summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2023-09-26crypto-ipsecmb: bump intel-ipsec-mb version to 1.4Ranjan Raj1-50/+59
Type: feature This patch update the Intel IPsec-MB lib to v1.4 Remove v0.54 and v0.55 support, as the compatible IMB APIs are deprecated in v1.4 Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com> Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
2023-09-19npt66: ensure feature is not configured multiple timesOle Troan2-12/+23
If the control agent enabled a binding on an interface multiple times, we would add the node in the feature arc multiple times. Type: fix Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-13nat: fix nat44_ed set_session_limit crashVladislav Grishenko1-8/+4
Setting session limit should return error for unknown fib. Optimize max_translations_per_fib expanding and drop unnecessary trailing fib entry. Type: fix Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-13quic: fix quic sessions state updatesFlorin Coras1-11/+5
Session state cannot be updated after async notification event is generated for app. Instead, make sure quic sessions that accept new streams are switched to listening state only on accept. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
2023-09-13adl: stabilize the APIAndrew Yourtchenko1-1/+1
As discussed on the VPP call, since CSIT tests use these messages and they have not been changedfor quite a while, bump the version so these messages are considered as "production" from the change process standpoint. Type: improvement Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-09-13wireguard: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on VPP call - since the APIs are used in CSIT tests, and there has not been changes in a while, mark them as stable from the API change process PoV. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
2023-09-13crypto-sw-scheduler: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on the VPP call: since the CSIT tests use these APIs and the APIs have not changed in quite a while, stabilize the API from the change process point of view. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
2023-09-13hsa: fix coverity issue CID-313635Dave Wallace2-2/+8
Type: fix Change-Id: Ieb50ab548bb34bdbb44d973037ee452d48f412ea Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-09-13idpf: make plugin default disabled until issues are fixedDamjan Marion1-0/+1
Type: improvement Change-Id: I2daa8fc338289555649135e7f0898e139807fdce Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2023-09-13perfmon: fix perf_user_access_enabled typeTianyu Li1-1/+1
perf_user_access_enabled is defined as u8, clib_sysfs_read format type is %u, this is for unsigned int, change type from u8 to u32. Type: fix Fixes: 268d7be66b8b ("perfmon: enable perfmon plugin for Arm") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
2023-09-12crypto-sw-scheduler: improve function indentationVratko Polak1-159/+156
The checkstyle --fix command remains confused around the def/foreach/undef usage in convert_async_crypto_id, but at least the other functions now look correctly indented to me. Type: style Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-09-07dpdk-cryptodev: fix cache ring stats cli commandPiotr Bronowski1-14/+12
The logic for calcuating processed elements in the cache ring was broken. In case tail and deq_tail equals and frame element pointed by the tile is not NULL it means there is exactly one processed element in the ring. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
2023-09-06nat: improve nat44-ed outside address distributionVladislav Grishenko1-1/+3
Use client address hash to pick the first outside address instead of just address high octet, becasue it may denegerate into stable 10/172/192, depending on nat address count. Fix outside address distribution test to acually test the distribution, not the algo, so previous distribution will fail with 65 nat addresses and 100 clients: FAIL: Outside address distribution based on source address Traceback (most recent call last): File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution msg="Bad outside address distribution") AssertionError: 156.25 not less than 0.33 : Bad outside address distribution Type: improvement Change-Id: I604b1294422f20d211db5614c47559557a78a193 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-06api: fix mp-safe mark for some messages and add moreVladislav Grishenko1-3/+6
Several api messages were not mp-safe although marked as such because non-zero base id was not taken into account, and therefore some other (from zero base id) were falsely mp-safe instead. Keep messages as mp-safe, as they falsely were before: 10 get_first_msg_id 0 1 12 api_versions 0 1 Messages that are no longer mp-safe as they weren't marked: 15 sockclnt_create 0 1 33 proxy_arp_intfc_dump 0 1 Fix messages to be really mp-safe: 809 bridge_domain_dump 0 1 920 ip_route_add_del 0 1 921 ip_route_add_del_v2 0 1 1362 get_node_graph 0 1 1671 create_vhost_user_if 0 1 1675 create_vhost_user_if_v2 0 1 Additionally mark messages as mp-safe, seems they need no barrier: 1360 show_threads 0 1 1370 show_version 0 1 1372 show_vpe_system_time 0 1 Type: fix Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-05npt66: make plugin default disabledOle Troan1-0/+1
Plugin is still in experimental state. No reason why it needs to be default enabled. Type: fix Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04arping: api to return responder mac addressOle Troan3-0/+68
