aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-02-08ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-03session: fix out of bounds event memcpyFlorin Coras1-3/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5300653edd2dad470985f4591959d00cad2a43b (cherry picked from commit af2e88d964ff8bd8eca30c182ab00e178213c1d4)
2023-01-16ipsec: fix transpose local ip range position with remote ip range in fast ↵Piotr Bronowski2-13/+13
path implementation In fast path implementation of spd policy lookup opposite convention to the original implementation has been applied and local ip range has been interchanged with the remote ip range. This fix addresses this issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
2023-01-11virtio: add option to bind interface to uio driverBenoît Ganne3-2/+32
Type: improvement Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-11sr: remove stale runs_afterNathan Skrzypczak1-1/+0
This patch removes a .runs_after = VNET_FEATURES ("ip6-lookup"), On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc. Type: fix Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-01-10sr: fix compilation errorsGuillaume Solignac2-7/+9
Uses VPP's clib_host_to_net functions, and initializes a potentially uninitialized variable. Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
2023-01-10udp: avoid listener cleanups with active opensFlorin Coras2-0/+15
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
2023-01-10session: avoid trying to send incomplete dgramFlorin Coras1-2/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
2023-01-10udp: initialize gso_size on dgram enqueueFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
2023-01-06session: avoid dgram dequeues with no transportFlorin Coras1-0/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1a3393b579caeb5dc25b60bc1b4a71706fb07051
2023-01-06bfd: fix ip address cli parsingBenoît Ganne1-51/+58
unformat_ip46_address() requires the address type as 2nd parameter. Type: fix Change-Id: Iaa1aebaebd1a947dab6c936c3b931854c0a3facc Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-23hsa: fix echo client workers initializationBenoît Ganne1-3/+3
We were creating an additional worker not backed by any VPP threads, leading off-by-1 access in the session main workers vector. Also uses vec_elt_at_index() when accessing session main workers vector elements to catch those errors more easily. Type: fix Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-21af_packet: move to pluginMohsin Kazmi10-3546/+0
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
2022-12-20udp: fix tx handling of non-connected sessionsFlorin Coras2-27/+31
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I659b9914fcfa4619a68e9807ef241f88c96b3bd0
2022-12-16bfd: fix bfd udp error enum incompatibilityDmitry Valter2-4/+55
New BFD UDP errors were no longer compatible with BFD errors. This was causing out-of-bound reads and ASAN test crashes. Fix this issue by statically checking if these enums are compatible. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor5-0/+186
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-12-15interface: fix format_vnet_interface_output_traceluoyaozu1-3/+2
format vlib_buffer_t::flags into interface output trace Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
2022-12-14vcl: enable gso for 'sendmsg' in LDP mode.Dou Chao3-8/+17
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg which is a combination of gso_buffer and gso_size. but if HostStack regardless the gso_size to the buffer and split the buffer with default mss, that cause peer client failed on parsing the package. Type: improvement Signed-off-by: Dou Chao <chao.dou@intel.com> Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459 Signed-off-by: Dou Chao <chao.dou@intel.com>
2022-12-09nat: fixed return values of enable/disable callFilip Varga1-1/+3
NAT44 enable/disable return status was used instead of appropriate VNET_API_ERROR_ code. Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
2022-12-07tcp: avoid retransmit head with no dataFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369
2022-12-07classify: increase metadata from 16- to 32-bitsBenoît Ganne2-9/+11
The metadata in classifier entries is used to index a fib or a dpo in the acl nodes which can exceeds UINT16_MAX in large configurations. To maintain entries size and alignment, decrease next_index from 32- to 16-bits: next_index should not exceed 16-bits in VPP, as it is already shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node. Type: fix Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-02session: move connects to first workerFlorin Coras10-92/+70
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-12-02vnet: fix trace flag copying in icmp4Klement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
2022-12-02vhost: convert vhost device driver to a pluginSteven Luong8-6677/+0
convert vhost device driver to a plugin as described in https://jira.fd.io/browse/VPP-2065 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
2022-11-29udp: refactor port allocation and sharingFlorin Coras4-72/+28
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
2022-11-29session: transport endpt cleanup on owner threadFlorin Coras4-16/+83
Maintain a single writer multiple readers usage model for transport endpoints pool. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8555700ed725971341f145ea97f031042a298e83
2022-11-29ipsec: use correct reply messageVratko Polak2-1/+2
Type: fix Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6 Ticket: VPP-2068 Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-11-28ipsec: remove redundant policy array in fast path spdPiotr Bronowski3-90/+178
Fast path spd was explicitely storing array of policy id vectors. This information was redundand, as this inofrmation is already stored in bihash table. This additional array was affecting performance when adding and removing fast path policies. The other place that needed refactoring after removing this array was cli command showing fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
2022-11-28udp: preallocate ports sparse vec mapFlorin Coras1-2/+80
Not ideal. The sparse vector used to map ports to next nodes assumes only a few ports are ever used. When udp transport is enabled this does not hold and, to make matters worse, ports are consumed in a random order. This can lead to a lot of slow updates to internal data structures which in turn can slow udp connection allocations until all ports are eventually consumed. Consequently, reallocate sparse vector, preallocate all ports and have them point to UDP_NO_NODE_SET. We could consider switching the sparse vector to a preallocated vector but that would increase memory consumption for vpp deployments that do not rely on host stack. For reference, populating one of the v4 or v6 sparse vectors in reverse order takes about 9.8s on a skylake cpu. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
2022-11-25interface: remove the pending interrupt from deleting interfaceMohsin Kazmi2-5/+16
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd
2022-11-24sr: srv6 path tracing apiJulian Klaiber4-0/+160
Implements the API for SRv6 Path Tracing Type: feature Signed-off-by: Julian Klaiber <julian@klaiber.me> Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
2022-11-23gso: add gso documentationMohsin Kazmi1-0/+154
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84
2022-11-22policer: adding documentationMaxime Peim2-4/+231
Type: docs Several kinds of policers are implemented in VPP. However, they could differ from the RFCs it is said they are from. Additionally, the CLI command's help has been updated with the current list of acceptable parameters. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
2022-11-21ipsec: improve ipsec policy adding performanceXiaoming Jiang1-19/+15
Type: improvement Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
2022-11-18ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns1-1/+1
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
2022-11-15session: add transport main structureFlorin Coras1-39/+37
Leave tp_vfts vector out for now. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f
2022-11-11session: safe pools for cut-through sessionsFlorin Coras1-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6dd400285ae475974c416f9b94e8a5b4b6257ca1
2022-11-10session: reduce safe pool expand rateFlorin Coras1-2/+1
Make sure they only double in size. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33
2022-11-10http: support client connectFilip Tehlar1-0/+2
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0738c0aefb41ab6c0ff717cfccd1df75ddb481fa
2022-11-09ip: fix unformat_ip_address forcing version to IP4 for some IP6 addressesAndrew Yourtchenko1-9/+10
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether the address is ipv4 or ipv6 within unformat_ip_address - however, its logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified) will result in "true" result. This is probably not an issue for most of the cases (the unspecified address is quite rare), however if the unformat_ip_address is used as part of the prefix parsing, the ::/0 is a fairly often utilized construct, which gets parsed as 0.0.0.0 Solution: return the old logic, but use a temporary variable to avoid overwriting the target memory on failure. Type: fix Fixes: dd2f12ba6ab952d9d66f4d9ba89ffde6309b1ff2. Change-Id: I272f740dfdf07036cec68516e153f0701a53233d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-08policer: improvement show policer cli.Huawei LI1-3/+3
cli show policer's help info is not consistent with it's arguments. Type: improvement Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd
2022-11-06ip6-nd: set router flag on NA if appropriateMatthew Smith3-1/+19
Type: fix The router flag on a neighbor advertisement can be used by neighbors to detect that a router has changed to a host (RFC 4861 section 4.4). If a neighbor adds routes after receiving a router advertisement sent by VPP and subsequently receives a neighbor advertisement sent by VPP, it may remove any routes it added based on the RA if the NA does not have the router flag set. It appears that this is how windows behaves. When sending a neighbor advertisement, set the router flag if sending RAs is enabled on the interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d
2022-11-05ip6-nd: initialize radv_info->send_radv to 1Dave Barach1-0/+3
