summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-11-09ipsec: IPsec fix constant propagationMaxime Peim1-2/+3
In some anti-replay, some functions weren't using the boolean telling if the window was huge or not. Hence, limiting the constant propagation at compilation. Type: fix Change-Id: Ie5f2dda38339bb32113c6f7b2b82c82135fc92a8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-11-08tls: avoid reads after tcp transport removedFlorin Coras1-4/+18
Make sure underlying transport connection is not removed on rescheduled read event. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
2023-11-08dev: remove unused codeDamjan Marion3-37/+0
Change-Id: If380e4ab6ca30243137fd31fbe51845c0414721a Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-08dev: interrupt mode supportDamjan Marion10-154/+306
Type: improvement Change-Id: I4a0578598182339bcf76e6b01da76b590a06f773 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-07misc: silence -Wmaybe-uninitialized warningsJieqiang Wang2-2/+2
GCC 12 complains about such errors while the code itself looks good. Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I021719fdbf7d9bd93a12eac76aeac8cbca13a810
2023-11-06ipsec: delete redundant codeDengfeng Liu1-4/+0
Type: fix Change-Id: I0de1c51455b0d3958c75ab5626a318ac656adbe7 Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2023-11-04bonding: add checks for sw_if_index in apiStanislav Zaikin1-0/+12
Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I16b48460b3fcd82bbb89c375402cb2455414d8bb
2023-11-03vppinfra: refactor interrupt codeDamjan Marion2-7/+4
Type: improvement Change-Id: Ie6987736faf7d8a641762e276775da8ee0c03ea4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-03dev: strip debig log function name prefix during compilationDamjan Marion3-8/+4
Type: improvement Change-Id: I9b9bb37a0895366b412f042b0e2da5bbdd477325 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-02tcp: fix reset w pktFlorin Coras1-24/+3
Do not add ip header as that's added by tcp output and fix checksum. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9439acf5c66184af0350b1d4d7406b3feb2e79a1
2023-11-02dev: new device driver infraDamjan Marion29-1/+5387
Type: feature Change-Id: I20c56e0d3103624407f18365c2bc1273dea5c199 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-01tcp: remove redundant ack checksFlorin Coras1-18/+0
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4001f39afde8c33b60c15f74034bcce013fbbf70
2023-11-01tcp: allow ooo data in syn-rcvdFlorin Coras1-9/+0
As long as ack and segment are legitimate accept ooo data as we transition to established. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I85cdc65d70cb8ae689a9ce9bbe4f86228b1ac533
2023-11-01tcp: postpone cleanup on connect failuresFlorin Coras1-2/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I231b319d4d7aa3e17cc8cfe8aaa4762995a5b2c4
2023-10-31ipsec: separate UDP and UDP-encapsulated ESP packet processingvinay tripathi1-8/+33
This fix differentiates UDP and UDP-encapsulated ESP packets processing. While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as other plain-text protocols is NOT dispatched against SPD policies. Key logic is taken from RFC 3948, and is based on the fact that the checksum of UDP packet encapsulating ESP packet must be zero. Type: fix Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com> Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
2023-10-31ipsec: move udp/esp packet processing in the inline function ↵vinay tripathi1-174/+181
ipsec_esp_packet_process This inline function is introduced to simplify code readability and allows to splitting of UDP and ESP processing in the next step. Type: improvement Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
2023-10-30ipsec: huge anti-replay window supportMaxime Peim10-168/+680
Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
2023-10-27session: fix bind replies with errorsFlorin Coras1-1/+1
Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icdff3528fcaf863b400b9aca6c30d284bc17d5f0
2023-10-26devices: remove unused codeDamjan Marion2-19/+0
Type: improvement Change-Id: I2427e1a93e89e9a7ac884b84352b96cf523ae11e Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-25fib: only update glean for interface if necessaryMatthew Smith2-8/+81
Type: improvement If an interface address is added, the glean adjacency for it's covering prefix is updated with that address. In the case of multiple addresses within the same prefix being added, the most recently added one will end up being used as the sender protocol address for ARP requests. Similar behavior occurs when an interface address is deleted. The glean adjacency is updated to some appropriate entry under it's covering prefix. If there were multiple interface addresses configured, we may update the address on the adjacency even though the address currently in use is not the one being deleted. Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag identifies whether a source interface entry is being used as the address for the glean adjacency for the covering prefix. Update logic so that the glean is only updated on adding an interface address if there is not already a sibling entry in use which has the flag set. Also, only update the glean on deleting an interface address if the address being deleted has the flag set. Also update unit test which validates expected behavior in the case where multiple addresses within a prefix are configured on an interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
2023-10-24crypto: fix algo selectionDmitry Valter1-1/+4
Check if crypto ops vector is matching actual ops instead if blindly dereferencing it. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Ib88ab44137d9360ee96228e72349a62b2fa7a7e0
2023-10-16tcp: initialize connection index on rst w packetFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie01d7e8d6eddf3ba88f2cd6eb8369c8ec8179cb4
2023-10-16tcp: allow fins in syns in syn-rcvdFlorin Coras1-7/+11
Also make sure connection is properly cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02f83e9a1e17cbbbd2ee74044d02049b2fd2f21c
