summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-03-31crypto: drop the frame if there is no handlerDastin Wilski1-0/+6
If async engines are disbaled and async is turned on vpp tries to enqueue frame with nonexisting handler which leads to segfault. This patch checks for handler and drops the frame in case it doesn't exist. Type: fix Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I67211867ee29dc41cc9f0733e8e0b3ea86677f85
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan2-0/+8
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-30ip: Reference count the enabling the punt featureNeale Ranns2-4/+14
Type: fix otherwise punt features are applied multiple times to the same packet if enabled multiple times Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If0cbd9065275f68a10fd6d35e4f7a7c7508245e0
2022-03-30udp: fix inner packet checksum calculation in udp-encapMauro Sardara6-64/+137
When computing the inner packet checksum, the code wrongly assumes that the IP version of the inner packet is the same of the outer one. On the contrary, it is perfectly possible to encapsulate v6 packets into v4 and viceversa, so we need to check the IP format of the inner header before calling vnet_calc_checksums_inline. Ticket: VPP-2020 Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad Signed-off-by: Mauro Sardara <msardara@cisco.com>
2022-03-29vnet: set frame overhead at interface registrationMatthew Smith1-2/+2
Type: fix Fixes: 1cd0e5dd533f In vnet_eth_register_interface(), max frame size was being used where frame overhead was intended. Change-Id: I6e6de25e2d616caaf35730ab3d15235ec679ebdd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-03-28ip: add barrier sync, ip4_ply_pool expand caseVladislav Grishenko1-2/+14
ply_create() is not thread safe when the ip4_ply_pool expands. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ie11cc8b1ba587d5e9239a60f4e288492da61368e
2022-03-26session: simplify safe pool reallocFlorin Coras1-62/+42
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1c55c054fea6c6886d8287a9b6e264a308f89504
2022-03-25l2: avoid overflow read of mac addressDamjan Marion1-23/+3
Type: improvement Change-Id: I99d2c69ede39b3ba5604e1811ce12209c47f5caf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-25fib: fix ip6-ll fib selection for non-ethernet interfacesVladislav Grishenko2-7/+37
Fixes case when packet to link-local address is received over gre/mpls or other non-ethernet interface and ip6-ll fib for it is undefined. If by a chance ip6-ll fib index is valid, packet will be passed to some ip6 fib with possibilities to be sent out over unrelated interface or be looped again into ip6-link-local dpo till oom and crash. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6
2022-03-25devices: fix high vector rate per dispatchMohsin Kazmi3-13/+44
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ibd23648483b38696271154237e81081480bb16e0
2022-03-25session: reorganize local port allocationFlorin Coras1-29/+24
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5bbf8d584efdec57908c61f8626bcc81590401b3
2022-03-24bfd: use local error index when incrementing node countersPaul Atkins1-4/+4
When incrementing node counters with vlib_node_increment_counter the local error index should be passed in. vlib_node_increment_counter adds the local index to the nodes base index to get the counter to write to. If we pass in the global counter index, the offset gets added again in the fn, and we then potentially write into memory that is not part of the counter vector. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I43be33a51bcb52d520495d326b971c1d848d96b5
2022-03-24session: safe reallocs for transport endpoint poolFlorin Coras1-11/+25
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6c86d0691bd0594d8b2c05d83d004be1aa8c5e21
2022-03-24ip: The check for 'same packet' must include the FIB indexNeale Ranns1-2/+11
Type: fix otherwise if two packets arrive with the same source address but from different VRFs, then they are treated as the same and they use the same LB and thus share the same fate. but the lookup, when done, results in two different LBs, and hence the fate can be different. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id6e16f7c577a561d9ddd7066339fa4385361d07f
2022-03-24ip6-nd: stop sending RA by defaultAlexander Chernavin1-3/+0
Type: improvement Currently, RA message sending is enabled by default - both periodic and in response to RS message. However, RFC 4861 section 6.2.1 says the following: Note that AdvSendAdvertisements MUST be FALSE by default so that a node will not accidentally start acting as a router unless it is explicitly configured by system management to send Router Advertisements. With this change, RA message sending is disabled by default and "test_ip6.TestIPv6.test_rs" updated appropriately. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I2a8865199cb665c59268504aefe2976e5ee96dc2
2022-03-24mpls: Set the MTU field in the frag-needed ICMP when doing MPLS fragmentationNeale Ranns1-4/+3
Type: fix The reported MTU should include the MPLS label overhead Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3df6d2e0b13f49701e187a766a157498dcaafbc0
2022-03-24fib: Fix crash when removing a covering prefixNeale Ranns3-10/+18
