summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2022-03-21wireguard: dont stacksmash bad peer base64 keysJon Loeliger1-1/+1
Just like commit 252647482b24bb3474e8f13bc86100718176832f did for Wireguard interface keys, prevent stack smashing the peer keys. Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
2022-03-21wireguard: improve peer dump detailsJon Loeliger2-11/+22
- Add peer_index, table_id, and keep-alive. - Fix some lingering cut-n-paste issues in the API file. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I6fc0729ba0268bbcda0248f680979c44e68b6b0c
2022-03-21hsa: add support for SAPI in vpp_echoFilip Tehlar5-48/+491
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If24a43b7f79e05092306562c192de03994dec550
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18memif: fix rx/txqueue RC on connectedNathan Skrzypczak1-9/+12
Type: fix Calling vnet_hw_if_register_tx_queue should be done with the worker barrier held, as virtio-pre-input might be grabbing a queue while a memif connect event is triggered. Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-17nat: fix ICMP error translationKlement Sekera1-0/+3
Add missing translation of ICMP inner IP layer. Change responsible test so that it actually tests something. Type: fix Fixes: 4881cb4c6f Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
2022-03-15flow: add generic flow pattern for 5G flow enhancementTing Xu1-0/+16
In order to support the requirement of RSS and packet steering of new protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern is introduced in vnet flow. The generic flow pattern is based on DDP (Dynamic Device Personalization) function and Parser Library module in DPDK. Using generic flow pattern, we do not need to create new packet and field type and offset in API parser for every new protocols. We can create flows for any protocol immediately as long as supported by DDP. The generic flow can be used to support 5G related protocols in different scenarios. The input of this generic pattern are two binary strings for spec and mask. Spec is the binary presentation of the target packet type, and mask is used to mark the target fields. In this patch DPDK plugins is enabled for POC. Next step we will enable generic flow in native IAVF, which is the main target. Here is an example. If we want to create a flow for GTPU QFI, spec is: 00000000000100000000000208004500003C00000000001100000101010102020202000 008680028000034FF001C00000000000000850100010045000014000000000000000001 01010102020202 mask is: 00000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000007F0000000000000000000000000000 00000000000000 A naming API POC is created via VAPI to help create the rule with the target packet format similar to Scapy. It is based on a function module called PacketForge. In this way, the user no need to create binary string spec and mask by themselves. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
2022-03-15memif: fix memif_process_desc indexingMauro Sardara1-4/+2
The index i was incremented in the wrong place, and the check on the presence of a next buffer in the chain was actually done for the next desc_status rather than the current one. Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
2022-03-14crypto: Enabling IOMMU DMA translation table update for QAT cardGovindarajan1-1/+2
With DPDK plugin, VPP does the DMA page map in IOMMU, only when DPDK supported ethernet devices are present. As a result, Mellanox NIC and QAT combo doesn't work. As part of this fix, DPDK supported crypto device check is added to do the DMA page map. Type: fix Signed-off-by: mgovind <govindarajan.mohandoss@arm.com> Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
2022-03-14hsa: fix error messageFilip Tehlar1-3/+3
Fixes a minor issue that causes printing an error message when there is no error. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
2022-03-14dpdk: improve rx burst count per loopFan Zhang1-4/+5
Type: improvement This patch improves the per dpdk-input loop number of packets received from the port. The change mimics how packets rx happened before VPP 22.02/DPDK 21.11: instead of trying to rx huge number of packets (256) in one go, rx more times with up to 32 packets max each time. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
2022-03-11map: fix memory leakBenoît Ganne1-1/+2
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report. Type: fix Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-11vlib: remoove unused fieldDamjan Marion1-1/+1
Type: refactor Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10dpdk: fix program vlans on ixgbevfDzmitry Sautsa1-2/+7
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF. Type: fix Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com> Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
2022-03-09stats: refactorDamjan Marion7-39/+33
Type: refactor Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-07linux-cp: handle ipv4 routes when interface is disabledAlexander Chernavin1-2/+88
Type: improvement Currently, when an interface is brought down administratively, IPv4 routes that resolve through that interface remain in the FIB. However, the kernel removes those routes but doesn't send any notifications about that. Desynchronization between the kernel and VPP happens. With this change, when a notification received from the kernel indicating that an interface was brought down, in addition to bringing the VPP interface down, walk the IPv4 FIB bound to that interface and remove any entries that resolve through that interface and were added with one of the linux-cp FIB sources. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
2022-03-04linux-cp: fix issue of possibly closing negative fdAlexander Chernavin1-5/+14
