summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-02-22fib: fix mpls db label overflowDmitry Valter1-1/+1
mpls fib DB size was 2^20 instead of intended 2^21. Therefore large mpls labels caused DB to overflow and write to other tables or some random objects. Or crash with ASAN. Sometimes. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
2022-02-18fib: Use the VLIB logger for adjacency debuggingNeale Ranns2-13/+13
Type: improvement remove the [un]lock logs, they are not useful. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
2022-02-18vnet: add set_max_frame_size callbacks for several interfacesArtem Glazychev2-0/+18
This is required after distinguishing between max_frame_size and MTU Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
2022-02-18ipsec: fix vector after remove entry in spdGabriel Oginski1-1/+1
Originally after remove the policy entry in spd, macro "vec_del1" can change localization of the last entry in vector and finally the entry list has not been sorted. This patch fixes this issue by change executed macro "vec_delete" instead of "vec_del1". Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
2022-02-17tls http srtp: fix session index for listenersFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-17ip: Move the IPv6 echo responder into the ping pluginNeale Ranns1-187/+0
Type: refactor To be consistent with the location of the IPv4 responder Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie3a5c3ecc10755317591d7ff57b74770c2798e77
2022-02-17ipsec: Improve the handling of NAT-T keepalive messagesNeale Ranns1-8/+21
Type: improvement Ethernet frames on the wire are a minimum of 64 bytes, so use the length in the UDP header to determine if the ESP payload is one bytes of the special SPI, rather than the buffer's size (which will include the ethernet header's padding). In the case of drop advance the packet back to the IP header so the ipx-drop node sees a sane packet. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic3b75487919f0c77507d6f725bd11202bc5afee8
2022-02-16fib: Use the same adjacency that BFD is usingNeale Ranns3-30/+31
Type: improvement When the adj subsystem is notified of a BFD session, it attempts to find the appropriate adjacency from the session's key. This could lead to a mismatch between the adj used by BFD and that of FIB. The BFD session stores the adj it is using, so FIB uses that instead. Since adj is now using the same adj as BFD, it does not need to maintain its own locks. In BFD it is necessary to initialise the adj index used in INVALID and ensure it is not unlock before listeners are notified of the session delete. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I9630867b10bb18969475299a0c754942a8df0f44
2022-02-16bfd: On a point to point link use the all zeros address for the peer.Neale Ranns1-8/+12
Type: fix The adjacency used is then the same one as that used by routes in the FIB and so the BFD protection/fast-failover works for thise route, since they are children of the BFD protected adjacency. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I72e10b3074697cba8a002a4c1acf690983985157
2022-02-16ipfix-export: pass ipv4 addr to format fn for showPaul Atkins1-3/+4
When the ipfix address was changed to be an ip_address instead of an ip4_address the output when creating an exporter via the cli should have been modified to take the address of the v4 part of the addr. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I141456cd9092c861a4c4aefba4035dbde23efcd6
2022-02-16crypto: Fix for the crash in cryptomgovind1-0/+4
Fix for the crash when both crypto_native_plugin and DPDK QAT are enabled in startup conf. Type: fix Signed-off-by: mgovind <govindarajan.mohandoss@arm.com> Change-Id: Ib020ed7130a99080a093c70c06d47bcacd6d23b1
2022-02-15tcp: Do not include the tcp_packet.h file in the ip4_packet.hNeale Ranns12-97/+106
Type: refactor IP4 does not depend on TCP (it's the other way around). This upside down dependency leads to some nasty circular includes when trying to use ip46_address.h in interface.h Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4a1bd21543b08b9c1cf1e5563da738414734a878
2022-02-14bfd: add per session countersKlement Sekera4-28/+128
Add udp total session counts - as stat segment entries: /bfd/udp4/sessions /bfd/udp6/sessions and per session packet/byte counters: /bfd/rx-session-counters /bfd/rx-session-echo-counters /bfd/tx-session-counters /bfd/tx-session-echo-counters These counters are per-thread and per-session id. Adjust tests to verify proper function. Type: refactor Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ie597928022b6ac74c2220019b9e8e1714295f170
