summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2024-03-05ip: force full reassembly before virtualMatthew Smith1-14/+5
Type: improvement The vnet buffer metadata for full IP reassembly and shallow virtual reassembly overlaps. If you have full reassembly and virtual reassembly enabled on the same interface and virtual reassembly happens to process packets first, full reassembly will stomp on the metadata populated by virtual reassembly. Virtual reassembly gets enabled implicitly when NAT feature nodes are enabled. Those NAT feature nodes rely on the virtual reassembly metadata being populated correctly in order to find L4 proto & ports. When NAT and IP full reassembly are both enabled on an interface, NAT can drop fragmented packets because the virtual reassembly metadata can be overwritten by full reassembly. Ensure that full reassembly runs before virtual reassembly. Add a runs_before dependency to ensure that ip4-full-reassembly-feature runs before ip4-sv-reassembly-feature. There was a duplicate VNET_FEATURE_INIT() for ip4-full-reassembly-feature. It seems to have been intended for enabling ip4-full-reassembly-custom as a feature node, but its contents are identical to the earlier VNET_FEATURE_INIT() for ip4-full-reassembly-feature. Removed the duplicate. Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko12-53/+28
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04misc: fix icmpMaxime Peim2-1/+1
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04ip: fix warning on interface ipv6 prefix removeVladislav Grishenko1-1/+1
Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko6-5/+31
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-03-03udp: fix ipv6 udp punt showSamvel Vartapetov1-1/+1
Type: fix Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru> Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
2024-03-01session: add api cb for listen and unlistenFlorin Coras4-17/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-02-28crypto: CLI to change dispatch modeNiyaz Murshed1-0/+39
This change aims to affect crypto_sw_scheduler behavior, but all the edits end up in vnet/crypto. After 9a9604b introduced adaptive mode for crypto dispatch, the performance of async mode at lower rate got worse. A work around for CSIT test is done by changing dispatch mode via explicit API call in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02 In this change, the CLI is brought back to allow user to fix the dispatch mode. set crypto async dispatch mode <polling|interrupt|adaptive> Type: improvement Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras2-22/+10
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-27session: fix transport closed and disconnect raceFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
2024-02-27dev: add per-port vnet flowMonendra Singh Kushwaha6-4/+97
Type: feature Change-Id: If63f39211288ab2eba8bc1ab50a2a4c7755abc66 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-26tcp: fix fin retransmit when out of buffersFlorin Coras1-4/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I787825dea7f82748537cc4372104cc6647cf2132
2024-02-26virtio: fix the packed ring supportMohsin Kazmi1-0/+18
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: If27702d2a9755e0e0a6eaeab4cf26b4974444b44
2024-02-23tls: initialize app session app wrkFlorin Coras1-1/+2
Type: fix Change-Id: I8832839738b96495bd775a778dd736bb25e1236c Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-22ip6: ECMP hash support for ipv6 fragmentsBenoît Ganne2-11/+27
Type: improvement Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-20tls: fix transport endpoint getFlorin Coras1-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
2024-02-20pg: fix stream pg interfaceMaxime Peim4-11/+16
When an other interface is specified to generate packets from, we should bind its sw_if_index to the pg interface to use. Fix if_index_by_sw_if_index variable name, and force to specify a pg interface to source traffic from. Type: fix Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-02-19vnet: include platform specific un.hTom Jones1-0/+5
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's max path is 4 bytes shorter than Linux's. Type: improvement Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-19dev: fix type for uint32 arg valueMonendra Singh Kushwaha1-1/+1
Type: fix Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-19wireguard: notify key changes to crypto engineLijian Zhang2-0/+12
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith1-10/+13
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-18udp: use transport port refcnt on acceptFlorin Coras3-2/+11
Use udp transport refcnt instead of local port refcnt when accepting new connections. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
2024-02-18vnet: Use platform specific netlink headers on FreeBSDTom Jones1-0/+5
Type: improvement Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Disable tuntap build on not LinuxTom Jones1-0/+2
tuntap requires porting on FreeBSD, only build on Linux for now. Type: improvement Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Provide platform specific if_tap headersTom Jones2-0/+8
Type: improvement Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Only build tap on LinuxTom Jones1-0/+2
