_node_fn (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1934 dispatch_node (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4722227957546624) at src/vlib/main.c:960 Putting a breakpoint in gdb, I found out ctx was free in mbedtls_app_close. Looking at app_close function in picotls and openssl, I don't see they free ctx and they don't crash when processing cleanup. I am inclined to think that mbedtls_ctx_free should not be called in mbedtls_app_close at src/plugins/tlsmbedtls/tls_mbedtls.c:92 at src/plugins/tlsmbedtls/tls_mbedtls.c:559 at src/vnet/tls/tls.c:360 thread_index=2) at src/vnet/tls/tls.c:762 conn_index=536870912, thread_index=2 '\002') at src/vnet/session/transport.c:332 at src/vnet/session/session.c:1608 elt=0x7fffbdfef3dc) at src/vnet/session/session_node.c:1672 node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1966 node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4721919444027682) at src/vlib/main.c:960 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic5c13e659aee618c8accee42af9f40931b62f467
2022-11-03misc: fix failing TestNs/TestHttpTps test in hstfMaros Ondrejicka1-1/+6
Type: fix Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I03cbd05d6d887d2ce8e7b7d20522e04012c5fe7a
2022-10-31quic: use safe pool reallocFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia03c3fe0ca669b319dec8decd503254d0a95e58b
2022-10-31tls: use safe pool reallocsFlorin Coras3-5/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-10-28cnat: Fix unformat_cnat_snat_interface_map_typeMiguel Borges de Freitas1-1/+1
Fix initialization of the table u32 var which is leading to the incorrect unformat of interface map type Type: fix Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b
2022-10-25rdma: set correct CQE flagsJieqiang Wang1-6/+6
CQE flags located in bits 16-31 at offset 0x1c should be defined as actual numbers instead of indexes. Besides, L3 header type for IPv4 is 10(2 in decimal) and for IPv6 is 01(1 in decimal) according to CQE entry fields description of page 120 in Mellanox Programmer Reference Manual. (https://network.nvidia.com/files/doc-2020/ethernet-adapters-programming-manual.pdf) Fixing this issue will lead to correct CQE flags printing for rdma-input node when buffer trace is enabled. Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I9b578ca5cbd8cd93a577aa83131e31c79f60430e
2022-10-25rdma: fix ipv4 checksum check in rdma-input nodeJieqiang Wang1-23/+40
- cqe_flags pointer should be incremented accordingly otherwise only the first element in cqe_flags will be updated - flag l3_ok should be set for match variable when verifying if packets are IPv4 packets with flag l3_ok set - mask/match variables should be converted to network byte order to match the endianness of cqe_flags - vector processing of checking cqe flags will set return value to 0xFFFF by mistake if packet numbers are not multiple of 16(VEC256) or 8(VEC128) Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I9fec09e449fdffbb0ace8e5a6ccfeb6869b5cac1
2022-10-24docs: update cnat docs to current vpp versionMiguel Borges de Freitas1-5/+13
The documentation for the cnat plugin is highly outdated specially on the snat section. Type: docs Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com> Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
2022-10-24dpdk: add Intel QAT 200xx series supportVladimir Ratnikov1-1/+2
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I2fd1e321983ac5caa03aac8705dfc596985c35f7
2022-10-20crypto-sw-scheduler: fix queue iteratorVladimir Ratnikov1-0/+10
When there are several workers, iterator can and will skip head iterator and it will last until BARRIER_SYNC_TIMEOUT won't expire and will cause SIGABRT with `worker thread deadlock` Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-10-19crypto-ipsecmb: support previous ipsecmb versionsMarcel Cornu1-11/+125
Backward compatibility was broken when updating ipsecmb version to 1.3. Type: improvement Signed-off-by: marcel.d.cornu@intel.com Change-Id: I87a76859ec5e2ef6be0bc2af0960fa2494ce4297
2022-10-17cnat: Add sctp supportNathan Skrzypczak2-0/+52
This patch adds SCTP support in the CNat translation primitives. It also exposes a clib_crc32c_with_init function allowing to set the init value to start the crc32 with instead of 0. Type: feature Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-10-17crypto-ipsecmb: bump ipsecmb library to v1.3Marcel Cornu1-64/+79
- Use the latest IPsec Multi-Buffer library release v1.3 - Use ipsec-mb burst API for HMAC-SHAx algorithms - Use ipsec-mb burst API for AES-CBC and AES-CTR algorithms The new burst API available in ipsecmb v1.3 brings significant performance improvements for certain algorithms compared to the job API. Type: feature Signed-off-by: marcel.d.cornu@intel.com Change-Id: I3490b35a616a2ea77607f103426df62438c22b2b