summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2023-06-13udp: improve port validity checkBenoît Ganne2-13/+14
- do not allocate port sparse vector when only checking if a port is already in use - do not display port that have been unregistered by default Type: improvement Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1 Signed-off-by: Benoît Ganne <bganne@cisco.com> (cherry picked from commit d52f80f422439227e98d9d26bf43394c69f8a7fd)
2023-06-05session: cleanup cless listeners from session lookupFlorin Coras1-1/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I46b8194ff00c6a0a4a2bc19df9991f037856cede (cherry picked from commit 645ac119e8f2602454050f5da6cafc4a22def7ff)
2023-06-01fib: fix memory leak in fib_attached_export_purgeStanislav Zaikin1-0/+1
Type: fix Change-Id: I879594fcade4e081190e8dfb1dbcfc53e8431edf Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> (cherry picked from commit b269def5cba2058c49f58a7fef382e2fc068fdfd)
2023-05-30tls: fix memory leak when client/server init errorXiaoming Jiang1-2/+18
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I484f3759b6c27052e08741398ec389729285f035 (cherry picked from commit 4778164869395ec9efeeef31fc08f97b93cdff90)
2023-05-22teib: fix nh-table-idStanislav Zaikin1-41/+38
Peer fib index and nh fib index should be different when nh-table-id is specified. Type: fix Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-05-21mpls: implement state change callbacksAdrian Pistol2-5/+37
There was already a basic type defined, but nothing more. This implements callbacks similar to ip4_enable_disable_interface_callback_t. Type: feature Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d Signed-off-by: Adrian Pistol <vifino@posteo.net>
2023-05-21ip-neighbor: fix aged neighbor probeSergio Gonzalez Monroy1-2/+2
The order of the parameters when calling the ip_neighbor_probe_dst for an aged neighbor is wrong and given that it runs on the master thread, probes for IPv6 neighbors were never sent, leading to a certain neighbor strike out and death and its removal from the neighbor cache. Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360 Type: fix Fixes: fd2417b2a42 Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
2023-05-19fib: fix load-balance and replicate dpos buckets overflowBenoît Ganne4-9/+53
load-balance and replicate dpos both store their number of buckets as u16, which can overflow if too many paths are configured. For load-balance it can happens quite quickly because of weights normalization. Type: fix Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-05-19interface: add the transmit queue infrastructure documentMohsin Kazmi1-0/+159
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I57f27f8ec4be7f3d8dc3d13ff4ea6b1b21c3cf6b
2023-05-16ip_session_redirect: add session redirect pluginBenoît Ganne2-2/+4
This feature enables the use of the classifier and ip-in-out-acl nodes to redirect matching sessions via arbitrary fib paths instead of relying on additional VRFs. Type: feature Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-05-16ethernet: fix adding p2p ethernet crashXiaoming Jiang1-5/+6
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib0ca3379439d6ee23e696f8f0840e6ddf42430b8
2023-05-16flow: fix wrong to use ntohl function to u64 type variableYulong Pei1-1/+1
This caused that failed to create flow rule with rss types. Type: fix Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I77696286a32804cbe884075cb027eec19eb5c7cb Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2023-05-15udp: improvements to connection format fnFlorin Coras1-3/+6
Print fib-index, next node index and opaque. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
2023-05-15ip: allow overriding fib index in reassFlorin Coras2-6/+10
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic28da52b9c8286f71e472ef6c3afc23d464f85b0
2023-05-12gre: move to a pluginChuhao Tang10-3222/+0
Move GRE folder under vnet to the plugin folder, and modify some of path of the #inlude<header> to the new path. Add a plugin.c file to register a plugin. JIRA: VPP-2044 Type: improvement Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5 Signed-off-by: Chuhao Tang <nicotang@cisco.com>
2023-05-04session: cleanup ho lookup table on closeFlorin Coras2-6/+39
Make sure half-open table is cleaned up on close and cleanup of half-open. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak5-59/+134
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-04-26ip: change icmp4 throttleOle Troan1-1/+1
traceroute sends 3 packets rapidly that triggers and depends on ICMP error generation. The current ICMP4 throttle setting at 1-e3 throttles the last ICMP error and makes traceroute sit in a timeout. Type: fix Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2 Signed-off-by: Ole Troan <otroan@employees.org>
2023-04-25api: Mark old message versions as deprecatedOndrej Fabry1-0/+4
This change is part of VPP API cleanup initiative. Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
2023-04-21tcp: remove unused codeFilip Tehlar2-7/+0
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ib188f3331696dff6357a18f5bac5f1db3cefaeab
2023-04-20tcp: fix tcp packet traceFilip Tehlar1-38/+59
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Id4ca9a749a343c55b24f6eb4b5eb0909a57e0c23
2023-04-19session: fix app_listener memory leak if session listen failedXiaoming Jiang1-0/+2
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Iaa3ad87d56163396476bcaaa34e52948b9032f4e
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-1/+2
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-04-12misc: change of addressMohsin Kazmi4-4/+4
Type: style Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
2023-04-04session: fix ct connect session flush assertFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka8-14/+98
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-30session: async flush of pending connects to workersFlorin Coras1-32/+109
Since connects can be done without a worker barrier, first worker should flush connects to destination workers only after session layer has a chance to fully initialize the half-open session. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
2023-03-24api: Remove deprecated message from APIOndrej Fabry3-57/+0
Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
2023-03-24udp: fix udp_local length errors accountingVladislav Grishenko1-31/+64
In case of UDP length errors in udp_local node, these errors are being lost and incomplete header may be advanced by wrong offset. Fix it with only full packets processing and explicit error set otherwise. Also, optimize two buffer loop perfomance into fast path with both buffers are ok and slow path with one or none. Type: fix Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-03-24session: fix session node switching to interrupt mode failded if no user eventsXiaoming Jiang1-2/+2
