summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-09-15crypto: Crypto SW Scheduler Coverity WarningsNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I7f98d0c7847ecc40b90b78e5ae83f320575be310
2020-09-15crypto-native: fix issues detected by coiverityDamjan Marion2-3/+11
Type: fix Change-Id: Id61aa407eeeb4d44cf47ed39283a0c79ed3abbee Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-14wireguard: coverity fixesNeale Ranns2-6/+10
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ib1eabbc87a573c660ac251602d631f167928259b
2020-09-14wireguard: increase FIB source priorityNeale Ranns1-2/+7
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Icc1c458474d357c7d9b3b4df1897500de0c314a1
2020-09-14nat: delay datastructure allocation until configuredOle Troan2-18/+33
The dslite plugin would on plugin load initialize large bihash datastructures. Postpone until configured. Type: improvement Change-Id: Ie790ab8c5fc39fac18153acd54dcd051805e763a Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-10ikev2: fix copy-paste error when freeing memoryFilip Tehlar1-1/+1
Type: fix Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-12wireguard: Fix for tunnel encapNeale Ranns7-89/+468
Type: fix add UT for sneding handshale init and transport packets Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iab1ed8864c666d5a0ae0b2364a9ca4de3c8770dc
2020-09-11quic: Clean quic_crypto_setup_cipherNathan Skrzypczak1-16/+13
Type: fix Change-Id: I4c19636c2be8a577c6cba272708cb04bcc24785b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-11dpdk: fix coverity defect #214232, #182930Chenmin Sun2-1/+8
Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
2020-09-11avf: add assert to ensure that adminq is used only from avf processDamjan Marion1-0/+5
Type: improvement Change-Id: Ib64c9b8207776986656e5a26c13a221edc6cc950 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11avf: change promisc mode from the avf process nodeDamjan Marion2-7/+26
Avoid situations where promisc mode is chaged while avf process is suspended in the middle of adminq operation. Type: fix Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11nat: Fix next feature for ED with multiple workersVladimir Isaev3-2/+25
Multiple (> 1) workers leads to handoff node being enabled. This node pops next feature index to nat.arc_next to make sure that packet will be pushed to the next feature in the arc. But node nat44-ed-in2out-output also pops next feature and changes arc_next. So actual next feature will be skipped in that case. It leads to all nat44-ed-in2out packets being dropped if we have multiple workers (handoff node enabled). To resolve this a new node was added (nat-pre-in2out-output) to fill arc_next in single worker case and multiple worker case is already handled by handoff node. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
2020-09-11avf: fix race between avf and cli/api processDamjan Marion6-35/+43
device pool my grow during suspemd which will cause crash in avf process after it exits from suspend. Type: fix Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11nat: endian mismatchFilip Varga1-7/+13
Type: fix Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-11avf: fix race between avf process node and avf_delete_if(...)Damjan Marion4-18/+34
It may happen that process node is suspended while it waits for response from adminq and during that time CLI or API process can call avf_delete_if. When avf process node resumes, it may happen that device is not there anymeore. This patch delegates interface deletion to process node, so CLI/API process just sends signal instead of deleting device instance itself. Type: fix Change-Id: I7f12e12df3071650f6e60ad7eb5af23b7acfe335 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11ikev2: fix memory leaksBenoît Ganne1-7/+20
- make sure everything is freed on cleanup - reuse already allocated vectors where possible Type: fix Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11quic: fix coverity warningAloys Augustin1-1/+1
Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: Ic51ba3450b3d0722ebff4280127f526b5a9934b1
2020-09-10wireguard: fix handshake procedureArtem Glazychev2-12/+17
Type: fix Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2020-09-10af_xdp: documents incompatibility with 1GB hugepages and high buffers-per-numa.Mohammed Hawari1-0/+2
Type: docs Change-Id: If8602d4b73cc1f04e42d19b8df60a05f67aa90c9 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-09-09wireguard: initial implementation of wireguard protocolArtem Glazychev31-0/+6216
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-09crypto: change cryptodev with new cryptodev APIFan Zhang2-0/+1581
Type: feature This patch updateds cryptodev engine uses new DPDK Cryptodev API planned to be upstreamed in DPDK 20.11. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com> Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
2020-09-09interface: support configuring RSS steering queuesChenmin Sun3-34/+154
