aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2024-04-23ipsec: fix CLI for create ipsec itfGabriel Oginski1-3/+6
This commit adds missing support in CLI for creating ipsec itf in p2mp mode. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I1bd1cc6667625b8e527af8d25bd8e723751dbc41
2024-04-23octeon: add promisc supportGuillaume Solignac1-0/+41
We add the capability to enable and disable promiscous mode on the octeon port. Type: feature Signed-off-by: Guillaume Solignac <gsoligna@cisco.com> Change-Id: I9a1464d2e1e8a0570ff16e221a4896aedc3ed6f8
2024-04-23ikev2: uptimeDenys Haryachyy7-8/+432
Introduced SA and child SA uptime. Type: improvement Change-Id: I28cf9f90d35ebe035a31ed0a985a5e462c8536a8 Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-04-22octeon: add support for SDP deviceMonendra Singh Kushwaha2-6/+15
This patch adds support for SDP (System DPI Packet Interface Unit) device. Type: feature Change-Id: Idf1f53b151edf2992613746d5818409187b4b051 Signed-off-by: Monendra Singh Kushwaha <kmonendra@marvell.com>
2024-04-22vlib: Place linux pci headers in a linux include blockTom Jones1-0/+2
Type: improvement Change-Id: I6b30ffd1eabfa9544d548082b7e38b8fe7224c07 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-22nat: add saddr info to nat44-ed o2i flow's rewritelijh_71-0/+2
Type: fix Change-Id: Ic303ff9b21872b7cc31f23c92e48ec3737eeb8fe Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-19ipip: specify af for a tunnel ip addressesAnton Nikolaev1-11/+12
Currently ipip tunnel allows to use an empty addresses for dst when we trying to add tunnel, but it doesn't return it correctly on ipip dump call. There is case when we create an ipip tunnel with an empty ipv6 address, address is zero, but AF is ipv6. And when we dump ipip tunnels we get an emtpy ipv4 address instead of an empty ipv6 address. There is no point to detect AF for each address in send_ipip_tunnel_details, because ipip tunnel can't handle different AF for src and dst addresses, and prohibits creating ipip tunnel with different AF of dst and src addresses. With this fix, send_ipip_tunnel_details function return a correct AF despite address value. Type: fix Change-Id: Ib343293ad79a300cdb70135fffbfd156dfef6e27 Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
2024-04-18sr: use correct reply to sr_policy_add_v2Vratko Polak1-1/+1
Type: fix Fixes: c4c205b091934d96a173f4c0d75ef7e888298ac7 Change-Id: I110729601a9f19451297883b781ec56e2b31465b Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2024-04-17session: force session cleanups on app detachFlorin Coras1-6/+23
Force transport and session cleanup on session detach if transport is already closing. This should also avoid races between transport initiated session cleanups and pending session control events. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
2024-04-15ip: fix comments for icmp4lijinhui1-1/+1
Type: fix Change-Id: I5f309ca4db4ae4a3e475d87b8f0188c4ead5e562 Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-15crypto-sw-scheduler: crypto-dispatch improvementNiyaz Murshed1-0/+7
Currently sw_scheduler runs interchangeably over queues of one selected type either ENCRYPT or DECRYPT, then switches the type for the next run. This runs perfectly when we have elements in both ENCRYPT and DECRYPT queues, however, this leads to performance degradation when only one of the queues have elements i.e either all traffic is to be encrypted or decrypted. If all operations are encryption, then 50% of the time, the loop exits without dequeueing.With this change, that dequeueing happens on every loop. This increases the performance of single mode operation (ecryption or decryption) by over 15%. This change was also added in commit https://github.com/FDio/vpp/commit/61cdc0981084f049067626b0123db700035120df to fix similar performance issue when the crypto-dispatch node is in interrupt node, however was removed by https://github.com/FDio/vpp/commit/9a9604b09f15691d7c4ddf29afd99a31e7e31eed which has its own limitations. Type: improvement Change-Id: I15c1375427e06187e9c4faf2461ab79935830802 Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
2024-04-15linux-cp: fix seg fault in get_v2 methodsAnton Nikolaev1-2/+9
vl_api_lcp_itf_pair_get_v2_t_handler method was not be able to handle invalid sw_if_index, it caused a seg fault. With this fix, the method checks for an invalid sw_if_index and sends error back to caller. Type: fix Change-Id: I4e89b0cab34f9109c4ce2689021ecfc2786055ab Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
2024-04-11g2: fix gpointer cast complaintsFlorin Coras2-12/+13
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iadd6a4dd928002e764fc52343c14403620279aa7
2024-04-11stn: fix non-NULL terminated string overflowBenoît Ganne1-1/+1
Type: fix Change-Id: I9d7e6dd099cf9f4b7f6bb06d9e8a17fac7d7e772 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-11tcp: check for header truncationBenoît Ganne1-1/+3
Type: fix Change-Id: I0a43a37971d03a700926d59e848f0b6e6dbeb19a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-10session: add api to detach session from appFlorin Coras3-4/+17
