aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-02-25ipsec: ipsec.h tidy upNeale Ranns6-56/+86
Type: refactor - remove the extern declaration of the nodes. keep the use of them to the files that declare them - remove duplicate declaration of ipsec_set_async_mode - remove unsued ipsec_add_feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
2021-02-25ipsec: enable input features on tunnelsBrian Russell4-30/+93
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
2021-02-24virtio: enable the interrupt support for uio_pci_genericMohsin Kazmi1-11/+4
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan1-4/+14
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-24crypto: A more memory efficient layout of the frame element structNeale Ranns2-18/+26
Type: improvement Also: - state as enum so my GDB life is easier - typo; s/indice/indices/; Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
2021-02-23l2: coverity woe in l2_api.cSteven Luong1-23/+20
Coverify complains deref_ptr before null check. deref_ptr: Directly dereferencing pointer reg. 1214 vl_reg = vl_api_client_index_to_registration (reg->client_index); 1215 ALWAYS_ASSERT (vl_reg != NULL); 1216 CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL) check_after_deref: Null-checking reg suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 1217 if (reg && vl_api_can_send_msg (vl_reg)) I believe the check is for vl_reg instead of reg because vl_reg may be NULL after the call vl_api_client_index_to_registration. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
2021-02-23vlib: fix offload flags value resetBenoît Ganne1-2/+11
When a buffer is freed and re-allocated for a new packet, opaque2 is not reset, so the offload flags can be set to a stale value. Make sure the offload flags are reset to the current value on 1st set. Type: fix Fixes: 6809538e646bf86c000dc1faba60b0a4157ad898 Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-22ip-neighbor: add set ip neighbor-config CLI commandIvan Shvedunov1-0/+54
Type: improvement Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
2021-02-19tests: add input policer thread handoff testsBrian Russell1-2/+74
Test worker thread handoff on an interface input policer. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
2021-02-19policer: add thread handoff for device inputBrian Russell4-13/+71
Add worker thread handoff for policers on the device input feature arc on an interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
2021-02-19policer: move handoff checks into policer codeBrian Russell4-47/+41
The IP punt policer currently checks if it needs to do worker thread handoff based on the thread index stored in the policer. Move this functionality into the policer code so it can be common for all users of the policer. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
2021-02-19tests: test input policerBrian Russell1-0/+74
Apply a policer to an interface, check it's policing packets. Remove it and check it no longer polices packets. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
2021-02-19policer: add api to configure input policingBrian Russell4-0/+76
Add a new API to apply a policer to an input interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700
2021-02-19policer: add policing as device-input featureBrian Russell3-233/+19
Add input per-interface policing as an input feature, repurposing vnet_policer_inline which formermly allowed input policing to be configured via a CLI. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I2fd00e964ae358a05e507c844f5476372124fae1
2021-02-18tests: remove unnecessary setup in policer testBrian Russell1-6/+0
The policer test class overrides setup and teardown methods from VppTestCase but doesn't do anything other than call the parent's method. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I76bac084c4cb5cb5195e34afe95b38affd585942
2021-02-15session: coverity fixFlorin Coras1-3/+0
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic28ee0e7cd313686b820e7003a47d17b844b8a89
2021-02-15vlib: refactor checksum offload supportMohsin Kazmi25-223/+332
Type: refactor This patch refactors the offload flags in vlib_buffer_t. There are two main reasons behind this refactoring. First, offload flags are insufficient to represent outer and inner headers offloads. Second, room for these flags in first cacheline of vlib_buffer_t is also limited. This patch introduces a generic offload flag in first cacheline. And detailed offload flags in 2nd cacheline of the structure for performance optimization. Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-15misc: coverity fixesDave Barach2-7/+5
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a3348c7edd1cce6b407d336443103f77392bc5d
2021-02-15ip: Path MTUNeale Ranns22-18/+1528
Type: feature Support setting the MTU for a peer on an interface. The minimum value of the path and interface MTU is used at forwarding time. the path MTU is specified for a given peer, by address and table-ID. In the forwarding plane the MTU is enfored either: 1 - if the peer is attached, then the MTU is set on the peer's adjacency 2 - if the peer is not attached, it is remote, then a DPO is added to the peer's FIB entry to perform the necessary fragmentation. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8b9ea6a07868b50e97e2561f18d9335407dea7ae
2021-02-15policer: improve policer structBrian Russell9-33/+28
Ensure policer struct is cache aligned and fits in one cache line. Give it a simpler name to reflect its job as the representation of a policer. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: If1ae4931c818b86eee20306e503f4e5d6b84bd0d
2021-02-15policer: add api to bind policer to workerBrian Russell4-3/+76
Add a new api to allow a policer to be bound to a specific worker thread for thread handoff. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I2623a6827843c3d93c0d7b4ad7c2e13611ec1696
2021-02-15interface: Add promisc on/off in apiNathan Skrzypczak2-32/+76
Type: feature Change-Id: Ib777a5201f1c728438c7a5f2b1aa2246f1344b9b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-15fib: Always honour flow hash flagNeale Ranns4-17/+50
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id7b27edf3712aaa3c277e752b9ca78bb91d184a1
2021-02-12ipsec: Store thread-index in buffer meta-data during SA handoffNeale Ranns7-32/+22
Type: improvement negates the need to load the SA in the handoff node. don't prefetch the packet data, it's not needed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I340472dc437f050cc1c3c11dfeb47ab09c609624
2021-02-12policer: tidy upBrian Russell3-162/+50
Convert old logging style to new and remove unused tracepoints. Remove code always conditionally not compiled. Make comment style consistent. Type: improvement Change-Id: I13339f28539cf190fb92be2d5c8020b6249319c8 Signed-off-by: Brian Russell <brian@graphiant.com>
