summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-07-29ipsec: move startup config to common fileZachary Leaf3-51/+55
The ipsec startup.conf config currently exists in ipsec_tun.c. This is because currently the only ipsec{...} options are tunnel related. This patch moves the ipsec config to a common file (ipsec.c) for future extensibility/addition of non-tunnel related config options. Type: refactor Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
2021-07-28gre: set proper fib index for unnumbered interfaces, unset fib index before ↵Stanislav Zaikin5-7/+67
forwarding gre payload This commit introduces 2 fixes: 1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel. But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it. In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid. 2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one. Also, fix for the pipe test include setting the right unnumbered interface for the pipes Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
2021-07-27udp: add option to disable icmp unreachablesFlorin Coras3-82/+49
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90c2a191ab34a2a7df3fb0a951e5fc78f40ccfe2
2021-07-24session: avoid vpp deadlock due to app crashliuyacan1-0/+6
In high traffic scenarios, if app crashed or hang on somewhere, app_mq will quickly accumulate to full, after which vpp worker will try 100 times before giving up allocating slot for every msg. This will cause vpp main thread barrier sync to fail. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
2021-07-23session vcl: support abstract sockets for app nsFlorin Coras4-16/+132
App namespaces can now be associated to a linux ip netns, e.g.: app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns> If session layer's app sock api is enabled, this triggers the creation of an abstract listening socket in the netns that has been configured. For the example above that would be @vpp/session/<ns_id>. Consequently, vcl, or other apps attaching to vpp, can connect to said abstract socket from an ip netns without the need to share unix domain socket files. In particular, for vcl it's enough to set app-socket-api to @vpp/session/<ns_id> in the conf file. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-07-22session vcl: explit mq indices in ctrl messagesFlorin Coras2-3/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8e80252b85dda9a8f5699109264dc1b913581442
2021-07-22vppinfra: add abstract socket & netns fnsNathan Skrzypczak1-32/+14
* Add clib_socket_init support for abstract sockets if name starts with an '@' * Add clib_socket_init_netns to open socket in netns * Add clib_netns_open Type: feature Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-22interface: Byte swap the duplex value in interface detailsNeale Ranns1-2/+2
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d9473a7b5ab0fbd460e80df36368dd43c5e4fee
2021-07-21session: fix unlisten rpc barrier releaseFlorin Coras1-4/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9301fbbcd611033b4b6ad5313edbc66840f5bb3a
2021-07-19session: option to use memfd segs for builtin appsFlorin Coras2-41/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecb171c9451c0fa9a7c6ae4b3e9ab7774a4fe585
2021-07-16vlib: add tunnel offload flags for vlib_buffer_tMohsin Kazmi2-3/+18
Type: improvement Change-Id: Iaad50b2044702c46eff287708dfcb24e61022104 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16ip6-nd: refactor neighbour advertisement codeMohsin Kazmi2-61/+104
Type: refactor Refactor neighbour advertisement code into inline function to be used solely in feature nodes. Change-Id: I1e84c54f9807b4e3d90c37526c78a7afcb0ba087 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-15ip-neighbor: GARP sent to bogus ip addressSteven Luong1-2/+2
The function ip4_neighbor_advertise may be called with NULL addr. In that case, it looks up addr from fib by calling fib_sas4_get which returns true or false to indicate whether there is an ip address associated with the interface or not. But the caller to fib_sas4_get does not check the return code and blindly assumes there is always an ip address associated with the interface. As a result, it ends up sending GARP to the bogus ip address if there is no ip address associated with the interface. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion36-140/+142
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14ip: fix check_adj_port_range_x1Damjan Marion1-2/+2
