summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-09-14ipsec: make chacha20-poly1305 available via APIVladimir Ratnikov4-14/+27
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski9-164/+628
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-09-09fib: fix path copy function to deal with provided DPO in exclusive pathDamjan Marion1-0/+6
DPO in the new copy was not locked ... Type: fix Fixes: 0bfe5d8 Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-09vlib: don't leak node frames on reforkDmitry Valter2-4/+3
Free node frames in worker mains on refork. Otherwise these frames are never returned to free pool and it causes massive memory leaks if performed under traffic load Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
2022-09-09fib: missing headersDamjan Marion1-0/+2
Type: improvement Change-Id: I7f52222706200c31a731fadfb84513549ccb532d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-05ip: fix punt socket overflowBenoît Ganne1-3/+6
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-31ipsec: fix coverity 249212Andrew Yourtchenko1-2/+2
zero-initialize the variables Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
2022-08-31udp: store mss and sw_if_index to udp_connection_tSteven Luong4-4/+11
Store mss and sw_if_index to udp_connection_t and display them via show sessipn verbose 2 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
2022-08-31gso: zero-initialize gho structVladislav Grishenko2-0/+6
It may contain garbage in debug builds resulting in wrong gho detected flags and offsets. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
2022-08-31devices: fix coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
2022-08-31devices: add support for polling modeMohsin Kazmi3-6/+45
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
2022-08-30l2: skip arp term for locally originated packetsStanislav Zaikin3-0/+6
Mark arp packet as locally originated when probing/replying and don't apply any arp-term logic against it. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
2022-08-30tcp: do not overcount ooo bytesFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
2022-08-30ethernet: fix coverity 214973Andrew Yourtchenko1-15/+14
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei, is called only if ei is set. Type: fix Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30ethernet: refactor the redundant codeAndrew Yourtchenko1-8/+7
Following the discussion during the review of b46a4e69e5db18ef792415439d04a0ab22c59386, remove the redundant ei0. This resulted in realization that in order for this code to do anything useful, the ei must be always non-zero, so rewrite the logical condition for it. Also, make it a conjunction which seems simpler to understand. Type: improvement Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix mac address increment errorJieqiang Wang1-2/+2
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add static ARP entries will output wrong mac addresses due to lack of big/little endian conversion. Fix this error by converting mac address from big endian to little endian before doing the self-increment. Before patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 After patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0 4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0 4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0 4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0 4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
2022-08-29fib: fix coverity 249175Andrew Yourtchenko1-0/+1
Add an assert to express the constraint to coverity without incurring the overhead in release builds. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
2022-08-29fib: fix coverity 253539Andrew Yourtchenko1-0/+1
Add an ASSERT so coverity is aware of the assumption taken, without incurring any penalty in release build. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix coverity 218549Andrew Yourtchenko1-1/+1
Check that the pointer is non-null before dereferencing it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
2022-08-24ipsec: fix coverity 249204Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
2022-08-23classify: fix coverity 249223Andrew Yourtchenko1-1/+1
Day1 latent integer overflow. vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32 in split_and_rehash as well. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
2022-08-19ipsec: enable UDP encap for IPv6 ESP tun protectMatthew Smith7-49/+95
Type: improvement If an SA protecting an IPv6 tunnel interface has UDP encapsulation enabled, the code in esp_encrypt_inline() inserts a UDP header but does not set the next protocol or the UDP payload length, so the peer that receives the packet drops it. Set the next protocol field and the UDP payload length correctly. The port(s) for UDP encapsulation of IPsec was not registered for IPv6. Add this registration for IPv6 SAs when UDP encapsulation is enabled. Add punt handling for IPv6 IKE on NAT-T port. Add registration of linux-cp for the new punt reason. Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
2022-08-18ip-neighbor: Declarative .api counters.Neale Ranns4-56/+109
Type: improvement plus the addition of the 'thorttle' counter of IP6. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
2022-08-18ip: Use .api declarative counters for ICMP.Neale Ranns6-85/+247
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b
2022-08-17fib: support "midchain delegate" removalAlexander Chernavin2-0/+31
Type: improvement Currently, once an adjacency is stacked on a FIB entry via adj_midchain_delegate_stack(), "midchain delegate" is created for the adjacency and the FIB index is stored there. And all further calls to adj_midchain_delegate_stack() even passing another FIB index will cause the function to still use the stored one. In other words, there is currently no way to stack an adjacency on another FIB index if "midchain delegate" already exists for it. Being able to stack on another FIB index is needed for the wireguard plugin. As per the protocol, peers can roam between different external endpoints. When an authenticated packet is received and it was sent from a different endpoint than currently stored, the endpoint needs to be updated and all futher communication needs to happen with that endpoint. Thus, the corresponding to that peer adjacencies need to be stacked on the FIB entry that corresponds to the new endpoint. With this change, add adj_midchain_delegate_remove() that removes "midchain delegate". When stacking on another FIB entry is needed, existing "midchain delegate" can be removed and then, a new one created with a new FIB index via adj_midchain_delegate_stack(). Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