tap requires some porting on FreeBSD, while we wait for those changes only build tap on Linux. Type: improvement Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-17tcp: retransmit fins in last-ackFlorin Coras2-2/+2
Fix instances where timers are reset after programming fin. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
2024-02-16udp: unregister ports on all cleanupsFlorin Coras1-4/+3
UDP transport port refcount is incremented even if port is shared. So decrement it, by unregistering, whener udp connections are cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
Make sure ctx is initialized before ho is marked as done. Type: fix Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-15session: postpone ct cleanup if rx evt pendingFlorin Coras1-3/+4
Type: fix Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-13vnet: Don't use __unused for struct paddingTom Jones1-1/+1
__unused is a clang keyword, this struct member will trip the build when using clang. Instead call the unused padding 'pad' which should be clear to the purpose if not the usage. Type: improvement Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-12fib: contention with DP on deleting a routeSteven Luong1-0/+1
Add vlib_worker_wait_one_loop prior to invoking dpo_reset upon uninstalling a fib entry to avoid contention with DP. Type: fix Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-02-07udp: add cli to dump transport portsFlorin Coras1-0/+92
show udp transport ports Dumps list of ports registered by udp transport, as opposed to udp local, and their refcount. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
2024-02-02session: guard session lookup table allocsFlorin Coras2-0/+37
Session lookup tables could be allocated from workers, e.g., connects are done from first worker. Make sure consumers are not affected by stopping workers. Type: fix Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: set app closed flag in frameworkFlorin Coras1-0/+1
Set the flag in tls framework as opposed to tls engines. This is similar to passive close. Type: improvement Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras2-23/+25
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor1-2/+0
the error node is set to ip6_input in the inline funcition associated with ip6_rewrite. Thus, error counters defined for node ip6 rewrite are never used. Type: fix Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2024-01-25udp: update rx sw_if_index to ip-local selected oneFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0afd1b9ddbc17825aab3bfa3e5f9c6c0fbc561ca
2024-01-23tls: fix ho leak on tcp connect returnFlorin Coras1-1/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I40345d635b8067dcffbbdd39d0a5b0c0934a6d54
2024-01-23tls: overlap parent opaque with listener ctxFlorin Coras1-5/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0a0d0b8721f5a15da47c7ac0e58cd50e159b2f54
2024-01-23tls: set flag whenever app session is freedFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3d44ff851da00573343e15712284af3b9c3912e3
2024-01-22session: flag instead of state for filtering ntfFlorin Coras1-2/+2
Avoid situations when notifications are delayed for long enough for transports to start closing/cleaning up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
2024-01-16vnet: fix log_debug message formatGeorgy Borodin1-2/+1
debug+asan build will fail on initialisation when loglevel==debug Type: fix Fixes: 1cd0e5dd533f4209dde453eaa43215e52cd42985 Change-Id: I2005ebf9b95ec3b753c4e6d29337be460c77ffed Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-01-15session: avoid spurious disconnect and reset ntfsFlorin Coras1-2/+4
Type: fix Change-Id: Icdc9d1c8b7b29827ce17920dae64a365bb8a4e40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-12session: fix app wrk free leakFlorin Coras1-1/+1
Type: fix Change-Id: I9c48b163f174b824df1a76e75c272dc985386bf2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-09session: make app listener pool globalFlorin Coras6-54/+45
One less pointer chase when accepting sessions. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
2024-01-09session: support for cl port reuseFlorin Coras7-36/+166
Adds support for connectionless listener port reuse. Until now, cl listeners had fifos allocated to them and therefore only one app worker could ever listen, i.e., a session cannot have multiple fifos. To circumvent the limitation, this separates the fifos from the listener by allocating new cl sessions for each app worker that reuses the app listener. Flows are hashed to app worker cl sessions but, for now, this is not a consistent/fixed hash. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
2024-01-09session: avoid spurious closed notificationsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia98556e7ae61547cf153c78ec085cd4248bee74a
2023-12-22session: add flag to track cless sessionsFlorin Coras2-4/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0bb6aba26f1cd974d6bb3b5fe6234aacfee0d30c
2023-12-22session: unset fifo evt to enqueue ack evt on tcp timewaitemmanuel1-3/+6
Incase the ack for the fin is lost twice or want to dup ack packets with incorrect ack/seq # at different times and session state is already closed, this fifo event is set for the first ack that went out and prevents queuing of further events. Type: fix Change-Id: I102019fca26918a51e055a751db7209011bd43ad Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>