summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-03-06crypto: make it easier to diagnose keys use-after-freeBenoît Ganne1-2/+2
Type: improvement Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06interface: fix 4 or more interfaces equality comparison bug with xor ↵lijinhui1-5/+4
operation using (a^a)^(b^b) Type: fix Signed-off-by: lijinhui <lijh_7@chinatelecom.cn> Change-Id: I80783eed2b819a9e6fd4cee973821c9d97c285a6
2023-03-01docs: fixed to use unified "pcap trace" commandNobuhiro MIKI2-4/+4
Type: docs Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace") Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
2023-03-01udp: fix optimistic assert for UDP RXMohammed Hawari2-1/+6
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2023-02-28session: consolidate port alloc logicFlorin Coras4-52/+36
Move port allocation logic from transports into generic transport layer. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
2023-02-28tcp: add dispatch errors to countersFlorin Coras1-9/+10
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I27112947071a757065162f0e50f69983d258525d
2023-02-25tcp: fix error countersFilip Tehlar4-44/+43
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
2023-02-20session: track app session closesFlorin Coras2-2/+9
Make sure applications, especially builtin ones, cannot close a session multiple times. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
2023-02-16session: ignore zero length dgramsFlorin Coras1-1/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
2023-02-10sr: support define src ipv6 per encap policyTakeru Hayasaka5-48/+313
Can to define src ip of outer IPv6 Hdr for each encap policy. Along with that, I decided to develop it as API version V2. This is useful in the SRv6 MUP case. For example, it will be possible to handle multiple UPF destinations. Type: feature Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435 Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-02-08session: accept lcl ip updates on cl sessionsFlorin Coras1-0/+2
Allow apps/vcl to provide updated local ips for dgrams. In particular, allow sessions bound to 0/0 to send data with valid local ips. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
2023-02-08ip6-nd: support dump/details for IPv6 RAAlexander Chernavin5-98/+470
Type: improvement With this change, add support for dumping IPv6 Router Advertisements details on a per-interface basis (or all). Also, cover that with a test. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
2023-02-08ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-06ipsec: fix async crypto linked keys memory leakBenoît Ganne1-1/+6
Type: fix Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-03session: fix out of bounds event memcpyFlorin Coras1-3/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
2023-02-02ip: fix ip ACL tracesBenoît Ganne1-6/+9
If we match a next table, we must save its index in the trace instead of the index of the 1st table. Type: fix Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-02policer: API policer selection by indexMaxime Peim8-257/+801
Policer API calls were only by policer name. It is now possible to select a policer by its index. Some functionalities are also added to allow updating a policer configuration and to refill its token buckets. Some dead codes are being removed, and small fixes made. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
2023-02-02fib: keep AddressSanitizer happyBenoît Ganne1-3/+2
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its use. Type: fix Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-01memif: improve error reportingDamjan Marion1-0/+2
Type: improvement Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-01-25api: pcap capture api updateMaxime Peim5-4/+115
Allow enabling and disabling pcap capture via the API. A little bug is fixed along the way in vl_api_classify_pcap_set_table_t_handler. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
2023-01-23vppapigen: enable codegen for stream message typesStanislav Zaikin1-18/+14
Enable codegen for C type from 'rpc A returns B stream C' notation Type: improvement Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2023-01-19vxlan: convert vxlan to a pluginSteven Luong11-4194/+0
per https://jira.fd.io/browse/VPP-2058 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
2023-01-19ip: add the missing offload checkMohsin Kazmi1-2/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I64283648985c98e81f315da32a451cef6e60f933
2023-01-16ipsec: fix transpose local ip range position with remote ip range in fast ↵Piotr Bronowski2-13/+13
path implementation In fast path implementation of spd policy lookup opposite convention to the original implementation has been applied and local ip range has been interchanged with the remote ip range. This fix addresses this issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
2023-01-11virtio: add option to bind interface to uio driverBenoît Ganne3-2/+32
Type: improvement Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-01-11sr: remove stale runs_afterNathan Skrzypczak1-1/+0
This patch removes a .runs_after = VNET_FEATURES ("ip6-lookup"), On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc. Type: fix Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-01-10sr: fix compilation errorsGuillaume Solignac2-7/+9
Uses VPP's clib_host_to_net functions, and initializes a potentially uninitialized variable. Type: fix Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
2023-01-10udp: avoid listener cleanups with active opensFlorin Coras2-0/+15
