summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-12-18bfd: fix NULL dereference in bfd_api_verify_commonFrédéric Perrin1-1/+1
ip6_get_link_local_address() may return NULL if the local interface is not (or not yet) configured Type: fix Signed-off-by: Frédéric Perrin <fred@fperrin.net> Change-Id: I42bf2081582c4a36fa4e32145ca2f0ff73488110
2021-12-16session: app mq congestion detectionFlorin Coras3-266/+349
Detect mq congestion and handle it by queueing messages in a fifo and postponing handling via rpcs. App workers with congested mqs cannot accept nor connect additional sessions. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401d971a1a53896758b88fc60f158cbc31e0c7cb
2021-12-14virtio: integrate with new tx infraMohsin Kazmi11-58/+251
Type: improvement Change-Id: I337ec63d0868f665329d68eadf1744e080b73a0d Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-12-14interface: Add interface monitor cliNathan Skrzypczak2-0/+120
This adds an interface CLI 'monitor interface <interface>' that periodically reports rx/tx pps & bandwidth for a given interface. Type: feature Change-Id: Ia9d59b3443913520a52b38d7bda012190be6f167 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-12-14vxlan: crash on configuring vxlan tunnel on l3 modeSteven Luong2-7/+9
Configure a vxlan tunnel using this CLI and then assign an ip address to the vxlan tunnel cause VPP to crash immediately create vxlan tunnel src x.x.x.x dst y.y.y.y vni 1000 decap-next node ethernet-input l3 set interface ip address vxlan_tunnel0 z.z.z.z/24 It looks like when l3 mode is configured, the code calls the wrong function to register the interface Type: fix Fixes: 3e38422ab905d26ab1625c74268e30c94327ea54 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ie1a08efc028f37fb528a7dfd7048ff6836bb8ddc
2021-12-14api: verify message size on receiptKlement Sekera5-4/+25
When a message is received, verify that it's sufficiently large to accomodate any VLAs within message. To do that, we need a way to calculate message size including any VLAs. This patch adds such funcionality to vppapigen and necessary C code to use those to validate message size on receipt. Drop messages which are malformed. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2903aa21dee84be6822b064795ba314de46c18f4
2021-12-14ip: reassembly: drop zero length fragmentsKlement Sekera3-0/+17
Zero length fragments are invalid and should be dropped. This patch adds that. Type: improvement Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-12arp: fix arp_vft callbackMercury1-1/+1
arp proxy is not enabled correctly by ip4_neighbor_proxy_enable() Type: fix Signed-off-by: Mercury <mercury124185@gmail.com> Change-Id: I672b5d4a9652030b5604e9d39743c39cb93a2531
2021-12-12tcp: fix the tcp src-address cliMercury1-0/+2
When the src-address to add match a route without a valid output interface(such as default route 0.0.0.0/0), fib_entry_get_resolving_interface() will return (u32)~0, which will cause crash in ip4_neighbor_proxy_enable(). Type: fix Signed-off-by: Mercury <mercury124185@gmail.com> Change-Id: I5aee5676a2ff43ec06745ebed4dba2b9e5b98c4d
2021-12-10ip: reassembly: handle atomic fragments correctlyKlement Sekera2-45/+93
If a fragment arrives with fragment offset = 0 and M = 0, it means that this is actually a complete packet and per RFC 8200, it should be treated independently from other fragments. This patch does that. Fragmentation header is stripped and fragment is forwarded irregardles of other existing reassemblies in case of full reassembly and treated the same way as regular packet in shallow virtual reassembly. Type: improvement Change-Id: If3322d5e3160cd755b8465a642702a9166d46cc2 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-08api: improve REPLY_MACRO safetyKlement Sekera1-35/+41
Improve vppapigen to generate per-message #define indicating whether said message is dynamically sized (due to VLA or string) or not. Use these #defines in REPLY_MACROs to prevent improper usage. Fix existing improper REPLY_MACRO* usage. Type: improvement Change-Id: Ia77aaf9f6cf3ed68ea21075a4cc8deda78a68651 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-12-08session: stricter tx checks for ct sessionsFlorin Coras1-1/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ied4fe0f2b35eeca4e3e82fa21346de7f243aa52a
2021-12-08session: fix duplicate segment del messageFlorin Coras1-6/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I42b5a5a07aae6708a20ed424c8f26ddbe91278fb
2021-12-07fib: fix coverity warning/don't dereference NULLKlement Sekera1-1/+1
