summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2024-06-04ipsec: fix missing udp port checkFan Zhang1-8/+7
Type: fix This patch fixes the missing UDP port check in IPsec NAT-T case. As of RFC3948 UDP encapped ESP traffic should have destination port ID of 4500, which was missing. The related tests are updated with this port ID, too. Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-06-03ip: add support for drop route through vpp CLIMohsin Kazmi2-1/+7
Type: improvement Change-Id: Ib822f36ff7b3ecda162fc99bf3892f912d0649f0 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-06-03fib: set the value of the sw_if_index for DROP routeMohsin Kazmi1-0/+1
Type: fix fib_api_path_decode() is utilized by the IP route API call to translate the path from the API to the fib_route_path_t structure. The ip_route_add_del_handler_t function initializes the fib_route_path_t structure to zeros, consequently setting the sw_if_index value to 0, which is a valid value in VPP. Typically, the default VRF (Virtual Routing and Forwarding) has a local interface at index 0, leading to normal functionality. However, a custom VRF table without any interface will result in a crash. The issue arises because the DROP route in fib_api_path_decode() does not override the sw_if_index value with the one provided in vl_api_fib_path_t. Subsequently, when this sw_if_index is attempted to be resolved in the VRF table where the interface does not exist, it leads to a crash. This patch addresses the problem by setting the sw_if_index of fib_route_path_t to the sw_if_index value of the API path. To reproduce the issue, please remove the fix and run the following command: make test-debug TEST=test_ip4.TestIPv4RouteLookup.test_exact_match Change-Id: I5d72e91e5c701e749a92873941bee7b7b5eabd41 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-05-28urpf: export to use it externallyMaxime Peim1-0/+1
Type: improvement Change-Id: Ia70f16c92dfc153256db6dcdf23f5487d5a7b678 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-05-24udp: fix csum computation when offload disabledFlorin Coras2-7/+32
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I11de9e1156420e0a37d637d8611bb3cf9788d699
2024-05-24ip6: fix icmp throttling error indexMaxime Peim1-1/+1
Type: fix Change-Id: I57ce42c193fd9408b9d4790482ea76d784148c30 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-05-23virtio: Add RX queue full statisiticsSteven Luong2-0/+11
In production network, often the host and the vm are managed by different groups. The host statistics may not be readily available to the folks who manage the VM. Having the RX queue full statistics in VPP can inform that there might possibly be drops in the host. Type: improvement Change-Id: I43206647ac0d8092968c4187236d9696ae0acccd Signed-off-by: Steven Luong <sluong@cisco.com>
2024-05-21session: remove ipv6 lookup threading assertBrian Morris1-1/+0
This makes session_lookup_connection_wt6 consistent with session_lookup_connection_wt4 - they both just return an error for wrong thread. Type: fix Change-Id: Ide38976e9a7274b53311e65711098e6b22a3f8d5 Signed-off-by: Brian Morris <bmorris2@cisco.com>
2024-05-15ip-neighbor: show age instead of time in cliMaxime Peim2-23/+24
To match the API behavior, and as it is more useful to have an entry age than its time last probe. Type: fix Change-Id: I07680cd713d0d2b6208a58208b032af7f6a92825 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-05-14sr: move srmpls to a pluginScott Hutton10-2798/+0
Move sr_mpls folder under vnet to the plugin folder, update cmake configuration and header paths, and add plugin.c to register plugin. JIRA: VPP-2054 Type: improvement Change-Id: I1ad6f287f67eb0c35588c339bcd51218fadf5f8e Signed-off-by: Scott Hutton <schutton@cisco.com>
2024-05-13dev: fix mac address dump in trace outputAlok Mishra1-1/+1
"port->attr.hw_addr" is set during the port initialization. It won't be updated if the mac address of the port is changed via the vpp command line. Use "port->primary_hw_addr" to dump the updated mac address correclty. Type: fix Fixes: 38c619115b Change-Id: I6c99fcfdfae67efb3606e17f36781c56716ff7ea Signed-off-by: Alok Mishra <almishra@marvell.com>
2024-05-08ethernet: check destination mac for L3 in ethernet-input nodeSteven Luong1-4/+32
