summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-10-31ipsec: separate UDP and UDP-encapsulated ESP packet processingvinay tripathi1-8/+33
This fix differentiates UDP and UDP-encapsulated ESP packets processing. While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as other plain-text protocols is NOT dispatched against SPD policies. Key logic is taken from RFC 3948, and is based on the fact that the checksum of UDP packet encapsulating ESP packet must be zero. Type: fix Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com> Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
2023-10-31ipsec: move udp/esp packet processing in the inline function ↵vinay tripathi1-174/+181
ipsec_esp_packet_process This inline function is introduced to simplify code readability and allows to splitting of UDP and ESP processing in the next step. Type: improvement Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
2023-10-30ipsec: huge anti-replay window supportMaxime Peim10-168/+680
Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
2023-10-27session: fix bind replies with errorsFlorin Coras1-1/+1
Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icdff3528fcaf863b400b9aca6c30d284bc17d5f0
2023-10-26devices: remove unused codeDamjan Marion2-19/+0
Type: improvement Change-Id: I2427e1a93e89e9a7ac884b84352b96cf523ae11e Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-25fib: only update glean for interface if necessaryMatthew Smith2-8/+81
Type: improvement If an interface address is added, the glean adjacency for it's covering prefix is updated with that address. In the case of multiple addresses within the same prefix being added, the most recently added one will end up being used as the sender protocol address for ARP requests. Similar behavior occurs when an interface address is deleted. The glean adjacency is updated to some appropriate entry under it's covering prefix. If there were multiple interface addresses configured, we may update the address on the adjacency even though the address currently in use is not the one being deleted. Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag identifies whether a source interface entry is being used as the address for the glean adjacency for the covering prefix. Update logic so that the glean is only updated on adding an interface address if there is not already a sibling entry in use which has the flag set. Also, only update the glean on deleting an interface address if the address being deleted has the flag set. Also update unit test which validates expected behavior in the case where multiple addresses within a prefix are configured on an interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
2023-10-24crypto: fix algo selectionDmitry Valter1-1/+4
Check if crypto ops vector is matching actual ops instead if blindly dereferencing it. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Ib88ab44137d9360ee96228e72349a62b2fa7a7e0
2023-10-16tcp: initialize connection index on rst w packetFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie01d7e8d6eddf3ba88f2cd6eb8369c8ec8179cb4
2023-10-16tcp: allow fins in syns in syn-rcvdFlorin Coras1-7/+11
Also make sure connection is properly cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02f83e9a1e17cbbbd2ee74044d02049b2fd2f21c
2023-10-16tcp: handle syn-ack in fin-wait-2 in rcv processFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If74e04498423bed42593e79ec92482421cfda8d2
2023-10-16ip-neighbor: do not use sas to determine NS source addressOle Troan1-2/+3
Using the source address selection algorithm to determine the best source of an NS for address resolution risks incompatible behavior. It may choose a source address that is off-link to the other host. Which may drop it. A safer approach is to always use the link-local address as the SA. It's recommended to pick a source that an application will later use, as VPP is mostly a router, that rarely applies. And regardlessly we have no mechanism to signal from an application that triggered address resolutiuon what source address it intends to use. Type: fix Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16ip-neighbor: add ip neighbor flushOle Troan1-2/+11
Flushing the neighbor cache was only available through API. Add CLI command. Either flushes whole table (IP4,IP6) or all neighbors on specified interface. Type: improvement Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-14feature: remove unused codeDamjan Marion5-136/+4
Type: improvement Change-Id: If775b1d145e462346de562a3c893f302e8c7b814 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13ethernet: run callbacks for subifs too when mac changesAlexander Chernavin1-1/+10
When MAC address changes for an interface, address change callbacks are executed for it. In turn adjacencies register a callback for MAC address changes to be able to update their rewrite strings accordingly. Subinterfaces inherit MAC address from the parent interface. When MAC address of the parent interface changes, it also implies MAC address change for its subinterfaces. The problem is that this is currently not considered when address change callbacks are executed. After MAC address change on the parent interface, packets sent from subinterfaces might have wrong source MAC address as the result of stale adjacencies. For example, ARP messages might be sent with the wrong (previous) MAC address and address resolution will fail. With this fix, when address change callbacks are executed for an interface, they will be also executed for its subinterfaces. And adjacencies will be able to update accordingly. Type: fix Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12session: fix duplicate rx eventsFlorin Coras1-10/+0