2022-08-11ip: only set rx_sw_if_index when connection found to avoid following crash ↵Xiaoming Jiang1-5/+5
like tcp punt Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1
2022-08-11mpls: Use the .api for the definition of error/info countersNeale Ranns8-64/+111
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540
2022-08-11ip: Use .api declared error countersNeale Ranns20-424/+678
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
2022-08-11ipsec: Use .api declared error countersNeale Ranns6-179/+336
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9
2022-08-11arp: Use the new style error count declarationNeale Ranns4-133/+229
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifda8ca8d26912c750a77d2ca889e1638ca83d85a
2022-08-11tunnel: Fix API encoding of tunnel flagsNeale Ranns1-2/+7
Type: fix API and internal flags do not match 1:1. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
2022-08-10bfd: Express node stats using the .api fileNeale Ranns2-59/+77
Type: improvement This method allows the assignment of a severity to the error. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
2022-08-10bfd: More descriptive error codes during packet receive handlingNeale Ranns3-59/+74
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8907fecde6d48f5362f0f91372d5a9a1bba6f931
2022-08-09ip-neighbor: ARP and ND stats per-interface.Neale Ranns12-51/+297
Type: feature stats of the like from: https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-arp-yang-model-03#section-4 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icb1bf4f6f7e6ccc2f44b0008d4774b61cae96184
2022-08-09vnet: install reass headersMohammed Hawari1-0/+2
Change-Id: I42a138628b06a412b8fce7fb4fc500caf9057169 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-08-09interface: fix show_or_clear_hw_interfacesMohammed Hawari1-1/+2
Change-Id: I2f3163a7a158afa8e2debc6f545c3d1a2a12ac1d Type: fix Fixes: 3414977152ae6362277158dc732e6b9958a6e618 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-08-08devices: af_packet, fix tx stall by retrying failed sendtoMohammed Hawari3-6/+24
Change-Id: I6bed66f740b34673a4883eda1c7f7310c57e131b Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-05vnet: On rx-mode set, return error for an actual error.Wayne Morrison1-1/+6
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode() returns an error it actually returns success. This has been changed to return a clib_error_return() value. Type: fix Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522 Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
2022-08-02ipsec: fix coverity warnings found in fast path implementationPiotr Bronowski2-14/+15
This patch fixes followig coverity issues: CID 274739 Out-of-bounds read CID 274746 Out-of-bounds access CID 274748 Out-of-bounds read Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9bb6741f100a9414a5a15278ffa49b31ccd7994f
2022-07-29ip6-nd: fix ip6 ra cli issueTakanori Hirano1-2/+1
Fix parse problem with per-prefix settings (e.g. valid-lifetime) in ip6 ra. Type: fix Signed-off-by: me@hrntknr.net Change-Id: I2a00bf5b9621ebc16211227d70e376fc2f61bae1
2022-07-28session: fix a crash when using unregistered transport protoFilip Tehlar2-1/+6
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39e3e007da2b99321bebf3e1c1ebb1d87547f532
2022-07-28ip6-nd: copy mac address to wrong buffer current_dataliangrq1-0/+2
Type: fix Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right Signed-off-by: liangrq <liangrq@efly.cc> Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
2022-07-26vppinfra: fix formatting of format_base10Pim van Pelt1-5/+7
format_base10 reads 64b but is fed 32b values at the callsite; change to u64 consistently. The function has only one call site in interface/monitor.c which has a few additional bugs (spurious character, and ambiguous 'bits' versus 'bytes' in the output). Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
2022-07-19session: increase retries to grab mq lockRadha krishna Saragadam1-1/+1
With thousands of UDP sessions, Sometimes VPP needs more time to grab the MQ lock for a session. So increased tries from 5 to 75. Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
2022-07-15ipsec: fast path outbound policy matching implementation for ipv6Piotr Bronowski8-171/+227
With this patch fast path for ipv6 policy lookup is enabled. This impelentation scales and outperforms original implementation when the number of defined flows is higher thatn 100k. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
2022-07-06gre: fix returning the flags in the APIIvan Shvedunov1-0/+1
Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I5ecfb242e5905c9bd8ce19cd9ab6efd657ee14d4
2022-07-06misc: pass NULL instead of 0 for pointer in variadic functionsAndreas Schultz1-1/+1
0 is not NULL (at least not in all cases), passing 0 into a variadic function in a place where the consumer reads it as pointer might leave parts of the pointer uninitilized and hence filled with random data. It seems that this used to work with gcc, but clang seems to treat the 0 in those places as a 32bit integer. Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
2022-06-30sr: SRv6 Path Tracing Sink node behaviorAhmed Abdelsalam1-0/+10
Type: feature Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I2d3a0211abfee3501d3d77c80da20e67e1e9e133
2022-06-29classify: use 32 bits hashBenoît Ganne11-55/+54
classify hash used to be stored as u64 in buffer metadata, use 32 bits instead: - on almost all our supported arch (x86 and arm64) we use crc32c intrinsics to compute the final hash: we really get a 32-bits hash - the hash itself is used to compute a 32-bits bucket index by masking upper bits: we always discard the higher 32-bits - this allows to increase the l2 classify buffer metadata padding such as it does not overlap with the ip fib_index metadata anymore. This overlap is an issue when using the 'set metadata' action in the ip ACL node which updates both fields Type: fix Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-29sr: code refactor and style fixAhmed Abdelsalam2-15/+14
Type: refactor Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: Iff5e85952273526d5c9d9e7e73bd2b6c15bcd7f6