Age | Commit message (Collapse) | Author | Files | Lines |
|
- crypto code moved to vppinfra for better testing and reuse
- added 256-bit VAES support (Intel Client CPUs)
- added AES_GMAC functions
Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
RPM build errors:
error: Installed (but unpackaged) file(s) found:
/usr/bin/test_infra
Add NO_INSTALL tag in CMakeLists to avoid installing test binary.
Type: fix
Fixes: c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b
|
|
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
|
|
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
|
|
Type: refactor
Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: test
Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
|
|
Location changed and binary renamed to test_infra
Also it is built by default.
Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I64ca5bd3a959190111f61c5311a908d242c10bad
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e
|
|
Disabled by default..
Type: improvement
Change-Id: I36176c009e0873c048874ae38a7ea0a91449235c
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Exploiting AVX-512 operations on avf_tx_prepare().
Type: improvement
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
|
|
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
|
|
- allocates the memory trace spinlock independently from the main heap
- disable tracing on a per thread basis
- make sure we hold the memory trace spinlock when changing tracing
Type: fix
Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: If894b2b741d0d417a6fc458dda83ca1d8192385d
|
|
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
|
|
When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.
Type: improvement
Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
|
|
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
|
|
Type: improvement
Signed-off-by: aihua2013 <51931196@qq.com>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
|
|
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
|
|
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
|
|
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
|
|
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
|
|
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Idbdfdf2d3fdbb64366f50d5a7458c4073a4f2746
|
|
Account for the potential of sysconf() returning -1 if it can not
get the page size and make it a fatal error.
Coverity: 277313
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628
|
|
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec
Multi-Buffer library checks for both AVX2 and BMI2 sets during init.
VirtualBox VM doesn't provide BMI2 by default to guest operating system.
Result is that VPP plugin decides to use AVX2 initialization and library
then doesn't do it. Since flush_job remains empty, the self-check fails
and with that the whole VPP crashes on start-up.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
|
|
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP handling a lot of tunnels for
Wireguard, where one thread modify the hash table and other threads
starting to lookup at the same time.
The fix add a local variable to store how many bits are used by a user
object.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iecf6b3ef9f308b61015c66277cc459a6d019c9c1
|
|
fixes coverity 282527
Type: fix
Fixes: fecb2524ab
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9ac72c3802e66369a8f24c92451e33f22c058f24
|
|
Type: fix
fixes: 561ae5d
Change-Id: I0d98f5b43bc9ab5d31463b285177a11a10b864d2
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.
Type: feature
Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
|
|
Type: improvement
Change-Id: I3fbbda0378b72843ecd39a7e8592dedc9757793a
Signed-off-by: Damjan Marion <dmarion@me.com>
|
|
When checking for CLIB_SANITIZE_ADDR to enable specific behavior for
AddressSanitizer, we must have vppinfra/clib.h included as it is defined
there.
Type: fix
Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Zero-initialize the temporary struct.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I8d73feae427a17470c47d1551ba7078213b589fc
|
|
Fix a copy-n-paste issue that left clib_bitmap_set()'s return
type documentation incorrect. Chnage it to indicate that
the function returns a new pointer for the bitmap that could
be different due to a possible reallocation.
Type: docs
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ia193c4673c0e4d1760e91cd7f80ebe1868a3c9b5
|
|
format_base10 reads 64b but is fed 32b values at the callsite; change
to u64 consistently. The function has only one call site in
interface/monitor.c which has a few additional bugs (spurious
character, and ambiguous 'bits' versus 'bytes' in the output).
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
|
|
This patch enables statistics from the Arm PMUv3 through the perfmon
plugin.
In comparison to using the Linux "perf" tool, it allows obtaining
direct, per node level statistics (rather than per thread). By accessing
the PMU counter registers directly from userspace, we can avoid the
overhead of using a read() system call and get more accurate and fine
grained statistics about the running of individual nodes.
A demo of perfmon on Arm can be found at:
https://asciinema.org/a/egVNN1OF7JEKHYmfl5bpDYxfF
*Important Note*
Perfmon on Arm is dependent on and works only on Linux kernel versions
of v5.17+ as this is when userspace access to Arm perf counters was
included.
On most Arm systems, a maximum of 7 PMU events can be configured at once
- (6x PMU events + 1x CPU_CYCLE counter). If some perf counters are in
use elsewhere by other applications, and there are insufficient counters
remaining to open the bundle, the perf_event_open call will fail
(provided the events are grouped with the group_fd param, which perfmon
currently utilises).
See arm/events.h for a list of PMUv3 events available, although it is
implementation defined whether most events are implemented or not. Only
a small set of 7 events is required to be implemented in Armv8.0, with
some additional events required in later versions. As such, depending on
the implementation, some statistics may not be available. See Arm
Architecture Reference Manual for Armv8-A, D7.10.2 "The PMU event number
space and common events" for more information.
arm/events.c:arm_init() gets information from the sysfs about what
events are implemented on a particular CPU at runtime. Arm's
implementation of the perfmon source callback .bundle_support uses this
information to disable unsupported events in a bundle, or in the case
no events are supported, disable the entire bundle.
Where a particular event in a bundle is not implemented, the statistic
for that event is shown as '-' in the 'show perfmon statistics' cli
output, by disabling the column.
There is additional code in perfmon.c to only open events which are
marked as implemented. Since we're only opening and reading events that
are implemented, some extra logic is required in cli.c to re-align
either perfmon_node_stats_t or perfmon_reading_t with the column
headings configured in each bundle, taking into account disabled
columns.
Userspace access to perf counters is disabled by default, and needs to
be enabled with 'sudo sysctl kernel/perf_user_access=1'.
There is a check built into the Arm event source init function
(arm/events.c:arm_init) to check that userspace reading of perf counters
is enabled in the /proc/sys/kernel/perf_user_access file.
If the above file does not exist, it means the kernel version is
unsupported. Users without a supported kernel will see a warning
message, and no Arm bundles will be registered to use in perfmon.
Enabling/using plugin:
- include the following in startup.conf:
- plugins { plugin perfmon_plugin.so { enable }
- 'show perfmon bundle [verbose]' - show available statistics bundles
- 'perfmon start bundle <bundle-name>' - enable and start logging
- 'perfmon stop' - stop logging
- 'show perfmon statistics' - show output
For a general guide on using and understanding Arm PMUv3 events, see
https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/arm-neoverse-n1-performance-analysis-methodology
Type: feature
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I0620fe5b1bbe78842dfb1d0b6a060bb99e777651
|
|
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Sergey Matov <sergey.matov@travelping.com>
Change-Id: I4ec1a68b7266f05ab7c543cd8207afb29e740743
|
|
Type: fix
Change-Id: I1e8655baaf09b455f7f0052452402a372f738d0f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
|
|
Type: improvement
Change-Id: I7489327d8b9c5f69b4ceb2159456f00f8a3612df
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
reset the memory trace if mem trace is turned on
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: Ib99355b9ed42ff66c720bbea5cbbf03c65820d12
|
|
Type: improvement
Change-Id: I20b41537a249a55f01004e45392b34adaa8fd792
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
|
|
Type: fix
pool_is_free_index() check is performed only for the first element
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
|
|
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
|