summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-09-21vrrp: set up multicast for both address familiesMatthew Smith1-2/+14
Type: fix When a VR is added, multicast accept routes are added which allow inbound packets sent to the VRRP group address on the interface of the VR so advertisements from peers can be received. If this is the first VR added, also add a local forward route for the VRRP group address so the packets will be processed by the VRRP input nodes. When deciding whether to add/delete the local forward route, the total number of VRs configured was being checked. If there are no VRs configured initially and a VR is added for IPv4, this check would correctly see that this was the first VR and add an IPv4 route. If an IPv6 VR was configured subsequently, this check would find that a VR was already configured and incorrectly decide that no route needed to be added and IPv6 VRRP advertisements from peers would be dropped as a result. The opposite would occur if you first added an IPv6 VR followed by adding an IPv4 VR - whichever address family was added first would work correctly and the other one would not work. Since a route is needed for each address family, check on the per address family count of VRs when deciding whether to add/delete the local forward route instead of checking on the global count of VRs. Change-Id: I851a7ef8a4f9e4e370d08b0832284a13387eb083 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-21acl: remove custom ACL-plugin heapAndrew Yourtchenko7-232/+17
Custom ACL-plugin heap was useful in early stages, but it interferes with other infra optimizations. Remove it and use global heap. Change-Id: I2300548f1d1798dec27bc5a2a41cf37f9fcda95d Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-09-21dpdk: hugepage availibility check using new apiDamjan Marion1-11/+9
Type: improvement Change-Id: Iab623a2e11bd5787f4cae549143f49888e0dd9c4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-17vppinfra: support main heap with different page sizesDamjan Marion1-1/+1
Type: improvement Change-Id: I381fc3dec8580208d0e24637d791af69011aa83b Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-16avf: wrong argument passed to avf_log_errSteven Luong1-1/+1
Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ica4601c9d17e182cbc348989a9f75ab1cb18b78a
2020-09-16vmxnet3: gso fixesSteven Luong4-13/+29
outbound: wrong header len computation gso size and header length need to be set in the first segment of the chain inbound: EOP may have zero length descriptor to terminate the chain missing endian conversion for ethertype Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Iaa003c0e9af3ead4df6c6c0d5772a179d2ff15c4
2020-09-16api: clean up use of deprecated flagOle Troan3-13/+13
The syntax of the deprecated flag has evolved. Clean up usage to be "option deprecated;". Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: If2b639f275eb8db58b36c457f9245fe35a4d8cb1
2020-09-16flowprobe: add show commands for params and list of interfaces for recordingjan_cavojsky1-0/+87
Type: feature Ticket: VPP-1861 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Change-Id: Iaeff13b19a712257223a4e77893cfd9398c18327
2020-09-15crypto: Crypto SW Scheduler Coverity WarningsNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I7f98d0c7847ecc40b90b78e5ae83f320575be310
2020-09-15crypto-native: fix issues detected by coiverityDamjan Marion2-3/+11
Type: fix Change-Id: Id61aa407eeeb4d44cf47ed39283a0c79ed3abbee Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-14wireguard: coverity fixesNeale Ranns2-6/+10
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ib1eabbc87a573c660ac251602d631f167928259b
2020-09-14wireguard: increase FIB source priorityNeale Ranns1-2/+7
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Icc1c458474d357c7d9b3b4df1897500de0c314a1
2020-09-14nat: delay datastructure allocation until configuredOle Troan2-18/+33
The dslite plugin would on plugin load initialize large bihash datastructures. Postpone until configured. Type: improvement Change-Id: Ie790ab8c5fc39fac18153acd54dcd051805e763a Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-10ikev2: fix copy-paste error when freeing memoryFilip Tehlar1-1/+1
Type: fix Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-12wireguard: Fix for tunnel encapNeale Ranns7-89/+468
Type: fix add UT for sneding handshale init and transport packets Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iab1ed8864c666d5a0ae0b2364a9ca4de3c8770dc
2020-09-11quic: Clean quic_crypto_setup_cipherNathan Skrzypczak1-16/+13
Type: fix Change-Id: I4c19636c2be8a577c6cba272708cb04bcc24785b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-11dpdk: fix coverity defect #214232, #182930Chenmin Sun2-1/+8
Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
2020-09-11avf: add assert to ensure that adminq is used only from avf processDamjan Marion1-0/+5
Type: improvement Change-Id: Ib64c9b8207776986656e5a26c13a221edc6cc950 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11avf: change promisc mode from the avf process nodeDamjan Marion2-7/+26
Avoid situations where promisc mode is chaged while avf process is suspended in the middle of adminq operation. Type: fix Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11nat: Fix next feature for ED with multiple workersVladimir Isaev3-2/+25
Multiple (> 1) workers leads to handoff node being enabled. This node pops next feature index to nat.arc_next to make sure that packet will be pushed to the next feature in the arc. But node nat44-ed-in2out-output also pops next feature and changes arc_next. So actual next feature will be skipped in that case. It leads to all nat44-ed-in2out packets being dropped if we have multiple workers (handoff node enabled). To resolve this a new node was added (nat-pre-in2out-output) to fill arc_next in single worker case and multiple worker case is already handled by handoff node. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
