aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2023-10-18flowprobe: fix sending L4 fields in L2 template and flowsAlexander Chernavin2-3/+13
Currently, when L2 and L4 recording is enabled on the L2 datapath, the L2 template will contain L4 fields and L2 flows will be exported with those fields always set to zero. With this fix, when L4 recording is enabled, add L4 fields to templates other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6 templates). And export L2 flows without L4 fields. Also, cover that case in the tests. Type: fix Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-18memif: contention between memif_disconnect and memif RX/TX threadsSteven Luong1-0/+11
memif_disconect may be called without barrier sync. It removes stuff in mq without protection which may cause troubles for memif RX/TX worker threads. The fix is to protect mq removal in memif_disconnect. Type: fix Change-Id: I368c466d1f13df98980dfa87e8442fbcd822a428 Signed-off-by: Steven Luong <sluong@cisco.com>
2023-10-17buffers: introduce vlib_buffer_template_tDamjan Marion1-10/+10
Type: improvement Change-Id: Ie86a5edf2ada21355543e9a0382052b16ff86927 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-16flowprobe: fix corrupted packets sent after feature disablingAlexander Chernavin3-2/+54
When IPFIX flow record generation is enabled on an interface and the active timer is set, flows will be saved and then exported according to the active and passive timers. If then disable the feature on the interface, the flow entries currently saved will remain in the state tables. They will gradually expire and be exported. The problem is that the template for them has already been removed. And they will be sent with zero template ID which will make them unreadable. A similar problem will occur if feature settings are "changed" on the interface - i.e. disable the feature and re-enable it with different settings (e.g. set a different datapath). The remaining flows that correspond to the previous feature settings will be eventually sent either with zero template ID or with template ID that corresponds to the current feature settings on the interface (and look like garbage data). With this fix, flush the current buffers before template removal and clear the remaining flows of the interface during feature disabling. Type: fix Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-16nat: add ipfix rate-limiter for nat44-ed, nat44-ei and nat64Vladislav Grishenko3-5/+54
This prevents ipfix flood with the repeating events and allows to enable nat64 max_session and max_bibs events. Also fix wrong endian for det44 and nat64 ipfix tests, now should be fine with extended tests enabled. Max session per user event @ nat44-ei requires more precise rate limiter per user address, probably with sparse vec, not handled. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
2023-10-16npt66: icmp6 alg to handle icmp6 error messagesOle Troan1-1/+76
Support rewriting the inner packet for ICMP6 error messages. Type: feature Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-14feature: remove unused codeDamjan Marion8-26/+25
Type: improvement Change-Id: If775b1d145e462346de562a3c893f302e8c7b814 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13linux-cp: check if lcp_itf_pair exists before creating tapStanislav Zaikin1-0/+9
Now we create tun/tap and then check whether lcp_itf_pair was already created. Move the check in the beginning. Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I848685a9cfdbe92a5e38ecb8e5d5322262b4e384
2023-10-13npt66: add show command and rx/tx countersOle Troan3-6/+68
Add show npt66 bindings. Add RX/TX and translation error counters. Type: improvement Change-Id: I4513b111f815a15d5a7537ce503f0c084b523aa1 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-12flowprobe: fix sending L2 flows using L2_IP6 templateAlexander Chernavin1-11/+13
Currently, L2 flows are exported using L2_IP6 template if L3 or L4 recording is enabled on L2 datapath. That occurs because during feature enable, L2 template is added and its ID is not saved immediately. Then L2_IP4 and L2_IP6 templates are added overwriting "template_id" each time. And in the end, the current value of "template_id" is saved for L2 template. The problem is that "template_id" at that point contains the ID of L2_IP6 template. With this fix, save the template ID immediately after adding a template for all variants (datapaths). Also, cover the case with a test. Type: fix Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12dpdk: add Mellanox BlueField NICsAlexander Kozyrev1-0/+12
