summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2022-04-21nat: tweak rfc7857 tcp connection trackingOle Troan4-292/+61
The RFC7857 state machine introduced in 56c492a is a trade-off. It tries to retain sessions as much as possible and also offers some protection against spurious RST by re-establishing sessions if data is received after the RST. From experience in the wild, this algorithm is a little too liberal, as it leaves too many spurious established sessions in the session table. E.g. a oberserved pattern is: client server <- FIN, ACK ACK -> ACK -> RST, ACK -> With the current state machine this would leave the session in established state. These proposed changes do: - require 3-way handshake to establish session. (current requires only to see SYNs from both sides) - RST will move session to transitory without recovery if data is sent after - Only a single FIN is needed to move to transitory Fixes: 56c492aa0502751de2dd9d890096a82c5f04776d Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea Signed-off-by: Ole Troan <ot@cisco.com>
2022-04-18nat: fix deleting nat ei out interface featureAlexander Skorichenko1-2/+2
Type: fix Set is_add function argument to 0 when deleting interface role. Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
2022-04-16hsa: vcl test client allow non-blocking connectsFlorin Coras3-45/+66
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If7dd56e76efc31ed66b865e2c7231d22ec2322b4
2022-04-15hsa: support configurable vcl client wrk loopFlorin Coras1-69/+128
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5e49f43b18ff011ce0b7259ed58854d81f910826
2022-04-14gtpu: fix memory leakLeung Lai Yung1-0/+1
Type: fix Free the old rewrite string before assigning a new rewrite string for the updated new tteid value. Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
2022-04-13crypto-openssl: use getrandom syscallGuillaume Solignac1-2/+2
The sys/random.h header, which provides the getrandom syscall wrapper, was only added in glibc2.25. To make it compatible with older version, we can directly call the syscall. Type: improvement Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
2022-04-12hsa: fix coverity warningFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9cf21ee7ad363dd1af5ca75f07bfe38d8fe749f9
2022-04-12hsa: vcl test client option to close only clientFlorin Coras2-2/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45c63e0a7d7179a0f27ca3f093bd3cf7458a12d3
2022-04-12tests: fix bihash unit test threads countJing Peng1-4/+4
In test_bihash_threads, if a test thread fails to be created, it is still counted towards the total thread count, which could lead to never-ending test loop. This patch fixes the issue. Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras1-1/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-11tests: fix bihash unittest error reportingJing Peng1-15/+21
This patch fixes test_bihash_unittest in two ways: 1. The number of searches, namely tm->search_iter, defaults to 0, thus disabling the test. This patch changes the default to 1. 2. Test errors are reported by clib_warning() instead of being returned, thus the caller test/test_bihash.py is never aware of them. This patch returns the errors constructed by clib_error_return(). Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: I60e99a829ebe6aa2a56e7a9332cf973afa100311
2022-04-08linux-cp: fix setting mtu on hardware interfacesMatthew Smith1-1/+1
Type: fix Fixes: 616447c39231 In lcp_router_link_mtu(), either vnet_hw_interface_set_mtu() or vnet_sw_interface_set_mtu() is called, based on whether this appears to be a physical interface. The test to determine whether this is true was incorrect and probably never worked right so vnet_sw_interface_set_mtu() was always being called. This causes some breakage with Recent changes to code which manages interface MTUs. Fix the test so the right function is called. Change-Id: I1ecccbce37d5a1e53b2349ed40f3d0d27eb03569 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-04-08dpdk: add multi-txq supportMohsin Kazmi4-13/+31
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f061a05d947bc2867e1b962bf0522ad344bcc1a
2022-04-07tls http: run config fns after init onesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-04-07tls: fix session pool realloc on acceptFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I68ada775810bb4a4f280962a979605b211562a52
2022-04-05wireguard: prevent segfault on non-adj packetsJon Loeliger2-0/+7