This patch adds the RSS steering queues set interface, and it's implementation in DPDK device: /* Interface to set rss queues of the interface */ typedef clib_error_t *(vnet_interface_rss_queues_set_t) (struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi, clib_bitmap_t *bitmap); This patch also introduces a command line to set the RSS queues: set interface rss queues <interface> <list <queue-list>> To display the rss queues, use "show hardware-interfaces" Below is the example to configure rss queues for interface Gig0: vpp# set interface rss queues Gig0 list 0,2,4-7 vpp# show hardware-interfaces brief Name Idx Link Hardware VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0 Link speed: unknown RSS queues: 0 2 4 5 6 7 local0 0 down local0 Link speed: unknown vpp# Users can also configure the rss queues on a dpdk interface in startup.conf: dpdk { dev 0000:18:01.0 { rss-queues 0,2,5-7 } } Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
2020-09-09tcp: fix the tcp unittest to workRyujiro Shibuya1-0/+2
Type: fix Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: If5a8313262da828616db8b1d9ef831d42b11d952
2020-09-08dpdk-ipsec: don't leak buffers on crypto alloc failureChristian Hopps2-6/+8
Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
2020-09-08dpdk: fix extended stat stringsChristian Hopps1-2/+2
- These were displaying blank, apparently dpdk extended stat strings must be within the heap so they are identified as vectors by format_c_identifier even though they are not. Type: fix Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08dpdk: fix interface counters to never go backwardChristian Hopps1-33/+24
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all three error counters to avoid the problem. Type: fix Change-Id: I99a69c8816326682745785ecd30e18a131ac2969 Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08svm session: document unsupported fifo deq combinationsFlorin Coras1-5/+21
Type: fix - Document that ooo dequeues with ooo lookups cannot be done in combination with in order dequeues. - Added assert to capture this scenario and de-initialized rbtrees for cut-through tx fifo Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
2020-09-06marvell: add cli options to configure rxq and txq sizesChristian E. Hopps1-1/+6
Add the ability to configure the pp2 rx and tx queue sizes in the CLI. Type: improvement Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: I6a824f92e22fa47fec3d84525cc2d82524ddf639
2020-09-05docs: Improve & link cnat docNathan Skrzypczak1-13/+79
Type: docs Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-04cnat: fix cnat_set_snat() debug CLIDave Barach1-6/+18
Otherwise, the debug CLI command is unusable in a script because it will eat (and complain about) subsequent lines in the script. Missing this guitar lick, etc: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
2020-09-04cnat: fix snat ip v6 testsMathiasRaoul1-6/+6
Type: fix Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-09-04vrrp: improve RFC compliance for ARP/NDMatthew Smith2-38/+48
Type: fix The ARP/ND feature nodes reply to requests for a VR virtual IP address when a VR is in the master state. If the VR is in the backup state, the request is passed to the next node on the feature arc. This can cause an incorrect response to be sent. If some other feature (e.g. NAT) causes a virtual IP address to be configured as a "local" address on the system, a later node on the feature arc may respond to an ARP/ND request with the real MAC address of the interface. RFC 5798 says that a router must respond to ARP/ND requests for VR virtual IP addresses with the VR virtual MAC address. And it says a router must not respond to ARP/ND requests for VR virtual IP addresses when the VR is in the backup state. Ensure that ARP/ND requests for VR virtual IP addresses are dropped when in the backup state rather than allowing them to continue on the feature arc where another node may end up responding. In order to do this, enable/disable the feature nodes when leaving or entering the init state instead of the master state. Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-04dpdk-ipsec: use init function instead of one-time processChristian Hopps1-11/+3
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for dpdk crypto rather than create a one-time process to do the same. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
2020-09-04dpdk-ipsec: fix show outputChristian Hopps3-3/+3
Fix the shown crypto inflight counts which were reversed. Also improve a couple error descriptions to tell them apart when viewed. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
2020-09-04ip: enhance vtep4_check of tunnel by vector wayZhiyong Yang1-12/+30
This patch aims to improve decap performance by reducing expensive hash_get callings as less as possible using AVX512 on XEON. e.g. vxlan, vxlan_gpe, geneve, gtpu. For the existing code, if vtep4 of the current packet match the last vtep4_key_t well, expensive hash computation can be avoided and the code returns directly. This patch improves tunnel decap multiple flows case greatly by leveraging 512bit vector register on XEON accommodating 8 vtep4_keys. It enhances the possiblity of avoiding unnecessary hash computing once hash key of the current packet hits any one of 8 in the 512bit cache. The oldest element in vtep4_cache_t is updated in round-robin order. vlib_get_buffers is also leveraged in the meanwhile. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-03crypto: Add async crypto APIsNathan Skrzypczak5-0/+132
