summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-06-23ipsec: manually binding an SA to a workerMaxime Peim6-6/+272
An SA is normally bound to the first thread using it. However, one could want to manually bind an SA to a specific worker. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
2023-06-23fib: walk over adj glean per tableStanislav Zaikin1-24/+33
Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: I07f54bb643c24b1839a2d0e93acc593d13a43fed
2023-06-22tcp: add simple stats collectorFlorin Coras2-0/+51
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I435ff10fa3af15b0bed83607aca508a1c087a159
2023-06-22tcp: options support into pgMaxime Peim2-58/+210
Packet-generator does not support TCP options. Along with its support, a formatting function has been added. Further work will be needed to update header formatting functions to take into account TCP connection options. For now, TCP options are taken on a per-packet basis. Type: improvement Change-Id: Id800887853c4941d893be353ce6d8624ed8bbc5d Signed-off-by: Maxime Peim <mpeim@cisco.com>
2023-06-21session: mark half-open transport closed on ntfFlorin Coras1-3/+3
Make sure half-open sessions are marked as transport closed once connected notification is provided. This ensures that if they've been scheduled for tx, the event is ignored. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
2023-06-13vppapigen: fix crash with autoendian arraysDave Wallace1-2/+1
Type: fix Ticket: VPP-2078 Change-Id: I418269632bdfc823c5f0ba7652957277276d294d Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-06-08tcp: cleanup next nodes and drop logicFlorin Coras2-136/+60
TCP nodes consume the buffers so they have no nexts. To avoid long drop path through vlib graph, add drop node. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
2023-06-08crypto: use fixed crypto frame poolgaoginskx5-8/+42
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason). This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
2023-06-05udp: improve port validity checkBenoît Ganne2-13/+14
- do not allocate port sparse vector when only checking if a port is already in use - do not display port that have been unregistered by default Type: improvement Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-06-02session: cleanup cless listeners from session lookupFlorin Coras1-1/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I46b8194ff00c6a0a4a2bc19df9991f037856cede
2023-06-01crypto: make crypto-dispatch node working in adaptive modeXiaoming Jiang9-216/+30
This patch can make crypto dispatch node adaptively switching between pooling and interrupt mode, and improve vpp overall performance. Type: improvement Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
2023-05-31fib: fix memory leak in fib_attached_export_purgeStanislav Zaikin1-0/+1
Type: fix Change-Id: I879594fcade4e081190e8dfb1dbcfc53e8431edf Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-05-30virtio: fix the packet buffering initialization orderMohsin Kazmi2-11/+21
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Idada695432d2bfac8808f35f1e8cd16f84d963c6
2023-05-29ipsec: fix ipsec_set_next_index set with wrong sa index when async frame ↵Xiaoming Jiang3-27/+39
commit failed Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib4c61906a9cbb3eea1214394d164ecffb38fd36d
2023-05-26tls: fix memory leak when client/server init errorXiaoming Jiang1-2/+18
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I484f3759b6c27052e08741398ec389729285f035
2023-05-25udp: fix local port reuse checkFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I323946f7838507110c663f5a904399a74fc76691
2023-05-24hash: add hash documentationMohsin Kazmi1-0/+90
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I36764aa3c0e9657d228413aeafa0a54bbd755e49
2023-05-22teib: fix nh-table-idStanislav Zaikin1-41/+38
Peer fib index and nh fib index should be different when nh-table-id is specified. Type: fix Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-05-21mpls: implement state change callbacksAdrian Pistol2-5/+37
There was already a basic type defined, but nothing more. This implements callbacks similar to ip4_enable_disable_interface_callback_t. Type: feature Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d Signed-off-by: Adrian Pistol <vifino@posteo.net>
2023-05-21ip-neighbor: fix aged neighbor probeSergio Gonzalez Monroy1-2/+2
The order of the parameters when calling the ip_neighbor_probe_dst for an aged neighbor is wrong and given that it runs on the master thread, probes for IPv6 neighbors were never sent, leading to a certain neighbor strike out and death and its removal from the neighbor cache. Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360 Type: fix Fixes: fd2417b2a42 Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
2023-05-19fib: fix load-balance and replicate dpos buckets overflowBenoît Ganne4-9/+53
load-balance and replicate dpos both store their number of buckets as u16, which can overflow if too many paths are configured. For load-balance it can happens quite quickly because of weights normalization. Type: fix Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-05-19interface: add the transmit queue infrastructure documentMohsin Kazmi1-0/+159
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I57f27f8ec4be7f3d8dc3d13ff4ea6b1b21c3cf6b
2023-05-16ip_session_redirect: add session redirect pluginBenoît Ganne2-2/+4
This feature enables the use of the classifier and ip-in-out-acl nodes to redirect matching sessions via arbitrary fib paths instead of relying on additional VRFs. Type: feature Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-05-16ethernet: fix adding p2p ethernet crashXiaoming Jiang1-5/+6
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib0ca3379439d6ee23e696f8f0840e6ddf42430b8
2023-05-16flow: fix wrong to use ntohl function to u64 type variableYulong Pei1-1/+1
This caused that failed to create flow rule with rss types. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I77696286a32804cbe884075cb027eec19eb5c7cb Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2023-05-15udp: improvements to connection format fnFlorin Coras1-3/+6
