summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2024-03-24tls: pass session state to engine on client initFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe218a922ab656b8362e3c085193cb848783c255
2024-03-23fib: fix vectorized impl buffer typoDmitry Valter1-1/+1
Fix copy-paste typo with an incorrect index. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I463e6f016df9cd24e96defcd30c1b442b8809416
2024-03-22ipsec: esp_decrypt code clean upFan Zhang1-43/+42
Type: improvement Change-Id: Icac31a8a3da71334e2b877f3b8e5d5a7cc5e76b8 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-21session: fix workers race to allocate lookup tableFlorin Coras1-24/+39
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
2024-03-21ip: add support for buffer offload metadata in ip midchainArthur de Kerhor5-44/+78
The offload should be handled by gso node or by the NIC if the latter has the relevant capabilities. But ip midchain is missing the support for buffer offload metadata in case of GSO packet. This patch adds the relevant support to add the buffer metadata if the packet is GSO/IPIP to be handled accordingly. Type: improvement Change-Id: I17f5d71bf4c5f43a85ca3f2fbebfa1426b42ef69 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2024-03-21ipsec: remove unused parameter for esp_add_footer_and_icvFan Zhang1-4/+3
Type: improvement Change-Id: Ib6c4e6bc42dd63cb2fdb2dfa7e94baa709e7185b Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-03-20tls: avoid app session preallocationFlorin Coras1-42/+14
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-15ip: reassembly - return correct valueKlement Sekera2-2/+2
If already enabled, return 0 to indicate success. Type: fix Change-Id: I4a182e14df9b05698ad93d596a97c46a020fd54b Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-03-12misc: remove GNU Indent directivesDamjan Marion252-1723/+1
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-10session: use no for ports in transport port allocatorFlorin Coras3-11/+17
Type: improvement Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-09session: fix port alloc for fixed lcl port reuseFlorin Coras1-2/+3
Type: fix Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-05ip: force full reassembly before virtualMatthew Smith1-14/+5
Type: improvement The vnet buffer metadata for full IP reassembly and shallow virtual reassembly overlaps. If you have full reassembly and virtual reassembly enabled on the same interface and virtual reassembly happens to process packets first, full reassembly will stomp on the metadata populated by virtual reassembly. Virtual reassembly gets enabled implicitly when NAT feature nodes are enabled. Those NAT feature nodes rely on the virtual reassembly metadata being populated correctly in order to find L4 proto & ports. When NAT and IP full reassembly are both enabled on an interface, NAT can drop fragmented packets because the virtual reassembly metadata can be overwritten by full reassembly. Ensure that full reassembly runs before virtual reassembly. Add a runs_before dependency to ensure that ip4-full-reassembly-feature runs before ip4-sv-reassembly-feature. There was a duplicate VNET_FEATURE_INIT() for ip4-full-reassembly-feature. It seems to have been intended for enabling ip4-full-reassembly-custom as a feature node, but its contents are identical to the earlier VNET_FEATURE_INIT() for ip4-full-reassembly-feature. Removed the duplicate. Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2024-03-05vnet: fix format of deleted sw interfacesVladislav Grishenko12-53/+28
As similar 535364e90459566b603661c3dbe360c72f59ad71 is merged, printing possibly deleted interfaces by index only in all the rest cases. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I4fa58b382c0279ff893523ba0188fdb9b09e10af
2024-03-04misc: fix icmpMaxime Peim2-1/+1
- fix ICMPv6 lookup FIB (don't reset sw_if_index[VLIB_TX] to -1) - add locally generated flag in ICMPv4 buffers (reflect ICMPv6) Type: fix Change-Id: If25a176a9952cbe185a030f8b136718af1bff9e8 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-03-04ip: fix warning on interface ipv6 prefix removeVladislav Grishenko1-1/+1
Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I428f52abbdddd9caca9b0f619a0e934f96ac0b4a
2024-03-04fib: fix crash while adding intf-rx routesVladislav Grishenko6-5/+31
Fix crash while adding intf-rx ip4 and ip6 routes via api due invalid exporting of interface rx routes as attached. Also, add missed route path via rx-ip6 cli support. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I15711c8c0787398dd7e3baa4787019bb1f317666
2024-03-03udp: fix ipv6 udp punt showSamvel Vartapetov1-1/+1
Type: fix Signed-off-by: Samvel Vartapetov <svartapetov@yandex-team.ru> Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I57cba1e724f851419c7dfdee896568fc7416feaf
2024-03-01session: add api cb for listen and unlistenFlorin Coras4-17/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-02-28crypto: CLI to change dispatch modeNiyaz Murshed1-0/+39
This change aims to affect crypto_sw_scheduler behavior, but all the edits end up in vnet/crypto. After 9a9604b introduced adaptive mode for crypto dispatch, the performance of async mode at lower rate got worse. A work around for CSIT test is done by changing dispatch mode via explicit API call in https://github.com/FDio/vpp/commit/139aba204780f6cc2845b311820a0b4c47517d02 In this change, the CLI is brought back to allow user to fix the dispatch mode. set crypto async dispatch mode <polling|interrupt|adaptive> Type: improvement Change-Id: I029e98aa25889eddcf62e75a6c78926cdee862ef Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras2-22/+10
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-27session: fix transport closed and disconnect raceFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
2024-02-27dev: add per-port vnet flowMonendra Singh Kushwaha6-4/+97
Type: feature Change-Id: If63f39211288ab2eba8bc1ab50a2a4c7755abc66 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-26tcp: fix fin retransmit when out of buffersFlorin Coras1-4/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I787825dea7f82748537cc4372104cc6647cf2132
2024-02-26virtio: fix the packed ring supportMohsin Kazmi1-0/+18
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: If27702d2a9755e0e0a6eaeab4cf26b4974444b44
2024-02-23tls: initialize app session app wrkFlorin Coras1-1/+2
Type: fix Change-Id: I8832839738b96495bd775a778dd736bb25e1236c Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-22ip6: ECMP hash support for ipv6 fragmentsBenoît Ganne2-11/+27