When the NIC does not support mac filter, we rely on ethernet-input node to do the destination mac check, ie, when the interface is in L3, the mac address for the packet must be the mac address of the interface where the packet arrives. This works fine in ethernet-input node when all packets in the frame might have different interfaces, ie, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is not set in the frame. However, when all packets are having the same interface, ETH_INPUT_FRAME_F_SINGLE_SW_IF_ID is set, ethernet-input node goes through the optimized routine eth_input_single_int -> eth_input_process_frame. That is where dmac check has a bug when all packets in the frame are either, ip4, ip6, or mpls without vlan tags. Because without vlan tags, the code handles all packets in fast path and ignores dmac check. With vlan tags, the code goes to slow path where dmac check is handled properly. The fix is to check if we have a bad dmac in the fast path and force the code to go to slow path which will handle dmac check properly. Also do a wholesale correction on all the testcases which do not use the proper dmac when sending L3 packets. Type: fix Change-Id: I73153a805cecdc24c4eefcc781676de04737ae2c Signed-off-by: Steven Luong <sluong@cisco.com>
2024-05-03interface: fix check in set_interface_name apiStanislav Zaikin1-7/+6
set_interface_name may crash if wrong sw_if_index is passed e.g. ~0 Type: fix Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com> Change-Id: Ic7e400c914fb33c2f9eac4f2985bb5b163a18d57
2024-05-02gso: use the header offsets from buffer metadataMohsin Kazmi3-143/+142
Type: improvement Change-Id: I955fbef0e0238cb69307e96cd1c677061737e5f3 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-04-24misc: fix int/enum mismatch errors reported by gcc-14Damjan Marion3-4/+5
Type: fix Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-23ipsec: fix CLI for create ipsec itfGabriel Oginski1-3/+6
This commit adds missing support in CLI for creating ipsec itf in p2mp mode. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I1bd1cc6667625b8e527af8d25bd8e723751dbc41
2024-04-19ipip: specify af for a tunnel ip addressesAnton Nikolaev1-11/+12
Currently ipip tunnel allows to use an empty addresses for dst when we trying to add tunnel, but it doesn't return it correctly on ipip dump call. There is case when we create an ipip tunnel with an empty ipv6 address, address is zero, but AF is ipv6. And when we dump ipip tunnels we get an emtpy ipv4 address instead of an empty ipv6 address. There is no point to detect AF for each address in send_ipip_tunnel_details, because ipip tunnel can't handle different AF for src and dst addresses, and prohibits creating ipip tunnel with different AF of dst and src addresses. With this fix, send_ipip_tunnel_details function return a correct AF despite address value. Type: fix Change-Id: Ib343293ad79a300cdb70135fffbfd156dfef6e27 Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
2024-04-18sr: use correct reply to sr_policy_add_v2Vratko Polak1-1/+1
Type: fix Fixes: c4c205b091934d96a173f4c0d75ef7e888298ac7 Change-Id: I110729601a9f19451297883b781ec56e2b31465b Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2024-04-17session: force session cleanups on app detachFlorin Coras1-6/+23
Force transport and session cleanup on session detach if transport is already closing. This should also avoid races between transport initiated session cleanups and pending session control events. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
2024-04-15ip: fix comments for icmp4lijinhui1-1/+1
Type: fix Change-Id: I5f309ca4db4ae4a3e475d87b8f0188c4ead5e562 Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-11tcp: check for header truncationBenoît Ganne1-1/+3
Type: fix Change-Id: I0a43a37971d03a700926d59e848f0b6e6dbeb19a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-10session: add api to detach session from appFlorin Coras3-4/+17
Type: improvement Change-Id: Ib824d0ca9efc7d8967e043db69017655b2dcf6b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-09fib: fix off-by-one error in rewrite length checkBenoît Ganne1-2/+2
The rewrite string can be up to max_size, and max_size can be up to VNET_REWRITE_TOTAL_BYTES. Don't waste the last byte. Type: fix Change-Id: I2fb7e9873b6b4c1e6a55b172c7f753f3c5910802 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-09mpls: fix default mpls lb hash configVladislav Grishenko3-121/+125
In case of multiple path within tunnel, mpls lookup node computes lb hash with mpls_compute_flow_hash config value 0, so only mpls label and l4 ports gets accounted, not 5-tuple. This leads to flow traffic polarization and disbalance over mpls paths. Use mpls hash config from lb instead, usually it'll be MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel. As optimization, fix flow hash reuse from the previous lookup node if present, like ip_lookup does. Previously mpls lookup always calcs the hash. Test lb distribution for both cases. Also, use the same flow hash hex format in ip4/ip6 and mpls traces for easier reading, most code changes is due fixstyle formatting. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
2024-04-09vnet: fix ARP for unnumberedPim van Pelt1-15/+14