Print fib-index, next node index and opaque. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
2023-05-15ip: allow overriding fib index in reassFlorin Coras2-6/+10
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic28da52b9c8286f71e472ef6c3afc23d464f85b0
2023-05-12gre: move to a pluginChuhao Tang10-3222/+0
Move GRE folder under vnet to the plugin folder, and modify some of path of the #inlude<header> to the new path. Add a plugin.c file to register a plugin. JIRA: VPP-2044 Type: improvement Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5 Signed-off-by: Chuhao Tang <nicotang@cisco.com>
2023-05-04session: cleanup ho lookup table on closeFlorin Coras2-6/+39
Make sure half-open table is cleaned up on close and cleanup of half-open. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak5-59/+134
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-04-26ip: change icmp4 throttleOle Troan1-1/+1
traceroute sends 3 packets rapidly that triggers and depends on ICMP error generation. The current ICMP4 throttle setting at 1-e3 throttles the last ICMP error and makes traceroute sit in a timeout. Type: fix Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2 Signed-off-by: Ole Troan <otroan@employees.org>
2023-04-25api: Mark old message versions as deprecatedOndrej Fabry1-0/+4
This change is part of VPP API cleanup initiative. Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
2023-04-21tcp: remove unused codeFilip Tehlar2-7/+0
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib188f3331696dff6357a18f5bac5f1db3cefaeab
2023-04-20tcp: fix tcp packet traceFilip Tehlar1-38/+59
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id4ca9a749a343c55b24f6eb4b5eb0909a57e0c23
2023-04-19session: fix app_listener memory leak if session listen failedXiaoming Jiang1-0/+2
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Iaa3ad87d56163396476bcaaa34e52948b9032f4e
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-1/+2
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-04-12misc: change of addressMohsin Kazmi4-4/+4
Type: style Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
2023-04-04session: fix ct connect session flush assertFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka8-14/+98
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-30session: async flush of pending connects to workersFlorin Coras1-32/+109
Since connects can be done without a worker barrier, first worker should flush connects to destination workers only after session layer has a chance to fully initialize the half-open session. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
2023-03-24api: Remove deprecated message from APIOndrej Fabry3-57/+0
Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
2023-03-24udp: fix udp_local length errors accountingVladislav Grishenko1-31/+64
In case of UDP length errors in udp_local node, these errors are being lost and incomplete header may be advanced by wrong offset. Fix it with only full packets processing and explicit error set otherwise. Also, optimize two buffer loop perfomance into fast path with both buffers are ok and slow path with one or none. Type: fix Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-03-24session: fix session node switching to interrupt mode failded if no user eventsXiaoming Jiang1-2/+2
wrk->event_elts has 5 elements if no user events Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
2023-03-23session: fix formatting of half open sessionsFlorin Coras1-2/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
2023-03-23ipsec: make pre-shared keys harder to misuseBenoît Ganne8-137/+122
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2 instead, but one does not always have the choice. For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C) whereas for AES-CTR or AES-GCM, the IV should never be reused with the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d section 8). If one uses pre-shared keys and VPP is restarted, the IV counter restarts at 0 and the same IVs are generated with the same pre-shared keys materials. To fix those issues we follow the recommendation from NIST SP800-38a and NIST SP800-38d: - we use a PRNG (not cryptographically secured) to generate IVs to avoid generating the same IV sequence between VPP restarts. The PRNG is chosen so that there is a low chance of generating the same sequence - for AES-CBC, the generated IV is encrypted as part of the message. This makes the (predictable) PRNG-generated IV unpredictable as it is encrypted with the secret key - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine Most of the changes in this patch are caused by the need to shoehorn an additional state of 2 u64 for the PRNG in the 1st cacheline of the SA object. Type: improvement Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor11-115/+337
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-03-23vnet: throttling configuration improvementMaxime Peim6-18/+14
To allow a more flexible throttling configuration, the number of bits used in the throttling bitmap can be chosen. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
2023-03-22session: add session statsFilip Tehlar5-13/+99
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
2023-03-20ipsec: set fast path 5tuple ip addresses based on sa traffic selector valuesPiotr Bronowski1-4/+35
Previously, even if sa defined traffic selectors esp packet src and dst have been used for fast path inbound spd matching. This patch provides a fix for that issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
2023-03-18vppinfra: fix corner-cases in bihash lookupDave Barach1-1/+1
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL table, the code would sporadically return a transitional value (junk) from a half-deleted kvp. At most, 64-bits worth of the kvp will be written atomically, so using memset(...) to smear 0xFF's across a kvp to free it left a lot to be desired. Performance impact: very mild positive, thanks to FC for doing a multi-thread host stack perf/scale test. Added an ASSERT to catch attempts to add a (key,value) pair which contains the magic "free kvp" value. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065