Be less aggressive with rx events on connect/accept notification. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
2023-10-12session: ignore connecting half_open session in session_tx_fifo_dequeue_internalSteven Luong1-1/+3
s->tx_fifo is 0 for the connecting half open session. Type: fix Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb Signed-off-by: Steven Luong <sluong@cisco.com>
2023-10-11session: ignore app rx ntf if transport closedFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id56a101a6350903b00f7c96705fb86039e70e12c
2023-10-11session: fix tx deq ntf assert for clFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I97a04ed0417f1a3433665f6aa1a9424138fd54cb
2023-10-10session: maintain old state on premature closeFlorin Coras1-7/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2ea821e0499a3874c4579f5480ea86f30ebe615f
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-07session: propagate delayed rx evts after connect/acceptFlorin Coras1-5/+20
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4a2e8f864df7269ec5a3c4fd4d8785a67b687d58
2023-10-07session: handle accept and connect errorsFlorin Coras2-6/+29
If builtin apps refuse connections, they should be cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
2023-10-03session: make port range configurableNathan Skrzypczak3-1/+16
Type: feature This patch makes the port range used by the transport layer configurable in the manner of sysctl's ip_local_port_range. Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-10-01flow dpdk avf: add support for using l2tpv3 as RSS typeXinyao Cai1-0/+1
This patch adds support for using l2tpv3 as RSS type Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
2023-10-01fib: Crash when specify a big prefix length from CLI.Gavril Florian4-1/+33
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
2023-09-26tls: init connection for prealloced app sessionsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd62dc110e3a73b24372f3a5162f8008b7edee9f
2023-09-26fib: fix mpls label dpo drop protoVladislav Grishenko1-2/+2
Next drop node should be related to payload protocol. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
2023-09-25fib: fix mpls label dpo packets prefetchingVladislav Grishenko1-16/+16
Four packets are batched after 696e88da9799056036f329676213f3c0c0a1db9c, so prefetch is required for the next 4-7 packets, not for 2-5. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
2023-09-24fib: Don't use an address from an attached prefix when sending ARP requests.Neale Ranns2-4/+12
Change-Id: I4c3144794dd0bd7de6150929e53f6d305c496b17 Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7b0c2c2dec5e867970599b8f2f2da17f2ff0b17c
2023-09-23udp: fix udp encap tracingDmitry Valter1-2/+2
Correct trace functions correspond with the encap type rather than with the payload type. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Iea1eb08a2ce9d147984ef604c7a39c62c7330e80
2023-09-22tls: ignore tx events for not fully established sessionsFlorin Coras1-6/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401a116a1a46c0dc5d591115de5ff0eef2f6440b
2023-09-13sr: mark sr_policies_v2_details message as productionAndrew Yourtchenko1-1/+0
As per discussion on the VPP community call, since the message is used in CSIT tests and did not see the changes in a while, mark as production for the purposes of change process. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4a79aafb1a9f37ac87faea7abea28cf01d1ffb4c
2023-09-13flow: mark API as productionAndrew Yourtchenko1-1/+1
As per discussion on the VPP call - since the APIs are used in CSIT tests, mark them as production from the change process perspective. Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I9164073425384e8aa281445a2852fee49b777e2f
2023-09-13build: fix clang-16 buildDamjan Marion1-1/+3
Change-Id: I882bef6f45fd276587fb93944ff4e21dc57dbca2 Type: fix Fixes: 1c82cd4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-09-12ipsec: improve fast path policy searching performanceXiaoming Jiang2-35/+59
Type: improvement Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib8bb300f5b62648f6b634046415742bdf5365982
2023-09-12crypto: allow changing dispatch modeVratko Polak4-2/+51
This change aims to affect crypto_sw_scheduler behavior, but all the edits end up in vnet/crypto. Previous release CSIT tests were testing async crypto in polling mode. After 9a9604b09f15691d7c4ddf29afd99a31e7e31eed introduced adaptive mode for crypto dispatch, the CSIT performance got way worse. Possibly, there is another VPP bug related to adaptive mode (it should not lose as many packets as seen in CSIT), but the next release is too close for trying to fix that. This change (instead of fixing adaptive mode) allows CSIT to continue testing polling mode (after explicit API call), while keeping the adaptive mode as default behavior. The deprecated crypto_set_async_dispatch always disable adaptive mode, crypto_set_async_dispatch_v2 has parameter to enable or disable it. The mode parameter is still used for the inital state of adaptive mode. Type: feature Change-Id: Ib98080eefb4be291207af543884f2c3837f92f59 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-09-07session: make sure rx evt flag is cleared for builtin rxFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I99631b1be6e19f0cefd1cefa82a51e6f8e9be2ac