List BlueField NICs as a supported PCI devices. Type: feature Change-Id: Ida2300df516ab9cd2fcde1f816bbdc081016039a Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
2023-10-11tls: Fix SSL_CTX leak on every client sessionBrian Morris2-11/+12
Type: fix Change-Id: I35b3920288269073cdd35f79c938396128d169c9 Signed-off-by: Brian Morris <bmorris2@cisco.com>
2023-10-10lb: fix intermittent per-port-vip idx lookup failureDave Wallace1-0/+1
- Causes per-port-vip testcases to fail when the uninitialized reserved field in the stack variable key for the hash lookup was a non-zero stack memory location. Type: fix Change-Id: I56afa15e7df60bc2340514f2c7ce5e71a9cb47a9 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-10-08tls: propagate reads to app irrespective of stateFlorin Coras2-3/+2
Session input node handles rx notifications even if session not fully accepted/connected Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6560c45db8f8e0b7f0dc3bdd0939f13ca2f43f15
2023-10-06cnat: add flow hash config to cnat translationhedi bouattour4-7/+29
Type: feature this patch adds a hash config field to cnat translation to use it in load balancing instead of always using default one Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
2023-10-03build: add ability to disable some plugins from packaging and testsAndrew Yourtchenko1-1/+21
When custom-packaging the VPP artifacts, it can be useful to exclude some of the core plugins from packaging/testing, for some reasons. A removal of a plugin(s) from the worktree needs to be tracked as a separate change, and thus is tricky from the maintenance point of view. This change adds the ability to "pretend they do not exist" - plugins which are added to the comma-separated environment variable "VPP_EXCLUDED_PLUGINS" will not be added to the build process and not packaged. The tests do not have the 1:1 relationship as plugins, so they might need to be modified separately. This change includes some of these modifications as an example. Type: feature Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
2023-10-03nat: nat66 cli bug fixFilip Varga1-5/+5
Two similar CLI paths in nat66 plugin cause unexpected behavior. Bug fix following [1] fix. [1] https://gerrit.fd.io/r/c/vpp/+/35859 Change-Id: I771dd230fa6edb6bab3936652770a388d6e41a3f Type: fix Signed-off-by: Filip Varga <fivarga@cisco.com>
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-3/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-01flow dpdk avf: add support for using l2tpv3 as RSS typeXinyao Cai2-0/+2
This patch adds support for using l2tpv3 as RSS type Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
2023-09-28dpdk-cryptodev: improve dequeue behavior, fix cache stats loggingPiotr Bronowski4-76/+88
This patch provides minor improvements to the logic governing dequeuing from the ring. Previously whenever a frame was dequeued we've been trying to dequeue from the ring another one till inflight == 0. Now threshold is set for 8 frames pending in the cache to be consumed by the vnet. This threshold has been chosen based on cache ring stats observation in the system under load. Some unnecessary logic for setting deq_tail has been removed. Also logging has been corrected, and cache ring logic simplied. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
2023-09-28dpdk: add ConnectX-6LX and ConnectX-7 supportAlexander Kozyrev1-3/+9
List Mellanox ConnectX-6LX and ConnectX-7 as a supported PCI devices. Type: feature Change-Id: Ieeca3f214d08f29238c387354055ac1320cab75f Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
2023-09-26ping: Simple binary API for running ping based on eventsNikitaSkrynnik5-70/+285
Type: improvement Change-Id: I02846a2420637470cb0f9472c86471b6a3421a75 Signed-off-by: NikitaSkrynnik <nikita.skrynnik@xored.com>
2023-09-26crypto-ipsecmb: bump intel-ipsec-mb version to 1.4Ranjan Raj1-50/+59
Type: feature This patch update the Intel IPsec-MB lib to v1.4 Remove v0.54 and v0.55 support, as the compatible IMB APIs are deprecated in v1.4 Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com> Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
2023-09-19npt66: ensure feature is not configured multiple timesOle Troan2-12/+23
If the control agent enabled a binding on an interface multiple times, we would add the node in the feature arc multiple times. Type: fix Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-13nat: fix nat44_ed set_session_limit crashVladislav Grishenko1-8/+4