fib_sas6_get is called with NULL dst explicitly so add a NULL check to avoid a NULL dereference. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I8ebcba98832f374991f5442c1b83a4b6e64771d0
2021-12-04ipsec: fix async buffer leakMatthew Smith3-3/+2
Type: fix Fixes: f16e9a5507 If an attempt to submit an async crypto frame fails, the buffers that were added to the frame are supposed to be dropped. This was not happening and they are leaking, resulting in buffer exhaustion. There are two issues: 1. The return value of esp_async_recycle_failed_submit() is used to figure out how many buffers should be dropped. That function calls vnet_crypto_async_reset_frame() and then returns f->n_elts. Resetting the frame sets n_elts to 0. So esp_async_recycle_failed_submit() always returns 0. It is safe to remove the call to reset the frame because esp_async_recycle_failed_submit() is called in 2 places and a call to reset the frame is made immediately afterwards in both cases - so it is currently unnecessary anyway. 2. An array and an index are passed to esp_async_recycle_failed_submit(). The index should indicate the position in the array where indices of the buffers contained in the frame should be written. Across multiple calls, the same index value (n_sync) is passed. This means each call may overwrite the same entries in the array with the buffer indices in the frame rather than appending them to the entries which were written earlier. Pass n_noop as the index instead of n_sync. Change-Id: I525ab3c466965446f6c116f4c8c5ebb678a66d84 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-12-03interface: add multi tx-queues support for new tx infraMohsin Kazmi14-136/+867
Type: feature Change-Id: I231f782b3c56dc2b10321e4569ac7acdad1c11da Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-12-03ip: extension header parsing fails for fragment headerOle Troan8-294/+277
Refactor and improve boundary checking on IPv6 extension header handling. Limit parsing of IPv6 extension headers to a maximum of 4 headers and a depth of 256 bytes. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556 Signed-off-by: Ole Troan <ot@cisco.com>
2021-12-03fib: Fix the display (or lack of) for fib node types in dependent children listsNeale Ranns4-22/+37
Type: fix When registering a new FIB node type, no name was required on the API, and so no name was printed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8a99cf29c194637a550061b0a5e9782ffe8b31dd
2021-11-30interface: add support for outer header checksumsMohsin Kazmi3-0/+43
Type: improvement Change-Id: I7c341dc4a99898dd1f865ac2ebd99de9898bb0bd Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-11-29session: remove segment if empty after writer lockFlorin Coras1-9/+18
Make sure segment is empty after writer lock acquired. Other workers might add fifos in between empty test and writer lock acquire. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3400fdd14be98d9d8fb4e415d3a849be1d255241
2021-11-29session: mark first listener segment as protectedFlorin Coras1-0/+4
Avoid constantly re-mapping a listener's first segment when all its sessions are closed. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iea7033fb70f4cf9e4408d542b7c0ff2b0c5c2f92
2021-11-29session: no deq notifications after closeFlorin Coras1-0/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3e633f017c68e8c5446e45b577048138a387daf6
2021-11-29session: postpone close notification if still acceptingFlorin Coras1-0/+14
Acceping sessions might be rejected so the notification might not make sense. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3ababdce7c2cec62941d9722a9c06fa48ec547db
2021-11-29ipfix-export: don't check the result of pool_getPaul Atkins1-2/+0
The code to check the exp is set after the call to pool_get() is marked as unreachable in coverity. This is becasue if it fails in pool_get then the it panics. Remove the unreachable code. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Iabb51b6b6788b6c12ef37c28dde2118c798de831
2021-11-29session: fix clib_rwlock_writer_unlock lostwanghanlin1-1/+4
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: Iab857b056639f7e513f87a6095bea081b7d8349c
2021-11-27devices: fix af_packet GSO checkNathan Skrzypczak1-1/+6
Type: fix This fixes the GSO size calculation in af_packet which didn't include the ethernet size. This is not ideal, as we default to the host side mtu to check whether a packet is GSO or not and to set the GSO size. But there doesn't seem to be more info passed with the packets. Change-Id: I9769e1dd21d5989b4cf67295352b5535454f88d1 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-26session: accept reply improvementsFlorin Coras1-26/+25
