aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2020-05-27ipsec: Add/Del IPSec SA is not MP safeNeale Ranns1-7/+0
Type: fix we can probably do better, but for now this is needed Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I07161f5ac07a70a0e6db6608ba31659d9bc2c9ed
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo8-31/+104
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-27ip: reassembly: use correct IP header offsetKlement Sekera1-2/+7
Type: fix Ticket: VPP-1883 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Icf50a645e114fa3b7bd974f8c82f5ceebfcedcd7
2020-05-27bonding: adjust link state based on active slavesMatthew Smith1-3/+20
Type: improvement Bond link state is being maintained inconsistently. It is initially set to up. If the bond interface admin state is set to down, the link state is set to down. If the bond interface admin state is set to up, the link state is only set to up if there are active slave interfaces at that point. If slaves become active at some later time, it does not get updated. Its next chance to be updated is the next time the bond interface is set to admin up. To address this, do not set the link state to up after creating a bond. Adjust the link state as slave interfaces are attached or detached based on whether the bond is getting its first active slave or losing its last one. Unit test added to verify correct maintenance of link state. Change-Id: I31f17321f7f0e727e1ab1e01713423af6566dad9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-26fib: Fix interpose source reactivateNeale Ranns1-0/+14
Type: fix when the interpose is on an adj-fib and the cover is removed the adj source will not install. this lead to no path list being found for the interpose source and a crash. pick a drop path list in this case. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ied217da043926c913657080f5ffb151201225d23
2020-05-26fib: Use basic hash for adjacency neighbour tableNeale Ranns1-82/+42
Type: improvement a bihash per-interface used too much memory. Change-Id: I447bb66c0907e1632fa5d886a3600e518663c39e Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-25tcp: fix sack block validation on wrapFlorin Coras1-1/+3
Type: fix Fixes: 487507f Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia9813ae09d14111dc8edac0fa6ab082e13ab6e2e
2020-05-25api: add new stream message conventionOle Troan1-0/+1
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal reply / request pair. As expressed in the below service statement. Example: service { rpc map_domains_gets returns map_domains_get_reply stream map_domain_details; }; define map_domains_get { u32 client_index; u32 context; u32 cursor; }; define map_domains_get_reply { u32 context; i32 retval; u32 cursor; }; To avoid blocking the main thread for too long, the replies are now sent in client message queue size chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read. The API handler must also include a "cursor" that is used to the next call to the get function. API handler example: REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains, ({ send_domain_details (cursor, rp, mp->context); })); The macro starts from cursor and iterates through the pool until vl_api_process_may_suspend() returns true or the iteration reaches the end of the list. Client Example: cursor = 0 d = [] while True: rv, details = map_domains_get(cursor=cursor) d += details if rv.retval == 0 or rv.retval != -165: break cursor = rv.cursor or the convenience iterator: for x in vpp.details_iter(vpp.api.map_domains_get): pass or list(details_iter(map_domains_get)) Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e Type: feature Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-24tcp: track buffer alloc failuresFlorin Coras2-3/+21
Reported as part of "show tcp stats" Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I499ab4e41d13aaf1a0d060e37f09087e63d09567
2020-05-24ipsec: fixed chaining ops after add footer and icvPiotrX Kleski1-8/+11
In case there is no free space in first buffer for ICV and footer, additional buffer will be added, but esp_encrypt will stay in single buffer mode. The issue happens for the following payload sizes: - TCP packets with payload 1992 - ICMP packets with payload 2004 This fix moves the single/chained buffer ops selection to after esp_add_footer_and_icv call. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ic5ceba418f738933f96edb3e489ca2d149033b79
2020-05-21vcl: support connected udp listensFlorin Coras2-0/+2
Request connected udp listener behavior by setting VPPCOM_ATTR_SET_CONNECTED attribute with vppcom_session_attr Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iba95155c0f41cea8c6e1a4263946270d49c213ac
2020-05-21ip: Dual loop error in midchain chksumNeale Ranns1-1/+1
Type: fix Change-Id: Idf7c80b7d81f796bd0512bca4276bcfcf2af241a Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-19vppinfra: refactor mpcap.hDave Barach1-0/+113
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h> or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new file: src/vnet/mpcap.h. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d
2020-05-19interface: fix interface rx mode config APIJakub Grajciar1-2/+4
Swap byte order for fields of type vl_api_rx_mode_t. Ticket: VPP-1871 Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ia1745257b57209d41661d38067e0dd7618f9a9b9 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> (cherry picked from commit aefcd1a3579ec2c93f606b151d563d87ea211387)
2020-05-17ip6-nd: correct set-ip6-nd-proxy CLI short_helpIgnas Bacius1-1/+1
Type: fix Signed-off-by: Ignas Bacius <ignas@noia.network> Change-Id: Id99a15272f6f12a724a4cfd9de461f1aa6a6a634
2020-05-16l2: L2/L3 mode swicth cleanup and l2-patch fixJohn Lo4-31/+16
Cleanup L2/L3 mode switch to not redirect to/from ethernet-input node as it is no longer necessary. L2 patch should use sw_if_index for device feature enable/disable. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I0f24161d027b07c188fd1e05276146f94c075710
2020-05-16misc: fix typo in set-ipfix-exporter CLI short_helpIgnas Bacius1-1/+1
Type: fix Change-Id: Id6687780b9a740323bd2eef58447864e70dc0235 Signed-off-by: Ignas Bacius <ignas@noia.network>
2020-05-15misc: removed executable bits from source filesRay Kinsella15-0/+0
Identified and removed executable bit from source files in the tree. find . -perm 755 -name *.[ch] -exec chmod a-x {} \; Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
2020-05-15session: track detached listener segment managersFlorin Coras4-7/+77
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iae734a526d2e7befd9738054d028df0062b67000
2020-05-14tcp: fix bogus time update due to missing castFlorin Coras1-1/+2
Type: fix Seems clang needs explicit casting to u64 of u64 and f64 multiplication before truncating to u32 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib0d7a33d4c5e68577e401e854fc3e55e0723da93
2020-05-14lisp: API cleanupOnong Tayeng3-41/+6
Removing the comments around eid_type which seem to have been overlooked by the original patch https://gerrit.fd.io/r/c/vpp/+/24663. Type: refactor Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: I48e1993cf8869cb32e159d1956f3ec1e5943e33f
2020-05-14nat: ED: store both thread&session idx in hashKlement Sekera1-1/+1
By storing thread and session index in hash table we are able to skip multiple hash lookups in multi-worker scenario, which were used for handoff before. Also, by storing sesion index in vnet_buffer2, we can avoid repeating the lookup after handoff. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
2020-05-14ip: fix interface ip address del sw_if_index checkyedg4-6/+27
Type: fix Signed-off-by: Ye donggang <yedg@wangsu.com> Change-Id: Ia9f72ff2be455ecd4ff3d16e884c5a50f9df69fe
2020-05-13sr: fix srv6/srv6-ad/srv6-as promisc mode switchJohn Lo1-16/+10
Calling ethernet_set_flags() to switch interface to/from promiscuous mode must use use hw_if_index instead of sw_if_index. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
2020-05-13gso: remove ordering dependency on esp-encrypt-tunNeale Ranns1-2/+2
Type: fix ... it's not a feature anymore Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ifbcaf7d832aa76336feb0556d0dc7d2002f19c35
2020-05-13interface: fix the checksum offload in quad loopMohsin Kazmi1-20/+25
Type: fix In quad loop, checksum will be calculated for all four packets, if one packet needs checksum computation, without respecting their respective flags. This patch fixes it. Change-Id: I479b420ba0dcbd178ea4180bf05a0e55a6b13843 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-13feature: Config end nodes are user specificNeale Ranns5-24/+41
Type: fix it is possible for a user to change the end node of a feature arc, but this change should only apply to that 'instnace' of the arc, not all arcs. for example, if a tunnel has its ipx-output end node changed to adj-midchain-tx, this shouldn't affect all ipx-output arcs. obviously... Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I41daea7ba6907963e42140307d065c8bcfdcb585
2020-05-13bonding: fix the GSO flagsMohsin Kazmi1-2/+8