2022-02-14bfd: refactor code to fix misc warningsKlement Sekera3-131/+110
This change fixes multiple unused parameter warnings, narrowing conversion warnings and identical switch statement warnings. Type: refactor Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I4140e939c409ce06cc5aaaf5e1b042681f7ca448
2022-02-14fib: fix incorrect display of mpls fib_indexRajith P R1-1/+1
Type: fix Signed-off-by: Rajith P R <rajith@rtbrick.com> Change-Id: I8c9c85081c27bfe7ee71b5b620a2a761e027789c
2022-02-10session: use transport endpoint cfg for listenFlorin Coras7-10/+10
Makes it similar to connects. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I38c328670054e1a9ba4dc4ea8fe7519a5a09e8be
2022-02-10vlib: vlib frame bitmapsDamjan Marion1-5/+3
Special bitmaps with VLIB_FRAME_SIZE bits. Type: improvement Change-Id: I48747e422e519e7b5e930fa720397459d3adbb8e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-02-10tests: Fix the FIB UTNeale Ranns1-2/+1
Type: test The FIB UT fails in debug mode because there is no string associated woth its fib_node_type_t. Change the tests to register their own type, which will give it a name. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I36e546718faa7241c088494cbae10939aca51d5a
2022-02-10session: avoid debug half-open session pool contentionFlorin Coras1-0/+11
Half-opens are only allocated from main with worker barrier but can be cleaned up, i.e., session_half_open_free, from main without a barrier. In debug images, the free_bitmap can grow while workers peek the sessions pool, e.g., session_half_open_migrate_notify, and as a result crash while validating the session. To avoid, proactively grow bitmap in debug images. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2410793f933fb638651fe8dc08ba78e9bee0bd77
2022-02-09fib: ip6 and mpls fib_table memory leaks on fib_table->ft_locksSteven Luong3-2/+5
ip6 and mpls fib_table->ft_locks memory leaked when the table is deleted. name tag is leaked for mpls table parsing. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ife68c0ddc3a6f9437a149b308310f042799c2116
2022-02-09bfd: Add an update API that has create new or modify existing semanticsNeale Ranns4-22/+120
Type: improvement helps keep the agents stateless Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3588f13c081e24f5a8083b490eb02856361e4ccb
2022-02-07igmp: make sure fib_index is set before delivering to ip4-localBenoît Ganne1-0/+2
IGMP packets with Router Alert option are delivered to ip4-local without going through ip4-lookup. Make sure fib_index is initialized properly. Type: fix Change-Id: Iab090a33c4c759b6d7f68c28a0b3f4da7a9de864 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-02-05session: track bytes dequeued in snd paramsFlorin Coras3-4/+6
Also reset send params flags before calling transports to avoid explicit resets in all transports. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1da7b3fab009728e7fee4199425ced933fa8a122
2022-02-03ip nat: use ip rx sw_if_index in ip-local arc startFlorin Coras2-9/+8
This also changes the behavior of the nat44-ei hairpinning feature. Rather then enabling the feature on every nat interface, it is enabled only on local0. Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
2022-02-02bfd: restore the data within the packet after hash verificationAndrew Yourtchenko1-0/+5
The BFD delayed auth change test was failing intermittently within CI. Debugging has shown it depends on the initial random seed, e.g. the below will consistently fail: RND_SEED=1643734669.7126195 TEST='bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed' Same thing will happen with: RND_SEED=1643736595.1363552 RND_SEED=1643722239.8224792 The analysis of the behavior shown that the function that is doing the hash verification, modifies the content of the packet for the purposes of hash computation. In case of the auth rollover, this function may be called twice - resulting in the second comparison to be made with a bogus packet data, thus failing the check and the test. The above values of random seed are the ones where the test makes it to the point of this double comparison. The solution is to restore the data within the packet after the check from the array where we have copied it into before modifying the packet. Change-Id: Ibb09beb4b1230032db04527bbf38fa335651866b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-02-01gso: remove the assert if packet is geneve or gre encapedMohsin Kazmi1-4/+0