Type: fix When a covering entry is removed from the table, the covered entries first see it 'updated' and then 'removed'. the crash occurs because the covered prefixes share (simple pointer copy) the covereds hash table of path extensions. During the cervers deletion this hash table has been removed and the update of the covered crashes when recaluationg forwarding becuase it uses the free'd hash. Fix is to refetch the shared hash table (which is NULL) when the covered is updated. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icefca9d7b21da975111d0e974d75f663fc0cc00c
2022-03-23classify: fix typo in AVX-512 find entryBenoît Ganne1-1/+1
Type: fix Fixes: 26bc9f3c855496fb56f5fc648f75a299d4d539f8 Change-Id: Idab52bf856c03ded7b181608c3db1313aa2e33de Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-23devices: add tx trace for af-packetMohsin Kazmi1-6/+82
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib96ee54eaf967bf435d6da910a6b582e87fbedc0
2022-03-23devices: add support for offloadsMohsin Kazmi5-117/+301
Type: improvement This patch adds support for: 1) GSO 2) checksum offload Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib00629888c62da04d58db36ce021993769e736c9
2022-03-23devices: af-packet v3 supportMohsin Kazmi4-198/+274
Type: feature CPU usage ~20% less than v2. Performance improvement 20% more than v2. High vector rate. Change-Id: I24bc594200f42664b59d07b44d44578e61068bbc Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-23vppinfra: change vlib_register_node so it takes format string for node nameDamjan Marion2-16/+10
This allows specifying both c string and vector for node name and removes need for crafting temporary string. Type: improvement Change-Id: I0b016cd70aeda0f68eb6f9171c5152f303be7369 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-23ip: Add unformat for flow_hash_configNathan Skrzypczak2-1/+37
Type: improvement This also makes the is_white_space function public Change-Id: Ifc1c0d4509f3ecae14f09bb5fa7a2eea33c49b09 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-23vnet: Remove the unused fields from opaque2Neale Ranns2-14/+3
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb6d19de053c306e9758dbfa827ab7bcab5de856
2022-03-22session: use safe realloc for poolsFlorin Coras5-74/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I313c916d268c4b2b448b93e90bc67da341b803e3
2022-03-22fib: refetech the adj after the walk in case the pool realloc'dVladislav Grishenko1-3/+15
Follow e3aeb38fa82b77ae84643f5140d9674056b6b5ca Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I743911cacc026af5da392d26eaf47ab83ea1de99
2022-03-21session: linked list of events to be handled by mainFlorin Coras3-56/+107
Minimize amount of rpcs from first worker to main Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3794ff028a17d18b7bff69ede2b62e1e2d45ae77
2022-03-21sr: fix srv6 definition of behavior associated to a LocalSIDFrancesco Lombardo2-2/+2
The behavior associateted to a LocalSID accordig to the definition should be u8 instead of u16; Type: fix Signed-off-by: Francesco Lombardo <franclombardo@gmail.com> Change-Id: I6dd60d5facc1c3f20900cb393619349e82eef38c Signed-off-by: Francesco Lombardo <franclombardo@gmail.com>
2022-03-18session: add infra for safe pool reallocsFlorin Coras2-0/+148
This is not to be used lightly. The idea is to forces pool reallocs to be done only on main thread with a barrier to make sure pools are always reallocated without peekers/readers. If rpcs are delayed and the pool runs out of elements, workers will block waiting for barrier and force the realloc. Consumers of this api should be session layer and transports. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I533272a29534338935a3fcf7027c0e7af2ca948c
2022-03-18udp: avoid grabbing vlib main if not neededFlorin Coras1-6/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I88a747cac70cb88755f50c7b337207f4ba256530
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion10-23/+12
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18ip: fix assert in ip4_ttl_incAloys Augustin1-1/+3
There is no need to verify the checksum for packets that have the IP checksum offload flag set. This uses the same logic as ip4_ttl_and_checksum_check. Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
2022-03-18bfd: remove source IP check from session addKlement Sekera1-55/+0
Checking for existence of source address on interface prevents creating session before assigning address to said interface. Removing this check allows more flexibility when configuring BFD feature. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ia57960e29b5dbdb758a7a64193c28f21482f229e
2022-03-15tcp: update error counters in listen nodeFlorin Coras1-9/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib2e1d847607c9c7d928b174b87e5c21d53153ebe
2022-03-15tcp: update persist timer if data ackedFlorin Coras1-3/+7
Update persist timer if data sent during snd_wnd < snd_mss was acked. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5c75ff8ddc0e49750b2088237d32afa4eda99e7f
2022-03-15flow: add generic flow pattern for 5G flow enhancementTing Xu2-32/+71