Type: fix Change-Id: I776bf797e07bb3cfd0510a4c09d8182edfa193bd Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14classify: cheaper way to check if all elements are zeroDamjan Marion1-1/+1
Type: improvement Change-Id: I5f4517c65c37c5d73fcd608dc29dfb1d25d4cd8d Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14ip: improve check_adj_port_range_x1Damjan Marion1-35/+5
Type: improvement Change-Id: I8337f81fdcd196fcb0e61f8129fec322e9a1e8f1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13vppinfra: put each vector function into own fileDamjan Marion1-1/+2
Type: refactor Change-Id: I2dd9a18497992ac7e2686c14f5d17eccccda0cda Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13misc: remove vnet_all_api_h and vnet_msg_enumFilip Tehlar8-128/+0
These file are no longer needed Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I34f8e0b7e17d9e8c06dcd6c5ffe51aa273cdec07
2021-07-13fib: Set the GLEAN flag on attached export routes so that the SAS worksNeale Ranns4-38/+63
correctly. Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4bc2eb394a8f9d01c5a12de2ce963c22209d5439
2021-07-13tcp session: next node config on connectsFlorin Coras2-3/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ief06b1509d31b55efc8d1436b6ff9e01c6037a32
2021-07-13misc: fix init order to avoid startup warningsBin Zhou (bzhou2)2-19/+6
Put plugin init order inside plugin instead of in vnet Type: improvement Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com> Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
2021-07-12session: api cleanupFilip Tehlar3-75/+34
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iacc58d27ac51c8a1c571087f98297e046b3477c2
2021-07-08session: allow listen in any fib if default namespaceFlorin Coras3-3/+12
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If0712f01bdd6f2fc892bcbe4e2cee28affd02520
2021-07-08interface: unable to to assign tx queue to last worker threadSteven Luong1-4/+3
Using the cli "set interface tx-queue", it is not possible to assign tx queue to the last worker thread. The reason is that vdm->first_worker_thread_index is 1. Adding that to clib_bitmap_last_set (bitmap) exceeds vdm->last_worker_thread_index when the CLI specifies the last worker thread. Also make the threads argument optional to enable user to unbind a queue from any thread. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I796259c20f571289c8f5a97b9418caf452d0ab3d
2021-07-08tap: Set the MTU on the TUN deivceNeale Ranns1-0/+13
Type: fix For a TAP device the MTU is set via the ethernet_register for TUN we need to do it explicitly (like we do for other tunnel types). Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie6a13c795acb35b53f8d99b05c70c3e73a7b428e
2021-07-06tcp: use tcp output for half open connectionsFlorin Coras1-39/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I05be39671a9ed0688d4e006f0f9354aa6560a41b
2021-07-06tcp: use main thread pool for half-opensFlorin Coras5-146/+29
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4b3427b966f9ff1ba8895fed7db662d56650f3f5
2021-07-02ipsec: ADD/update IPSec documentationNeale Ranns1-0/+199
Type: docs Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ica576e13953a3c720a7c093af649d1dd380cc2c0
2021-07-02interface: api cleanupFilip Tehlar2-43/+17
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I189bfcca2d5fa1f37d05a72c92d04bf260343043
2021-07-02sr: do not use vnet_all_api.hFilip Tehlar2-34/+33
.. as it is going to be removed. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id3a4a4ea1e1b7361d43735bfa5470c28fc65209f
2021-07-02misc: Don't IPv[46] enable local0, it doesn't receive packets.Neale Ranns1-5/+0
Type: improvement local0 exists just to burn sw_if_index=0 so we catch common API errors. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2901bb7d36d4c512e6698134a807bf9516ee05db
2021-07-01ip: api cleanupFilip Tehlar3-98/+21
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4b6d881571c158b7a69a78b9680732d090c4f8b5
2021-06-30ipsec: Derive the TUNNEL_V6 flag from the configured address typesNeale Ranns2-1/+8
Type: improvement There's no need for the user to set the TUNNEL_V6 flag, it can be derived from the tunnel's address type. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I073073dc970b8a3f2b2645bc697fc00db1adbb47
2021-06-29session: free ctrl event data on connect rpcFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I56c4682aef59ed0e69073f9001341c425e65bd48
2021-06-29ipsec: Fix setting the hi-sequence number for decryptNeale Ranns7-135/+229
