aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2024-05-03interface: fix check in set_interface_name apiStanislav Zaikin1-7/+6
set_interface_name may crash if wrong sw_if_index is passed e.g. ~0 Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: Ic7e400c914fb33c2f9eac4f2985bb5b163a18d57
2024-05-02gso: use the header offsets from buffer metadataMohsin Kazmi3-143/+142
Type: improvement Change-Id: I955fbef0e0238cb69307e96cd1c677061737e5f3 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-04-24misc: fix int/enum mismatch errors reported by gcc-14Damjan Marion3-4/+5
Type: fix Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-23ipsec: fix CLI for create ipsec itfGabriel Oginski1-3/+6
This commit adds missing support in CLI for creating ipsec itf in p2mp mode. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I1bd1cc6667625b8e527af8d25bd8e723751dbc41
2024-04-19ipip: specify af for a tunnel ip addressesAnton Nikolaev1-11/+12
Currently ipip tunnel allows to use an empty addresses for dst when we trying to add tunnel, but it doesn't return it correctly on ipip dump call. There is case when we create an ipip tunnel with an empty ipv6 address, address is zero, but AF is ipv6. And when we dump ipip tunnels we get an emtpy ipv4 address instead of an empty ipv6 address. There is no point to detect AF for each address in send_ipip_tunnel_details, because ipip tunnel can't handle different AF for src and dst addresses, and prohibits creating ipip tunnel with different AF of dst and src addresses. With this fix, send_ipip_tunnel_details function return a correct AF despite address value. Type: fix Change-Id: Ib343293ad79a300cdb70135fffbfd156dfef6e27 Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
2024-04-18sr: use correct reply to sr_policy_add_v2Vratko Polak1-1/+1
Type: fix Fixes: c4c205b091934d96a173f4c0d75ef7e888298ac7 Change-Id: I110729601a9f19451297883b781ec56e2b31465b Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2024-04-17session: force session cleanups on app detachFlorin Coras1-6/+23
Force transport and session cleanup on session detach if transport is already closing. This should also avoid races between transport initiated session cleanups and pending session control events. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
2024-04-15ip: fix comments for icmp4lijinhui1-1/+1
Type: fix Change-Id: I5f309ca4db4ae4a3e475d87b8f0188c4ead5e562 Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-11tcp: check for header truncationBenoît Ganne1-1/+3
Type: fix Change-Id: I0a43a37971d03a700926d59e848f0b6e6dbeb19a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-10session: add api to detach session from appFlorin Coras3-4/+17
Type: improvement Change-Id: Ib824d0ca9efc7d8967e043db69017655b2dcf6b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-09fib: fix off-by-one error in rewrite length checkBenoît Ganne1-2/+2
The rewrite string can be up to max_size, and max_size can be up to VNET_REWRITE_TOTAL_BYTES. Don't waste the last byte. Type: fix Change-Id: I2fb7e9873b6b4c1e6a55b172c7f753f3c5910802 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-09mpls: fix default mpls lb hash configVladislav Grishenko3-121/+125
In case of multiple path within tunnel, mpls lookup node computes lb hash with mpls_compute_flow_hash config value 0, so only mpls label and l4 ports gets accounted, not 5-tuple. This leads to flow traffic polarization and disbalance over mpls paths. Use mpls hash config from lb instead, usually it'll be MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel. As optimization, fix flow hash reuse from the previous lookup node if present, like ip_lookup does. Previously mpls lookup always calcs the hash. Test lb distribution for both cases. Also, use the same flow hash hex format in ip4/ip6 and mpls traces for easier reading, most code changes is due fixstyle formatting. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
2024-04-09vnet: fix ARP for unnumberedPim van Pelt1-15/+14
On unnumbered interfaces, ARP fails because there is no attached route. Allow replies to peer-to-peer addresses on unnumbered interfaces: eg. 192.0.2.1/32 <-> 192.0.2.2/32 Type: fix Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2024-04-08tls: fix session state update on acceptFlorin Coras1-1/+3
Only set state to ready if session is not already closing. Type: fix Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-05session: fix cleanup for refused sessionsFlorin Coras1-6/+7
Type: fix Change-Id: I739b7129c7e5a3fccefcdeeaf7f4a298223dd8eb Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-04ip6: fix icmp trace flag copyMaxime Peim1-1/+1
Type: fix Change-Id: I56c1a2717f197c889425449b37f51b0f2cc89ea5 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-04-02session: fix closing ntfs handling for refused sessionsFlorin Coras1-0/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1464e93cd3020eaa26068df558924e39dd255ccb
2024-04-02fib: coverity 335348 out-of-bounds accessDave Wallace1-2/+6
- also fix memory leak in adj_glean_walk_proto() Type: fix Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-04-02l2: fix vxlan src port entropy with mpls payloadVladislav Grishenko1-1/+5
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to compute flow hash for udp src port entropy. In case of inner mpls tunnels to the same lsr ethernet src and dst macs are the same, so l2 flow hash is also the same leading to no src port entropy and the only rss queue overflow on receiver side. Fix it for all the possible vnet_l2_compute_flow_hash callers by making mpls playload hash in additon to ip4/ip6. Visible performance impact is not expected as it's only one check for mpls ethertype for common cases. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
2024-04-01fib: add early config support for IP and IP6 default FIB table namesJon Loeliger5-12/+82