Type: fix Primarily fix an issue reported by Coverity in lcp_nl_open_sync_socket() that close() could possibly be run with negative fd. Also, add more checks and error logging there. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
2022-03-04linux-cp: stop signaling read event on every notifAlexander Chernavin1-7/+9
Type: improvement Currently, read event signal is sent on every notification message received and added in the queue. With this change, signal read event only when all currently available notification messages are received. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
2022-03-04linux-cp: stop ignoring ENOBUFS while reading notifAlexander Chernavin1-9/+2
Type: improvement Currently, while reading notifications, ENOBUFS error is ignored and reading continues. This was done to minimize the number of notifications that are lost due to reopening the socket. Now that synchronization is implemented to recover from socket errors, ignoring ENOBUFS and reading as much notifications as possible is not actual. Before synchronization, all currently enqueued notification are discarded in any case. With this change, stop reading notifications if any error occurs. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
2022-03-04ping: correct the fib-index used for the replyNeale Ranns1-15/+27
Type: fix if original packet was to the link local, then the fib index in the buffer is that of the LL table, we can't use that to foward the response if the new destination is global, so reset to the fib index of the link. In other case, the fib index we need has been written to the buffer already. Add a test for IPv6 ping in an MPLS-VPN where int inout interface is not the the same VRF as the response should be sent. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
2022-03-04linux-cp: ignore neighbors if ip addr is multicastAlexander Chernavin1-0/+17
Type: improvement When dump of neighbors is requested, the replies will also include neighbor entries for IPv6 multicast addresses: GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16 GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35 GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02 Such entries are not reported in netlink notification messages and VPP is unlikely to use these. With this change, ignore neighbor entries when the IP address is a multicast address. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
2022-03-03linux-cp: detect and delete stale entries after syncAlexander Chernavin1-0/+95
Type: improvement During synchronization, only the current actual set of entries is loaded. If some entries are no longer present in the set being loaded but present in VPP, they should be removed to fully syncronize. With this change, add handlers for sync begin and end events. Begin handlers will mark the entries as stale. End handlers will remove the entries that are still marked as stale. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
2022-03-03linux-cp: resync with kernel after nl socket errorAlexander Chernavin2-27/+503
Type: improvement Currently, if an error happens on the netlink notification socket, the socket gets reopened. A portion of notification messages have been lost because of this and will never arrive on the socket. VPP will be out of sync with the kernel networking state. With this change, synchronize VPP state and the kernel networking state if there was an error polling or reading the notification socket. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
2022-03-03linux-cp: make check of message ts null-tolerantAlexander Chernavin1-0/+3
Type: improvement For some message types, timestamps are checked on netlink message to decide whether the message should be applied. For notification messages timestamps are expected to be always available. With this change, before accessing the timestamp, make sure the message info object that carries it is not null. If it is null, pass the check. This is to be ready to process dump replies that will not need the timestamp check and will have the message info object set to null. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
2022-03-03linux-cp: reflect hw link state on tap on pair creationAlexander Chernavin1-0/+14
Type: fix Currently, a tap interface created to be a member of a linux-cp pair has default link state (down) and default link speed (10Mb/s). Then the plugin monitors the link state of the paired hardware interface and if it changes, the new link state is reflected on the tap interface. And when the new link state is "up", the link speed is also reflected on the tap interface. The problem is that this scheme implies that the hardware interface's link state is "down" at the moment of the linux-cp pair creation and then changes. But there are cases when the link state is already "up" at that moment. If that is the case, the link speed on the tap interface will remain the default one until the link comes down and then comes up. With this fix, when a linux-cp pair is created, reflect current link state of the hardware interface being paired on the created tap interface. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
2022-03-02linux-cp: lcp fib fixesVladimir Ratnikov1-5/+6
Some possible side effects for multicast routes appears to be in lcp_router_table_add_or_lock. so ff00/8 route will be processed for ospf purposes the right way Ignore IPv6 kernel routes Skip adding auto routes into FIB Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
2022-03-02wireguard: improve sending WG interface dump detailsJon Loeliger2-2/+11
Include the user_instance in wireguard interface details. In addition to dumping all wireguard interface details, also allow selective dumping of just one interface. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Iaf1093c6ae3eb00a685f34b2e0171285b02fae2b
