summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-10-05ip: reassembly - custom context instead of VRFMohammed Hawari2-40/+137
Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-05ip: reassembly - custom context of ipv6Mohammed Hawari2-26/+129
Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-10-03tcp: replace tcp_time_now with tcp_time_now_usSteven Luong2-29/+30
It looks like tcp_time_now has been deprecated for a while and the replacement is tcp_time_now_us Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64
2022-10-03sr: new messages created to return packet statistics in sr localsid detailsChinmayaAgarwal2-0/+98
Type: improvement Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com> Change-Id: I27d5981a77d4166a92db9ecf73d9b0eed962ec19
2022-09-30fib: fix dpo-receive address in ip6-ll fibsVladislav Grishenko1-1/+6
Need to fill frp_addr for local path, it's used by dpo-receive. If not, address output can be invalid: $ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128 IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ] fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2 IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active, path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[] path:[82] pl-index:72 ip6 weight=1 pref=0 receive: oper-flags:resolved, cfg-flags:local,glean, [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 forwarding: unicast-ip6-chain [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]] [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3 Type: fix Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-30udp: add udp encap source port entropy supportVladislav Grishenko7-36/+154
Encode entropy value in UDP source port when requested per RFC 7510. CLI already has "src-port-is-entropy", use zero UDP source port in API to avoid breaking changes, since zero port is not something to be used in wild. Also, mark UDP encapsualtion API as mp-safe as already done for CLI. Type: feature Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-29gso: clear the offload flags from segmented buffersMohsin Kazmi1-0/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I2901628d23f9b81edb32d0ced3877e5799a6cec7
2022-09-29api: deprecate vl_msg_api_set_handlersDamjan Marion1-18/+36
Type: refactor Change-Id: I7b7ca9ec62cb70243c5b7e87968eab1338d67ec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-27vnet: fix ip4 version and IHL checkDmitry Valter2-3/+11
Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
2022-09-26api: replace print functions wth formatDamjan Marion2-15/+9
Type: improvement Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-23bfd: add tracing support to bfd-processKlement Sekera4-104/+160
Outgoing packets can be now traced via: trace add bfd-process <count> Type: improvement Change-Id: Ia19af6054289b18f55e518dbea251a2bee9b9457 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2022-09-21ipsec: introduce fast path ipv6 inbound matchingPiotr Bronowski4-55/+197
This patch introduces fast path matching for inbound traffic ipv6. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve the perfromance. Type: feature Change-Id: Iaef6638033666ad6eb028ffe0c8a4f4374451753 Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
2022-09-20fib: add cli support for explicit link typeBenoît Ganne1-0/+12
This adds the ability to specify we want an IPv4 route via an IPv6 adj and vice-versa. Type: improvement Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-20arp: check for manually added proxy-arp entriesBenoît Ganne1-1/+1
When manually adding neighbor entries for proxy-arp, those will be fib-adj entries. Check for proxy-arp instead of dropping immediately. Type: improvement Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19igmp: validate ip router alert option lengthVladislav Grishenko1-0/+5
It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
2022-09-19build: install missing headersBenoît Ganne1-1/+6
Type: fix Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19teib: fix segv during failed deletion of entryMatthew Smith1-2/+1
Type: fix If an attempt is made to delete a teib entry and the entry does not exist, a message is logged. The format string contained an extra "%U", which results in a segv. Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-19arp: update error reason when checking for proxy-arpBenoît Ganne1-1/+0
When we follow arp feature arc for proxy-arp, we should still update the error reason in case proxy-arp cannot handle the arp request and drops it. Type: improvement Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-16virtio: add support for per queue packet counterMohsin Kazmi5-0/+28
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9
2022-09-15vcl: add hugepage for vcl configure and svmJunfeng Wang4-2/+14
add hugepage for vcl configure and svm Type: feature Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
2022-09-15session: support dma optionMarvin Liu3-20/+257
add dma support to session, acclerate host-stack with dma Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
2022-09-15ip-neighbor: fix debug log format outputluoyaozu1-4/+3
Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4
2022-09-14ip: show fib index in ip4 reassembly traceDamjan Marion1-28/+25
Type: improvement Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-14ipsec: make chacha20-poly1305 available via APIVladimir Ratnikov4-14/+27
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski9-164/+628
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-09-09fib: fix path copy function to deal with provided DPO in exclusive pathDamjan Marion1-0/+6
DPO in the new copy was not locked ... Type: fix Fixes: 0bfe5d8 Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-09vlib: don't leak node frames on reforkDmitry Valter2-4/+3
Free node frames in worker mains on refork. Otherwise these frames are never returned to free pool and it causes massive memory leaks if performed under traffic load Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
2022-09-09fib: missing headersDamjan Marion1-0/+2
Type: improvement Change-Id: I7f52222706200c31a731fadfb84513549ccb532d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-05ip: fix punt socket overflowBenoît Ganne1-3/+6
