summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2024-02-19dev: fix type for uint32 arg valueMonendra Singh Kushwaha1-1/+1
Type: fix Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-19wireguard: notify key changes to crypto engineLijian Zhang2-0/+12
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith1-10/+13
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-18udp: use transport port refcnt on acceptFlorin Coras3-2/+11
Use udp transport refcnt instead of local port refcnt when accepting new connections. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
2024-02-18vnet: Use platform specific netlink headers on FreeBSDTom Jones1-0/+5
Type: improvement Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Disable tuntap build on not LinuxTom Jones1-0/+2
tuntap requires porting on FreeBSD, only build on Linux for now. Type: improvement Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Provide platform specific if_tap headersTom Jones2-0/+8
Type: improvement Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Only build tap on LinuxTom Jones1-0/+2
tap requires some porting on FreeBSD, while we wait for those changes only build tap on Linux. Type: improvement Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-17tcp: retransmit fins in last-ackFlorin Coras2-2/+2
Fix instances where timers are reset after programming fin. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
2024-02-16udp: unregister ports on all cleanupsFlorin Coras1-4/+3
UDP transport port refcount is incremented even if port is shared. So decrement it, by unregistering, whener udp connections are cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
Make sure ctx is initialized before ho is marked as done. Type: fix Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-15session: postpone ct cleanup if rx evt pendingFlorin Coras1-3/+4
Type: fix Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-13vnet: Don't use __unused for struct paddingTom Jones1-1/+1
__unused is a clang keyword, this struct member will trip the build when using clang. Instead call the unused padding 'pad' which should be clear to the purpose if not the usage. Type: improvement Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-12fib: contention with DP on deleting a routeSteven Luong1-0/+1
Add vlib_worker_wait_one_loop prior to invoking dpo_reset upon uninstalling a fib entry to avoid contention with DP. Type: fix Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-02-07udp: add cli to dump transport portsFlorin Coras1-0/+92
show udp transport ports Dumps list of ports registered by udp transport, as opposed to udp local, and their refcount. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
2024-02-02session: guard session lookup table allocsFlorin Coras2-0/+37
Session lookup tables could be allocated from workers, e.g., connects are done from first worker. Make sure consumers are not affected by stopping workers. Type: fix Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: set app closed flag in frameworkFlorin Coras1-0/+1
Set the flag in tls framework as opposed to tls engines. This is similar to passive close. Type: improvement Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras2-23/+25
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor1-2/+0
the error node is set to ip6_input in the inline funcition associated with ip6_rewrite. Thus, error counters defined for node ip6 rewrite are never used. Type: fix Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2024-01-25udp: update rx sw_if_index to ip-local selected oneFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0afd1b9ddbc17825aab3bfa3e5f9c6c0fbc561ca
2024-01-23tls: fix ho leak on tcp connect returnFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
2024-01-23tls: overlap parent opaque with listener ctxFlorin Coras1-5/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
2024-01-23tls: set flag whenever app session is freedFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
2024-01-22session: flag instead of state for filtering ntfFlorin Coras1-2/+2
Avoid situations when notifications are delayed for long enough for transports to start closing/cleaning up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
2024-01-16vnet: fix log_debug message formatGeorgy Borodin1-2/+1
debug+asan build will fail on initialisation when loglevel==debug Type: fix Fixes: 1cd0e5dd533f4209dde453eaa43215e52cd42985 Change-Id: I2005ebf9b95ec3b753c4e6d29337be460c77ffed Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-01-15session: avoid spurious disconnect and reset ntfsFlorin Coras1-2/+4
Type: fix Change-Id: Icdc9d1c8b7b29827ce17920dae64a365bb8a4e40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-12session: fix app wrk free leakFlorin Coras1-1/+1
Type: fix Change-Id: I9c48b163f174b824df1a76e75c272dc985386bf2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-09session: make app listener pool globalFlorin Coras6-54/+45
One less pointer chase when accepting sessions. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
2024-01-09session: support for cl port reuseFlorin Coras7-36/+166
Adds support for connectionless listener port reuse. Until now, cl listeners had fifos allocated to them and therefore only one app worker could ever listen, i.e., a session cannot have multiple fifos. To circumvent the limitation, this separates the fifos from the listener by allocating new cl sessions for each app worker that reuses the app listener. Flows are hashed to app worker cl sessions but, for now, this is not a consistent/fixed hash. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
