summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2022-01-25wireguard: add async mode for encryption packetsGabriel Oginski1-9/+10
Originally wireguard doesn't support async mode for encryption packets. This patch add async mode for encryption in wireguard and also adds support chacha20-poly1305 algorithm in cryptodev for async handler. In addition it contains new command line to activate async mode for wireguard: set wireguard async mode on|off and also add new command to check active mode for wireguard: show wireguard mode Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6 (cherry picked from commit 492d7790ff26c569bee81617c662363652891140)
2022-01-18misc: fix coverity warningsDave Barach1-0/+6
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8ea0193ebb2a721a0582451ffd64c4063ac6d233
2022-01-18virtio: remove admin-up flag during interface creationMohsin Kazmi2-4/+0
Type: fix During the interface creation time, (by default) admin-up flag is locally set for tap and virtio interfaces. While, in VPP the state of these interfaces are still admin-down. User needs to explicitly call 'set interface state <interface-name> up' to admin-up the newly created tap or virtio interface(s) in VPP. So, this behavior is inconsistent. This patch fixes the issue to have consistent behavior for given interface between local and global administration state. Change-Id: Ifd8904a09fbdbe7b386874ac3231dc0527064518 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-01-18vnet: distinguish between max_frame_size and MTUDamjan Marion11-67/+77
Type: improvement Change-Id: I3659de6599f402c92e3855e3bf0e5e3388f2bea0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17ipsec: IPSec interface correct drop w/ no protectionNeale Ranns3-8/+19
Type: improvement When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output. This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this: ... 00:00:01:111710: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111829: local0-output ipsec0 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 5858585858585858585858585858585858585858585858585858585858585858 00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0 00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664 00:00:01:112017: error-drop rx:pg1 00:00:01:112034: drop local0-output: interface is down although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop. This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed. The resulting drop is: ... 00:00:01:111504: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111533: ip4-drop ICMP: 172.16.2.2 -> 1.1.1.1 tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN fragment id 0x0001 ICMP echo_request checksum 0xecf4 id 0 00:00:01:111620: error-drop rx:pg1 00:00:01:111640: drop null-node: blackholed packets Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
2022-01-17interface: improve MTU handlingDamjan Marion5-29/+47
- per hw-interface-class handlers - ethernet set_mtu callback - driver can now refuse MTU change Type: improvement Change-Id: I3d37c9129930ebec7bb70caf4263025413873048 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17vnet: introduce vnet_error()Damjan Marion9-175/+259
Decouples vnet return values from API return codes. New vnet_error() creates vnet_error_t whicgh contains both vnet function return value and return string. vnet_api_error() converts vlib_error_t constructed with vnet_error() to API return value. Type: improvement Change-Id: I17042954d48c010150fc1dfc5fce9330e8149e87 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-16vppinfra: bitops cleanupDamjan Marion2-3/+2
Type: refactor Change-Id: I7fa113e924640f9d798c1eb6ae64b9c0a9e2104c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12session: pass tx buffers in bulk to transportsFlorin Coras6-22/+83
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1025cccd784f80b557847f69c3ea1ada5c9de60d
2022-01-12ip: coverity illegal access in ip6_ext_header_walkOle Troan1-9/+2
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
2022-01-12crypto: omit loop iterationDastin Wilski1-4/+6
This fix adds check that will omit loop iteration in case dequeue handler is zero. Type: fix Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I7526e3fe7d8c8da9662b4e9204efd5e2d8be1908
2022-01-11linux-cp: Add VPP->Linux synchronizationPim van Pelt2-1/+46