An unexpected packet that shows up on a Wireguard interace that happens not to have a forwarding peer will cause a segfault trying to index the vector of peers by adjacency. Rather than segfaulting, recognize a non-adjacent packet and drop it instead. This leaves open the question of what _should_ be happening to, say, IPv6 multicast packets. Signed-off-by: Jon Loeliger <jdl@netgate.com> Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
2022-04-05dpdk: macros changes for dpdk 22.03Dastin Wilski4-60/+62
New dpdk version deprecates some macros used by VPP. This patch changes them to 22.03 version. Type: improvement Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: Ic362ed318dc1ad88bb682ef13fbd6159171fbaef
2022-04-05dpdk: compatibility layer for dpdk 22.03 bumpDastin Wilski2-26/+87
New version of dpdk changes some macros names. This patch ensures VPP will be compatible with older dpdk versions. Type: improvement Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I3d9736278e70064610a1dcad5f2d2f6eb26e0d4b
2022-04-05dpdk: fix max frame sizeDamjan Marion2-11/+11
Type: fix Change-Id: I70f9ec2eb6c9c1494a4ecd56e06898f6162a0e0e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05nat: nat44 cli bug fixFilip Varga5-42/+38
Two similar CLI paths "nat44" and "nat44 add interface address" caused unexpected behavior. If "nat44 add interface address" command would fail the vlib cli processing function would call "nat44" handler. This would also clean any previously set errors from the first command and basically return same error returned by "nat44" handler for every failed command that starts with the same path string. Fixes nat44-ed and nat44-ei plugin. Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653 Ticket: VPP-2021 Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-05vppinfra: refactor address sanitizerDamjan Marion1-1/+1
Type: refactor Change-Id: I5ca142ec1557d5b5c3806b43553ad9d3b5ea1112 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-05crypto-openssl: use getrandom to reseed opensslBenoît Ganne1-13/+8
Type: improvement Change-Id: I84d594d8baaf18056580455f3b2790d0f31b7b0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-04-04vppinfra: make _vec_len() read-onlyDamjan Marion39-92/+88
Use of _vec_len() to set vector length breaks address sanitizer. Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead. Type: improvement Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-04tls: set client ckpair only for non-test ckpFlorin Coras1-13/+15
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7287e40ad95dfe061fd8a7b0e99921d5540e030d
2022-04-04tls: null terminate openssl chiphersFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5d4e68730a75337a2e532e72f366b62d6973235e
2022-04-04vlib: remove unused fieldsDamjan Marion1-8/+0
Type: refactor Change-Id: I449fcea92a1c96dd7dd0bcad893060ad1c614351 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-04-01vrrp: add stats support and update APIEmanuele Di Pascale8-18/+643
Add simple counter statistics to VRRP, based on a subset of those defined in RFC8347. Add an update API that allows in-place modification of an existing instance. The method returns a vrrp_index which can be used both for retrieving statistics and to modify non-key parameters. Also add a delete method which will take that vrrp_index as parameter. Type: improvement Signed-off-by: Emanuele Di Pascale <lele84@gmail.com> Change-Id: I2cd11467b4dbd9dfdb5aa748783144b4883dba57
2022-04-01dpdk: fix vlan creation on ixgbeAlexander Chernavin1-1/+0
Type: fix VLAN programming is currently enabled for IXGBE. However, that is only supported for IXGBE_VF. With this fix, disable VLAN programming for IXGBE. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I37b1d0733988c964d2b0f5a49328effacec1cb6f
2022-04-01dpdk: fix coverity issueFan Zhang1-13/+4
Type: fix This patch fixes the following DPDK plugin issue: CID 253333: Control flow issues (DEADCODE) The change also includes some cosmetic changes for error handling. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I830020bc3ae9a508f3a905f78333fa3ae25ce784
2022-04-01nat: VRF routing & FIB improvementsFilip Varga8-281/+727