In order to support the requirement of RSS and packet steering of new protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern is introduced in vnet flow. The generic flow pattern is based on DDP (Dynamic Device Personalization) function and Parser Library module in DPDK. Using generic flow pattern, we do not need to create new packet and field type and offset in API parser for every new protocols. We can create flows for any protocol immediately as long as supported by DDP. The generic flow can be used to support 5G related protocols in different scenarios. The input of this generic pattern are two binary strings for spec and mask. Spec is the binary presentation of the target packet type, and mask is used to mark the target fields. In this patch DPDK plugins is enabled for POC. Next step we will enable generic flow in native IAVF, which is the main target. Here is an example. If we want to create a flow for GTPU QFI, spec is: 00000000000100000000000208004500003C00000000001100000101010102020202000 008680028000034FF001C00000000000000850100010045000014000000000000000001 01010102020202 mask is: 00000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000007F0000000000000000000000000000 00000000000000 A naming API POC is created via VAPI to help create the rule with the target packet format similar to Scapy. It is based on a function module called PacketForge. In this way, the user no need to create binary string spec and mask by themselves. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
2022-03-11session: fix crash during client detachFilip Tehlar1-1/+3
This fixes a crash caused by client closing socket before adding worker. During detach vpp tries to delete worker based on invalid worker index. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
2022-03-10devices: remove the unused code from af_packetMohsin Kazmi2-6/+0
Type: refactor Change-Id: If180816303909b92c9aa4ff9fd70dc7938a6cfbe Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-10ipsec: remove the redundant codeMohsin Kazmi1-1/+0
Type: refactor Change-Id: I0a40e22e1439e13ffdbcbd6fd7cad40c8178418c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-09ip: IPv4 Fragmentation fix for l2fragmetable sizeNeale Ranns1-10/+7
Type: fix The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
2022-03-09stats: refactorDamjan Marion5-30/+147
Type: refactor Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-08classify: add API to retrieve punt ACL tablesBenoît Ganne2-0/+45
Type: feature Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-08ipsec: input: drop by default for non-matching pktsZachary Leaf1-0/+14
As per IPSec RFC4301 [1], any non-matching packets should be dropped by default. This is handled correctly in ipsec_output.c, however in ipsec_input.c non-matching packets are allowed to pass as per a matched BYPASS rule. For full details, see: https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480 It appears the ipsec6_input_node only matches PROTECT policies. Until this is extended to handle BYPASS + DISCARD, we may wish to not drop by default here, since all IPv6 traffic not matching a PROTECT policy will be dropped. [1]: https://datatracker.ietf.org/doc/html/rfc4301 Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
2022-03-08ip: set fib_index before exiting input ACL nodeArthur de Kerhor1-40/+75
While setting an ACL, a user can specify the adjacency to follow after the input ACL node. Thus, we may skip a lookup and enter directly a local node (ex: ip4_local). To prevent the local source check from failing, we need to specify the fib index. And, we have to do it just before exiting the input ACL node because the l2_classify object is overlapping with the fib_index in the vnet_buffer_opaque_t struct. We could have added a padding to avoid this overlap but there is no place for that in the structure. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
2022-03-07ip: Fixes for IPv6 and MPLS fragmentationNeale Ranns2-52/+76
Type: fix - IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer - IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places - IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local - IPv6oMPLS should send back TooBig ICMP6 for non locally generated Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
2022-03-04ip: rate-limit the sending of ICMP error messagesNeale Ranns2-2/+58
Type: improvement For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages. The rate limiting is done based on src,dst IP address of the received packet. the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
2022-03-04ip: fix overflow in ip6_ext_header_walkBenoît Ganne1-1/+1
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements. Type: fix Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-04pg: fixing the cliMohsin Kazmi1-2/+0
Type: fix This patch removes the assert and it is unnecessary. Because given variable is used for branch testing. Change-Id: I64f57f909fcba205216296e86c1cde2a5dadbb45 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-04pg: add support for ip mode through cliMohsin Kazmi1-2/+8
Type: improvement Change-Id: I5dda196ab8f1b634fcac46acd5c57a6dd726759c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-04ipfix-export: fix the warning message for uninitialized variableMohsin Kazmi1-2/+2
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2b8b6a3b5a6df71e84ce2f15ef7117f390121c2f