On unnumbered interfaces, ARP fails because there is no attached route. Allow replies to peer-to-peer addresses on unnumbered interfaces: eg. 192.0.2.1/32 <-> 192.0.2.2/32 Type: fix Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2024-04-08tls: fix session state update on acceptFlorin Coras1-1/+3
Only set state to ready if session is not already closing. Type: fix Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-05session: fix cleanup for refused sessionsFlorin Coras1-6/+7
Type: fix Change-Id: I739b7129c7e5a3fccefcdeeaf7f4a298223dd8eb Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-04ip6: fix icmp trace flag copyMaxime Peim1-1/+1
Type: fix Change-Id: I56c1a2717f197c889425449b37f51b0f2cc89ea5 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-04-02session: fix closing ntfs handling for refused sessionsFlorin Coras1-0/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1464e93cd3020eaa26068df558924e39dd255ccb
2024-04-02fib: coverity 335348 out-of-bounds accessDave Wallace1-2/+6
- also fix memory leak in adj_glean_walk_proto() Type: fix Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-04-02l2: fix vxlan src port entropy with mpls payloadVladislav Grishenko1-1/+5
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to compute flow hash for udp src port entropy. In case of inner mpls tunnels to the same lsr ethernet src and dst macs are the same, so l2 flow hash is also the same leading to no src port entropy and the only rss queue overflow on receiver side. Fix it for all the possible vnet_l2_compute_flow_hash callers by making mpls playload hash in additon to ip4/ip6. Visible performance impact is not expected as it's only one check for mpls ethertype for common cases. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
2024-04-01fib: add early config support for IP and IP6 default FIB table namesJon Loeliger5-12/+82
Type: improvement Change-Id: I8c248d9e224bd069b641a174da57d448371470af Signed-off-by: Jon Loeliger <jdl@netgate.com>
2024-03-30ipsec: fix clang compile issueKai Ji1-3/+0
Type: fix Change-Id: Ic015b37e18a43c49c3fb3dbff284a17fa2c5fd99 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2024-03-29session: fix api coverity warningsFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
2024-03-29session: add new api for enq tx io eventsFlorin Coras2-2/+10
Type: improvement Change-Id: Iefe5c2e610a26241a88ca783ac548fd8f2317bb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-29session: use custom types for session flags and stateFlorin Coras1-16/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04f836d09a1cbd5a5b55dc64359d2d761dfc4988
2024-03-29session: improve use of session handlesFlorin Coras5-71/+70
First step towards moving to an 8 byte struct instead of u64. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idd0b95520ab7158e175b9af1702fc09c0613a4bb
2024-03-29misc: deprecate lawful-intercepthsandid7-487/+5
Type: refactor Change-Id: Ifd7f5b351401cdcaaaf57fefc5dbbfdaf235054e Signed-off-by: hsandid <halsandi@cisco.com>
2024-03-26tls: init session for accepted ctxFlorin Coras1-7/+7
Make sure session is marked as invalid. Type: improvement Change-Id: I1c861645de95ef15a24acd4fe6dd5364a55b4fb8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-26tcp: avoid fr segments less than mss if possibleFlorin Coras1-1/+5
Type: improvement Change-Id: I958e059384db3c13a29f64be96877f57617bbae2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-24tls: pass session state to engine on client initFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
2024-03-23fib: fix vectorized impl buffer typoDmitry Valter1-1/+1
Fix copy-paste typo with an incorrect index. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I463e6f016df9cd24e96defcd30c1b442b8809416
2024-03-22ipsec: esp_decrypt code clean upFan Zhang1-43/+42
Type: improvement Change-Id: Icac31a8a3da71334e2b877f3b8e5d5a7cc5e76b8 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-21session: fix workers race to allocate lookup tableFlorin Coras1-24/+39
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor5-44/+78
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-21ipsec: remove unused parameter for esp_add_footer_and_icvFan Zhang1-4/+3
Type: improvement Change-Id: Ib6c4e6bc42dd63cb2fdb2dfa7e94baa709e7185b Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-20tls: avoid app session preallocationFlorin Coras1-42/+14
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-15ip: reassembly - return correct valueKlement Sekera2-2/+2
If already enabled, return 0 to indicate success. Type: fix Change-Id: I4a182e14df9b05698ad93d596a97c46a020fd54b Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-12misc: remove GNU Indent directivesDamjan Marion252-1723/+1
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>