This patch affects how destination fib is choosen during session creation. Default behavior of choosing fib based on output interfaces is kept. Configuration gives you the ability to change default behavior to direct or restrict traffic between different FIB tables. NAT specific VRF routing options: a) keeping communication in the same VRF b) option to add multiple destination VRFs c) option to control the resolution order of destination VRFs TX FIB resolution is based on looking up RX FIB entry in NATs VRF table and picking the first FIB that resolves destination address. Ticket: VPP-2009 Type: improvement Change-Id: If500c48d7ce3466533ad9581c0847870788fc4fb Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-01nat: nat44-ed cleanup & fixesFilip Varga7-1303/+645
Set deprecated option on unsupported API calls. Cleaned up API calls with deprecated option. Removed in progress option from long term used API calls. Removed obsolete/unused nodes, functions, variables. Fixed set frame queue nelts function. Calling API would incorrectly not fail even though frame queue nelts can only be set before first call nat44_plugin_enable. Moved all formatting functions to _format.c file. Type: refactor Change-Id: I3ca16e0568f8d7eee3a27c3620ca36164833a7e4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-04-01tls: enable host verification by hostnamesatna1-3/+40
Type: improvement Signed-off-by: satna <satbeervarma9596@gmail.com> Change-Id: I1b1db60fa1a0e47fce273bc07b01887813fd3c48
2022-03-31stats: convert error counters to normal countersDamjan Marion1-23/+0
Change-Id: I9794da718805b40cc922e4f3cf316255398029a9 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Ole Troan <ot@cisco.com>
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan3-25/+56
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-30vppinfra: vector allocator reworkDamjan Marion1-25/+2
- support of in-place growth of vectors (if there is available space next to existing alloc) - drops the need for alloc_aligned_at_offset from memory allocator, which allows easier swap to different memory allocator and reduces malloc overhead - rework of pool and vec macros to inline functions to improve debuggability - fix alignment - in many cases macros were not using native alignment of the particular datatype. Explicitly setting alignment with XXX_aligned() versions of the macro is not needed anymore in > 99% of cases - fix ASAN usage - avoid use of vector of voids, this was root cause of several bugs found in vec_* and pool_* function where sizeof() was used on voids instead of real vector data type - introduce minimal alignment which is currently 8 bytes, vectors will be always aligned at least to that value (underlay allocator actually always provide 16-byte aligned allocs) Type: improvement Change-Id: I20f4b081bb13bbf7bc0ace85cc4e301787f12fdf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29hsa: refactor echo clientsFlorin Coras2-318/+319
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I30cc31c438d357d48576fba84e54809455960eaa
2022-03-29tls: Support for client certificate-key pairsarmurug1-0/+50
Type: improvement Signed-off-by: sarmurug <sarmurug@cisco.com> Change-Id: Ibbfe827b9c4c603a6fe7cc49970a46bd683194ce
2022-03-29dpdk: make log pipe non-blocking on both sidesDamjan Marion1-1/+2
Type: fix Change-Id: I857403b9d93ee4c17f2dd5ac8e6dafd66260a252 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: fix tap interface attrs in case the sw pool realloc'dVladislav Grishenko1-18/+16
Creating tap interface / sub interface causes allocation of a new software interface with possible sw interface pool reallocation. In such case accessing L3 MTU and interface flags by obsolete sw pointer is UAF. Instead, keep desired tap interface MTU value before sw intreface creation and refetch sw pointer right before sw flags inheritance. Type: fix Fixes: b89c1ddcb3b4f9138ca3ebefb2115f896ff3e1bd Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
2022-03-29crypto-openssl: fix seed calculationDamjan Marion1-1/+1
Type: fix Fixes: 91f17dc Change-Id: I860b6d5d5e9cf47d84fde0a2c92be43125038694 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-29linux-cp: handle ipv4 routes when link goes down on subifAlexander Chernavin1-17/+43
Type: improvement Currently, the plugin can monitor link state changes on hardware interfaces for which a linux-cp pair exists. When the link goes down on one of the hardware interfaces, the plugin processes IPv4 routes that resolve through that interface according to the configurations: del-static-on-link-down and del-dynamic-on-link-down. The problem is that link state changes are not signaled for subinterfaces and the code that handles IPv4 routes is not triggered. When the link on a hardware interface goes down, it implies that subinterfaces added to that interface also will have the link in the down state. With this change, when the link goes down on a hardware interface, iterate over subinterfaces added to the interface and apply the same logic of routes processing as for hardware interfaces. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