Setting session limit should return error for unknown fib. Optimize max_translations_per_fib expanding and drop unnecessary trailing fib entry. Type: fix Change-Id: Ie7d2b363ade48f53598faa617a49cce7b2db6400 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-13quic: fix quic sessions state updatesFlorin Coras1-11/+5
Session state cannot be updated after async notification event is generated for app. Instead, make sure quic sessions that accept new streams are switched to listening state only on accept. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
2023-09-13adl: stabilize the APIAndrew Yourtchenko1-1/+1
As discussed on the VPP call, since CSIT tests use these messages and they have not been changedfor quite a while, bump the version so these messages are considered as "production" from the change process standpoint. Type: improvement Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-09-13wireguard: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on VPP call - since the APIs are used in CSIT tests, and there has not been changes in a while, mark them as stable from the API change process PoV. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
2023-09-13crypto-sw-scheduler: stabilize the APIAndrew Yourtchenko1-1/+1
As per discussion on the VPP call: since the CSIT tests use these APIs and the APIs have not changed in quite a while, stabilize the API from the change process point of view. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
2023-09-13hsa: fix coverity issue CID-313635Dave Wallace2-2/+8
Type: fix Change-Id: Ieb50ab548bb34bdbb44d973037ee452d48f412ea Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-09-13idpf: make plugin default disabled until issues are fixedDamjan Marion1-0/+1
Type: improvement Change-Id: I2daa8fc338289555649135e7f0898e139807fdce Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2023-09-13perfmon: fix perf_user_access_enabled typeTianyu Li1-1/+1
perf_user_access_enabled is defined as u8, clib_sysfs_read format type is %u, this is for unsigned int, change type from u8 to u32. Type: fix Fixes: 268d7be66b8b ("perfmon: enable perfmon plugin for Arm") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
2023-09-12crypto-sw-scheduler: improve function indentationVratko Polak1-159/+156
The checkstyle --fix command remains confused around the def/foreach/undef usage in convert_async_crypto_id, but at least the other functions now look correctly indented to me. Type: style Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-09-07dpdk-cryptodev: fix cache ring stats cli commandPiotr Bronowski1-14/+12
The logic for calcuating processed elements in the cache ring was broken. In case tail and deq_tail equals and frame element pointed by the tile is not NULL it means there is exactly one processed element in the ring. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
2023-09-06nat: improve nat44-ed outside address distributionVladislav Grishenko1-1/+3
Use client address hash to pick the first outside address instead of just address high octet, becasue it may denegerate into stable 10/172/192, depending on nat address count. Fix outside address distribution test to acually test the distribution, not the algo, so previous distribution will fail with 65 nat addresses and 100 clients: FAIL: Outside address distribution based on source address Traceback (most recent call last): File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution msg="Bad outside address distribution") AssertionError: 156.25 not less than 0.33 : Bad outside address distribution Type: improvement Change-Id: I604b1294422f20d211db5614c47559557a78a193 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-06api: fix mp-safe mark for some messages and add moreVladislav Grishenko1-3/+6
Several api messages were not mp-safe although marked as such because non-zero base id was not taken into account, and therefore some other (from zero base id) were falsely mp-safe instead. Keep messages as mp-safe, as they falsely were before: 10 get_first_msg_id 0 1 12 api_versions 0 1 Messages that are no longer mp-safe as they weren't marked: 15 sockclnt_create 0 1 33 proxy_arp_intfc_dump 0 1 Fix messages to be really mp-safe: 809 bridge_domain_dump 0 1 920 ip_route_add_del 0 1 921 ip_route_add_del_v2 0 1 1362 get_node_graph 0 1 1671 create_vhost_user_if 0 1 1675 create_vhost_user_if_v2 0 1 Additionally mark messages as mp-safe, seems they need no barrier: 1360 show_threads 0 1 1370 show_version 0 1 1372 show_vpe_system_time 0 1 Type: fix Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-05npt66: make plugin default disabledOle Troan1-0/+1