2020-09-11avf: fix race between avf and cli/api processDamjan Marion6-35/+43
device pool my grow during suspemd which will cause crash in avf process after it exits from suspend. Type: fix Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11nat: endian mismatchFilip Varga1-7/+13
Type: fix Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-11avf: fix race between avf process node and avf_delete_if(...)Damjan Marion4-18/+34
It may happen that process node is suspended while it waits for response from adminq and during that time CLI or API process can call avf_delete_if. When avf process node resumes, it may happen that device is not there anymeore. This patch delegates interface deletion to process node, so CLI/API process just sends signal instead of deleting device instance itself. Type: fix Change-Id: I7f12e12df3071650f6e60ad7eb5af23b7acfe335 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11ikev2: fix memory leaksBenoît Ganne1-7/+20
- make sure everything is freed on cleanup - reuse already allocated vectors where possible Type: fix Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11quic: fix coverity warningAloys Augustin1-1/+1
Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: Ic51ba3450b3d0722ebff4280127f526b5a9934b1
2020-09-10wireguard: fix handshake procedureArtem Glazychev2-12/+17
Type: fix Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2020-09-10af_xdp: documents incompatibility with 1GB hugepages and high buffers-per-numa.Mohammed Hawari1-0/+2
Type: docs Change-Id: If8602d4b73cc1f04e42d19b8df60a05f67aa90c9 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-09-09wireguard: initial implementation of wireguard protocolArtem Glazychev31-0/+6216
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-09crypto: change cryptodev with new cryptodev APIFan Zhang2-0/+1581
Type: feature This patch updateds cryptodev engine uses new DPDK Cryptodev API planned to be upstreamed in DPDK 20.11. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com> Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
2020-09-09interface: support configuring RSS steering queuesChenmin Sun3-34/+154
This patch adds the RSS steering queues set interface, and it's implementation in DPDK device: /* Interface to set rss queues of the interface */ typedef clib_error_t *(vnet_interface_rss_queues_set_t) (struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi, clib_bitmap_t *bitmap); This patch also introduces a command line to set the RSS queues: set interface rss queues <interface> <list <queue-list>> To display the rss queues, use "show hardware-interfaces" Below is the example to configure rss queues for interface Gig0: vpp# set interface rss queues Gig0 list 0,2,4-7 vpp# show hardware-interfaces brief Name Idx Link Hardware VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0 Link speed: unknown RSS queues: 0 2 4 5 6 7 local0 0 down local0 Link speed: unknown vpp# Users can also configure the rss queues on a dpdk interface in startup.conf: dpdk { dev 0000:18:01.0 { rss-queues 0,2,5-7 } } Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
2020-09-09tcp: fix the tcp unittest to workRyujiro Shibuya1-0/+2
Type: fix Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: If5a8313262da828616db8b1d9ef831d42b11d952
2020-09-08dpdk-ipsec: don't leak buffers on crypto alloc failureChristian Hopps2-6/+8
Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
2020-09-08dpdk: fix extended stat stringsChristian Hopps1-2/+2
- These were displaying blank, apparently dpdk extended stat strings must be within the heap so they are identified as vectors by format_c_identifier even though they are not. Type: fix Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08dpdk: fix interface counters to never go backwardChristian Hopps1-33/+24
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all three error counters to avoid the problem. Type: fix Change-Id: I99a69c8816326682745785ecd30e18a131ac2969 Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08svm session: document unsupported fifo deq combinationsFlorin Coras1-5/+21
Type: fix - Document that ooo dequeues with ooo lookups cannot be done in combination with in order dequeues. - Added assert to capture this scenario and de-initialized rbtrees for cut-through tx fifo Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
2020-09-06marvell: add cli options to configure rxq and txq sizesChristian E. Hopps1-1/+6
Add the ability to configure the pp2 rx and tx queue sizes in the CLI. Type: improvement Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: I6a824f92e22fa47fec3d84525cc2d82524ddf639
2020-09-05docs: Improve & link cnat docNathan Skrzypczak1-13/+79
Type: docs Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-04cnat: fix cnat_set_snat() debug CLIDave Barach1-6/+18
Otherwise, the debug CLI command is unusable in a script because it will eat (and complain about) subsequent lines in the script. Missing this guitar lick, etc: /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id328e6f1cc4d2e1672c3946db3865ab5a1a3af8d
2020-09-04cnat: fix snat ip v6 testsMathiasRaoul1-6/+6
Type: fix Change-Id: I9e102e0028274cc084e59c106d1cd4be174b1205 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-09-04vrrp: improve RFC compliance for ARP/NDMatthew Smith2-38/+48