Type: improvement Change-Id: Ib824d0ca9efc7d8967e043db69017655b2dcf6b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-10vlib: fix vlib_buffer_free_inline() AVX-512 overflowBenoît Ganne1-1/+1
'queue' is declared on the stack and must be big enough to handle queue_size + max processed elements per loops. When AVX-512 was added, this additional max was not increased from 4 to 8 accordingly. Type: fix Fixes: 767a9ab4b1 Change-Id: I15f2f930fc316f92da2e4642f41852d856c06a48 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-10build: use GNUInstallDirs where possibleWim de With6-11/+11
Some installation destinations were already converted to the GNUInstallDirs standard in e3cf4d0cf. This patch converts the share and include directories (typically /usr/share and /usr/include respectively) as well. Type: improvement Change-Id: Id481b16604f3f52203166a5c0647f43d6eb05239 Signed-off-by: Wim de With <wf@dewith.io>
2024-04-09vppinfra: add support for precomputed SHA2 HMAC key and chained buffersDamjan Marion1-209/+285
Change-Id: Ic1fa3bd164e80c2ca1146be001870da0238a5f2e Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-09acl: Use clib_net_to_host rather than library bswapTom Jones1-3/+3
Type: improvement Change-Id: I51345fb75843c67c6bf6a4c56380e1f0899c45b1 Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-09fib: fix off-by-one error in rewrite length checkBenoît Ganne1-2/+2
The rewrite string can be up to max_size, and max_size can be up to VNET_REWRITE_TOTAL_BYTES. Don't waste the last byte. Type: fix Change-Id: I2fb7e9873b6b4c1e6a55b172c7f753f3c5910802 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-04-09mpls: fix default mpls lb hash configVladislav Grishenko3-121/+125
In case of multiple path within tunnel, mpls lookup node computes lb hash with mpls_compute_flow_hash config value 0, so only mpls label and l4 ports gets accounted, not 5-tuple. This leads to flow traffic polarization and disbalance over mpls paths. Use mpls hash config from lb instead, usually it'll be MPLS_FLOw_HASH_DEFAULT with 5-tuple plus flowlabel. As optimization, fix flow hash reuse from the previous lookup node if present, like ip_lookup does. Previously mpls lookup always calcs the hash. Test lb distribution for both cases. Also, use the same flow hash hex format in ip4/ip6 and mpls traces for easier reading, most code changes is due fixstyle formatting. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ib89e1ab3edec14269866fe825a3e887d6c817b7c
2024-04-09vnet: fix ARP for unnumberedPim van Pelt1-15/+14
On unnumbered interfaces, ARP fails because there is no attached route. Allow replies to peer-to-peer addresses on unnumbered interfaces: eg. 192.0.2.1/32 <-> 192.0.2.2/32 Type: fix Change-Id: Ibeb8d8ebc8d58d5bfb0724739a17694e0217356e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2024-04-08tls: fix session state update on acceptFlorin Coras1-1/+3
Only set state to ready if session is not already closing. Type: fix Change-Id: Ic95667f43ed09d693f1cf7c9f1c16f7f995ea2d8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-08vppinfra: fix mask compare and compress OOB readsDmitry Valter3-33/+297
Use mask_load_zero to avoid out-of-buffer reads in vectorized function versions. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Change-Id: I12bcb817ccf2db210c1c99fdfa444dc3f540035b
2024-04-05octeon: fix memory ordering issue in tx batch freeDamjan Marion4-19/+42
Type: fix Fixes: 01fe7ab Change-Id: I4425e809f0977521ddecf91b58b26fe4519dd6e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-05session: fix cleanup for refused sessionsFlorin Coras1-6/+7
Type: fix Change-Id: I739b7129c7e5a3fccefcdeeaf7f4a298223dd8eb Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-05octeon: fix buffer free on full tx ringDamjan Marion1-4/+4
Type: fix Fixes: 01fe7ab Change-Id: I4419107c4bcb7f85b76addfc62178b6e75e10a52 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-05api: fix [un]formatting in vpp/api/types.cKlement Sekera3-26/+54
vl_api_prefix_t.len is 1 byte only, but unformat %d writes 4 bytes add helper functions unformat_u(8|16) which don't write more than appropriate amount of bytes fix other similar errors in vpp/api/types.c Type: fix Change-Id: I74a61a377147c373f8c25ed083052b2287763c39 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-04-04ip6: fix icmp trace flag copyMaxime Peim1-1/+1
Type: fix Change-Id: I56c1a2717f197c889425449b37f51b0f2cc89ea5 Signed-off-by: Maxime Peim <mpeim@cisco.com>
2024-04-03tests: upgrade python packagesDave Wallace1-21/+35
Type: test Change-Id: I01500466f3d15c79e38028677ce7e5c75d427fdc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-04-02session: fix closing ntfs handling for refused sessionsFlorin Coras1-0/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1464e93cd3020eaa26068df558924e39dd255ccb
2024-04-02fib: coverity 335348 out-of-bounds accessDave Wallace1-2/+6
- also fix memory leak in adj_glean_walk_proto() Type: fix Change-Id: I3cd72b14506e6bfc9d8d77a65d7b9b2703992367 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2024-04-02vppinfra: fix array_mask_u32 underrunDmitry Valter1-0/+1