Part 1 -- notes in https://ipng.ch/s/articles/2021/08/13/vpp-2.html Add the ability for VPP to copy out (sync) its state from the dataplane to Linux Interface Pairs, when they exist. Gated by a configuration flag (linux-cp { lcp-sync }), and by a CLI option to toggle on/off, synchronize the following events: - Interface state changes - Interface MTU changes - Interface IPv4/IPv6 address add/deletion In VPP, subints can have any link state and MTU, orthogonal to their phy. In Linux, setting admin-down on a phy forces its children to be down as well. Also, in Linux, MTU of children must not exceed that of the phy. Add a state synchronizer which walks over phy+subints to ensure Linux and VPP end up in the same consistent state. Part 2 -- notes in https://ipng.ch/s/articles/2021/08/15/vpp-3.html Add the ability for VPP to autocreate sub-interfaces of existing Linux Interface pairs. Gated by a configuration flag (linux-cp { lcp-auto-subint }), and by a CLI option to toggle on/off, synchronize the following event: - Sub-interface creation (dot1q, dot1ad, QinQ and QinAD) A few other changes: - Add two functions into netlink.[ch] to delete ip4 and ip6 addresses. - Remove a spurious logline (printing MTU) in netlink.c. - Resolve a TODO around vnet_sw_interface_supports_addressing() Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I34fc070e80af4013be58d7a8cbf64296cc760e4e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2022-01-11misc: fix the uninitialization errorMohsin Kazmi1-1/+1
Type: fix | src/vppinfra/vector/toeplitz.c:69:9: error: ‘kv’ may be used uninitialized in this function [-Werror=maybe-uninitialized] | src/vppinfra/memcpy_x86_64.h:45:17: error: ‘*((void *)&key+16)’ may be used uninitialized in this function [-Werror=maybe-uninitialized] | *(u8x16u *) d = *(u8x16u *) s; | ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ | src/vnet/gre/interface.c:356:20: note: ‘*((void *)&key+16)’ was declared here Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I71614da2821ebda5200a0cb9437a7aad0c42fbb2
2022-01-11session: increase postponed mq message min sizeFlorin Coras2-1/+2
Reported by coverity Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib1db0d120321b061f4c2c20117acdfb6e7dc0626
2022-01-10session: fix segment manager format coverity warningFlorin Coras1-3/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia32536a76aa3f92f80ee2cd027a9a010c19b861a
2022-01-10interface: refactor interface capabilities code, part 2Damjan Marion4-57/+57
Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie595e69af8657b0ee18a84ac71c5d433108d9ef8
2022-01-10session: allow pacer to send when bucket hits 0Florin Coras1-2/+2
So after bucket reset session can send max burst of bytes. Also, reset pacer bucket to 0 not min burst Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iced8948c407e6647e6eb4caff5c62c06d45ce0bf
2022-01-10session: deschedule sessions with no data to sendFlorin Coras3-3/+26
This ensures the scheduler always tracks sessions that are descheduled, i.e., do not have events in the old io events list. When app retries to send, clear descheduled flag and potentially the pacer. Consequently, transports no longer need to reset the pacer when sessions are rescheduled after a long app tx pause. This also fixes a tcp bug whereby the pacer was reset too often when snd_una was equal to snd_nxt as there was no way to distinguish betwen app tx breaks and congestion. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id3cc6c98cd76299e15030e504380dcf3c04c5189
2022-01-10session: fix pacer bucket update castFlorin Coras1-2/+2
Make sure comparison is done between two i64 values. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ief5706f2bd9415587994a5b665d5e380b8e14f68
2022-01-09fib: multiple memory leaks upon deleting a VRF tableSteven Luong4-15/+25
fib_table->ft_locks name string for parsing the ip table add|del name <tag> command path list for ip4_specials in mfib mfib->fib_entry_by_dst_address[0..32] mfib entry path_ext, msrc->mfes_exts Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia1e0cac577a73608ee1e4b1664b60a66322e81ce
2022-01-07tcp: fix cubic cwnd accumulate use of bytes ackedFlorin Coras1-1/+1
Use what was provided instead of tc->bytes_acked Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0ed736d2ee247e231fccdf4a969fcf6bc15b7978
2022-01-07bonding: memory leak on parsing bad CLI commandSteven Luong1-4/+10
When parsing bad "create bond" command, we should call unformat_free prior to return Type: fix Fixes: 9cd2d7a5a4fafadb65d772c48109d55d1e19d425 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8f20a0e7f29de670e09633880d0aa50a51444e11