Type: feature This adds api calls for the following CLIs: * set sw_scheuduler worker <N> crypto on|off * set crypto async dispatch polling|interrupt * set crypto handler * set crypto async handler Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03crypto: SW scheduler async crypto enginePiotrX Kleski4-2/+795
Type: feature This patch adds new sw_scheduler async crypto engine. The engine transforms async frames info sync crypto ops and delegates them to active sync engines. With the patch it is possible to increase the single worker crypto throughput by offloading the crypto workload to multiple workers. By default all workers in the system will attend the crypto workload processing. However a worker's available cycles are limited. To avail more cycles to one worker to process other workload (e.g. the worker core that handles the RX/TX and IPSec stack processing), a useful cli command is added to remove itself (or add it back later) from the heavy crypto workload but only let other workers to process the crypto. The command is: - set sw_scheduler worker <idx> crypto <on|off> It also adds new interrupt mode to async crypto dispatch node. This mode signals the node when new frames are enqueued as opposed to polling mode that continuously calls dispatch node. New cli commands: - set crypto async dispatch [polling|interrupt] - show crypto async status (displays mode and nodes' states) Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-09-02nat: twice-nat static mapping pool addressFilip Varga10-95/+354
Let twice-nat static mapping pick specific address from the twice-nat pool. Type: improvement Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-01crypto-openssl: add chacha20-poly1305 to crypto-opensslArtem Glazychev3-9/+223
Type: feature Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Iec28fb11b6edff1bee23117f56aa3a3e5729541a Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01misc: fix uninitialized use warnings with gcc-{8,9}Aloys Augustin2-3/+3
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne5-8/+8
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01dpdk: fix mac address length was wrongjiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1
2020-09-01cnat: Fix typo in ts handlingNathan Skrzypczak1-1/+0
Type: fix Change-Id: I5287f6326726780c09e515eede0992bafb413bb2 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-08-31nat: fix type in api messageKlement Sekera4-2/+204
Translation memory size is internally a uword, but in api it was u32, resulting in the returned value being 0 all the time. Fix the "incorrect" API reply to return a u32 capped to 0xffffffff if the u64 is larger than that, introduce the message with the correct type, deprecate the message with the incorrect type. Also, while we are updating the message definition, add the max translations / max users per worker thread into the new message. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I92e38a6a2bcb70fc8d1b129bbe416bf7f9e54280 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-08-31vppinfra: convert A_extend_to_B to B_from_A format of vector inlinesDamjan Marion1-2/+2
Make it shorter and same format when converting to biggor or smaller types. Type: refactor Change-Id: I443d67e18ae65d779b4d9a0dce5406f7d9f0e4ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-08-31af_xdp: AF_XDP input pluginBenoît Ganne14-0/+2206
Type: feature Change-Id: I85aa4ad6b68c1aa0e51938002dc691a4b11c545c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-08-31rdma: bugfix in the descriptor refill logic. In case of a partial ↵Mohammed Hawari1-1/+1
allocation, the remainder modulo 8 must be returned to the pool so that the number of kept buffers is a multiple of 8. Type: fix Change-Id: Ifd97b03ea220300e7e6fe81a8ff4a25060fea6c1 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-08-31flow: code refactorChenmin Sun2-392/+197
This is the code refactor for vnet/flow infra and the dpdk_plugin flow implementation. The main works of the refactor are: 1. Added two base flow type: VNET_FLOW_TYPE_IP4 and VNET_FLOW_TYPE_IP6 as the base the flow type 2. All the other flows are derived from the base flow types 3. Removed some flow types that are not currently supported by the hardware, and VPP won't leverage them either: IP4_GTPU_IP4, IP4_GTPU_IP6, IP6_GTPC, IP6_GTPU, IP6_GTPU_IP4, IP6_GTPU_IP6 4. Re-implemented the vnet/flow cli as well as the dpdk_plugin implementation 5. refine cli prompt 6. refine display info in command "show flow entry" Type: refactor Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ica5e61c5881adc73b28335fd83e36ec1cb420c96
2020-08-31cnat: Destination based NATNeale Ranns22-0/+4950
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I64a99a4fbc674212944247793fd5c1fb701408cb
2020-08-27dpdk: fix blacklistsVladimir Ratnikov2-2/+10
When we have both format blacklisted devices like: blacklist 1234:5678 blacklist 1234:56:78.0 unformat with fmt=%x:%x matches for both strings and the rest 78.0 substring is kept in input and it can't be parsed for init args This patch checks first if device format matches PCI address and just then if it matches Vendor and Product Type: fix Change-Id: If111762c0e0a424b052e4f6dc0f67731bf89dc2a Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>