aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-06-08fib: make sure adj is valid during walkBenoît Ganne1-0/+3
The adj can be deleted during fib_walk_sync(), make sure it can happen only after clearing the SYNC_WALK_ACTIVE flag. Type: fix Change-Id: I68be00e9602e2783d9dced71c51547c38b7e8a00 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-08ipsec: fix async crypto frame leakMatthew Smith2-54/+50
Type: fix If an async crypto frame is allocated during ESP encrypt/decrypt but a buffer/op is not subsequently added to the frame, the frame leaks. It is not submitted if the count of async ops is zero nor is it returned to the frame pool. This happens frequently if >= 2 worker threads are configured and a vector of buffers all have to be handed off to other threads. Wait until it is almost certain that the buffer will be added to the frame before allocating the frame to make it more unlikely that an allocated frame will not have any operations added to it. For encrypt this is sufficient to ressolve the leak. For decrypt there is still a chance that the buffer will fail to be added to the frame, so remove the counter of async ops and ensure that all frames that were allocated get either submitted or freed at the end. Change-Id: I4778c3265359b192d8a88ab9f8c53519d46285a2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-06-07pg: Reduce the inclusion of pg.hNeale Ranns21-83/+87
Type: style reduce the number of files recompiled after changing pg.h from 1110 to 102. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I50611eba818eeb3a2dffd437a3c72c77766bed80
2021-06-04ipsec: fix crypto ops in esp decryptBenoît Ganne1-2/+7
When both chained and non-chained buffers are processed in the same vector, make sure the non-chained buffers are processed as non-chained crypto ops. Type: fix Change-Id: I19fc02c25a0d5e2e8a1342e2b88bbae3fe92862f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-06-04policer: fix vnet/policer cli <policer bind [unbind] name <name> <worker>> ↵jinshaohui1-2/+2
handle an exception Type: fix Signed-off-by: jinshaohui <jinsh11@chinatelecom.cn> Change-Id: I67b7d0b52c33a5b13ace8fe2d918139d2820e9bf
2021-06-03session: avoid ct connects loopFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I99af136ecab9be1f9e00de6d197b8f1c74ab4b20
2021-06-03session: lcl transport info on acceptFlorin Coras2-0/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia46b0b8afed30f84b244c06f0457303f9e8832cd
2021-06-03fib: fix flags updates when adding routes with a udp encap pathArthur de Kerhor1-1/+1
When adding a route via a udp encap instance, FIB_ENTRY_FLAG_IMPORT should not be set. In particular, fib_route_attached_cross_table should always return false for such paths. Modified test_udp_encap to leverage the bug that needed to be fixed. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: Iaa9489e96d1cff09751f92c62caf7999d924fd7f
2021-06-01udp: calculate inner checksums if needed before udp encapArthur de Kerhor2-1/+7
We do not want to encap headers containing wrong checksums. Additionnally, this clears the checksums offlads flags, which was something missing since the outer headers checksums were calculated during the encap. Hence, those should not be recalculated afterwards. Type: fix Change-Id: I7fd07987b4f13f76c6990a1c08dc2f960bdd8de1 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-05-31interface: fix vnet_sw_interface_update_unnumberedDave Barach1-6/+13
Unless a software interface is actually unnumbered, do not set ip[46]_main.lookup_main.if_address_pool_index_by_sw_if_index [sw_if_index] to ~0 Fixes this scenario: loop create set int state loop0 up create sub-interface loop0 1 set interface ip addr loop0.1 192.168.1.1/24 delete sub-interface loop0.1 set int ip addr loop0 192.168.1.1/24 Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I46141d862fa57d70b93d7bb0c105403708165264
2021-05-29tls: fix handling of failed connectsFlorin Coras1-16/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifbf43dd69aa07be485fe7fa01c917512e423036e
2021-05-29udp: add udp decapsulationArthur de Kerhor5-10/+193
Possibility to register a port via CLI or API to decap incoming UDP packets: - For CLI, a user needs to specify the inner protocol (only MPLS supported for now) - For API, the protocol is specified by index Added unittests Type: feature Change-Id: Ifedd86d8db2e355b7618472554fd67d77a13a4aa Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2021-05-28gso: fix the error handlingMohsin Kazmi3-16/+52
Type: fix Change-Id: I7ada1b780b5c40261f6b14cfadc3f382e4e39086 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-05-27interface: add tx-queue cli support for new tx infraMohsin Kazmi3-5/+109