2022-01-07ethernet: new interface registration functionDamjan Marion14-158/+100
Prep for supporting multiple callbacks, optional args, etc. Type: improvement Change-Id: I96244c098712e8213374678623f12527b0e7f387 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-06tcp: optimize newreno cong ack handlerFlorin Coras1-19/+20
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I196ee5f4630cec637245493f370b5f83a939fe44
2022-01-06tcp: update snd_congestion only during congestionFlorin Coras3-31/+14
If running without sacks, if snd_una does not cover snd_congestion fast recovery can be missed but the two heuristics from RFC6582 should avoid that. Also snd_congestion was used as a means of inferring if the connection recently exited congestion while setting the persist timer but that does not always work correctly if not congested. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I94d4ac738cdd4f7f23f62e97dd63059de1cd4af9
2022-01-06tcp: mark lost first sack hole on timeoutFlorin Coras3-1/+27
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1abff943f3fe3ff0219126b5b8beded4ad859758
2022-01-06tcp: handle start tx event in cubicFlorin Coras1-0/+18
If app was idle update start time of current congestion avoidance phase unless tcp connection was not idle. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf6a03a9ef96c409462de9f9cb19df609f730afe
2022-01-06tcp: always exit recovery if not in fastrecoveryFlorin Coras1-3/+3
Stay in fast recovery only if it's already on. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idcdbbacfed3e5f3c991fa293c532be1c671f5217
2022-01-06tcp: exit retransmit before processing feedbackFlorin Coras1-21/+17
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5838e4c370d0c02a21b5eadb4af3baae781df097
2022-01-06tcp: use bytes delivered to compute cwndFlorin Coras3-7/+9
Should estimated cwnd better with loss Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idd75d40dbab212ac0a5d533009c5540b1a58f4c4
2022-01-06tcp: cast timer ticks to u32Florin Coras3-7/+8
tc->rto * TCP_TO_TIMER_TICK can return garbage if not cast to u32 and that confuses clib_max Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> signed-off-by: Vipul Agrawal <Vipul.Agrawal@enea.com> Change-Id: Ief4d29b9625e2ef2e75e0c7e3d731ab147465f6d
2022-01-06tap: add num_tx_queues APINathan Skrzypczak5-5/+181
This adds a create_tap_v3 api that has a num_tx_queues parameter allowing to create more than num_workers queues, following on multi TX support Type: feature Change-Id: Idce433147e8dd165f842241d6c76e041e1b1c9b8 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-01-05interface: refactor interface capabilities codeDamjan Marion15-122/+186
Make it shorter to type, easier to debug, make adding callbacks in future simpler. Type: improvement Change-Id: I6cdd6375e36da23bd452a7c7273ff42789e94433 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-05crypto: encrypt/decrypt queues sw_schedulerJakub Wysocki4-34/+99
Type: improvement Previously multiple sw crypto scheduler queues per core design caused unaverage frame processing rate for each async op ID – the lower the op ID is the highly likely they are processed first. For example, when a RX core is feeding both encryption and decryption jobs of the same crypto algorithm to the queues at a high rate, in the mean time the crypto cores have no enough cycles to process all: the jobs in the decryption queue are less likely being processed, causing packet drop. To improve the situation this patch makes every core only owning a two queues, one for encrypt operations and one for decrypt. The queue is changed either after checking each core or after founding a frame to process. All crypto jobs with different algorithm are pushed to thoses queues and are treated evenly. In addition, the crypto async infra now uses unified dequeue handler, one per engine. Only the active engine will be registered its dequeue handler in crypto main. Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Jakub Wysocki <jakubx.wysocki@intel.com> Change-Id: I517ee8e31633980de5e0dd4b05e1d5db5dea760e
2021-12-31fib: Refetech the adj after the walk in case the pool realloc'dNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8734c72cf15533d6614fbeb53b95c824dbd251a9
2021-12-31misc: Remove the unused GBP fields from the buffer meta-dataNeale Ranns2-13/+1