2021-02-12policer: use enum typesBrian Russell5-41/+31
Make the policer action enum packed and use it in the policer code. Use other policer enums where applicable. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I32f9735942af8bca3160b9ef8a75f605d9aba5fa
2021-02-12policer: remove SSE2 prefixBrian Russell9-486/+427
The policer code uses a naming convention of prefixing a lot of its definitions with "SSE2" when in fact there is nothing SSE2 specific about them. This is confusing so remove the prefix. Unfortunately it has to stay in the API definitions for backward compatibility. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I59a7df9fd5ded2575f2e587b2768a025a213b07c
2021-02-11tests: tag the tests that do not work with multi-worker configurationAndrew Yourtchenko3-0/+6
If the multi-worker default VPP configuration is triggered by setting VPP_WORKER_CONFIG="workers 2", some of the tests fail for various reasons. It's a substantial number, so this change marks all of the testsets that have this issue, such that they can be addressed later independently. Type: test Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-11policer: use ip dscpBrian Russell5-67/+8
Use the common IP definitions of DSCP rather than duplicating in the policer code. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iff4bc789356edc290b9c31eca33e93cf5b6211bf
2021-02-10vcl: validate seg handle on migrate only if neededFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c15a465f84f2ceb6bd5f1c459899824d4bc1c90
2021-02-10tests: add policer testsBrian Russell1-0/+123
Add some tests which configure policer params, use the policer test helper CLI to police pretend packets and then check the policer stats. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib2688b6f77d84a4bfd3c8185e44c59fa2300716a
2021-02-10ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns14-263/+367
support Type: feature attmpet 2. this includes changes in ah_encrypt that don't use uninitialised memory when doing tunnel mode fixups. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
2021-02-10nat: fix EI hairpinning thread safetyKlement Sekera1-0/+1
Avoid doing inter-thread reads without locks by doing a handoff before destination address rewrite. Destination address is read from a session which is possibly owned by a different thread. By splitting the work in two parts with a handoff in the middle, we can do both in a thread safe way. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
2021-02-09l2: crash on l2_input_is_xconnectSteven Luong1-10/+8
Running vpp without any interface configured and then invoking the binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due to l2input_main.configs has no memory allocated to it, not even for the local interface which exists all the times. The reason that l2input_main.configs has no memory allocated to it was due to gerrit patch 29232 which took out a line in l2input_init /* Create the config vector */ vec_validate (mp->configs, 100); The fix is to iterate through l2input_main.configs for each interface in l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces. Type: fix Fixes: gerrit 29232 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b
2021-02-09tls: dtls initial implementationFlorin Coras4-30/+247
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2021-02-09session: coverity fixesFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2828287c58115aa08c0a4297c01cea60f41f4749
2021-02-09Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"Matthew Smith14-331/+234
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-08ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns14-234/+331
support Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
2021-02-08interface: automask interrupts to polling rxqsMohammed Hawari1-1/+3
Sometimes, vnet_hw_if_rx_queue_set_int_pending is called on rxqs which are not in interrupt mode. Currently, it segfaults due to a too small clib_interrupt_t structure. This change prevents that and makes the framework slightly more robust to driver bugs (that might be subtle to track in some cases involving concurrency...) Change-Id: I9643b9b1aa37e6852754b93f10cd2f96ed9e6118 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix
2021-02-08virtio: use vpp clib_memset instead glibc memsetMohsin Kazmi1-2/+2
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib3cefe5d27286c4853eb0c0e1803a94787a62c97
2021-02-08virtio: add atomic call for kickingMohsin Kazmi2-20/+6
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I41faa2ca249ff75e564a732af896e6b5d76bf665
2021-02-08ipsec: Checking wrong DB for initialistationNeale Ranns1-17/+17
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2325d311a6fd7343c7041dc516777f4db0029823
2021-02-08tunnel: support copying TTL and flow label from inner to outerNeale Ranns11-56/+488
Type: feature The added functionality is to support copying TTL and flow label from inner to outer. The .api was extened to support expressing this and also adding a common tunnel endpoint type. i find it best to make API changes in one patch so there are less versions of the API. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I755c1e3f4c475058792af39c1abeda92129efb76
2021-02-06ipsec: CLI improvement for udp port encapMohammed Hawari1-0/+5
Change-Id: I59f55db7209549ad43a1205470a2f5ea9ea8a1c7 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-02-05tcp: fix port reuse with multiple listenersFlorin Coras2-3/+11
The check in listen state that the listener is not valid is not enough if the time wait session's index overlaps an actual listener's index. Thanks wanghanlin@corp.netease.com for the report! Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3dff0cb134940a8265ff908faa607c67dba5e56b
2021-02-05devices: af-packet gso mtuNathan Skrzypczak4-38/+126
Type: fix Set the GSO flag when buffer length exceeds the linux mtu. Don't listen for mtu changes on linux side for now. This also fixes a TX issue, as we only search for valid frames on tx to the extent of n_left, we might stay stuck. Change-Id: Idf0bdd88990254a614962c2f7bc3e0292ccfd61a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-05session svm: non blocking mqFlorin Coras2-4/+3
Avoid synchronizing producers and the consumer. Instead, only use mutex or spinlock (if eventfds are configured) to synchronize producers. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
2021-02-05ip: Remove unused include fileNeale Ranns1-1/+0
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
2021-02-05nat: 1:1 policy NATOle Troan1-2/+2
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>