aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-03-06flow dpdk: introduce IP in IP support for flowXinyao Cai3-29/+305
This patch introduces IP in IP packet support for flow cli and dpdk plugin. Specifically, the following IP in IP packet types are supported: MAC-IPv4-IPv4-TCP/UDP/None, MAC-IPv4-IPv6-TCP/UDP/None, MAC-IPv6-IPv4-TCP/UDP/None, MAC-IPv6-IPv6-TCP/UDP/None, IP in IP flow rules can be created by using the following new keywords in vppctl: in-src-ip, in-dst-ip : to provide information for inner IPv4 header in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header in-proto : to specify inner transport layer protocol type (TCP or UDP) in-src-port, in-dst-port : to provide information for inner TCP/UDP header An example to create flow rule for MAC-IPv6-IPv6-TCP: test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default Another example to create flow rule for MAC-IPv6-IPv6: test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default Type: feature Signed-off-by: Xinyao Cai <xinyao.cai@intel.com> Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
2023-03-06vppinfra: fix clib_bitmap_will_expand() result inversionVladislav Grishenko2-1/+51
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(), so every put except ones that leads to free_bitmap reallocation will get false positive results and vice versa. Unfortunatelly there's no related test and existing bitmap tests are failing silently with false positive result as well. Fortunatelly neither clib_bitmap_will_expand() nor pool_put_will_expand() are being used by current vpp codebase. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
2023-03-06crypto: make it easier to diagnose keys use-after-freeBenoît Ganne1-2/+2
Type: improvement Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06snort: fix descriptor offset may be truncated if buffers num too largejiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb
2023-03-06interface: fix 4 or more interfaces equality comparison bug with xor ↵lijinhui1-5/+4
operation using (a^a)^(b^b) Type: fix Signed-off-by: lijinhui <lijh_7@chinatelecom.cn> Change-Id: I80783eed2b819a9e6fd4cee973821c9d97c285a6
2023-03-06vppinfra: display only the 1st 50 memory traces by defaultBenoît Ganne2-3/+5
When using memory traces it can take a long time to display all traces bigger than 1k if there are lots of them, especially as we need to resolve symbols. It is better to display only the 1st 50 by default, unless verbose is used. Also fix the help string. Type: improvement Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-06stats: fix node name compare error when updating stats segmentXiaoming Jiang1-1/+1
Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib39aa345415720dd05a1b3e12e3e03eac43c5606
2023-03-06memif: autogenerate socket_idsNathan Skrzypczak5-0/+181
This patch adds an API memif_socket_filename_add_del_v2 that allows autogenerating memif socket_id when passing ~0 in the socket_id field. It opportunistically walks the hash to find a free ID to use, and returns it in the reply. socket_filename also becomes a variable length string, to accomodate for longer names (in case a netns gets passed) Type: feature Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-03-02wireguard: add barrier to sync dataGabriel Oginski6-32/+43
The current implmentation of the hash table is not thread-safe. This design leads to a segfault when VPP is handling a lot of tunnels for Wireguard, where one thread modifies the hash table and other threads start the lookup at the same time. This fix adds a barrier sync to the hash table access when Wireguard adds or deletes an element. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
2023-03-02stats: expose symlink to stats clientOle Troan2-4/+6
For e.g. prometheus export it makes more sense to use the same metric name, and expose the various symlinks as labels. The VPP symlink metric: /interfaces/local0/rx_unicast that points to /if/rx_unicast Becomes in Prometheus: interfaces_rx_unicast_bytes{index="0",label="local0"} 0 Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
2023-03-01docs: fixed to use unified "pcap trace" commandNobuhiro MIKI3-5/+5
Type: docs Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace") Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp> Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
2023-03-01vcl: accept bound notifications in epoll waitFlorin Coras1-0/+3
Async binds may be possible due to vls generated async binds as a result of application adding or removing listeners from epoll. App does not need to be notified of the event. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
2023-03-01vcl: accept vcl spurious wakeup in epoll wait eventfdFlorin Coras1-1/+5
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid returning zero events to app without timeout. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
2023-03-01vcl: close libc epfd on vls epfd closeFlorin Coras1-7/+7
Nginx recreates epfds. Make sure ldp tracks the event and recreates the libc epfd or eventfd flavor of epoll pwait will not work. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
2023-03-01vcl: only add sessions to lt list if neededFlorin Coras1-1/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I777979dbb89f9af774533cb280e77af58b81fb29
2023-03-01udp: fix optimistic assert for UDP RXMohammed Hawari2-1/+6
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2023-03-01vcl: fix undeclared UDP_SEGMENT for centos 8Tianyu Li1-0/+4
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT declared, define UDP_SEGMENT to right value if not defined. Type: fix Fixes: eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
2023-02-28session: consolidate port alloc logicFlorin Coras4-52/+36
Move port allocation logic from transports into generic transport layer. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
2023-02-28tcp: add dispatch errors to countersFlorin Coras1-9/+10
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I27112947071a757065162f0e50f69983d258525d
2023-02-28vcl: use program invocation name in ldp app nameFlorin Coras1-3/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2c97faa2cdca32d083aabc3344c8fe67c74ff2fd
2023-02-28vcl: handle lt events in epoll ctlFlorin Coras1-18/+26
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8
2023-02-27vcl: improve vls handling of shared listenersFlorin Coras3-54/+49
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a
2023-02-27wireguard: fix potential leaks of async frameGabriel Oginski1-12/+12
The current implementation can cause memory leaks of async frames and exhaust the async frames pool. Wireguard can early get async frame, even when later it turns out it is not needed. Then such frame won't be freed. This fix changes the moment of acquiring async frame from the pool, so it doesn't leak. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
2023-02-25tcp: fix error countersFilip Tehlar4-44/+43
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
2023-02-23srtp: fix build on ubuntu-22.04Dave Wallace1-1/+1