2024-01-09session: avoid spurious closed notificationsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia98556e7ae61547cf153c78ec085cd4248bee74a
2023-12-22session: add flag to track cless sessionsFlorin Coras2-4/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0bb6aba26f1cd974d6bb3b5fe6234aacfee0d30c
2023-12-22session: unset fifo evt to enqueue ack evt on tcp timewaitemmanuel1-3/+6
Incase the ack for the fin is lost twice or want to dup ack packets with incorrect ack/seq # at different times and session state is already closed, this fifo event is set for the first ack that went out and prevents queuing of further events. Type: fix Change-Id: I102019fca26918a51e055a751db7209011bd43ad Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
2023-12-21dev: per-queue format callbacksDamjan Marion2-0/+8
Change-Id: Ia9fa6fab6288b4d0876022e72bf4f49bd00a19d2 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-12-21fib: format deleted LBNathan Skrzypczak2-1/+15
This patch allows the formatting of deleted Load-balancer objects. This is needed in the case a trace references a DPO that went away in the interim. Type: improvement Change-Id: I6d67519b8d62f69aafde3c8fe3065bc85a7adbde Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-12-20virtio: virtio_flags api use enumflag instead of enumOle Troan1-1/+1
In the API there is a difference between enum and enumflags. The latter one allowing multiple set entitires, while enum only allows one. Type: fix Change-Id: I5db88c15c85fc6c7130b7b35febcd1ea02ef8f76 Signed-off-by: Ole Troan <otroan@employees.org>
2023-12-15session: add forced reset api to ct transportFlorin Coras2-1/+14
Type: improvement Change-Id: Iebf9ee8275a92e962679e3d0d22d33ed0bd8b3ab Signed-off-by: Florin Coras <fcoras@cisco.com>
2023-12-14tls: no closed notify if no app sessionFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0e58bb970d371818217390d451cf26925b04970f
2023-12-14bpf_trace_filter: allow use whithout classifierMohammed Hawari1-0/+3
Change-Id: I7ac5693ca547fe7249e7b6297bade70a6052b169 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2023-12-13tls: postpone ho cleanup if not fully establishedFlorin Coras2-8/+80
If ho cleans up on first worker before owner of established session receives connected notification, the ho session is prematurely cleaned up. Wait for established ctx to be allocated before freeing ho. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
2023-12-12ipsec: allow receiving encrypted IP packets with TFC paddingArthur de Kerhor1-4/+42
Type: feature Change-Id: I7b29c71d3d053af9a53931aa333484bf43a424ca Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: BenoƮt Ganne <bganne@cisco.com>
2023-12-08dev: caps and rx/tx offload supportDamjan Marion3-4/+125
Type: improvement Change-Id: I7972f595444eacdb020f3fa2a60331c40766fc0b Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-12-07vnet: allow format deleted swifidxNathan Skrzypczak3-7/+8
This patch prevents the sw interfaces format function to fail when the interface was deleted. It also prints the swifindex alongside the 'DELETED' keyword. Printing deleted swifindex should not happen, but it is still helpful to have these safeguards for troubleshooting in the case invariants get corrupted (e.g. fib entry refcounts, ...) Type: improvement Change-Id: I66711049db2eebe0ad17e37c3a260ac81d1e5134 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-12-05l2: resolve l2 rewrite entry 'hit_count' always being 0 bugyanlong1-0/+2
The hit_count does not implement the corresponding processing logic, and here the missing is fixed Type: fix Fixes: missing Change-Id: I04a8e11d6b48c2a15c371cbeb2467fa89a9d82bb Signed-off-by: yanlong <dyl_wlc@163.com>
2023-12-04dev: mark API handlers as thread safeDamjan Marion1-2/+3
Type: improvement Change-Id: I2acab04ddb6a46a637ed17c683fb37ed7bce3df6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-12-02session: no segment handle on worker delFlorin Coras1-2/+2
Coverity report. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3ce06634b30688d2a9581b50d462092daa8b4cac
2023-12-01ipsec: should use praddr_ instead of pladdr_Dengfeng Liu1-1/+1
Type: fix Change-Id: I982ef624226807d7c263e3ff83c108f7d31f61f1 Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2023-11-30dev: use the endian reply macroVratko Polak1-34/+34
Checkstyle also forces the new indentation. Type: fix Fixes: ddf6cec37027547ff7cc61e15bb8080664d41514 Change-Id: Ife96928d6ca30ba94e1c423d557d6ed9d68eca2b Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-11-29session: no reply on app del worker with sapiFlorin Coras1-0/+4
With socket api, applications should not expect reply after worker del msg. VCL in particular closes the socket after it enqueues the message. Found by ASAN. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
2023-11-29tcp: fix rxt send of new data assertFlorin Coras1-2/+1
We might have less than 1 mss when attempting write but more after write, as application could be actively enqueuing more data. Relax assert. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I54a83c4460f8e022a88758f0ebd7828df711dbb9
2023-11-29pci: fix MSI-X vector length checkDamjan Marion1-1/+1
Type: fix Fixes: 38c6191 Change-Id: I7760947986dc56236f2494fb1c8c238321489ef6 Signed-off-by: Damjan Marion <damarion@cisco.com>