summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-11-20session: add session lookup cli for statsFlorin Coras3-0/+142
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I96bff47206ef64ea7369ae92e1b9ff1f74dfd71b
2023-11-17session: always clear rx evt flag on ntfFlorin Coras1-3/+5
Apps may drain fifos prior to handling of accept notification, e.g., vcl session relying on epoll lt mode. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7d105d35a6bf33c419f4f137a5132e6a5d294fe7
2023-11-17ipsec: keep esp encrypt pointer and index syncedMatthew Smith1-1/+1
Type: fix In esp_encrypt_inline(), an index and pointer to the last processed SA are stored. If the next packet uses the same SA, we defer on updating counters until a different SA is encountered. The pointer was being retrieved, then the SA was checked to see if the packet should be dropped due to no crypto/integ algs, then the index was updated. If the check failed, we would skip further processing and now the pointer refers to a different SA than the index. When you have a batch of packets that are encrypted using an SA followed by a packet which is dropped for no algs and then more packets to be encrypted using the original SA, the packets that arrive after the one that was dropped end up being processed using a pointer that refers to the wrong SA data. This can result in a segv. Update the current_sa_index at the same time that the sa0 pointer is updated. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I65f1511a37475b4f737f5e1b51749c0a30e88806
2023-11-16dev: startup.conf handling improvementsDamjan Marion1-11/+20
Type: improvement Change-Id: I74fb01061b4949d68ec39d0b7d08e6df8dc44b98 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-16dev: device and port specific argsDamjan Marion11-7/+404
Type: improvement Change-Id: I26124a50d8e05d6f01a2e6dbc4bc8183fb5a09c4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-13dev: add change_max_rx_frame_size capabilityDamjan Marion7-26/+50
Type: improvement Change-Id: I922e216818b78f2fe7689c21a1d27d74a0ae28b8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-10tls: fix forced ho cleanupFlorin Coras1-3/+13
Do not force cleanup of tcp half-open connection if tcp's cleanup notification to tls is pending. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
2023-11-09tls: fix handling of client and server init errorsFlorin Coras1-11/+9
- notify app on failed connect - avoid cleanup of ctx before transport cleanup to be able to handle pending rx notifications. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
2023-11-09ipsec: IPsec fix constant propagationMaxime Peim1-2/+3
In some anti-replay, some functions weren't using the boolean telling if the window was huge or not. Hence, limiting the constant propagation at compilation. Type: fix Change-Id: Ie5f2dda38339bb32113c6f7b2b82c82135fc92a8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-11-08tls: avoid reads after tcp transport removedFlorin Coras1-4/+18
Make sure underlying transport connection is not removed on rescheduled read event. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
2023-11-08dev: remove unused codeDamjan Marion3-37/+0
Change-Id: If380e4ab6ca30243137fd31fbe51845c0414721a Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-08dev: interrupt mode supportDamjan Marion10-154/+306
Type: improvement Change-Id: I4a0578598182339bcf76e6b01da76b590a06f773 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-07misc: silence -Wmaybe-uninitialized warningsJieqiang Wang2-2/+2
GCC 12 complains about such errors while the code itself looks good. Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I021719fdbf7d9bd93a12eac76aeac8cbca13a810
2023-11-06ipsec: delete redundant codeDengfeng Liu1-4/+0
Type: fix Change-Id: I0de1c51455b0d3958c75ab5626a318ac656adbe7 Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2023-11-04bonding: add checks for sw_if_index in apiStanislav Zaikin1-0/+12
Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I16b48460b3fcd82bbb89c375402cb2455414d8bb
2023-11-03vppinfra: refactor interrupt codeDamjan Marion2-7/+4
Type: improvement Change-Id: Ie6987736faf7d8a641762e276775da8ee0c03ea4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-03dev: strip debig log function name prefix during compilationDamjan Marion3-8/+4
Type: improvement Change-Id: I9b9bb37a0895366b412f042b0e2da5bbdd477325 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-02tcp: fix reset w pktFlorin Coras1-24/+3
Do not add ip header as that's added by tcp output and fix checksum. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9439acf5c66184af0350b1d4d7406b3feb2e79a1