Type: improvement Change-Id: I41f70e5977fedbf0050205ebe52126ef373ebc06 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-20tls: fix transport endpoint getFlorin Coras1-3/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb8cc576168ce0ffa8f06be1acef4be4b3b29433
2024-02-20pg: fix stream pg interfaceMaxime Peim4-11/+16
When an other interface is specified to generate packets from, we should bind its sw_if_index to the pg interface to use. Fix if_index_by_sw_if_index variable name, and force to specify a pg interface to source traffic from. Type: fix Change-Id: Ib3e6dca92774b307def82926fc09945b7998267d Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-02-19vnet: include platform specific un.hTom Jones1-0/+5
On FreeBSD define UNIX_PATH_MAX so it is available in punt.c. FreeBSD's max path is 4 bytes shorter than Linux's. Type: improvement Change-Id: I2c4b7aa11246213575b557fab44669706885e6b7 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-19dev: fix type for uint32 arg valueMonendra Singh Kushwaha1-1/+1
Type: fix Change-Id: Ib09d6a0dfc95d82ecfd2ff123be9004cb038d0d4 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-02-19wireguard: notify key changes to crypto engineLijian Zhang2-0/+12
This is a prerequisite patch for the following openssl API optimization patch, which tries to offload openssl ctx init and key expansion work to the initialization stage. Wireguard adds crypto keys via vnet_crypto_key_add (), and whenever it modifies the keys, the underneath openssl crypto engine shoud be informed of the changes to update the openssl ctx. Type: feature Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Change-Id: I3e8f033f3f77eebcecfbd06e8e3bbbfdc95a50e2
2024-02-19ipsec: check each packet for no algs in esp-encryptMatthew Smith1-10/+13
In esp_encrypt_inline(), if two or more consecutive packets are associated with the same SA which has no crypto or integrity algorithms set, only the first one gets dropped. Subsequent packets either get sent (synchronous crypto) or cause a segv (asynchronous crypto). The current SA's index and pool entry are cached before it can be determined whether the packet should be dropped due to no algorithms being set. The check for no algorithms is only performed when the cached SA index is different than the SA index for the current packet. So packets after the first one associated with the "none" alg SA aren't handled properly. This was broken by my previous commit ("ipsec: keep esp encrypt pointer and index synced") which fixed a segv that occurred under a different set of circumstances. Check whether each packet should be dropped instead of only checking when a new SA is encountered. Update unit tests: - Add a test for no algs on tunnel interface which enables asynchronous crypto. - Send more than one packet in the tests for no algs. Type: fix Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6 Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-18udp: use transport port refcnt on acceptFlorin Coras3-2/+11
Use udp transport refcnt instead of local port refcnt when accepting new connections. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
2024-02-18vnet: Use platform specific netlink headers on FreeBSDTom Jones1-0/+5
Type: improvement Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Disable tuntap build on not LinuxTom Jones1-0/+2
tuntap requires porting on FreeBSD, only build on Linux for now. Type: improvement Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Provide platform specific if_tap headersTom Jones2-0/+8
Type: improvement Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18vnet: Only build tap on LinuxTom Jones1-0/+2
tap requires some porting on FreeBSD, while we wait for those changes only build tap on Linux. Type: improvement Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-17tcp: retransmit fins in last-ackFlorin Coras2-2/+2
Fix instances where timers are reset after programming fin. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
2024-02-16udp: unregister ports on all cleanupsFlorin Coras1-4/+3
UDP transport port refcount is incremented even if port is shared. So decrement it, by unregistering, whener udp connections are cleaned up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
2024-02-15tls: mark ho done atomically after ctx initFlorin Coras1-1/+2
Make sure ctx is initialized before ho is marked as done. Type: fix Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-15session: postpone ct cleanup if rx evt pendingFlorin Coras1-3/+4
Type: fix Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-13vnet: Don't use __unused for struct paddingTom Jones1-1/+1
__unused is a clang keyword, this struct member will trip the build when using clang. Instead call the unused padding 'pad' which should be clear to the purpose if not the usage. Type: improvement Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-12fib: contention with DP on deleting a routeSteven Luong1-0/+1
Add vlib_worker_wait_one_loop prior to invoking dpo_reset upon uninstalling a fib entry to avoid contention with DP. Type: fix Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-02-07udp: add cli to dump transport portsFlorin Coras1-0/+92
show udp transport ports Dumps list of ports registered by udp transport, as opposed to udp local, and their refcount. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
2024-02-02session: guard session lookup table allocsFlorin Coras2-0/+37
Session lookup tables could be allocated from workers, e.g., connects are done from first worker. Make sure consumers are not affected by stopping workers. Type: fix Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: set app closed flag in frameworkFlorin Coras1-0/+1
Set the flag in tls framework as opposed to tls engines. This is similar to passive close. Type: improvement Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras2-23/+25
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-29ip: don't export useless error counters for ip6 rewriteArthur de Kerhor1-2/+0
the error node is set to ip6_input in the inline funcition associated with ip6_rewrite. Thus, error counters defined for node ip6 rewrite are never used. Type: fix Change-Id: Id6bef633928b0fff9069498c2e39e9f5bea2cf9b Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2024-01-25udp: update rx sw_if_index to ip-local selected oneFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0afd1b9ddbc17825aab3bfa3e5f9c6c0fbc561ca