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-31ipsec: fix coverity 249212Andrew Yourtchenko1-2/+2
zero-initialize the variables Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
2022-08-31udp: store mss and sw_if_index to udp_connection_tSteven Luong4-4/+11
Store mss and sw_if_index to udp_connection_t and display them via show sessipn verbose 2 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
2022-08-31gso: zero-initialize gho structVladislav Grishenko2-0/+6
It may contain garbage in debug builds resulting in wrong gho detected flags and offsets. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
2022-08-31devices: fix coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
2022-08-31devices: add support for polling modeMohsin Kazmi3-6/+45
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
2022-08-30l2: skip arp term for locally originated packetsStanislav Zaikin3-0/+6
Mark arp packet as locally originated when probing/replying and don't apply any arp-term logic against it. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
2022-08-30tcp: do not overcount ooo bytesFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
2022-08-30ethernet: fix coverity 214973Andrew Yourtchenko1-15/+14
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei, is called only if ei is set. Type: fix Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30ethernet: refactor the redundant codeAndrew Yourtchenko1-8/+7
Following the discussion during the review of b46a4e69e5db18ef792415439d04a0ab22c59386, remove the redundant ei0. This resulted in realization that in order for this code to do anything useful, the ei must be always non-zero, so rewrite the logical condition for it. Also, make it a conjunction which seems simpler to understand. Type: improvement Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix mac address increment errorJieqiang Wang1-2/+2
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add static ARP entries will output wrong mac addresses due to lack of big/little endian conversion. Fix this error by converting mac address from big endian to little endian before doing the self-increment. Before patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 After patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0 4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0 4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0 4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0 4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
2022-08-29fib: fix coverity 249175Andrew Yourtchenko1-0/+1
Add an assert to express the constraint to coverity without incurring the overhead in release builds. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
2022-08-29fib: fix coverity 253539Andrew Yourtchenko1-0/+1
Add an ASSERT so coverity is aware of the assumption taken, without incurring any penalty in release build. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix coverity 218549Andrew Yourtchenko1-1/+1
Check that the pointer is non-null before dereferencing it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
2022-08-24ipsec: fix coverity 249204Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
2022-08-23classify: fix coverity 249223Andrew Yourtchenko1-1/+1
Day1 latent integer overflow. vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32 in split_and_rehash as well. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
2022-08-19ipsec: enable UDP encap for IPv6 ESP tun protectMatthew Smith7-49/+95
Type: improvement If an SA protecting an IPv6 tunnel interface has UDP encapsulation enabled, the code in esp_encrypt_inline() inserts a UDP header but does not set the next protocol or the UDP payload length, so the peer that receives the packet drops it. Set the next protocol field and the UDP payload length correctly. The port(s) for UDP encapsulation of IPsec was not registered for IPv6. Add this registration for IPv6 SAs when UDP encapsulation is enabled. Add punt handling for IPv6 IKE on NAT-T port. Add registration of linux-cp for the new punt reason. Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
2022-08-18ip-neighbor: Declarative .api counters.Neale Ranns4-56/+109
Type: improvement plus the addition of the 'thorttle' counter of IP6. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
2022-08-18ip: Use .api declarative counters for ICMP.Neale Ranns6-85/+247
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b
2022-08-17fib: support "midchain delegate" removalAlexander Chernavin2-0/+31
Type: improvement Currently, once an adjacency is stacked on a FIB entry via adj_midchain_delegate_stack(), "midchain delegate" is created for the adjacency and the FIB index is stored there. And all further calls to adj_midchain_delegate_stack() even passing another FIB index will cause the function to still use the stored one. In other words, there is currently no way to stack an adjacency on another FIB index if "midchain delegate" already exists for it. Being able to stack on another FIB index is needed for the wireguard plugin. As per the protocol, peers can roam between different external endpoints. When an authenticated packet is received and it was sent from a different endpoint than currently stored, the endpoint needs to be updated and all futher communication needs to happen with that endpoint. Thus, the corresponding to that peer adjacencies need to be stacked on the FIB entry that corresponds to the new endpoint. With this change, add adj_midchain_delegate_remove() that removes "midchain delegate". When stacking on another FIB entry is needed, existing "midchain delegate" can be removed and then, a new one created with a new FIB index via adj_midchain_delegate_stack(). Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
2022-08-11ip: only set rx_sw_if_index when connection found to avoid following crash ↵Xiaoming Jiang1-5/+5
like tcp punt Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1
2022-08-11mpls: Use the .api for the definition of error/info countersNeale Ranns8-64/+111
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540