2023-10-16tcp: handle syn-ack in fin-wait-2 in rcv processFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If74e04498423bed42593e79ec92482421cfda8d2
2023-10-16ip-neighbor: do not use sas to determine NS source addressOle Troan1-2/+3
Using the source address selection algorithm to determine the best source of an NS for address resolution risks incompatible behavior. It may choose a source address that is off-link to the other host. Which may drop it. A safer approach is to always use the link-local address as the SA. It's recommended to pick a source that an application will later use, as VPP is mostly a router, that rarely applies. And regardlessly we have no mechanism to signal from an application that triggered address resolutiuon what source address it intends to use. Type: fix Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16ip-neighbor: add ip neighbor flushOle Troan1-2/+11
Flushing the neighbor cache was only available through API. Add CLI command. Either flushes whole table (IP4,IP6) or all neighbors on specified interface. Type: improvement Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-14feature: remove unused codeDamjan Marion5-136/+4
Type: improvement Change-Id: If775b1d145e462346de562a3c893f302e8c7b814 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13ethernet: run callbacks for subifs too when mac changesAlexander Chernavin1-1/+10
When MAC address changes for an interface, address change callbacks are executed for it. In turn adjacencies register a callback for MAC address changes to be able to update their rewrite strings accordingly. Subinterfaces inherit MAC address from the parent interface. When MAC address of the parent interface changes, it also implies MAC address change for its subinterfaces. The problem is that this is currently not considered when address change callbacks are executed. After MAC address change on the parent interface, packets sent from subinterfaces might have wrong source MAC address as the result of stale adjacencies. For example, ARP messages might be sent with the wrong (previous) MAC address and address resolution will fail. With this fix, when address change callbacks are executed for an interface, they will be also executed for its subinterfaces. And adjacencies will be able to update accordingly. Type: fix Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12session: fix duplicate rx eventsFlorin Coras1-10/+0
Be less aggressive with rx events on connect/accept notification. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
2023-10-12session: ignore connecting half_open session in session_tx_fifo_dequeue_internalSteven Luong1-1/+3
s->tx_fifo is 0 for the connecting half open session. Type: fix Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb Signed-off-by: Steven Luong <sluong@cisco.com>
2023-10-11session: ignore app rx ntf if transport closedFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id56a101a6350903b00f7c96705fb86039e70e12c
2023-10-11session: fix tx deq ntf assert for clFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I97a04ed0417f1a3433665f6aa1a9424138fd54cb
2023-10-10session: maintain old state on premature closeFlorin Coras1-7/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2ea821e0499a3874c4579f5480ea86f30ebe615f
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-07session: propagate delayed rx evts after connect/acceptFlorin Coras1-5/+20
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4a2e8f864df7269ec5a3c4fd4d8785a67b687d58
2023-10-07session: handle accept and connect errorsFlorin Coras2-6/+29
If builtin apps refuse connections, they should be cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
2023-10-03session: make port range configurableNathan Skrzypczak3-1/+16
Type: feature This patch makes the port range used by the transport layer configurable in the manner of sysctl's ip_local_port_range. Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-10-01flow dpdk avf: add support for using l2tpv3 as RSS typeXinyao Cai1-0/+1
This patch adds support for using l2tpv3 as RSS type Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
2023-10-01fib: Crash when specify a big prefix length from CLI.Gavril Florian4-1/+33
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
2023-09-26tls: init connection for prealloced app sessionsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
2023-09-26fib: fix mpls label dpo drop protoVladislav Grishenko1-2/+2
Next drop node should be related to payload protocol. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
2023-09-25fib: fix mpls label dpo packets prefetchingVladislav Grishenko1-16/+16
Four packets are batched after 696e88da9799056036f329676213f3c0c0a1db9c, so prefetch is required for the next 4-7 packets, not for 2-5. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
2023-09-24fib: Don't use an address from an attached prefix when sending ARP requests.Neale Ranns2-4/+12
Change-Id: I4c3144794dd0bd7de6150929e53f6d305c496b17 Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7b0c2c2dec5e867970599b8f2f2da17f2ff0b17c
2023-09-23udp: fix udp encap tracingDmitry Valter1-2/+2
Correct trace functions correspond with the encap type rather than with the payload type. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Iea1eb08a2ce9d147984ef604c7a39c62c7330e80
2023-09-22tls: ignore tx events for not fully established sessionsFlorin Coras1-6/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401a116a1a46c0dc5d591115de5ff0eef2f6440b
2023-09-13sr: mark sr_policies_v2_details message as productionAndrew Yourtchenko1-1/+0
As per discussion on the VPP community call, since the message is used in CSIT tests and did not see the changes in a while, mark as production for the purposes of change process. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4a79aafb1a9f37ac87faea7abea28cf01d1ffb4c
2023-09-13flow: mark API as productionAndrew Yourtchenko1-1/+1
As per discussion on the VPP call - since the APIs are used in CSIT tests, mark them as production from the change process perspective. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I9164073425384e8aa281445a2852fee49b777e2f