- Always check session ownership - Improve test for main thread rpc Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5fa60f7f5de199af0966987f9ce9a4cc8180cf98
2021-11-26session: postpone ct peer disconnect and more checksFlorin Coras1-20/+29
- Disconnect ct peer only after tx events have been drained - Make sure session/connection is in healty state before rx/tx notifications Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic6e684410a98530cc95a9c6c54c05a19c17c11d9
2021-11-26session: only notify server on ct connect failureFlorin Coras1-8/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifcb631ed2913e5f4fc318238de9100286a7990d2
2021-11-25l2: change prefetch to prefetchwRay Kinsella1-4/+4
L2 prefetches the vlib_buffer_t and then immediately writes to l2 split horizon group. Changing to the prefetch to a prefetchw. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: If3b7996978ee80f99c55904692c7b3c905f537ce
2021-11-24session: improve fifo segment allocationFilip Tehlar1-0/+6
This patch ensures that fifo segment has at least the size that was requested during allocation. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iea8a885ac290183e25e5c8f9163bba226c5efa15
2021-11-24session: detach server from client on connect failureFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie2ed2554578d6a2c671c552dc2bdc081f9754eed
2021-11-23misc: deprecate gbp and its dependentsNeale Ranns15-3724/+3
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Benoît Ganne <bganne@cisco.com> Change-Id: I2f30a4f04fd9a8635ce2d259b5fd5b0c85cee8c3
2021-11-23vxlan: multiarch optimization of vxlanRay Kinsella3-5/+1
Fixing the mutliarch versions of vxlan, geneve and friends. Ensures that main struct is correctly sized for all multiarch permutations. Type: fix Fixes: 290526e3c Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I7c4c435763a5dcb0c3b429cd4f361d373d480c03
2021-11-23devices: support build on older kernelsFlorin Coras1-0/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I10af028b5e57b36b8015b02240f1e4e9a42d0898
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak4-54/+99
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-22gso: implement gso segementation copy with checksumMohsin Kazmi2-15/+239
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Iec9dacde170533ca16e8117787e62da8af69ae96
2021-11-22ipfix-export: support sending of ipv6 pktsPaul Atkins1-62/+176
The current code that sends ipfix packets assumes IPv4. Modify this so that it generates and sends packets based on whether the destination address is IPv4 or IPv6. Where code is common across multiple places pull it out into helper functions. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I216c6c4c1b58cacedca22019f74a38c64a368b7e
2021-11-22ipfix-export: Change exp to use ip_addressPaul Atkins4-62/+80
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific version. Modify the current code so that it writes into the v4 specific part of the address, i.e. we are not yet fully supporting IPv6. For the exporter configured via the original API (the one that is always in slot0) we will not support IPv6 addresses. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
2021-11-22ipfix-export: rename variables when building bufsPaul Atkins1-40/+40
Rename the local variables used when building ipfix export packets to make it clear that they are v4 specific variables. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I3a5a623aeb0b6f2b7fcdafb3fc19c500934c529b
2021-11-22ipfix-export: refactor params to the callback fnsPaul Atkins4-15/+7
When a new flow-report is created the caller provides 2 callback functions. These functions both take a pointer to the exporter, plus a pointer to the source and dest address. However the pointers to the address are not adding any value as these are always set to the src/dest addresses of the exporter (which is already being passed). Remove these parameters and leave the callback functions to get the addresses out of the exporter. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
2021-11-22ipfix-export: Add APIs to get/send buffersPaul Atkins3-0/+234