The new arping_acd call includes the responders mac address in the reply. Enabling a client doing address conflict detection to identify if it is itself that is replying or that it is another host uses the IP address. Type: feature Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04npt66: checksum applied to src address instead of dst address on rxOle Troan1-3/+1
Applied the checksum delta to the source address instead of the destination address in the RX direction. Cleaned up tests a little. Type: fix Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04tracenode: filtering featureMaxime Peim10-0/+606
In order to be able to filter on encapsulated packet, a new node has been added to the ip4/6-unicast arcs. Type: feature Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-09-04session: fix allocation of proxy fifosFlorin Coras4-20/+43
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-31fateshare: a plugin for managing child processesAndrew Yourtchenko4-0/+621
For the reasons of modularity and security, it is useful to have various functionality split into processes different from VPP. However, this approach presents the challenges of managing those processes, and is markedly different from simply running everything within VPP process. This plugin is an experiment in having the VPP itself start off a monitor process which in turn starts the child processes, and restarts them if they quit. If the VPP process ceases to exist, the monitor process terminates all the descendant processes and quits itself. This allows to preserve the "single entity to manage" approach of simply running a barebones VPP. An example of running it: export DPDK_CONFIG="" export DISABLED_PLUGINS=dpdk export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }" make run Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7 Type: feature
2023-08-26nat: nat44-ed bug fixWei Li1-3/+4
fix lb static mapping "nat44_ed_sm_o2i_add" laddr and lport Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I249a00919e8154d92cbce03f6db196c13612948f
2023-08-26nat: nat44-ed cli bug fixWei Li1-1/+5
lport and eport in Cli "nat44 add load-balancing static mapping" should hton() Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
2023-08-25cnat: fix cnat_endpoint_encodeBenoît Ganne1-1/+1
Type: fix Change-Id: I4ab713811626c097c7927228f3819b7785bbb951 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-25npt66: network prefix translation for ipv6Ole Troan8-0/+643
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP. It's restricted to a single internal to external binding and runs as an output/input feature on the egress interface. Type: feature Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24 Signed-off-by: Ole Troan <otroan@employees.org>
2023-08-22dpdk-cryptodev: fix coverity issuesPiotr Bronowski2-5/+8
This patch addresses coverity issues CID 322716 and CID 322717. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I59d6f40c1af8e829d8cb3c042a52e144aeaf1e6b
2023-08-18nat: documention fixSteven Luong1-4/+4
s/nat44 enable sessions/nat44 plugin enable sessions/ Type: docs Change-Id: I93dbd161f085bff5b98df50cd29c9bedf5038307 Signed-off-by: Steven Luong <sluong@cisco.com>
2023-08-18dpdk-cryptodev: improve cryptodev cache ring implementationPiotr Bronowski4-239/+353
Sw ring is renamed to the cache ring. This name better reflects the puropse of this ring. We've introduced push/pop functions, as well as other utility functions which remove code repetition. Error handlig is improved: previously in case of an error all frame elements were marked as bad, now only these for which errors occured have the error status set. Unnecessary stats counters have been removed. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
2023-08-18cnat: add host tag to bitmap in cnat snatHediBouattour3-0/+17
Type: feature this patch adds a new tag "host" to interfaces for cnat-snat if an interface is tagged pod and host we do not snat traffic outgoing through it Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2023-08-17idpf: add native idpf driver pluginTing Xu13-0/+6242
Add a new native idpf driver. This patch enables the device initialization. Add some necessary functions and definations for input and output. A new version of virtchnl is introduced. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
2023-08-16tests docs: update python3 venv packagesDave Wallace4-8/+3
- Package update performed by 1. updating pip, pip-tools, setuptools 2. 'make test-refresh-deps' on ubuntu 22.04 3. fixing 'make test' and 'make docs' issues on ubuntu 22.04 4. 'make test-refresh-deps' on ubuntu 20.04 - Add dependency for 'make test-refresh-deps' to insure python venv is set up. - Update of python formatter, black, caused reformating of 41 python code files. Type: make Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-08-16nat: mark several messages as productionAndrew Yourtchenko1-4/+0
As per discussion on the VPP call, since they are being used in CSIT tests and have not seen changes in a while, mark the messages as production from the change process standpoint. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
2023-08-11session: fix coverity warningsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I910c8ce1713c6d346cc5ea4eb58a89c1c30a10a1
2023-08-10crypto-sw-scheduler: avoid crypto work on vpp_mainVratko Polak1-16/+18
+ Checkstyle demanded indentation edits. Type: fix Ticket: VPP-2083 Fixes: 9a9604b09f15691d7c4ddf29afd99a31e7e31eed Change-Id: Ie2d33d290330247d36435a073675b732bb64ae93 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-08-09session: async rx event notificationsFlorin Coras6-17/+82