2023-09-07ipsec: clear L4-cksum flags when decap'ing packetsFrédéric Perrin2-1/+5
Type: fix Signed-off-by: Frédéric Perrin <fred@fperrin.net> Change-Id: I45191b7316c88038bcd57d62aeb07bb109cf4a4d
2023-09-06virtio: add support for tx-queue-sizeMohsin Kazmi5-10/+27
Type: improvement DBGvpp# set loggin class virtio level debug DBGvpp# create int virtio 0000:00:03.0 tx-queue-size 1024 show virtio pci ``` Virtqueue (TX) 1 qsz 1024, last_used_idx 0, desc_next 0, desc_in_use 0 avail.flags 0x1 avail.idx 0 used.flags 0x0 used.idx 0 ``` show logging ``` 2022/07/22 23:20:22:557 debug virtio 0000:00:03.0: tx-queue: number 1, default-size 256 2022/07/22 23:20:22:557 debug virtio 0000:00:03.0: tx-queue: number 1, new size 1024 ``` Change-Id: Ib1a3ebe742b3a6c9fe72bd1c5accfe07682cbdd1 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2023-09-06ip: punt add punt socket support for icmp6Ole Troan3-31/+77
Punt support for ICMP6 messages allows for an external IPv6 RA advertisement agent. Type: feature Change-Id: I0cc928b747ac1f8335ee9f7c42a3231424825dbc Signed-off-by: Ole Troan <otroan@employees.org>
2023-09-06api: fix mp-safe mark for some messages and add moreVladislav Grishenko2-10/+15
Several api messages were not mp-safe although marked as such because non-zero base id was not taken into account, and therefore some other (from zero base id) were falsely mp-safe instead. Keep messages as mp-safe, as they falsely were before: 10 get_first_msg_id 0 1 12 api_versions 0 1 Messages that are no longer mp-safe as they weren't marked: 15 sockclnt_create 0 1 33 proxy_arp_intfc_dump 0 1 Fix messages to be really mp-safe: 809 bridge_domain_dump 0 1 920 ip_route_add_del 0 1 921 ip_route_add_del_v2 0 1 1362 get_node_graph 0 1 1671 create_vhost_user_if 0 1 1675 create_vhost_user_if_v2 0 1 Additionally mark messages as mp-safe, seems they need no barrier: 1360 show_threads 0 1 1370 show_version 0 1 1372 show_vpe_system_time 0 1 Type: fix Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-09-04udp: buffer packets for connections in accepting stateFlorin Coras1-1/+2
Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6e313000bccce749b813f20a52432154bfd494ed
2023-09-04session: fix allocation of proxy fifosFlorin Coras5-1/+7
Fifos need to be synchronously allocated once a transport like tcp accepts a session. Since events are now delivered asynchronously, proxy apps must explicitly register a cb function that manages fifo allocation prior to being notified of connect event. Type: fix Fixes: 0242d30 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
2023-08-31session: fix compilation when SESSION_DEBUG is onFlorin Coras1-3/+7
Wrap SESSION_EVT in do loop to avoid complaints about if statement having no arguments which can happen if debugging for groups is not enabled. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I35af179b806ed47a1e20816a19291c31fdb7566a
2023-08-29mpls: add mpls_interface_dumpPim van Pelt2-0/+68
Add an API call mpls_interface_dump() which returns a list of mpls_interface_details: - If no sw_if_index is given, all MPLS enabled sw_if_index are returned. - If a particular sw_if_index is given, and it doesn't exist, an empty list is returned. - If a sw_if_index exists and has MPLS enabled, a list of that one sw_if_index is returned. Tested: - Create 3 loopback interfaces - Call for ~0 and for sw_if_index 0..5 all return empty lists - set int mpls loop0 enable - set int mpls loop1 enable - Call for ~0 returns 2, and the call for sw_if_index=1 and =2 (the loopbacks) returns each a list of one sw_if_index 1 resp 2, the other values of sw_if_index return empty list - set int mpls loop0 disable - Call for ~0 returns 1, and the call for sw_if_index=2 (loop1) returns both a list of one sw_if_index=2, the other values of sw_if_index return empty list - set int mpls loop1 disable - Call for ~0 and for sw_if_index 0..5 all return empty lists Example Python3 API program: ``` api_response = vpp.api.mpls_interface_dump() print(f"Response is {api_response}") for i in [ 0, 1, 2, 3, 4, 5 ]: api_response = vpp.api.mpls_interface_dump(sw_if_index=i) print(f"Response[{i}] = {api_response}") ``` Type: improvement Change-Id: If87f7d7f8972d99260e859757dbcb251c6fa54a8 Signed-off-by: Pim van Pelt <pim@ipng.nl>
2023-08-22l2: fix prefetchVratko Polak1-5/+5
This is a clone of Gerrit 35419. (It is abandoned and I am not the owner so I cannot reopen.) Ticket: CSIT-1816 Type: fix Fixes: 5e0ea09d96010e99a7ce0d2f3370f0de50c46c83 Change-Id: I2265cf38a9ce3155460a1025821c2749afca0add Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2023-08-21sr: SRv6 Path Tracing midpoint processing performance improvementJulian Klaiber1-2/+4
Moved the kernel call for the timestamp outside of the inner loop to improve the batch proccessing, and minimizing the kernel calls. Type: improvement Change-Id: I0245c223fc8a178724bb8c5df2b98083be046c26 Signed-off-by: Julian Klaiber <julian@klaiber.me>