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
2023-01-10session: avoid trying to send incomplete dgramFlorin Coras1-2/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
2023-01-10udp: initialize gso_size on dgram enqueueFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
2023-01-06session: avoid dgram dequeues with no transportFlorin Coras1-0/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1a3393b579caeb5dc25b60bc1b4a71706fb07051
2023-01-06bfd: fix ip address cli parsingBenoît Ganne1-51/+58
unformat_ip46_address() requires the address type as 2nd parameter. Type: fix Change-Id: Iaa1aebaebd1a947dab6c936c3b931854c0a3facc Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-23hsa: fix echo client workers initializationBenoît Ganne1-3/+3
We were creating an additional worker not backed by any VPP threads, leading off-by-1 access in the session main workers vector. Also uses vec_elt_at_index() when accessing session main workers vector elements to catch those errors more easily. Type: fix Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-21af_packet: move to pluginMohsin Kazmi10-3546/+0
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3ec857adb3a9e8a778072a202a4d23f4101e83b2
2022-12-20udp: fix tx handling of non-connected sessionsFlorin Coras2-27/+31
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I659b9914fcfa4619a68e9807ef241f88c96b3bd0
2022-12-16bfd: fix bfd udp error enum incompatibilityDmitry Valter2-4/+55
New BFD UDP errors were no longer compatible with BFD errors. This was causing out-of-bound reads and ASAN test crashes. Fix this issue by statically checking if these enums are compatible. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor5-0/+186
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-12-15interface: fix format_vnet_interface_output_traceluoyaozu1-3/+2
format vlib_buffer_t::flags into interface output trace Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
2022-12-14vcl: enable gso for 'sendmsg' in LDP mode.Dou Chao3-8/+17
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg which is a combination of gso_buffer and gso_size. but if HostStack regardless the gso_size to the buffer and split the buffer with default mss, that cause peer client failed on parsing the package. Type: improvement Signed-off-by: Dou Chao <chao.dou@intel.com> Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459 Signed-off-by: Dou Chao <chao.dou@intel.com>
2022-12-09nat: fixed return values of enable/disable callFilip Varga1-1/+3
NAT44 enable/disable return status was used instead of appropriate VNET_API_ERROR_ code. Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
2022-12-07tcp: avoid retransmit head with no dataFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369
2022-12-07classify: increase metadata from 16- to 32-bitsBenoît Ganne2-9/+11
The metadata in classifier entries is used to index a fib or a dpo in the acl nodes which can exceeds UINT16_MAX in large configurations. To maintain entries size and alignment, decrease next_index from 32- to 16-bits: next_index should not exceed 16-bits in VPP, as it is already shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node. Type: fix Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-02session: move connects to first workerFlorin Coras10-92/+70
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-12-02vnet: fix trace flag copying in icmp4Klement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
2022-12-02vhost: convert vhost device driver to a pluginSteven Luong8-6677/+0
convert vhost device driver to a plugin as described in https://jira.fd.io/browse/VPP-2065 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
2022-11-29udp: refactor port allocation and sharingFlorin Coras4-72/+28
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
2022-11-29session: transport endpt cleanup on owner threadFlorin Coras4-16/+83
Maintain a single writer multiple readers usage model for transport endpoints pool. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8555700ed725971341f145ea97f031042a298e83
2022-11-29ipsec: use correct reply messageVratko Polak2-1/+2
Type: fix Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6 Ticket: VPP-2068 Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-11-28ipsec: remove redundant policy array in fast path spdPiotr Bronowski3-90/+178
Fast path spd was explicitely storing array of policy id vectors. This information was redundand, as this inofrmation is already stored in bihash table. This additional array was affecting performance when adding and removing fast path policies. The other place that needed refactoring after removing this array was cli command showing fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
2022-11-28udp: preallocate ports sparse vec mapFlorin Coras1-2/+80
Not ideal. The sparse vector used to map ports to next nodes assumes only a few ports are ever used. When udp transport is enabled this does not hold and, to make matters worse, ports are consumed in a random order. This can lead to a lot of slow updates to internal data structures which in turn can slow udp connection allocations until all ports are eventually consumed. Consequently, reallocate sparse vector, preallocate all ports and have them point to UDP_NO_NODE_SET. We could consider switching the sparse vector to a preallocated vector but that would increase memory consumption for vpp deployments that do not rely on host stack. For reference, populating one of the v4 or v6 sparse vectors in reverse order takes about 9.8s on a skylake cpu. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc