aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-03-15ipsec: allow inbound non-tunnel SA through CLIMohammed Hawari1-6/+0
Change-Id: Ia304488900bd9236ab4e7cc6f17ae029ee6f2c00 Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-03-15misc: finish removing deprecated cop APIDave Barach1-22/+0
Fix bug in crcchecker. It must be possible to remove a non-production .api file Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I00b953e58017cc53051e6f4d8a70403dce8219a0
2021-03-15tests: use socket transport instead of shared memoryOle Troan3-16/+79
Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9e65c94a5a05047a5104e9361ea36eac77b40442 Signed-off-by: Ole Troan <ot@cisco.com>
2021-03-14ip: extend punt CLI for exception packetsMohammed Hawari5-21/+101
Change-Id: I20e48a5ac8068eccb8d998346d35227c4802bb68 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-03-12interface: fix extra locking on fib/mfib tableDmitry Vakrhushev1-23/+17
Unlocking previeous fib/mfib table before bind it to a new. Currently if rebind interface table from one to another, previous table's lock wouldn't decrease the locks count. Type: fix Change-Id: I09340baf1c7039aed3be15ee231eded7364b213e Signed-off-by: Dmitry Vakrhushev <dmitry@netgate.com>
2021-03-11session tls: deq notifications for custom txFlorin Coras2-0/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6ed2104e9d79c367ca36460047586f9b632c3315
2021-03-11vlib: refactor node function variantsDamjan Marion2-23/+16
It allows default variant selection from startup.conf Type: improvement Change-Id: Idff95e12dd0c105dab7c905089548b05a6e974e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-11misc: remove cop API support (part 1)Dave Barach4-247/+1
API marked for deprecation last year due to non-inclusive language. Last supported release: 21.01. See the "adl" plugin. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I931e58ced9cc8403ca5b23fd6b07e50d0ff7306b
2021-03-10session: check if fifo exists in cl bound notificationFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I316575a4b199916920cad6be8f9b49025d6ccc2d
2021-03-10interface: fix interface-output and interface-tx multiarch selectionDamjan Marion3-38/+46
Type: fix Change-Id: I77723dcbf753c2a7f1ec00f034d8ab604f12214b Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-09nat: fix dst nat thread issuesKlement Sekera1-2/+5
Make sure packet lands on the right thread for dst nat case. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I0ec4e4c2bb3fa80ff73fac588c36d36420ba68fa
2021-03-08tcp: account for option alignment in initial snd_mssFlorin Coras1-2/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I24225ada6623c5b5543341ecac0d6c1db43cc8a9
2021-03-07dispatch-trace: move dispatch trace pcap code to pluginDamjan Marion3-0/+41
Type: refactor Change-Id: I02a527f57853ebff797f0d85761b71127916d6ce Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05fib: format function for adjacency flagsNeale Ranns2-0/+18
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib01ed3231321f0f38c4b1deb885c4cf718cc0147
2021-03-05interface: move vnet_pcap_t to vnetDamjan Marion4-12/+33
It naturally belogns there... Type: refactor Change-Id: I05f7ba01103a5e9b3756f1ea69c8cc5d8f26f0a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05l2: coverity woe in l2_rw_mod_entrySteven Luong1-3/+0
Coverity complains that the statement if (!e) return -1; is never true and is logically dead code in the subject function. It is right. e is assigned in both the if and else statementes immediately above and can never be null. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic2d0e76eff696ee689a68a07913876dcecf5c647
2021-03-05ipsec: Support async mode per-SANeale Ranns11-205/+232
Type: feature This feautre only applies to ESP not AH SAs. As well as the gobal switch for ayncs mode, allow individual SAs to be async. If global async is on, all SAs are async. If global async mode is off, then if then an SA can be individually set to async. This preserves the global switch behaviour. the stratergy in the esp encrypt.decrypt nodes is to separate the frame into, 1) sync buffers, 2) async buffers and 3) no-op buffers. Sync buffer will undergo a cyrpto/ath operation, no-op will not, they are dropped or handed-off. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
2021-03-05ipsec: Submit fuller async framesNeale Ranns4-178/+146
Type: improvement In the current scheme an async frame is submitted each time the crypto op changes. thus happens each time a different SA is used and thus potentially many times per-node. thi can lead to the submision of many partially filled frames. change the scheme to construct as many full frames as possible in the node and submit them all at the end. the frame owner ship is passed to the user so that there can be more than one open frame per-op at any given time. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic2305581d7b5aa26133f52115e0cd28ba956ed55
2021-03-04crypto: add support for aes-ctr+sha-1 chainsBenoît Ganne1-16/+19
Type: feature Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04bonding: coverity woe in bond_dev_class fuctionSteven Luong1-5/+14
Coverity complans the line h = hashes; uses uninitialized variable if the prior ASSERT statement is hit. ASSERT is compiled out coverity as well as in release image. So the complain is legitimate. Change the ASSERT to drop the frame and log an error instead. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
2021-03-03udp: allocate rx lock only for non-connectedFlorin Coras1-3/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
2021-03-02classify: fix crash if no pcap filter has been configuredBenoît Ganne1-1/+2
If no pcap filters have ever been configured and we try to enable pcap capture with a filter, cm->classify_table_index_by_sw_if_index is not initialized yet. Type: fix Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-02classify: fix multiple filters supportBenoît Ganne1-11/+22
This fix the classify filter if we attach several different filters. This also fix some issues with l3 and l4 parsing. Type: fix Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-28session svm: segment manager and fifo segment leaksFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
2021-02-26udp: avoid locking connected udp sessions on rxFlorin Coras3-2/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
2021-02-26virtio: place the event fds on worker threads for pci deviceMohsin Kazmi1-0/+11
Type: improvement Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-26interface: Fix rxq deletionNathan Skrzypczak1-2/+11
Type: fix Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26interface: fix sh int rxNathan Skrzypczak2-2/+2
Type: fix Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns13-84/+76
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26crypto: fix coverity issue 218445Piotr Bronowski1-3/+0
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: return 4294967295U;. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
2021-02-25tests: Add tests for IPSec async mode using the crypto SW schedulerNeale Ranns1-1/+2
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iabc8f2b09ee10a82aacebd36acfe8648cf69b7d7
2021-02-25ipsec: ipsec.h tidy upNeale Ranns6-56/+86
Type: refactor - remove the extern declaration of the nodes. keep the use of them to the files that declare them - remove duplicate declaration of ipsec_set_async_mode - remove unsued ipsec_add_feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
2021-02-25ipsec: enable input features on tunnelsBrian Russell4-30/+93
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
2021-02-24virtio: enable the interrupt support for uio_pci_genericMohsin Kazmi1-11/+4
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan1-4/+14
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-24crypto: A more memory efficient layout of the frame element structNeale Ranns2-18/+26
Type: improvement Also: - state as enum so my GDB life is easier - typo; s/indice/indices/; Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
2021-02-23l2: coverity woe in l2_api.cSteven Luong1-23/+20
Coverify complains deref_ptr before null check. deref_ptr: Directly dereferencing pointer reg. 1214 vl_reg = vl_api_client_index_to_registration (reg->client_index); 1215 ALWAYS_ASSERT (vl_reg != NULL); 1216 CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL) check_after_deref: Null-checking reg suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 1217 if (reg && vl_api_can_send_msg (vl_reg)) I believe the check is for vl_reg instead of reg because vl_reg may be NULL after the call vl_api_client_index_to_registration. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
2021-02-23vlib: fix offload flags value resetBenoît Ganne1-2/+11
When a buffer is freed and re-allocated for a new packet, opaque2 is not reset, so the offload flags can be set to a stale value. Make sure the offload flags are reset to the current value on 1st set. Type: fix Fixes: 6809538e646bf86c000dc1faba60b0a4157ad898 Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-22ip-neighbor: add set ip neighbor-config CLI commandIvan Shvedunov1-0/+54
Type: improvement Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
2021-02-19tests: add input policer thread handoff testsBrian Russell1-2/+74
Test worker thread handoff on an interface input policer. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
2021-02-19policer: add thread handoff for device inputBrian Russell4-13/+71
Add worker thread handoff for policers on the device input feature arc on an interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
2021-02-19policer: move handoff checks into policer codeBrian Russell4-47/+41
The IP punt policer currently checks if it needs to do worker thread handoff based on the thread index stored in the policer. Move this functionality into the policer code so it can be common for all users of the policer. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
2021-02-19tests: test input policerBrian Russell1-0/+74
Apply a policer to an interface, check it's policing packets. Remove it and check it no longer polices packets. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
2021-02-19policer: add api to configure input policingBrian Russell4-0/+76
Add a new API to apply a policer to an input interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700
2021-02-19policer: add policing as device-input featureBrian Russell3-233/+19
Add input per-interface policing as an input feature, repurposing vnet_policer_inline which formermly allowed input policing to be configured via a CLI. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I2fd00e964ae358a05e507c844f5476372124fae1
2021-02-18tests: remove unnecessary setup in policer testBrian Russell1-6/+0
The policer test class overrides setup and teardown methods from VppTestCase but doesn't do anything other than call the parent's method. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I76bac084c4cb5cb5195e34afe95b38affd585942
2021-02-15session: coverity fixFlorin Coras1-3/+0
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic28ee0e7cd313686b820e7003a47d17b844b8a89
2021-02-15vlib: refactor checksum offload supportMohsin Kazmi25-223/+332
Type: refactor This patch refactors the offload flags in vlib_buffer_t. There are two main reasons behind this refactoring. First, offload flags are insufficient to represent outer and inner headers offloads. Second, room for these flags in first cacheline of vlib_buffer_t is also limited. This patch introduces a generic offload flag in first cacheline. And detailed offload flags in 2nd cacheline of the structure for performance optimization. Change-Id: Icc363a142fb9208ec7113ab5bbfc8230181f6004 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-15misc: coverity fixesDave Barach2-7/+5
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a3348c7edd1cce6b407d336443103f77392bc5d