2023-11-02dev: new device driver infraDamjan Marion29-1/+5387
Type: feature Change-Id: I20c56e0d3103624407f18365c2bc1273dea5c199 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-11-01tcp: remove redundant ack checksFlorin Coras1-18/+0
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4001f39afde8c33b60c15f74034bcce013fbbf70
2023-11-01tcp: allow ooo data in syn-rcvdFlorin Coras1-9/+0
As long as ack and segment are legitimate accept ooo data as we transition to established. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I85cdc65d70cb8ae689a9ce9bbe4f86228b1ac533
2023-11-01tcp: postpone cleanup on connect failuresFlorin Coras1-2/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I231b319d4d7aa3e17cc8cfe8aaa4762995a5b2c4
2023-10-31ipsec: separate UDP and UDP-encapsulated ESP packet processingvinay tripathi1-8/+33
This fix differentiates UDP and UDP-encapsulated ESP packets processing. While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as other plain-text protocols is NOT dispatched against SPD policies. Key logic is taken from RFC 3948, and is based on the fact that the checksum of UDP packet encapsulating ESP packet must be zero. Type: fix Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com> Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
2023-10-31ipsec: move udp/esp packet processing in the inline function ↵vinay tripathi1-174/+181
ipsec_esp_packet_process This inline function is introduced to simplify code readability and allows to splitting of UDP and ESP processing in the next step. Type: improvement Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
2023-10-30ipsec: huge anti-replay window supportMaxime Peim10-168/+680
Type: improvement Since RFC4303 does not specify the anti-replay window size, VPP should support multiple window size. It is done through a clib_bitmap. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
2023-10-27session: fix bind replies with errorsFlorin Coras1-1/+1
Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icdff3528fcaf863b400b9aca6c30d284bc17d5f0
2023-10-26devices: remove unused codeDamjan Marion2-19/+0
Type: improvement Change-Id: I2427e1a93e89e9a7ac884b84352b96cf523ae11e Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-25fib: only update glean for interface if necessaryMatthew Smith2-8/+81
Type: improvement If an interface address is added, the glean adjacency for it's covering prefix is updated with that address. In the case of multiple addresses within the same prefix being added, the most recently added one will end up being used as the sender protocol address for ARP requests. Similar behavior occurs when an interface address is deleted. The glean adjacency is updated to some appropriate entry under it's covering prefix. If there were multiple interface addresses configured, we may update the address on the adjacency even though the address currently in use is not the one being deleted. Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag identifies whether a source interface entry is being used as the address for the glean adjacency for the covering prefix. Update logic so that the glean is only updated on adding an interface address if there is not already a sibling entry in use which has the flag set. Also, only update the glean on deleting an interface address if the address being deleted has the flag set. Also update unit test which validates expected behavior in the case where multiple addresses within a prefix are configured on an interface. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
2023-10-24crypto: fix algo selectionDmitry Valter1-1/+4
Check if crypto ops vector is matching actual ops instead if blindly dereferencing it. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: Ib88ab44137d9360ee96228e72349a62b2fa7a7e0
2023-10-16tcp: initialize connection index on rst w packetFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie01d7e8d6eddf3ba88f2cd6eb8369c8ec8179cb4
2023-10-16tcp: allow fins in syns in syn-rcvdFlorin Coras1-7/+11
Also make sure connection is properly cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02f83e9a1e17cbbbd2ee74044d02049b2fd2f21c
2023-10-16tcp: handle syn-ack in fin-wait-2 in rcv processFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If74e04498423bed42593e79ec92482421cfda8d2
2023-10-16ip-neighbor: do not use sas to determine NS source addressOle Troan1-2/+3