The ipfix exporter should be doing most of the work of building packets and sending them rather than leaving every client of the exporter to do all the work themselves. Start to move towards that by adding APIs to get and send buffers. Store the state of this in new per thread data on the report so that we can send with minimal use of atomics. We do need an atomic for the sequence number in the packet though as that contains the number of data_records sent for the 'stream', not just for a single core. As the state is stored on the flow_report_t the caller needs to know which report they are using, so add a field to the args struct used to create the report that is used to pass back the report index on success. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I222b98a3f0326b3b71b11e0866a8c9736bed6dc1
2021-11-22ipfix-export: add a new API to dump all exportersPaul Atkins2-1/+86
Add a new API to dump all the exporters. As the destination struct type is not the same as for the existing dump/details API no attempt is made to use the existing code to populate the structure. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I409f80285b107a530e0e4f3c6a047a803815a0ec
2021-11-22ipfix-export: support creating multiple exportersPaul Atkins4-45/+169
The existing api set_ipfix_exporter only allows for the creation of a single exporter. In some cases it is desirable to export data to multiple different destinations. Allow users to create multiple ipfix exporters to support this. Add a new api that allows for the creation of multiple exporters, and store them in a pool of exporters. The exporter created by the old API will always be in index 0 of the pool. Exporters created by the new API will be given the next available index in the pool, and will return this index to the API caller so that they can track the exporter they created. The collector_address is the key for the exporter, so changes can be made by doing a further call to the API with the same collector_address. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Id71c98cffcf8d141d890b40fb90a40b90a91d1d6
2021-11-22ipfix-export: refactor ipfix_exporter_t_handler fnPaul Atkins1-34/+34
Split this api handler into 2 parts. The first is the top level handler and the second is the internal helper function that does all the work. This is in preparation for having a similar API that allows multiple exporters to exist at the same time. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ibd4037682742f4c2f52b4cd1346d35fb2029461d
2021-11-22ipfix-export: pass an exp to flow_report_add_delPaul Atkins5-73/+60
Pass an ipfix_exporter to this function so that callers can choose which exporter they are modifying. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
2021-11-22ipfix-export: make stream fns exporter awarePaul Atkins1-18/+11
The functions that work on streams were getting the set of streams directly from flow_report_main. Modify them to take an ipfix_exporter as an argument, and then any processing they do is only for this exporter. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I32bd9a6ba32a15ec4d4ec9556a9b75f3d83fcd6e
2021-11-22ipfix-export: refactor fields in flow_report_mainPaul Atkins4-87/+125
Pull out the fields in flow_report_main_t that are specific to a single exporter and move them into a new structure that represents an exporter. Add a pool of exporters to flow_report_main_t and do a pool_get() to get the entry at index 0, so that the existing users of the code need only change the path at which they access the old fields and have no need to make further code changes. In functions that were accessing the fields that now make up the ipfix_exporter create a local var that points to the first (always valid) exporter and use this as the base for the fields rather than finding them from flow_report_main. This is in preparation for supporting multiple flow_exporters. Note that at the moment the code supports multiple 'streams' for a given exporter, where each stream has its own source port, domain id and template space. But all streams within an exporter have the same destination address, so this is not the same as multiple exporters. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
2021-11-19tls: add option to config additional segment sizeFlorin Coras2-4/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-11-19fib: Don't use [midchain] adjacencies to change an interface's feature arcNeale Ranns24-291/+352
Type: fix Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface. Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node). rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive. There's also a fix in config string handling to: 1- prevent false sharing of strings when the end node of the arc is different. 2- call registered listeners when the end node is changed For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084