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3265d4a3843b07c2e0050e297f1e014fc5b31cf7
2022-02-01virtio: coverity woes -- divide by zeroSteven Luong1-0/+7
Coverity complains the expression, j % vif->num_txq, may encounter divide by zero. While there is little chance that vif->num_txq is zero, it is easy to prevent divide by zero if vif->num_txq is ever zero. Type: fix Fixes: I337ec63d0868f665329d68eadf1744e080b73a0d Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I2e91f296737ce266ab70fffc1f442cc600724fa2
2022-01-31ip: reassembly - add a way to disable for forusKlement Sekera11-34/+305
Add API to disable full reassembly of "forus" packets. Mark packets passing through ip[4|6]-local nodes with a new buffer flag and check for that flag in reassembly. Enable IP6 "forus" full reassembly by default to be consistent with existing IP4 setting. Type: improvement Change-Id: I7067792fcd4304182654237968e4c4d9293c6143 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2022-01-31ip: fix length calculation in ip6-receiveKlement Sekera1-1/+1
Replace unconditional usage of buffer->total_length_not_including_first_buffer with a logic checking whether that length is set to a valid value. Type: fix Fixes: 17478e4eb81d384f171ca27c9110a051cd434f16 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I161d0957d62cc23826edd821aa5560bcfc5c1a33
2022-01-25ip: reassembly - fix missing ip6 owner thread initKlement Sekera1-0/+1
Initialize ip6 memory owner thread index in reassembly context to avoid unnecessary handovers. Type: fix Fixes: 630ab5846bceddf8d663e9f488a2dc0378949827 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2996caf1f82a0649c97d481b74dce24a96dce326
2022-01-25bonding: refactor bonding hash functions to vnet/hashSteven Luong5-294/+409
- move bonding hash functions to vnet/hash - register the corresponding hash function when the bond interface is created - remove floating point vec256 usage - split bond_tx_inline into bond_tx_hash and bond_tx_no_hash Type: refactor Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I1698023c48470290d11c9b2bd00996eee9aa079d
2022-01-24policer: fix memory leakLeung Lai Yung1-1/+4
Type: fix policer_add_del does not free "clib_error_t*" when it is not null. Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: I00ad8e53797e46adeb1819856262bb9f3c068c63
2022-01-24sr: fix coverity warningKlement Sekera2-7/+0
Remove dead code. Pool element cannot be NULL. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7812efdcdc414af8352474c4e527c878d2e2c459
2022-01-24ip6-nd: fix coverity warningKlement Sekera1-6/+3
Restructure code to avoid NULL dereference. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: If3a4319f1b93af272b7b315a9b15ba4ee1f8e7ae
2022-01-22session: separate transports from apps in show cliFlorin Coras1-11/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If9d6153ddce836ec34842fb5e581b2f4565e33df
2022-01-22session: update time for list of subscribersFlorin Coras4-1/+53
Instead of constantly scanning all transport vfts for update time functions, build list at transport enable time. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id5c07cc03ee1fdd072ebbbd40119d1a440a5e3b1
2022-01-21wireguard: add async mode for encryption packetsGabriel Oginski1-9/+10
Originally wireguard doesn't support async mode for encryption packets. This patch add async mode for encryption in wireguard and also adds support chacha20-poly1305 algorithm in cryptodev for async handler. In addition it contains new command line to activate async mode for wireguard: set wireguard async mode on|off and also add new command to check active mode for wireguard: show wireguard mode Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6
2022-01-20fib: missing includeDamjan Marion1-0/+1
Type: fix Change-Id: Idefded3443b383ba916a66051b003aac106af8e8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-20http: add http protocol pluginFlorin Coras2-4/+3
Basic HTTP/1.1 server side implementation. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I06bddaf7f11e28db802b4cd7ef8160c78cb019b6
2022-01-18misc: fix coverity warningsDave Barach1-0/+6
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8ea0193ebb2a721a0582451ffd64c4063ac6d233
2022-01-18virtio: remove admin-up flag during interface creationMohsin Kazmi2-4/+0