Move from synchronous flushing of io and ctrl events from transports to applications to an async model via a new session_input input node that runs in interrupt mode. Events are coalesced per application worker. On the one hand, this helps by minimizing message queue locking churn. And on the other, it opens the possibility for further optimizations of event message generation, obviates need for rx rescheduling rpcs and is a first step towards a fully async data/io rx path. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
2023-08-09cnat: remove rwlock on tsNathan Skrzypczak7-61/+133
Type: improvement Remove rwlock contention on timestamps. ~10% pps with 10k sessions. Use fixed-size-pools of increasing sizes starting with 4K, and with a x2 step each time. We don't free/shrink allocated pools. Change-Id: I5fea51faba40430106c823275a6356e81709d118 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-09cnat: add ip/client bihashNathan Skrzypczak4-52/+68
This replace the cnat ip4/ip6 to client lookups previously done with a regular hash, by a bihash lookup. Type: improvement Do the client lookup in a bihash instead of a hash. Change-Id: I730c1893525c002b44ada8e290a36802835e88e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-08cnat: flag to disable rsessionNathan Skrzypczak10-31/+54
This adds a flag on the translation asking the VIP & input-feature nodes not to create the return session when translating / load-balancing an incoming flow. This is needed with maglev & DSR Type: feature Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-08ipsec: add support for RFC-4543 ENCR_NULL_AUTH_AES_GMACBenoît Ganne5-15/+3076
Type: improvement Change-Id: I830f7a2ea3ac0aff5185698b9fa7a278c45116b0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-07vppinfra: add clib_file_get_resolved_basenameDamjan Marion1-1/+1
more generic version of clib_sysfs_link_to_name with support for format strings... Type: improvement Change-Id: I0cb263748970378c661415196eb7e08450370677 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-08-07cnat: Support offloaded check sumsNathan Skrzypczak4-215/+155
This patch removes zero checks for new_addr, new_port meaning sessions with zero values will rewrite the packet with a 0 value instead of leaving it in place. This allows to reduce branchiness in the code, and sessions are fully resolved at creation time anyway. This also adds support for checksum offloads: - IP checksum offload : we always compute the checksum to avoid issues with drivers. We'll revert this if we realize cost gets too important. - TCP/UDP checksum offload : we add the implementation for pseudo header checksum computation. This is needed for the drivers that do not re-compute this pseudo-checksum before the packet is TX-ed (e.g. a few DPDK drivers). Type: improvement Change-Id: I6543f3aec8c120ec50f4219108609138283620ef Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-08-04nsh: fix nsh gre referencesBenoît Ganne1-10/+14
Since gre is a plugin, nsh should not use symbol names directly. Type: fix Fixes: cefb178aa487a217d4ac75d7d4fa62db4b7d70fd Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-02quic: fix closing of streamsFlorin Coras1-3/+1
Avoid explicit manipulation of session state and generate closing event if need be. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
2023-07-28vlib: pci cleanup and improvementsDamjan Marion3-28/+4
Change-Id: Ieafbed6f2db3dec65e4b43d84a4661f6a1bbe891 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-07-27hsa: add total bytes parameter to vcl_test_clientFilip Tehlar1-1/+17
Type: test Change-Id: Ib1131eedb8eeaa9adfed9cfc47beeb1c7c8adb5c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2023-07-27ikev2: cleanup stuck sessionsDenys Haryachyy3-23/+45
The following issues are fixed: * in responder code: do lookup again as the old pointer could be invalidated during the cleanup operation * in initiar code: do the cleanup of session if there're no child SAs or if there's no response from the responder during initial request (this can easily happen if the response packet was lost/dropped/etc) * print the state of ikev2 profile (for easier tshooting) Type: fix Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-07-26session: use session error type instead of vnet errorFilip Tehlar1-1/+1
Type: improvement Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2023-07-25dpdk: fix signed single bit fieldTianyu Li1-8/+8
clang-16 complains about signed one-bit bitfield value changes from 1 to -1. Use unsigned type instead. Type: fix Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
2023-07-21vcl: ldp support SO_ORIGINAL_DSTqinyang1-0/+42
Type: improvement Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled. Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7 Signed-off-by: qinyang <qiny@yusur.tech>
2023-07-13hsa: fix echo client initFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb2d1e6e0949844a70c81b218ca7dc83690776ca
2023-07-13lb: Fix src_ip_sticky evaluation bug in per-port-vip case.Nobuhiro MIKI3-469/+74
Before this fix, the src_ip_sticky flag was passed as an argument to the lb_node_get_hash function, which computes a hash value for a packet. However, in per-port-vip case, the value of src_ip_sticky flag may be different for each port number. As a result, the value is the same for all port numbers, even though it is a per-port-vip case. This commit fixes the src_ip_sticky evaluation by delaying it until the packet is received, so that the correct value is obtained. Also, the unit test case has been enhanced for this bug fix. The steps to reproduce this bug are described below: https://lists.fd.io/g/vpp-dev/message/23248 Type: fix Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing") Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>