wrk->event_elts has 5 elements if no user events Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
2023-03-23session: fix formatting of half open sessionsFlorin Coras1-2/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
2023-03-23ipsec: make pre-shared keys harder to misuseBenoît Ganne8-137/+122
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2 instead, but one does not always have the choice. For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C) whereas for AES-CTR or AES-GCM, the IV should never be reused with the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d section 8). If one uses pre-shared keys and VPP is restarted, the IV counter restarts at 0 and the same IVs are generated with the same pre-shared keys materials. To fix those issues we follow the recommendation from NIST SP800-38a and NIST SP800-38d: - we use a PRNG (not cryptographically secured) to generate IVs to avoid generating the same IV sequence between VPP restarts. The PRNG is chosen so that there is a low chance of generating the same sequence - for AES-CBC, the generated IV is encrypted as part of the message. This makes the (predictable) PRNG-generated IV unpredictable as it is encrypted with the secret key - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine Most of the changes in this patch are caused by the need to shoehorn an additional state of 2 u64 for the PRNG in the 1st cacheline of the SA object. Type: improvement Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor11-115/+337
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-03-23vnet: throttling configuration improvementMaxime Peim6-18/+14
To allow a more flexible throttling configuration, the number of bits used in the throttling bitmap can be chosen. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
2023-03-22session: add session statsFilip Tehlar5-13/+99
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
2023-03-20ipsec: set fast path 5tuple ip addresses based on sa traffic selector valuesPiotr Bronowski1-4/+35
Previously, even if sa defined traffic selectors esp packet src and dst have been used for fast path inbound spd matching. This patch provides a fix for that issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
2023-03-18vppinfra: fix corner-cases in bihash lookupDave Barach1-1/+1
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL table, the code would sporadically return a transitional value (junk) from a half-deleted kvp. At most, 64-bits worth of the kvp will be written atomically, so using memset(...) to smear 0xFF's across a kvp to free it left a lot to be desired. Performance impact: very mild positive, thanks to FC for doing a multi-thread host stack perf/scale test. Added an ASSERT to catch attempts to add a (key,value) pair which contains the magic "free kvp" value. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
2023-03-16session: support active opens with same source portFlorin Coras2-3/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
2023-03-14session vcl: refactor builtin tx event for main txFlorin Coras7-30/+33
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and leverage it for non-connected udp tx. Non-connected udp sessions are listeners and are therefore allocated on main thread. Consequently, whenever session queue node is not polling main, tx events generated by external applications might be missed or processed with some delay. To solve this, request that apps use SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and send that to first worker as opposed to main. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
2023-03-14session: pre-alloc required dma batchesMarvin Liu2-0/+3
Specify the number of max_batches when applying for dma config. Skip this round when no batch available from vlib_dma_batch_new. Type: improvement Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
2023-03-14session: format transport connection flagsFlorin Coras2-18/+59
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id87c41c472898d4f66b0771f18f822d1069bbfd0
2023-03-14session: cleanup lcl endpt freelist before all allocFlorin Coras1-4/+5
Make sure endpoint freelist is drained before alloc of fixed local source port is tried. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I302deee5609a463af8135185af71722ac8c55a27
2023-03-14memif: don't leak error strings in API handlersDamjan Marion1-0/+8
Type: fix Fixes: ab4d917 Change-Id: I226044f64e1577033798fd203a2e981c894830d6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-13udp: Use udp_output_get_connection instead of udp_connection_getSteven Luong1-12/+11
udp_output_get_connection handles correctly if the connection is a listener whereas udp_connection_get does not which may lead to a crash. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
2023-03-08session: Use session->thread_index to correctly retrieve the sessionSteven Luong1-1/+3
For non-connected udp, when retrieving the subscriber session to send the notification, it uses the current worker thread index whereas the subscriber session is actually on the main thread. Using the worker thread may cause a crash since the corresponding session may not be valid in the worker thread context and even if it is valid, it is the wrong session. This scenario is seen when the application forks and adds subscribers to the worker thread session. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
2023-03-07udp: crash in format_udp_connectionSteven Luong1-1/+1
format_udp_connection takes 2 arguments from the caller. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
2023-03-06tcp: allow syns in closed stateFlorin Coras1-2/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9
2023-03-06interface: more cleaning after set flags is failed in vnet_create_sw_interfacevarasteh1-0/+1
There's a chance that vnet_sw_interface_set_flags_helper() has successfully called some sw interface add callback functions before returning the error. So the sw interface del callbacks should also be called Type: fix Signed-off-by: varasteh <mahdy.varasteh@gmail.com> Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401 Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
2023-03-06interface: add the missing tag keyword in the cli helperMohsin Kazmi1-1/+2
Type: style Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67
2023-03-06crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flagBenoît Ganne1-3/+2
IV requirements vary wildly with the selected mode of operation. For example, for AES-CBC the IV must be unpredictable whereas for AES counter mode (CTR or GCM), it can be predictable but reusing an IV with the same key material is catastrophic. Because of that, it is hard to generate IV in a generic way, and it is better left to the crypto user (eg. IPsec). Type: improvement Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec Signed-off-by: Benoît Ganne <bganne@cisco.com>