Type: fix During the interface creation time, (by default) admin-up flag is locally set for tap and virtio interfaces. While, in VPP the state of these interfaces are still admin-down. User needs to explicitly call 'set interface state <interface-name> up' to admin-up the newly created tap or virtio interface(s) in VPP. So, this behavior is inconsistent. This patch fixes the issue to have consistent behavior for given interface between local and global administration state. Change-Id: Ifd8904a09fbdbe7b386874ac3231dc0527064518 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-01-18vnet: distinguish between max_frame_size and MTUDamjan Marion11-67/+77
Type: improvement Change-Id: I3659de6599f402c92e3855e3bf0e5e3388f2bea0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17ipsec: IPSec interface correct drop w/ no protectionNeale Ranns3-8/+19
Type: improvement When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output. This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this: ... 00:00:01:111710: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111829: local0-output ipsec0 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 5858585858585858585858585858585858585858585858585858585858585858 00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0 00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664 00:00:01:112017: error-drop rx:pg1 00:00:01:112034: drop local0-output: interface is down although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop. This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed. The resulting drop is: ... 00:00:01:111504: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111533: ip4-drop ICMP: 172.16.2.2 -> 1.1.1.1 tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN fragment id 0x0001 ICMP echo_request checksum 0xecf4 id 0 00:00:01:111620: error-drop rx:pg1 00:00:01:111640: drop null-node: blackholed packets Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
2022-01-17interface: improve MTU handlingDamjan Marion5-29/+47
- per hw-interface-class handlers - ethernet set_mtu callback - driver can now refuse MTU change Type: improvement Change-Id: I3d37c9129930ebec7bb70caf4263025413873048 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17vnet: introduce vnet_error()Damjan Marion9-175/+259
Decouples vnet return values from API return codes. New vnet_error() creates vnet_error_t whicgh contains both vnet function return value and return string. vnet_api_error() converts vlib_error_t constructed with vnet_error() to API return value. Type: improvement Change-Id: I17042954d48c010150fc1dfc5fce9330e8149e87 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-16vppinfra: bitops cleanupDamjan Marion2-3/+2
Type: refactor Change-Id: I7fa113e924640f9d798c1eb6ae64b9c0a9e2104c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12session: pass tx buffers in bulk to transportsFlorin Coras6-22/+83
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1025cccd784f80b557847f69c3ea1ada5c9de60d
2022-01-12ip: coverity illegal access in ip6_ext_header_walkOle Troan1-9/+2
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
2022-01-12crypto: omit loop iterationDastin Wilski1-4/+6
This fix adds check that will omit loop iteration in case dequeue handler is zero. Type: fix Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I7526e3fe7d8c8da9662b4e9204efd5e2d8be1908
2022-01-11linux-cp: Add VPP->Linux synchronizationPim van Pelt2-1/+46
Part 1 -- notes in https://ipng.ch/s/articles/2021/08/13/vpp-2.html Add the ability for VPP to copy out (sync) its state from the dataplane to Linux Interface Pairs, when they exist. Gated by a configuration flag (linux-cp { lcp-sync }), and by a CLI option to toggle on/off, synchronize the following events: - Interface state changes - Interface MTU changes - Interface IPv4/IPv6 address add/deletion In VPP, subints can have any link state and MTU, orthogonal to their phy. In Linux, setting admin-down on a phy forces its children to be down as well. Also, in Linux, MTU of children must not exceed that of the phy. Add a state synchronizer which walks over phy+subints to ensure Linux and VPP end up in the same consistent state. Part 2 -- notes in https://ipng.ch/s/articles/2021/08/15/vpp-3.html Add the ability for VPP to autocreate sub-interfaces of existing Linux Interface pairs. Gated by a configuration flag (linux-cp { lcp-auto-subint }), and by a CLI option to toggle on/off, synchronize the following event: - Sub-interface creation (dot1q, dot1ad, QinQ and QinAD) A few other changes: - Add two functions into netlink.[ch] to delete ip4 and ip6 addresses. - Remove a spurious logline (printing MTU) in netlink.c. - Resolve a TODO around vnet_sw_interface_supports_addressing() Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I34fc070e80af4013be58d7a8cbf64296cc760e4e Signed-off-by: Pim van Pelt <pim@ipng.nl>