Type: fix two problems; 1 - just because anti-reply is not enabled doesn't mean the high sequence number should not be used. - fix, there needs to be some means to detect a wrapped packet, so we use a window size of 2^30. 2 - The SA object was used as a scratch pad for the high-sequence number used during decryption. That means that once the batch has been processed the high-sequence number used is lost. This means it is not possible to distinguish this case: if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) { ... if (post_decrypt) { if (hi_seq_used == sa->seq_hi) /* the high sequence number used to succesfully decrypt this * packet is the same as the last-sequnence number of the SA. * that means this packet did not cause a wrap. * this packet is thus out of window and should be dropped */ return 1; else /* The packet decrypted with a different high sequence number * to the SA, that means it is the wrap packet and should be * accepted */ return 0; } - fix: don't use the SA as a scratch pad, use the 'packet_data' - the same place that is used as the scratch pad for the low sequence number. other consequences: - An SA doesn't have seq and last_seq, it has only seq; the sequence numnber of the last packet tx'd or rx'd. - there's 64bits of space available on the SA's first cache line. move the AES CTR mode IV there. - test the ESN/AR combinations to catch the bugs this fixes. This doubles the amount of tests, but without AR on they only run for 2 seconds. In the AR tests, the time taken to wait for packets that won't arrive is dropped from 1 to 0.2 seconds thus reducing the runtime of these tests from 10-15 to about 5 sceonds. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iaac78905289a272dc01930d70decd8109cf5e7a5
2021-06-29tcp: add ACK flag to RST packetliuyacan1-1/+1
According to RFC 793, the ACK control bit is always sent once the connection is established. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: Id0fe19114a0cc468dbce4c0938b345c2ac339e73
2021-06-29ipsec: increment SPD policy counters for bypass and discard actions in ↵Zachary Leaf1-0/+20
ipsec4_input_node ipsec_spd_policy_counters are incremented only for matched inbound PROTECT actions (:273 and :370). BYPASS + DISCARD actions also have SPD policy counters that should be incremented on match. This fix increments the counters for inbound BYPASS and DISCARD actions. Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iac3c6d344be25ba5326e1ed45115ca299dee5f49
2021-06-28ipsec: Split the SA add_del API into an separate add and delNeale Ranns2-36/+98
Type: improvement the rationale being that the del only requires the SA's ID, so it's a bit mean to require the client to fill out all the other information as well. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibbc20405e74d6a0e1a3797465ead5271f15888e4
2021-06-24session: fix session formated str output truncated in cliXiaoming Jiang2-12/+16
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I2c2b739a5aa246bbf53d6663efd403c3aee9dddd
2021-06-24l2: api cleanupFilip Tehlar4-93/+19
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7b84767e75d5f8310ec071036a5780fa4530f79f
2021-06-23virtio: api cleanupFilip Tehlar3-50/+13
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I4f9316b16f16a48e2042aa17db596bfd181bd314
2021-06-23mpls: api cleanupFilip Tehlar3-59/+10
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I148022278a792b3687402b6915fe6fb513858a2a
2021-06-23span: api cleanupFilip Tehlar3-59/+16
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I7ec4bbb21a079c6f6adfb4f954054b2b07bf19c5
2021-06-22syslog: api cleanupFilip Tehlar3-47/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0971f12b7b82d5134d06ed0539d41624429c992b
2021-06-22tcp: api cleanupFilip Tehlar3-44/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3c06e9cb3fabdcdce9c17e93cfedfd771295f589
2021-06-22session: avoid reordering unlisten and connect msgFlorin Coras1-6/+33
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe32f7965f8cf457c39845713b029c8a4647ee55
2021-06-22virtio: api cleanupFilip Tehlar2-55/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I047310b8c9fcc51dcfb187710ff59b7895abe217
2021-06-22misc: punt: api cleanupFilip Tehlar3-49/+9
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I13dae61ddb7150c7fe9a7fd0eae73055ff3f2816
2021-06-22devices: af_packet api cleanupFilip Tehlar2-54/+8
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic7979755494a2fd23b9fa3d74e14f6b9ea0a46d0