Type: fix Only add GSO and Checksum offload flags when gso is enabled. Change-Id: I58945a4ffbb9a0e6a8640fc01424c63feef16306 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-13ipsec: Support 4o6 and 6o4 for SPD tunnel mode SAsNeale Ranns2-38/+65
Type: feature the es4-encrypt and esp6-encrypt nodes need to be siblings so they both have the same edges for the DPO on which the tunnel mode SA stacks. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I2126589135a1df6c95ee14503dfde9ff406df60a
2020-05-13nat: handoff next node feature fixFilip Varga1-1/+1
Type: fix Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-12tcp: avoid rcv wnd less than mssFlorin Coras1-6/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I84ec1c91a3a7b2195aad58923fa6f17f551444cb
2020-05-10ip-neighbor: fix show ip neighbor issueMichael Yu1-5/+4
Fix the issue that vppctl show ip4{6} neighbor [interface] command can't show entries correctly, example: both ip4 and ip6 entries can be shown with command: vppctl show ip4 neighbor. Type: fix Signed-off-by: Michael Yu <michael.a.yu@nokia-sbell.com> Change-Id: I229368b71cd285adce994c8290cc9d7e4c4f5aa6 Signed-off-by: Michael Yu <michael.a.yu@nokia-sbell.com>
2020-05-10ethernet: fix dmac stride errorZhiyong Yang1-1/+1
Type: fix Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com> Change-Id: I617fb365def22a28d48f75013dea38f8e1703a44
2020-05-08ethernet: fix coverity warningDave Barach1-1/+1
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I20daa023eed50f8b42e8dc2d17e47a54aa16ae31
2020-05-07session: catch segment manager alloc failureFlorin Coras1-3/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4ac923fda84feee8d2ad76d0c3e3a252f53008ed
2020-05-06docs: clean up make docs jobPaul Vinciguerra10-11/+15
Type: docs Change-Id: I9b5e5137eb4c1e89f6e8d7a278cd11a0fd496471 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-06crypto: fix coverity issuesFan Zhang1-20/+1
Fix coverity issues in crypto framework and cryptodev engine. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ib261da0163c8182c803600db22c5a6dad5a19999
2020-05-06misc: fix coverity warningsDave Barach1-1/+1
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I51660e4b02f449bd2db12a8cfd395c6c343d2dee
2020-05-05ipsec: User can choose the UDP source portNeale Ranns9-24/+110
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05session: improve .api comments slightlyVratko Polak1-3/+3
Type: style Change-Id: Iccd2c205059abcdf121093ff03da603fe3dda1f7 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-05-05api: ip: add IP_ROUTE_LOOKUP APIChristian Hopps2-0/+83
Add an IP_ROUTE_LOOKUP function that does either an exact match or longest prefix match in a given fib table for a given prefix returning the match if present. Add API test. Type: improvement Signed-off-by: Christian Hopps <chopps@labn.net> Change-ID: I67ec5a61079f4acf1349a9c646185f91f5f11806
2020-05-05gso: add support for IP-IPMohsin Kazmi7-138/+266
Type: feature Change-Id: I37752af8496e0042a1da91124f3d94216b39ff11 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-04ethernet: add sanity checks to p2p_ethernet_add/delDave Barach2-0/+41
Binary API message handlers need to check sw_if_index values. Found in binary api fuzz testing. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I51e717e9260e58a4c36d4d95981fd001be594fed Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-04session: add option to preallocate fifo headersFlorin Coras5-34/+56
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie47546ef36590b90ed481b14cf812afbecf7981c
2020-05-04fib: midchain adjacency optimisationsNeale Ranns25-605/+822
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04tcp: fix max tx sack blocks upper boundFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70c63db91c3512fb724bba4762e3ca1e369ca421
2020-05-04misc: binary api fuzz test fixesDave Barach7-9/+10
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-05-04tap: refactor existing flagsMohsin Kazmi4-17/+30
Type: refactor This patch refactor the existing flags and also add a new flag for packet coalescing. Change-Id: Ic826e4c81313f26d87c475cdf666b06cbed60a3a Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-05-02ip-neighbor: honor walk callback return valueRuslan Babayev1-2/+4
Type: fix Change-Id: I5e1f7c37d612f4666edf2262b457ae0e13f20791 Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
2020-05-01tap: implement sw_interface_tap_v2_dump filtering by sw_if_indexPaul Vinciguerra3-13/+12
Type: feature Change-Id: I6f607f383dc77a71e8712124f7613b38b4ac065a Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>