Type: fix The ARP/ND feature nodes reply to requests for a VR virtual IP address when a VR is in the master state. If the VR is in the backup state, the request is passed to the next node on the feature arc. This can cause an incorrect response to be sent. If some other feature (e.g. NAT) causes a virtual IP address to be configured as a "local" address on the system, a later node on the feature arc may respond to an ARP/ND request with the real MAC address of the interface. RFC 5798 says that a router must respond to ARP/ND requests for VR virtual IP addresses with the VR virtual MAC address. And it says a router must not respond to ARP/ND requests for VR virtual IP addresses when the VR is in the backup state. Ensure that ARP/ND requests for VR virtual IP addresses are dropped when in the backup state rather than allowing them to continue on the feature arc where another node may end up responding. In order to do this, enable/disable the feature nodes when leaving or entering the init state instead of the master state. Change-Id: I416f83e125cbf91deb90c3b6eb00ba3207de24ad Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-04dpdk-ipsec: use init function instead of one-time processChristian Hopps1-11/+3
Use VLIB_MAIN_LOOP_ENTER_FUNCTION to do post init initialization for dpdk crypto rather than create a one-time process to do the same. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I06e480b028c8e1fc1b0024a66b2338eb21a797ca
2020-09-04dpdk-ipsec: fix show outputChristian Hopps3-3/+3
Fix the shown crypto inflight counts which were reversed. Also improve a couple error descriptions to tell them apart when viewed. Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I6d4054c64aa842658cfcde8969c7aa48f6d21207
2020-09-04ip: enhance vtep4_check of tunnel by vector wayZhiyong Yang1-12/+30
This patch aims to improve decap performance by reducing expensive hash_get callings as less as possible using AVX512 on XEON. e.g. vxlan, vxlan_gpe, geneve, gtpu. For the existing code, if vtep4 of the current packet match the last vtep4_key_t well, expensive hash computation can be avoided and the code returns directly. This patch improves tunnel decap multiple flows case greatly by leveraging 512bit vector register on XEON accommodating 8 vtep4_keys. It enhances the possiblity of avoiding unnecessary hash computing once hash key of the current packet hits any one of 8 in the 512bit cache. The oldest element in vtep4_cache_t is updated in round-robin order. vlib_get_buffers is also leveraged in the meanwhile. Type: improvement Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I313103202bd76f2dd638cd942554721b37ddad60
2020-09-03crypto: Add async crypto APIsNathan Skrzypczak5-0/+132
Type: feature This adds api calls for the following CLIs: * set sw_scheuduler worker <N> crypto on|off * set crypto async dispatch polling|interrupt * set crypto handler * set crypto async handler Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03crypto: SW scheduler async crypto enginePiotrX Kleski4-2/+795
Type: feature This patch adds new sw_scheduler async crypto engine. The engine transforms async frames info sync crypto ops and delegates them to active sync engines. With the patch it is possible to increase the single worker crypto throughput by offloading the crypto workload to multiple workers. By default all workers in the system will attend the crypto workload processing. However a worker's available cycles are limited. To avail more cycles to one worker to process other workload (e.g. the worker core that handles the RX/TX and IPSec stack processing), a useful cli command is added to remove itself (or add it back later) from the heavy crypto workload but only let other workers to process the crypto. The command is: - set sw_scheduler worker <idx> crypto <on|off> It also adds new interrupt mode to async crypto dispatch node. This mode signals the node when new frames are enqueued as opposed to polling mode that continuously calls dispatch node. New cli commands: - set crypto async dispatch [polling|interrupt] - show crypto async status (displays mode and nodes' states) Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-09-02nat: twice-nat static mapping pool addressFilip Varga10-95/+354
Let twice-nat static mapping pick specific address from the twice-nat pool. Type: improvement Change-Id: Iadaa036af2fa3b0e6e9a68ff6e68b4bbe1650eb1 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-01crypto-openssl: add chacha20-poly1305 to crypto-opensslArtem Glazychev3-9/+223
Type: feature Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Iec28fb11b6edff1bee23117f56aa3a3e5729541a Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-01misc: fix uninitialized use warnings with gcc-{8,9}Aloys Augustin2-3/+3
Change-Id: I4930c3c2a8025ec9ceb17e994137be67d88d455f Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-09-01ip: fix ip zero checksum verificationBenoît Ganne5-8/+8
In one's complement, there are two representations of zero: the all zero and the all one bit values, often referred to as +0 and -0. See RFC 1624 section 3 for more details. This used to be taken care of in ip4_header_checksum(), but it is no longer the case. The check ip->checksum == ip4_header_checksum (ip) is no longer correct in the -0 case. Always use ip4_header_checksum_is_valid() instead (which behaves correctly since 9a79a1ab931c3b5a7ae07d6f0fcfef7c4368a2c4). Type: fix Fixes: e5f0050c7a5d411f96af6401797529d58825e2af Change-Id: Iacc6b60645a834287b085aecb9e3fdb4554cf0cf Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-01dpdk: fix mac address length was wrongjiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I87c6f423ea8fdd9fb764693055eb1509f994d6f1