Type: improvement Change-Id: I8c248d9e224bd069b641a174da57d448371470af Signed-off-by: Jon Loeliger <jdl@netgate.com>
2024-03-30ipsec: fix clang compile issueKai Ji1-3/+0
Type: fix Change-Id: Ic015b37e18a43c49c3fb3dbff284a17fa2c5fd99 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2024-03-29session: fix api coverity warningsFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
2024-03-29session: add new api for enq tx io eventsFlorin Coras2-2/+10
Type: improvement Change-Id: Iefe5c2e610a26241a88ca783ac548fd8f2317bb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-29session: use custom types for session flags and stateFlorin Coras1-16/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04f836d09a1cbd5a5b55dc64359d2d761dfc4988
2024-03-29session: improve use of session handlesFlorin Coras5-71/+70
First step towards moving to an 8 byte struct instead of u64. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idd0b95520ab7158e175b9af1702fc09c0613a4bb
2024-03-29misc: deprecate lawful-intercepthsandid7-487/+5
Type: refactor Change-Id: Ifd7f5b351401cdcaaaf57fefc5dbbfdaf235054e Signed-off-by: hsandid <halsandi@cisco.com>
2024-03-26tls: init session for accepted ctxFlorin Coras1-7/+7
Make sure session is marked as invalid. Type: improvement Change-Id: I1c861645de95ef15a24acd4fe6dd5364a55b4fb8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-26tcp: avoid fr segments less than mss if possibleFlorin Coras1-1/+5
Type: improvement Change-Id: I958e059384db3c13a29f64be96877f57617bbae2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-24tls: pass session state to engine on client initFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
2024-03-23fib: fix vectorized impl buffer typoDmitry Valter1-1/+1
Fix copy-paste typo with an incorrect index. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I463e6f016df9cd24e96defcd30c1b442b8809416
2024-03-22ipsec: esp_decrypt code clean upFan Zhang1-43/+42
Type: improvement Change-Id: Icac31a8a3da71334e2b877f3b8e5d5a7cc5e76b8 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-21session: fix workers race to allocate lookup tableFlorin Coras1-24/+39
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor5-44/+78
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-21ipsec: remove unused parameter for esp_add_footer_and_icvFan Zhang1-4/+3
Type: improvement Change-Id: Ib6c4e6bc42dd63cb2fdb2dfa7e94baa709e7185b Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-20tls: avoid app session preallocationFlorin Coras1-42/+14
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-15ip: reassembly - return correct valueKlement Sekera2-2/+2
If already enabled, return 0 to indicate success. Type: fix Change-Id: I4a182e14df9b05698ad93d596a97c46a020fd54b Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-12misc: remove GNU Indent directivesDamjan Marion252-1723/+1
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-10session: use no for ports in transport port allocatorFlorin Coras3-11/+17
Type: improvement Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-09session: fix port alloc for fixed lcl port reuseFlorin Coras1-2/+3
Type: fix Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-05ip: force full reassembly before virtualMatthew Smith1-14/+5
Type: improvement The vnet buffer metadata for full IP reassembly and shallow virtual reassembly overlaps. If you have full reassembly and virtual reassembly enabled on the same interface and virtual reassembly happens to process packets first, full reassembly will stomp on the metadata populated by virtual reassembly. Virtual reassembly gets enabled implicitly when NAT feature nodes are enabled. Those NAT feature nodes rely on the virtual reassembly metadata being populated correctly in order to find L4 proto & ports. When NAT and IP full reassembly are both enabled on an interface, NAT can drop fragmented packets because the virtual reassembly metadata can be overwritten by full reassembly. Ensure that full reassembly runs before virtual reassembly. Add a runs_before dependency to ensure that ip4-full-reassembly-feature runs before ip4-sv-reassembly-feature. There was a duplicate VNET_FEATURE_INIT() for ip4-full-reassembly-feature. It seems to have been intended for enabling ip4-full-reassembly-custom as a feature node, but its contents are identical to the earlier VNET_FEATURE_INIT() for ip4-full-reassembly-feature. Removed the duplicate. Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko12-53/+28
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04misc: fix icmpMaxime Peim2-1/+1
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04ip: fix warning on interface ipv6 prefix removeVladislav Grishenko1-1/+1
Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko6-5/+31
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-03-03udp: fix ipv6 udp punt showSamvel Vartapetov1-1/+1
Type: fix Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru> Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
2024-03-01session: add api cb for listen and unlistenFlorin Coras4-17/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-02-28crypto: CLI to change dispatch modeNiyaz Murshed1-0/+39
This change aims to affect crypto_sw_scheduler behavior, but all the edits end up in vnet/crypto. After 9a9604b introduced adaptive mode for crypto dispatch, the performance of async mode at lower rate got worse. A work around for CSIT test is done by changing dispatch mode via explicit API call in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02 In this change, the CLI is brought back to allow user to fix the dispatch mode. set crypto async dispatch mode <polling|interrupt|adaptive> Type: improvement Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras2-22/+10
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-27session: fix transport closed and disconnect raceFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757