aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-09-19igmp: validate ip router alert option lengthVladislav Grishenko1-0/+5
It's known there're one or more 32-bit increments in the ip header. So just check ip router alert option length with minimal performance impact, and don't care of the total options length. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
2022-09-19abf: add API parameter n_paths range checksJon Loeliger3-43/+56
Also check for non-zero rpath length in CLI cmd. While there, no need to use "else" after a return. Also while there, notice and fix numerous input_line buffer leaks and fix them. Type: fix Fixes: 669d07dc016757b856e1014a415996cf9f0ebc58 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
2022-09-19build: install missing headersBenoît Ganne1-1/+6
Type: fix Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19teib: fix segv during failed deletion of entryMatthew Smith1-2/+1
Type: fix If an attempt is made to delete a teib entry and the entry does not exist, a message is logged. The format string contained an extra "%U", which results in a segv. Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-19arp: update error reason when checking for proxy-arpBenoît Ganne1-1/+0
When we follow arp feature arc for proxy-arp, we should still update the error reason in case proxy-arp cannot handle the arp request and drops it. Type: improvement Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-19linux-cp: fix some CLI error messagesMatthew Smith1-79/+71
Type: fix If unrecognized input was provided to the commands which add or delete a pair, the error message was being created incorrectly and only displayed something like "unknown input `'". Provide the correct argument to format_unformat_error so that the actual unrecognized input is printed. There also was no error or useful information printed if only the base command were provided without any additional arguments. This should print a warning about what required data was missing. Reorganize code to handle this and to make sure that memory gets freed appropriately. Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-09-18lisp: fix coverity 277315Andrew Yourtchenko1-0/+5
Handle the case of the mapping not being found by GID. Type: fix Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-09-16virtio: add support for per queue packet counterMohsin Kazmi5-0/+28
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9
2022-09-15vcl: add hugepage for vcl configure and svmJunfeng Wang10-8/+33
add hugepage for vcl configure and svm Type: feature Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
2022-09-15session: support dma optionMarvin Liu3-20/+257
add dma support to session, acclerate host-stack with dma Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Signed-off-by: Junfeng Wang <drenfong.wang@intel.com> Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
2022-09-15prom: fix coverity 277312, 277317Andrew Yourtchenko1-0/+2
If one attempts to add a pattern with zero length, first time it will succeed, and the second time it will cause an invalid memcmp call. Solution: do not allow to add zero-length patterns. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2
2022-09-15nat: fix nat44-ed port range with multiple workersVladislav Grishenko4-8/+15
The number of available dynamic ports is set to (0xffff - 1024) = 64511, which is not divisable by the pow2 number of workers - the only integer divisors are 31 and 2081. So, total dynamic port range of all workers will be less than it: 1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536 2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535 4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533 8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529 ... As seen, with multiple workers there are unused trailing ports for every nat pool address and that is the reason of out-of-bound index in the worker array on out2in path due (port - 1024) / port_per_thread math. This was fixed in 5c9f9968de63fa627b4a72b344df36cdc686d18a, so packets to unused ports will go to existing worker and dropped there. Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6: 6. Port Number Ranges o the System Ports, also known as the Well Known Ports, from 0-1023 (assigned by IANA) o the User Ports, also known as the Registered Ports, from 1024- 49151 (assigned by IANA) o the Dynamic Ports, also known as the Private or Ephemeral Ports, from 49152-65535 (never assigned) According that let's allocate dynamic ports from 1024 and have full port range with a wide range of the workers number - 64 integer divisors in total, including pow2 ones: 1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536 2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536 3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536 4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536 5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534 6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536 7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536 8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536 ... Modulo from 5c9f9968de63fa627b4a72b344df36cdc686d18a is still required when the numbers of workers is not the integer divisor of 64512. Type: fix Fixes: 5c9f9968de63fa627b4a72b344df36cdc686d18a Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-09-15ip-neighbor: fix debug log format outputluoyaozu1-4/+3
Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4
2022-09-14ip: show fib index in ip4 reassembly traceDamjan Marion1-28/+25
Type: improvement Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-14ipsec: make chacha20-poly1305 available via APIVladimir Ratnikov4-14/+27
Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98
2022-09-12vlib: add vlib_frame_bitmap_is_bit_setDamjan Marion1-0/+8
Type: improvement Change-Id: I2f3fab893a10b060f91b07ee17b8727d241830ea Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-12ipsec: introduce fast path ipv4 inbound matchingPiotr Bronowski9-164/+628
This patch introduces fast path matching for inbound traffic ipv4. Fast path uses bihash tables in order to find matching policy. Adding and removing policies in fast path is much faster than in current implementation. It is still new feature and further work needs and can be done in order to improve perfromance. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
2022-09-09fib: fix path copy function to deal with provided DPO in exclusive pathDamjan Marion1-0/+6
DPO in the new copy was not locked ... Type: fix Fixes: 0bfe5d8 Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6 Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-09vlib: don't leak node frames on reforkDmitry Valter9-16/+26
Free node frames in worker mains on refork. Otherwise these frames are never returned to free pool and it causes massive memory leaks if performed under traffic load Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
2022-09-09vppinfra: add clib_array_mask_set_u32()Damjan Marion1-0/+33
Type: improvement Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-09-09nat: fix nat44-ed-in2out fast path next nodeJing Peng1-1/+1
When a session is found expired, the next node of in2out fast path should be in2out slow path instead of out2in slow path. Type: fix Signed-off-by: Jing Peng <jing@meter.com> Change-Id: If1dd920502089c25b33bea5434823b0496a44499
2022-09-09fib: missing headersDamjan Marion1-0/+2
Type: improvement Change-Id: I7f52222706200c31a731fadfb84513549ccb532d Signed-off-by: Damjan Marion <dmarion@me.com>
2022-09-08wireguard: eliminate some calls to main threadMatthew Smith1-4/+10
Type: improvement Roaming functionality allows the peer address to change. The main thread was being called to update a peer's address if necessary after processing a received packet. Check in the worker whether this is necessary before incurring the overhead of the RPC to the main thread. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45
2022-09-08avf: check for VLAN_TOGGLE capabilityMohammed Hawari1-0/+6
The ability to modify the vlan setting must be checked prior to using VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan stripping Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897 Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-09-07dpdk-cryptodev: reduce request to enable asyncGabriel Oginski1-1/+0
Originally initialization cryptodev device(s) calls double request to enabled async mode and increased ref count twice for async mode. Due to this cannot be change any assigned async handlers to other async crypto engine. The fixes reduce double request to enable async mode in initialization cryptodev device(s) and VPP can be change assigned async handlers to other crypto engine after disabled all async feature, for example: ipsec, wireguard. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
2022-09-06vrrp: fix cli functions according to short_helpluoyaozu1-0/+6
test output before fix: DBGvpp# vrrp proto start sw_if_index 1 vr_id 1 vrrp proto: unknown input `sw_if_index 1 vr_id 1' DBGvpp# vrrp vr track-if add sw_if_index 1 vr_id 1 track-index 1 priority 30 vrrp vr track-if: Please specify an interface Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Ib8ba67e920b23008d9246318ec8f8f17bf0bea95
2022-09-05ip: fix punt socket overflowBenoît Ganne1-3/+6
client_pathname is usually smaller than pc->caddr.sun_path. snprint() ensures we stop at the NULL character or sizeof(sun_path) whichever comes 1st. It also guarantees NULL character termination. Type: fix Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-09-01build: set OS_ID_LIKE only if unsetBenoît Ganne1-1/+1
cmake MATCHES directive with the empty regex "" always match, including non-empty strings. Type: fix Fixes: 534dfc1f18db74f4a2c78d62fe6893daba56dc86 Change-Id: If085b29da15a6d7fc680cebb823183fd3c7eea68 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-31ipsec: fix coverity 249212Andrew Yourtchenko1-2/+2
zero-initialize the variables Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
2022-08-31udp: store mss and sw_if_index to udp_connection_tSteven Luong4-4/+11
Store mss and sw_if_index to udp_connection_t and display them via show sessipn verbose 2 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
2022-08-31nat: fix coverity 249194Andrew Yourtchenko1-1/+1
Zero-initialize a variable. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iccf2eb4bf26755d6cd93fc70df3c5481d69ce7eb
2022-08-31nat: fix coverity 249178Andrew Yourtchenko1-1/+1
Zero-initialize the variable Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4ee127ac3e2a3beffa11bbc96db1f3254b3f7c5d
2022-08-31pppoe: fix coverity 218437, 218401Andrew Yourtchenko1-0/+3