Type: improvement set interface tx-queue tap1 queue 2 threads 1-2 show hardware-interfaces tap1 Name Idx Link Hardware tap1 2 up tap1 Link speed: unknown RX Queues: queue thread mode 0 vpp_wk_1 (2) polling TX Queues: queue shared thread(s) 0 no 0 1 no 1 2 yes 1-2 3 no 3 4 no 4 Ethernet address 02:fe:09:3a:48:ff VIRTIO interface instance 1 set interface tx-queue tap0 queue 4 threads show hardware-interfaces tap0 Name Idx Link Hardware tap0 1 up tap0 Link speed: unknown RX Queues: queue thread mode 0 vpp_wk_0 (1) polling TX Queues: queue shared thread(s) 0 no 0 1 no 1 2 no 2 3 no 3 4 no Ethernet address 02:fe:03:6a:66:fc VIRTIO interface instance 0 Change-Id: I6154476ec9ff0b14287098529c88a14b779371a5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-05-27ip: allow the 'ip6 enable' on tunnel interface typesNeale Ranns1-27/+19
Type: feature This was limited to HW interface types (for historical reason AFAICT) Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3785a356ae31722fa60d84f64ec9aa53ebdd615f
2021-05-26fib: During the mfib lookup set the unicast FIB index in the packet so that ↵Neale Ranns1-26/+28
a uRPF check on a for-us packet is done in the correct VRF Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iafa6efea0d96962aa9136dccefc148a961f74476
2021-05-25srtp: basic implementation based on libsrtp2Florin Coras2-2/+3
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic5e99938a5f130e83de6d590d2f89252d055bceb
2021-05-25interface: show if tx queue is sharedDamjan Marion1-4/+6
Type: improvement Change-Id: Idb48f835730db6c652c4b0e6ef310c7f36599a72 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-21session: improve main thread connects rpcFlorin Coras2-18/+26
Avoid grabbing the worker barrier if there's no work to be done. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ice3de5df41cd1752aba3419ad2e2dd82f30e9bfb
2021-05-21bfd: use vnet cryptoKlement Sekera3-104/+43
Type: improvement Change-Id: I873a99c1258a97ed5ed195b9756e8302f865e7f0 Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-05-21ipsec: Default the IPSec interface MTU to 9000Neale Ranns1-0/+1
Type: fix The same value is used for other tunnel types. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6593001918993d65f127cc9f716c95e932239842
2021-05-20gre: Walk IPv6 adjacencies during restackMatthew Smith1-2/+4
Type: fix If a GRE tunnel is created and the peer is not resolved yet and an IPv6 route is added which points to the tunnel, packets matching the route will be dropped. When the tunnel peer is resolved, adjacencies on the tunnel interface should be restacked and packets matching the route can be encapsulated and sent.. There is a loop that is intended to do this for both IPv4 and IPv6. The call to walk adjacencies is invoked in a "return" statement though. So the loop is exited and the function returns before IPv6 adjacencies are walked. Remove the return so the loop finishes. Change-Id: Ia4f695681713020209ea490ae4142857cea49c41 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-05-20tls svm: prealloc tcp fifo chunks before ssl writeFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c47b55ec6f0c83f2d13e0e737d0559a32f7c837
2021-05-20session: fix transport half-open cleanup callFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I47d241a8f2f9e9d0761d14dcddd3327c3b28932c
2021-05-19session: cleanup event llist usageFlorin Coras3-41/+27
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I750c856ac81d951e8c0e62c710e0f35a0c80d6f9
2021-05-19session: fix session queue node access on disableFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie4e3623e7e00456437fac5fb8f9c9083f1aa2a2e
2021-05-19interface: shared tx queue supportDamjan Marion2-4/+7
Type: improvement Change-Id: I6bb7b6d6bd63b044952ab981be5b0673144c9834 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-18tls: fix dtls with no workersFlorin Coras4-10/+22
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecc33fda7f28c037289775ffe0525a50f89a2b8c
2021-05-18session: poll main thread if pending connectsFlorin Coras3-48/+76
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8a15c50531f3ccd5f91dbc0779e4d9c0d146844
2021-05-18session: only handle old ctrl events per dispatchFlorin Coras1-6/+12
Avoids dispatching ctrl events generated while handling the current pending list. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibeaf901ba4cf58a68fbd88e5ec3c23f6c2f6f145
2021-05-18session: move tx-buffers to tx ctxFlorin Coras2-16/+14
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I10ec410fb7f3acb47128dda23510162dc13b20d0
2021-05-17virtio: add the checks for descriptors chain lenMohsin Kazmi1-0/+23