2022-03-01hsa: add tps support for random closesFlorin Coras1-23/+94
Useful for stress testing. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0b1701682494a9fbf7deac311b4afd3036c50b56
2022-02-28tls: handle read write ssl errorsFlorin Coras1-3/+31
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2022-02-28tls: Handle transport disconnect during client HS failuresSaravanan Murugesan1-1/+2
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I5f7f4b925b3d250c5b8616d1fb35edbde50a7a23
2022-02-24hsa: add support for vrfs in tpsFlorin Coras1-44/+98
The app keeps on using the default app ns but each listen will be done in the vrf configured. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0947e03188d55231b299916351115038e0b1f5da
2022-02-24hsa: fix tps data offset on connection reuseFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe92497cc5446ac5c734f8fe5c63c0167204dd09
2022-02-24session: fix session layer socket readFilip Tehlar1-1/+5
This fixes an issue caused by session layer reading expected part of data (cert + key) before the client actually sends it. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
2022-02-23http hsa: use octet-stream content type for tpsFlorin Coras2-2/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I925618e426b325f4fafb9ed39a2d7c2d7c7b38f3
2022-02-23http: improvement reset and close handlingFlorin Coras2-13/+31
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I37ff8099c6c8044881379b4cd47ca8843746c315
2022-02-23http hsa: support multiple listeners for http tpsFlorin Coras4-32/+195
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie89326ed4e599231fc20de67c5dadbb428568bec
2022-02-23wireguard: fix dereferences null pointerGabriel Oginski2-14/+21
Type: fix Fixed coverity-issue CID 248517. Originally possible passing null pointer to one function and directly dereferences it. This patch fixes the issue by add a new condition to check this pointer. Change-Id: If506abaf08c9f003860b641971af291f68613c18 Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
2022-02-22vrrp: fix thread synchronization issueMatthew Smith3-27/+33
Type: fix Fixes: 39e9428b90bc When a VRRP advertisement is received by a worker thread, the worker calls vl_api_rpc_call_main_thread() so the main thread will process the packet and make adjustments to VR state if necessary. The data being passed to the main thread included a pointer to the VRRP header in the received packet buffer. Since the main thread processes the RPC request asynchronously from the worker thread, it's possible for the worker to drop the packet and for the buffer to be overwritten before the main thread can process it. Copy the fields which may be needed by the main thread into a struct instead of passing a pointer to a packet buffer. Change-Id: I4e899e967df5a54776b521825a80e9cce1a94f5f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-02-22wireguard: prevent stacksmashing on poorly formed base64 keysJon Loeliger1-1/+1
Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d Signed-off-by: Jon Loeliger <jdl@netgate.com>
2022-02-22linux-cp: Only enable/disable the punt feature on the 0<->1 transitionNeale Ranns1-9/+14
Type: fix otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
2022-02-21lisp: fix ip and udp checksum computationFlorin Coras1-7/+0
Type: fix Fixes: 6fdcc3d Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I820c505482801ff2ab8dac41a0016bb3a741a4ee
2022-02-21nat: make tcp/udp/icmp packet counters consistentKlement Sekera2-4/+12
TCP/UDP packets which are dropped are not counted towards TCP/UDP counters. Apply same behaviour to ICMP packets. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I487fa7135ac8e49431a621fac213638d2dab31c8
2022-02-18hsa: fix coverity warningsFilip Tehlar1-0/+4
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4ede67c901456d57e457c648d28153423d45fb41
2022-02-18perfmon: show distribution of uops delivered to frontendRay Kinsella4-8/+109
Breakdown the distribution of uops delivered to the frontend. Collerates directly with the source of the uops. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I93a57dbe56dfa0f378527844aa4e63f45a548e55
2022-02-18dpdk: support devargs for vmbusVladimir Ratnikov1-19/+29
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I2fd12a5b30aacdbaecb9156b829bfc06dfea377f
2022-02-18vnet: add set_max_frame_size callbacks for several interfacesArtem Glazychev1-0/+9
This is required after distinguishing between max_frame_size and MTU Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
2022-02-18wireguard: fix passing null pointerGabriel Oginski2-10/+11
Type: fix Fixed coverity-issue CID 248517. Originally possibly passing null pointer to one function and directly dereferences it. This patch fixes the problem by add a new condition. Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I02fc6fb5d1cfd6138ea4ba2b1946fd8a7ef34d3b
2022-02-17wireguard: Fix wireguard device name to use user-instanceJon Loeliger1-1/+2
If the user supplies an instance number when creating a wireguard interface, it should be used in the device name. If no user-instance is given, the device instnce (tunnel number) is used. For example: vpp# wireguard create instance 17 listen-port 23023 src 1.2.3.4 private-key MDEwMjAzMDQwNTA2MDcwODA5MTAxMTEyMTMxNDE1MTY= wg17 Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Ibf51868bf7b4b9e8a3f85557d05667207873bc91
2022-02-17tls http srtp: fix session index for listenersFlorin Coras2-3/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-17vcl: add support for reconnectFilip Tehlar1-5/+6
Supported only when eventfd option is enabled. Type: feature Change-Id: Ic9d6e38604e978f7bc8e54d74fe9b8f3fc53622d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>