2022-03-29linux-cp: add support for table flush if multiple interfacesAlexander Chernavin1-15/+39
Type: improvement lcp_router_table_flush() is used to remove routes from the given route table if they are resolved through the given interface with specified FIB source. Currently, if you need to remove routes from a route table that are resolved through one of the interfaces from a vector, the function has to be executed for every interface from the vector. Every execution walks the route table again. With this change, lcp_router_table_flush() accepts a vector of interfaces. Thus, the function can walk a single route table once and delete routes that resolve through one of the interfaces from the vector. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
2022-03-29perfmon: fix order in cmakelists.txtRay Kinsella1-8/+8
Fix ordering in CMakeLists.txt Type: refactor Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I8e71e4fbc048a80c4b250c2a66cfd8a522bde5f4
2022-03-29perfmon: fix non-NULL terminated C-stringBenoît Ganne1-1/+1
format() expects a NULL-terminated C-string as format string. Type: fix Change-Id: Ib428cf2debbf98850eed512907175f8ae8ba3c04 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-28linux-cp: Fix API responsePim van Pelt1-5/+7
* Correct endianness issue * lip_namespace is a vector not a string * Provide null termination to avoid unpack() failures in the client Responses in the python API now look like: lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=1, host_sw_if_index=3, vif_index=19, host_if_name='ice0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=2, host_sw_if_index=4, vif_index=20, host_if_name='ice1', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') lcp_itf_pair_details(_0=328, context=3, phy_sw_if_index=5, host_sw_if_index=6, vif_index=21, host_if_name='ice0.1234', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, namespace='dataplane') Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: If4bf06a8b70977676ec7f5b1413cee6cc9d1714a
2022-03-28crypto-native: avoid overflow load on dataDamjan Marion1-1/+4
Type: improvement Change-Id: I5317afa02fa1525a7d8df595b56eb6546ccded57 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-27linux-cp: fix name formattingDmitry Valter1-1/+1
Format host interface name as vector rather than c-string. Otherwise non-null-terminated vector overrun triggers ASAN. Type: fix Fixes: 1705a6baefe205bb6792b547c7376eee3f328a71 Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
2022-03-25hsa: echo client connects as rpcFlorin Coras2-31/+36
Do connects in an session layer rpc instead of doing cli process sleeps. Performance with 4 workers goes from ~120k/180k first run/warmed up to ~135k/240k Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id184913e9898f8db099e29a605f3a9b1fc67be63
2022-03-25crypto-native: avoid mem overflow when loading IVDamjan Marion1-11/+13
Type: improvement Change-Id: I946d91e67c332ecac0b09d50980529b9d4e74f9c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-25linux-cp: handle ipv4 routes when link goes downAlexander Chernavin5-0/+163
Type: improvement Currently, when the link goes down on an interface, routes that resolve through that interface and created with Nexthop API are removed by the kernel. However, IPv4 routes remain in the FIB because the kernel doesn't send any notifications about that. And for the plugin working with user-space applications that create routes in the kernel using Nexthop API there should be a mechanism to synchronize the FIB and the kernel in this case. With this change, add two new startup configuration options to the plugin to be able to control what should happen with static and dynamic routes managed by the plugin on link down: - del-static-on-link-down (disabled by default, delete routes created with the linux-cp static FIB source on link down), - del-dynamic-on-link-down (disabled by default, delete routes created with the linux-cp dynamic FIB source on link down). Then, monitor link state changes on interfaces for which a linux-cp pair exists. If the link goes down on one of the interfaces, process routes that resolve through that interface according to the new configurations. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8