Otherwise, the newly configured interface will never send RADV's. See below. In the typical case, suppress = 0 and is_no = 0, which propagates the current value of radv->send_radv: radv_info->send_radv = (suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv; No other bit of code will set send_radv, at least in straightforward ways. Type:fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d
2022-11-04classify: fix crash when update nonexistent classify table.Huawei LI1-1/+3
vpp crash when update nonexistent classify table. Program received signal SIGABRT, Aborted. 0x00007fbf3b49b337 in raise () from /lib64/libc.so.6 (gdb) bt 0 0x00007fbf3b49b337 in raise () from /lib64/libc.so.6 1 0x00007fbf3b49ca28 in abort () from /lib64/libc.so.6 2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417 3 0x00007fbf3bb611c7 in debugger () at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:84 4 0x00007fbf3bb61529 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fbf3d03af08 "%s:%d (%s) assertion `%s' fails") at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:143 5 0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152, skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000', current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780 6 0x00007fbf3c672bf4 in classify_table_command_fn (vm=0x7fbefb465740, input=0x7fbeed930ef0, cmd=0x7fbefc45ec18) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:1622 7 0x00007fbf3d52b527 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0, parent_command_index=1064) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650 8 0x00007fbf3d52b2c3 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0, parent_command_index=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607 9 0x00007fbf3d52b9cb in vlib_cli_input (vm=0x7fbefb465740, input=0x7fbeed930ef0, function=0x7fbf3d597406 <unix_vlib_cli_output>, function_arg=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753 10 0x00007fbf3d59cb0c in unix_cli_process_input (cm=0x7fbf3d61fe00 <unix_cli_main>, cli_file_index=0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616 11 0x00007fbf3d59d25a in unix_cli_process (vm=0x7fbefb465740, rt=0x7fbf00f7bfc0, f=0x0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745 12 0x00007fbf3d555a25 in vlib_process_bootstrap (_a=140458063833296) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221 13 0x00007fbf3bb74204 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123 14 0x00007fbef10028a0 in ?? () 15 0x00007fbf3d555b4e in vlib_process_startup (vm=0x7fbf3bb7d70f <clib_mem_size+24>, p=0x7fbef10028d0, f=0x7fbf00f06ae0) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246 16 0x00007fbf3d592be6 in vec_max_bytes (v=0x8) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161 17 0x00007fbf00f06af8 in ?? () 18 0x0000000000000004 in ?? () 19 0x00000000000000ff in ?? () 20 0x00007fbef1002980 in ?? () 21 0x00007fbf3d592dcb in _vec_set_len (v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>, len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>, elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) f 5 0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152, skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000', current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780 780 t = pool_elt_at_index (cm->tables, *table_index); (gdb) p *table_index $1 = 8 (gdb) p cm->tables $2 = (vnet_classify_table_t *) 0x0 (gdb) Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: I1c5f6168f0a7e1d1989ce07ec6c30c6fd9f0aaa9
2022-11-03session: fix tx_fifo clear and incorrect bitmap invalidationDongya Zhang2-5/+12
The tx_fifo of session may not be set up yet, if app request to disconnect the session, svm_fifo_dequeue_drop_all will crash. In debug image, ho_session_alloc will do clib_bitmap_validate to prevent race condition, however the input is not correct which will make vpp crash. Type: fix Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609 Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
2022-11-02sr: SRv6 Path Tracing Midpoint behaviourJulian Klaiber4-0/+196
Type: feature Signed-off-by: Julian Klaiber <julian@klaiber.me> Change-Id: I866a2d2e06013380309c98a54078c1b3f6ad76fc
2022-10-31tls: use safe pool reallocsFlorin Coras2-51/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-10-26session: add session event log for session stateSteven Luong5-35/+68
To aid sesipon debug, add session event log in SM debug to track the session state. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686
2022-10-25virtio: use current_data as l2_hdr_offsetMohsin Kazmi1-4/+2
Type: fix virtio transmit node uses header offsets to set the appropriate metadata for packet with offloads. But l2_hdr_offset is not correctly set by previous node(s). This patch makes use of curren_data field as l2_hdr_offset. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218
2022-10-25devices: fix the l2 hdr offset in af_packet transmit sideMohsin Kazmi1-4/+2
Type: fix af_packet transmit node uses header offsets to set the appropriate metadata for packet with offload. But l2_hdr_offset is not correctly set by previous node. This patch makes use of curren_data field as l2_hdr_offset. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0