Initialize the session index in case of error to ~0, so is defined in case trace needs to copy it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
2022-08-31gso: zero-initialize gho structVladislav Grishenko2-0/+6
It may contain garbage in debug builds resulting in wrong gho detected flags and offsets. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
2022-08-31devices: fix coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
2022-08-31devices: add support for polling modeMohsin Kazmi3-6/+45
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
2022-08-30l2: skip arp term for locally originated packetsStanislav Zaikin3-0/+6
Mark arp packet as locally originated when probing/replying and don't apply any arp-term logic against it. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
2022-08-30tcp: do not overcount ooo bytesFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
2022-08-30dma_intel: fix the wrong unformat typeHaiyue Wang1-1/+1
The unformat type for "%d" should be u32 or int, otherwise the 'did' in high stack address will be overflow to zero by the 'qid' which is in the low stack address. Like input "dev wq3.2" will return "did=0, qid=2". Type: fix Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90
2022-08-30memif: Process bad descriptors correctly in memif_process_descSteven Luong1-10/+35
When there is a bad descriptor, it may in the beginning, in the middle, or at the end of the batch if the batch has more than 3 descriptors. When processing a bad descriptor is encountered in the batch, we need to rollback n_buffers in memif_process_desc(), or the statement in the same function memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy, dst_off, n_buffers - 1); is wrong because it picks up the wrong buffer_vec_index of the bad descriptor while parsing a good descriptor immediately following the bad descriptor. n_buffers was incremented in the beginning of while (n_left) loop. The other problem is we should count the number of bad packets and reduce ptd->n_packets to get the correct number of packets for subsequent processing in device_input. The last fix is to check if n_buffers == 0 in device_input and skip doing any descriptor copy. This case can happen when all the descriptors are bad in the batch. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I28ed1d87236b045657006755747b5750a9a733be
2022-08-30ethernet: fix coverity 214973Andrew Yourtchenko1-15/+14
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei, is called only if ei is set. Type: fix Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 274750, part 2Andrew Yourtchenko1-1/+1
Add another missing null check. Type: fix Change-Id: Iec4de548810efe369a6e61b8787131230506cff6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 277203Andrew Yourtchenko1-1/+1
Fix integer overflow. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I72de6f88be064f188204d0f6d3167a3a8d7de58d
2022-08-30ethernet: refactor the redundant codeAndrew Yourtchenko1-8/+7
Following the discussion during the review of b46a4e69e5db18ef792415439d04a0ab22c59386, remove the redundant ei0. This resulted in realization that in order for this code to do anything useful, the ei must be always non-zero, so rewrite the logical condition for it. Also, make it a conjunction which seems simpler to understand. Type: improvement Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29vlib: use error description when dropping packetsArthur de Kerhor1-1/+1
Using the error name makes it less explicit in the packet trace than the error description when a packet is dropped. Example of the trace when the TTL is <=1: 01:03:17:015278: drop ip4-input: time_expired We should have "ip4 ttl <= 1" instead of "time_expired" Type: fix Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-08-29ethernet: fix mac address increment errorJieqiang Wang1-2/+2
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add static ARP entries will output wrong mac addresses due to lack of big/little endian conversion. Fix this error by converting mac address from big endian to little endian before doing the self-increment. Before patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 After patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0 4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0 4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0 4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0 4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
2022-08-29fib: fix coverity 249175Andrew Yourtchenko1-0/+1
Add an assert to express the constraint to coverity without incurring the overhead in release builds. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
2022-08-29fib: fix coverity 253539Andrew Yourtchenko1-0/+1
Add an ASSERT so coverity is aware of the assumption taken, without incurring any penalty in release build. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix coverity 218549Andrew Yourtchenko1-1/+1
Check that the pointer is non-null before dereferencing it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
2022-08-29nat: fix coverity 249202Benoît Ganne1-2/+2
In case of a bad packet, the bihash kv is not initialized before being copied in the trace. Make sure it is initialized to 0. Type: fix Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5 Signed-off-by: Benoît Ganne <bganne@cisco.com>