Properly handle small buffers in the AVX256 version of array_mask_u32. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Fixes: f62ed3f9c1ec3e8db36f63d6a54f46b7bea43723 Change-Id: Idf1cb43ccf37bd7c439d11e4f68fe30064c6d09a
2024-04-02api: fix rx timeout thread busy loop after reconnectVladislav Grishenko1-0/+2
After memclnt api client disconnect, read timeout is set to zero and stays the same even after same client reconnect. It causes client process to spin in timeout loop up to 100% cpu. Fix it by resetting timeout process state upon every (re)connect. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I56812972a69c343f869eebbdfebdcbefd3d201e0
2024-04-02map: BR rule lookup updateDan Geist4-7/+39
Update to the MAP rule lookup (in IPv6) based on the rule's source prefix instead of DMR Type: improvement Per RFC, the DMR is allowed to serve multiple MAP Basic Mapping Rules, but this capability was prevented by the above logic. Updates to the code include populating a new hash table based on the MAP rule ip6 prefix and length, changing several functions to reference this new table, and slight alterations to a few functions regarding pre-lookup bitmasking. All changes are commented with [dgeist] and are in need of peer review, especially the bitmask alterations. An attempt was made at generating an additonal MAP rule in the test_map_br test harness, but the coding appears very much oriented towards testing just one rule. I would appreciate suggestions on how to test multi-rule cases. Issue: VPP-2111 Change-Id: Id1fea280eba625e23cd893575d9b63aac7f48405 Signed-off-by: Dan Geist <dan@polter.net>
2024-04-02vapi: avoid memory leakKlement Sekera1-1/+1
Erase removed elements to avoid memory leaks. Type: fix Change-Id: I1605bea8df7e08455691364efb0a12eb0d9dae93 Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
2024-04-02lb: fix using vip after freeGeorgy Borodin1-3/+3
fix use of vip after it was deleted Type: fix Fixes: 041eacc81656d2ed5bc01b96b15a7d03a1700f13 Change-Id: I5723485c5da7507fbc6c86ff6eb9f77127439f67 Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2024-04-02l2: fix vxlan src port entropy with mpls payloadVladislav Grishenko1-1/+5
l2 tunnels like vxlan, gtpu, geneva use vnet_l2_compute_flow_hash() to compute flow hash for udp src port entropy. In case of inner mpls tunnels to the same lsr ethernet src and dst macs are the same, so l2 flow hash is also the same leading to no src port entropy and the only rss queue overflow on receiver side. Fix it for all the possible vnet_l2_compute_flow_hash callers by making mpls playload hash in additon to ip4/ip6. Visible performance impact is not expected as it's only one check for mpls ethertype for common cases. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I69153d42fb3d7c094a670c674fac8d14039c626a
2024-04-01linux-cp: add support for tap num queues configVladislav Grishenko3-2/+39
This change allows to limit lcp interface queues to be used by explicit host interface workers. Type: improvement Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: I0626f66021e5a5f251470156231dc44ddaea5ee6
2024-04-01fib: add early config support for IP and IP6 default FIB table namesJon Loeliger5-12/+82
Type: improvement Change-Id: I8c248d9e224bd069b641a174da57d448371470af Signed-off-by: Jon Loeliger <jdl@netgate.com>
2024-04-01vhost: Only enable plugin on LinuxTom Jones1-0/+2
Type: improvement Change-Id: I6cf5adbd609d911e15dcc6d976cda4ad21ce89ad Signed-off-by: Tom Jones <thj@freebsd.org>
2024-04-01vlib: fix counter_index checklijinhui1-3/+5
Ensure counter index is valid before using it to lookup the counter. Type: fix Change-Id: I423c7a6aa6b65f6367b18d8e99cf40f52e06b416 Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
2024-04-01octeon: specify pool when alloc buffersDamjan Marion1-1/+2
Type: fix Fixes: 01fe7ab Change-Id: I72fdaca250468d91a31efcce2fb447c97ba49dc7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-01octeon: refill even if nothing dequeued from rx queueDamjan Marion1-5/+6
It may happen that rx queue is empty of free buffers due to previous alloc failure. Type: fix Fixes: 01fe7ab Change-Id: I344dcda11525444bd1358b3d36ffdf8ab9aa2677 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-30ipsec: fix clang compile issueKai Ji1-3/+0
Type: fix Change-Id: Ic015b37e18a43c49c3fb3dbff284a17fa2c5fd99 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2024-03-30tls: fix rescheduling when no data availableFlorin Coras1-2/+5
Don't force tx rescheduling of tls session if no forward progress is made. The session will still be rescheduled by the session infra if there's pending tx data. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic57b6ee79969055cec782938668c054bcc39f206
2024-03-29session: fix api coverity warningsFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
2024-03-29session: add new api for enq tx io eventsFlorin Coras2-2/+10
Type: improvement Change-Id: Iefe5c2e610a26241a88ca783ac548fd8f2317bb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-29session: use custom types for session flags and stateFlorin Coras1-16/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04f836d09a1cbd5a5b55dc64359d2d761dfc4988