Using the source address selection algorithm to determine the best source of an NS for address resolution risks incompatible behavior. It may choose a source address that is off-link to the other host. Which may drop it. A safer approach is to always use the link-local address as the SA. It's recommended to pick a source that an application will later use, as VPP is mostly a router, that rarely applies. And regardlessly we have no mechanism to signal from an application that triggered address resolutiuon what source address it intends to use. Type: fix Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-16ip-neighbor: add ip neighbor flushOle Troan1-2/+11
Flushing the neighbor cache was only available through API. Add CLI command. Either flushes whole table (IP4,IP6) or all neighbors on specified interface. Type: improvement Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685 Signed-off-by: Ole Troan <otroan@employees.org>
2023-10-14feature: remove unused codeDamjan Marion5-136/+4
Type: improvement Change-Id: If775b1d145e462346de562a3c893f302e8c7b814 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-13ethernet: run callbacks for subifs too when mac changesAlexander Chernavin1-1/+10
When MAC address changes for an interface, address change callbacks are executed for it. In turn adjacencies register a callback for MAC address changes to be able to update their rewrite strings accordingly. Subinterfaces inherit MAC address from the parent interface. When MAC address of the parent interface changes, it also implies MAC address change for its subinterfaces. The problem is that this is currently not considered when address change callbacks are executed. After MAC address change on the parent interface, packets sent from subinterfaces might have wrong source MAC address as the result of stale adjacencies. For example, ARP messages might be sent with the wrong (previous) MAC address and address resolution will fail. With this fix, when address change callbacks are executed for an interface, they will be also executed for its subinterfaces. And adjacencies will be able to update accordingly. Type: fix Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2023-10-12session: fix duplicate rx eventsFlorin Coras1-10/+0
Be less aggressive with rx events on connect/accept notification. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
2023-10-12session: ignore connecting half_open session in session_tx_fifo_dequeue_internalSteven Luong1-1/+3
s->tx_fifo is 0 for the connecting half open session. Type: fix Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb Signed-off-by: Steven Luong <sluong@cisco.com>
2023-10-11session: ignore app rx ntf if transport closedFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id56a101a6350903b00f7c96705fb86039e70e12c
2023-10-11session: fix tx deq ntf assert for clFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I97a04ed0417f1a3433665f6aa1a9424138fd54cb
2023-10-10session: maintain old state on premature closeFlorin Coras1-7/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2ea821e0499a3874c4579f5480ea86f30ebe615f
2023-10-08tls: report error if connected cannot be initializedFlorin Coras1-4/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I987ac6b461b473836917bce6ce0d4ac109cc8ddb
2023-10-08tls: no read after app closeFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I34f8ee2e36d07e8e55e21561528fc6b73feb852f
2023-10-07session: propagate delayed rx evts after connect/acceptFlorin Coras1-5/+20
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4a2e8f864df7269ec5a3c4fd4d8785a67b687d58
2023-10-07session: handle accept and connect errorsFlorin Coras2-6/+29
If builtin apps refuse connections, they should be cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
2023-10-03session: make port range configurableNathan Skrzypczak3-1/+16
Type: feature This patch makes the port range used by the transport layer configurable in the manner of sysctl's ip_local_port_range. Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-10-02tls: limit openssl engine max read burstFlorin Coras1-1/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic7a8fd37d79fc9c09c8b1539d630f3b8983b8bb3
2023-10-02tls: fix formatting of half open connectionsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If96dc748a716a261edfcb1020210bd73058e382f
2023-10-01flow dpdk avf: add support for using l2tpv3 as RSS typeXinyao Cai1-0/+1
This patch adds support for using l2tpv3 as RSS type Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
2023-10-01fib: Crash when specify a big prefix length from CLI.Gavril Florian4-1/+33
The VPP is crashing when specify a very big prefix length, like ip route add 1.1.1.1/55 via 2.2.2.2 Type: fix Signed-off-by: Gavril Florian <gflorian@3nets.io> Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5