Type: fix virtio uses indirect descriptors for chain buffers. indirect descriptor chain is mapped on a vlib_buffer_t. Single descriptor is 16 bytes and vlib_buffer_t has 2048 bytes space. So maximum long chain can have 128 (=2048/16) indirect descriptors. This patch adds check to make sure descriptors chain len should not exceed 128. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I060cfb7709568f42c9b5634527172690ce66a1a3
2021-05-16session: rpc for connects to mainFlorin Coras3-5/+88
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifa47e1500e5cfb3c717f87b1d21131b9531c9005
2021-05-15session: fix coverity warningFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I24484a5192d7e683507ed640f75fb37914c0efb0
2021-05-14tcp: remove ho lockFlorin Coras3-13/+0
Half-open sessions are allocated by main thread and cleaned up on main with timers. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I37f000920a45908b62b5501ae9d54a88a9e4c609
2021-05-14vlib: pass node runtime to vlib_buffer_enqueue_to_thread()Damjan Marion7-16/+12
Mechanical change for patch following this one... Type: improvement Change-Id: Iee12f3a8851f35569e6c039494a94fc36e83d20f Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-14interface: fix converity in update_runtime_dataMohammed Hawari1-1/+1
Change-Id: I59eb41516b5e052109428ae70660ed49126c25bb Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-05-14interface: update tx queue runtime if vector size changesDamjan Marion1-1/+5
Fixes issue which causes crash in case when VPP only runs with main thread. Type: fix Change-Id: Ia0ca973bb7e7ff81f15b37764ae248e2502bdcec Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-14session: switch ct to vc and track half-opensFlorin Coras5-77/+220
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7f9c4b9b6e523ab549087ad21724f34f08fca793
2021-05-14tls: switch dtls to vc and track half-opensFlorin Coras4-14/+132
Also adds support for half-open support transport migration. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id04c194138956336f93246bbed0332a7030c67e2
2021-05-13interface: fix tx queue runtime updateDamjan Marion1-0/+2
Type: fix Change-Id: I5ce7e57ae277de26af602fe786048bf21b8612f8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-13tests: move test source to vpp/testDave Wallace22-10139/+0
- Generate copyright year and version instead of using hard-coded data Type: refactor Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I6058f5025323b3aa483f5df4a2c4371e27b5914e
2021-05-12flow: fix vxlan vni convert bugChenmin Sun1-2/+2
This patch fixes a vxlan vni field conversion bug in flow api layer Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I37b2ffb54792f48b390ff42da577db2c4869d253
2021-05-12tls: switch to vc service and track half-open sessionsFlorin Coras7-19/+78
Half-open tls sessions are now tracked by the app worker and are cleaned up only when tcp cleans up its half-open session, i.e., independent of when the established tls context is allocated. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5d594d7095192dd527daf4ea1358ffeccdfcc7a
2021-05-12session: return connect session handle to appFlorin Coras6-32/+36
App transports not supported for now. Will have to be updated individually. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I75cb6c4e1c5af008af72858a9ee573016812abd4
2021-05-12session: support half-close connectionliuyacan9-5/+139
Some app(e.g. Envoy) may call shutdown() instead of close() when draining connection. Type: improvement Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I9543b9ca3caa87b10b134fd1fc4019124e41e4d2
2021-05-11ip: ensure ttl doesn't decrease to 0 when puntingAloys Augustin1-0/+2
Change-Id: I248ef12fd34ea2a1c383fbcc530a8ffeb31ba92b Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2021-05-11interface: tx queue infraDamjan Marion10-50/+485
Type: improvement Change-Id: I415b2f980de10ca3154d2c8677c24792453eccd0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-05-10misc: fix crash in lawful intercept CLIhemant_mnkcg1-6/+6
Type: fix Signed-off-by: hemant_mnkcg <hemant@mnkcg.com> Change-Id: I097815617053dac09de7ad3092b3d3071770114f
2021-05-10session: use half-open sessions for vc establishmentFlorin Coras9-119/+126
Use half-open sessions to track virtual circuit connection establishment. These sesssions can only be allocated and freed by the thread that allocates half-open connections (main). Consequently, they can only be freed on half-open cleanup notifications from transports. Goal is to simplify state tracking within the session layer but it's also a first step towards allowing builtin apps to track and cleanup outstanding connects. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8a535906d13eb7f8966deb82333839de80f8049f