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed the 'ekt' field in srtp_policy_t to 'deprecated_ekt'. Type: fix Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2023-02-20session: track app session closesFlorin Coras2-2/+9
Make sure applications, especially builtin ones, cannot close a session multiple times. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
2023-02-20vcl: ldp support for ip_pktinfoFlorin Coras4-87/+245
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55
2023-02-16vcl: fix incorrect ldp worker in ldp_epoll_pwait()Liangxing Wang1-1/+5
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait() is called. In this function, epoll fd was created on one thread, but it is now used on another thread. The vcl worker index is still invalid, so the fetched ldp worker is also invalid and can corrupt some already allocated memory. Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid before getting the ldp worker in ldp_epoll_pwait(). Type: fix Signed-off-by: Liangxing Wang <liangxing.wang@arm.com> Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
2023-02-16wireguard: move buffer when insufficient pre_data leftAlexander Skorichenko1-14/+24
Currently wg-output-tun() doesn't check if a buffer has enough space for prepending an ethernet header (wg header over ipv6 vxlan header case leaves only 8 bytes free). In such a case move buffer's content. Type: fix Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0 Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
2023-02-16session: ignore zero length dgramsFlorin Coras1-1/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
2023-02-13rdma: always use 64 byte CQEs for MLX5Nathan Brown1-5/+23
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA plugin to be unable to create completion queues. Since the RDMA plugin expects the CQEs to be 64 bytes, set the cqe_size explicitly when creating the CQ. This avoids any issues with different values for the MLX5_CQE_SIZE environment variable. Type: improvement Signed-off-by: Nathan Brown <nathan.brown@arm.com> Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
2023-02-10sr: support define src ipv6 per encap policyTakeru Hayasaka5-48/+313
Can to define src ip of outer IPv6 Hdr for each encap policy. Along with that, I decided to develop it as API version V2. This is useful in the SRv6 MUP case. For example, it will be possible to handle multiple UPF destinations. Type: feature Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435 Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-02-08session: accept lcl ip updates on cl sessionsFlorin Coras1-0/+2
Allow apps/vcl to provide updated local ips for dgrams. In particular, allow sessions bound to 0/0 to send data with valid local ips. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
2023-02-08avf dpdk: fix incorrect handling of IPv6 src address in flowTing Xu2-3/+4
In current flow creating process in native avf and dpdk-plugins, when parsing the input arguments, it does not copy IPv6 src address correctly, so that IPv6 src address will not be configured in any flow rule, and any packet with the same address will not be matched. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
2023-02-08avf: fix incorrect flag for flow directorTing Xu1-2/+1
When parsing flow action type in avf, there is an incorrect flag for flow director, which makes flow director rule created unexpectedly. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
2023-02-08avf: fix checksum offload configurationTing Xu2-3/+1
Fix some configurations of avf checksum offload to get the correct udp and tcp checksum. Change Tx checksum offload capability since avf supports ipv4, tcp and udp offload all. Remove the operation to swap bit of checksum. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
2023-02-08avf: fix bit calculation function fls_u32Ting Xu1-1/+1
In avf the function fls_u32 is used to calculate the power of 2. Fix the expression of this function. Type: fix Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
2023-02-08ip6-nd: support dump/details for IPv6 RAAlexander Chernavin5-98/+470
Type: improvement With this change, add support for dumping IPv6 Router Advertisements details on a per-interface basis (or all). Also, cover that with a test. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
2023-02-08ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne3-29/+65
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C). Chaining IVs like is done by ipsecmb and native backends for the VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable. Encrypt a counter as part of the message, making the (predictable) counter-generated IV unpredictable. Fixes: VPP-2037 Type: fix Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-07vcl: drop lock on segment attach failureFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
2023-02-07vcl: add ldp implementation for recvmmsgFlorin Coras1-31/+39
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
2023-02-07vcl: better handlig of ldp apis that rely on gnu sourceFlorin Coras6-91/+139
Control use of apis that rely on _GNU_SOURCE being defined with compile time macro. Also fixes sendmmsg and recvmmsg which were not probably wrapped. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
2023-02-06vppinfra: refactor clib_socket_init, add linux netns supportDamjan Marion8-347/+494
Type: improvement Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52 Signed-off-by: Damjan Marion <dmarion@me.com>
2023-02-06ipsec: fix async crypto linked keys memory leakBenoît Ganne1-1/+6
Type: fix Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-02-03session: fix out of bounds event memcpyFlorin Coras1-3/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
2023-02-03nat: fix accidental o2i deletion/reuseDmitry Valter1-0/+6
Nat session is allocated before the port allocation. During port allocation candidate address+port are set to o2i 6-tuple and tested against the flow hash. If insertion fails, the port is busy and rejected. When all N attempts are unsuccessful, "out-of-ports" error is recorded and the session is to be deleted. During session deletion o2i and i2o tuples are deleted from the flow hash. In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers to **some other** session that's known to be allocated. By backing match tuple up session should be invalidated well enough not to collide with any valid one. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
2023-02-03vppapigen: fix incorrect comments in jsonOndrej Fabry2-1/+4
Type: fix Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
2023-02-02tls: openssl: fix SSL_read partial read scenarioOfer Heifetz1-8/+10
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
2023-02-02linux-cp: fix auto-sub-intStanislav Zaikin2-1/+5
lcp_itf_pair_pool could grew during sub-interface creation. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
2023-02-02ip: fix ip ACL tracesBenoît Ganne1-6/+9
If we match a next table, we must save its index in the trace instead of the index of the 1st table. Type: fix Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0 Signed-off-by: Benoît Ganne <bganne@cisco.com>