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I92496501360ee073795206bde87f4731a5ce074c
2021-12-26tcp: set sw_if_index in tcp src-address cliMercury1-2/+2
the receive dpo added by tcp src-address cli do not have a valid sw_if_index , ip4_local_check_src() and tcp_input_lookup_buffer() will set ~0 to vnet_buffer(b)->sw_if_index[VLIB_RX], which will cause crash in tcp46_reset_inline, Type: fix Signed-off-by: Mercury <mercury124185@gmail.com> Change-Id: Ie01c31f3575e14187c6380ebcfff96fcb6098cde
2021-12-24ip: remove archaic vector code from mtrieDamjan Marion2-86/+12
Type: improvement Change-Id: Ib39478a2e6991d721c4ba3ea61c97bfb07238016 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-12-23tcp: fix endpoint lookup failed caused by key uninitializedMercury1-0/+1
fix ipv4 key uninitialized in local_endpoints_table, which will cause transport_endpoint_cleanup() failed to lookup the endpoint and can not delete it, as for ipv6, clib_memcpy_fast() will change all bytes of lcl_addr and there maybe no need to initalize, Type: fix Signed-off-by: Mercury <mercury124185@gmail.com> Change-Id: I56676493a393b1d64eaa438224e256094ca75d2f
2021-12-23session svm: track fs and seg manager index in fsFlorin Coras2-42/+20
Simplifies allocation of fifos as fifo segment and segment manager indices can be set at alloc time. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibd357b3ff0279d8deefcdcb17010b4068007ccb7
2021-12-22session: fix segment alloc/free worker raceFlorin Coras2-70/+119
Avoid scenarios where a worker allocates a segment but while it drops the segment manager writer lock and acquires the reader lock another worker uses the segment and frees it. Type: fix Thanks to wanghanlin@corp.netease.com for the report. Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0a88d738c51b33fd07c34916f125c98806861a06
2021-12-21tls: don't add listen to lookup tableFilip Tehlar1-0/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0432dd0209f9c7702a8497161e21e178ee243bb1
2021-12-21fib: MPLS EOS chains built for attached prefixes should link to a lookup DPONeale Ranns9-66/+57
Type: fix Presently a local label associated with an attached or connected prefix will link to the glean. This is a problem since it will never use the adj-fibs that are installed for that attached prefix. Instead link the local label to a lookup in the table in which the attached link is bound. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iad49fb6168b9ba47216a9a52bd262363b49c3c43
2021-12-20session: ignore rpc in fifo event lookupsFlorin Coras1-10/+0
RPCs are not associated to sessions. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6b7870a3ebc2e8f32a6c1b10e2552d9e074c7eb3
2021-12-20session: improve sh segment-manager cliFlorin Coras1-53/+81
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5d669fcba609bcdb35103f57c45e0a270213d84a
2021-12-20ip: SVR fix race conditionKlement Sekera2-2/+14
There could be a race condition where two fragments of one chain end up at the same time on different workers, one overwriting others hash entry. Add a check for that and restart processing on the unlucky worker who ends up being second from hash table POV. This will then result in a proper handover to worker now owning this reassembly. Type: fix Fixes: de34c35fc73226943538149fae9dbc5cfbdc6e75 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9eb29c5cb1ffe3b5eb1d5a638e17ab7ba2628d28
2021-12-19fib: Incorrect logic for IPv6 link-local attached export.Neale Ranns1-1/+1
Type: fix IPv6 link-local FIB entries are never needed for attached export. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I08aad78e754d89ad54d07a211fb7a0d7fbc7a0fe
2021-12-18bfd: fix NULL dereference in bfd_api_verify_commonFrédéric Perrin1-1/+1
ip6_get_link_local_address() may return NULL if the local interface is not (or not yet) configured Type: fix Signed-off-by: Frédéric Perrin <fred@fperrin.net> Change-Id: I42bf2081582c4a36fa4e32145ca2f0ff73488110
2021-12-16session: app mq congestion detectionFlorin Coras3-266/+349
Detect mq congestion and handle it by queueing messages in a fifo and postponing handling via rpcs. App workers with congested mqs cannot accept nor connect additional sessions. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401d971a1a53896758b88fc60f158cbc31e0c7cb
2021-12-14virtio: integrate with new tx infraMohsin Kazmi11-58/+251
Type: improvement Change-Id: I337ec63d0868f665329d68eadf1744e080b73a0d Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>