Plugin is still in experimental state. No reason why it needs to be default enabled. Type: fix Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04arping: api to return responder mac addressOle Troan3-0/+68
The new arping_acd call includes the responders mac address in the reply. Enabling a client doing address conflict detection to identify if it is itself that is replying or that it is another host uses the IP address. Type: feature Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27 Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04npt66: checksum applied to src address instead of dst address on rxOle Troan1-3/+1
Applied the checksum delta to the source address instead of the destination address in the RX direction. Cleaned up tests a little. Type: fix Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-04tracenode: filtering featureMaxime Peim10-0/+606
In order to be able to filter on encapsulated packet, a new node has been added to the ip4/6-unicast arcs. Type: feature Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-09-04session: fix allocation of proxy fifosFlorin Coras4-20/+43
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-31fateshare: a plugin for managing child processesAndrew Yourtchenko4-0/+621
For the reasons of modularity and security, it is useful to have various functionality split into processes different from VPP. However, this approach presents the challenges of managing those processes, and is markedly different from simply running everything within VPP process. This plugin is an experiment in having the VPP itself start off a monitor process which in turn starts the child processes, and restarts them if they quit. If the VPP process ceases to exist, the monitor process terminates all the descendant processes and quits itself. This allows to preserve the "single entity to manage" approach of simply running a barebones VPP. An example of running it: export DPDK_CONFIG="" export DISABLED_PLUGINS=dpdk export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }" make run Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7 Type: feature
2023-08-26nat: nat44-ed bug fixWei Li1-3/+4
fix lb static mapping "nat44_ed_sm_o2i_add" laddr and lport Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I249a00919e8154d92cbce03f6db196c13612948f
2023-08-26nat: nat44-ed cli bug fixWei Li1-1/+5
lport and eport in Cli "nat44 add load-balancing static mapping" should hton() Type: fix Signed-off-by: Wei Li <realbaseball2008@gmail.com> Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
2023-08-25cnat: fix cnat_endpoint_encodeBenoît Ganne1-1/+1
Type: fix Change-Id: I4ab713811626c097c7927228f3819b7785bbb951 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-08-25npt66: network prefix translation for ipv6Ole Troan8-0/+643
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP. It's restricted to a single internal to external binding and runs as an output/input feature on the egress interface. Type: feature Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24 Signed-off-by: Ole Troan <otroan@employees.org>
2023-08-22dpdk-cryptodev: fix coverity issuesPiotr Bronowski2-5/+8
This patch addresses coverity issues CID 322716 and CID 322717. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I59d6f40c1af8e829d8cb3c042a52e144aeaf1e6b
2023-08-18nat: documention fixSteven Luong1-4/+4
s/nat44 enable sessions/nat44 plugin enable sessions/ Type: docs Change-Id: I93dbd161f085bff5b98df50cd29c9bedf5038307 Signed-off-by: Steven Luong <sluong@cisco.com>
2023-08-18dpdk-cryptodev: improve cryptodev cache ring implementationPiotr Bronowski4-239/+353
Sw ring is renamed to the cache ring. This name better reflects the puropse of this ring. We've introduced push/pop functions, as well as other utility functions which remove code repetition. Error handlig is improved: previously in case of an error all frame elements were marked as bad, now only these for which errors occured have the error status set. Unnecessary stats counters have been removed. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
2023-08-18cnat: add host tag to bitmap in cnat snatHediBouattour3-0/+17
Type: feature this patch adds a new tag "host" to interfaces for cnat-snat if an interface is tagged pod and host we do not snat traffic outgoing through it Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>