aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-12-16ipsec: new api for sa ips and ports updatesArthur de Kerhor5-0/+186
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA without having to rekey. Could be done by deleting and re-adding the SA but it would not preserve the anti-replay window if there is one. Use case: a nat update/reboot between the 2 endpoints of the tunnel. Type: feature Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0 Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-12-15interface: fix format_vnet_interface_output_traceluoyaozu1-3/+2
format vlib_buffer_t::flags into interface output trace Type: fix Signed-off-by: luoyaozu <luoyaozu@foxmail.com> Change-Id: Icb48a6d3a7ebdff7a3d42efe62723b0f0f1ea507
2022-12-15nat: disable nat44-ed/ei features on interface deletionVladislav Grishenko2-0/+98
After deleting a sw interface with nat44 features, the next created sw interface will get the same sw_index reused and therefore will erroneously have the same nat features enabled. Type: fix Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2022-12-14vcl: enable gso for 'sendmsg' in LDP mode.Dou Chao7-24/+80
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg which is a combination of gso_buffer and gso_size. but if HostStack regardless the gso_size to the buffer and split the buffer with default mss, that cause peer client failed on parsing the package. Type: improvement Signed-off-by: Dou Chao <chao.dou@intel.com> Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459 Signed-off-by: Dou Chao <chao.dou@intel.com>
2022-12-14vapi: implement vapi_wait() for readsMatthew Smith3-15/+11
Type: improvement The function vapi_wait() is intended to allow a caller to block while waiting until the API queue can be read/written. It was a stub that returned VAPI_ENOTSUP. Add code which implements the wait on being able to read an incoming message. Had to touch a few other things in vapi.h to make checkstyle.sh happy after changing the prototype of vapi_wait(). Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ida80c1a1d34fe297ab23268087be65ea53ad7040
2022-12-12linux-cp: set severity of noisy message to debugMatthew Smith1-1/+1
Type: improvement The log buffer and event buffer get lots of messages written like "Processed 2 messages" by linux-nl when its enabled. This can crowd out more important messages and should only actually be stored if debug messages are desired. Change from logging with NL_INFO() to NL_DBG(). Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f
2022-12-12papi: fix VPP_API_DIRPim van Pelt1-1/+4
Docstring in VPP Python API says that find_api_dir() will search for environment variable VPP_API_DIR first and foremost, except it doesn't. Prepend VPP_API_DIR if it exists, and allow dirs to be omitted in case it will be the empty list [] Type: fix Signed-off-by: pim@ipng.nl Change-Id: Ic892e4bb7d8ff50f18e64ddfd2a61343883f07ea
2022-12-09nat: fixed return values of enable/disable callFilip Varga4-14/+20
NAT44 enable/disable return status was used instead of appropriate VNET_API_ERROR_ code. Type: fix Signed-off-by: Filip Varga <filipvarga89@gmail.com> Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
2022-12-09http_static: clean up http redirect generationDave Barach1-1/+56
Don't redirect to "favicon.ico/index.html" if you can't find "favicon.ico". If asked to serve up a nonexistent path, see if the path ends with a known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request on the spot: "Error 404 Not Found." Do not issue a redirect. This change will not break the obvious corner case: if the browser asks for "its_a_dir.mp3/index.html" - and the file exists - the server will produce it. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526
2022-12-08http_static: derive mime type from file extensionsDave Barach4-8/+132
Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0f087477e257f5119d7d6182d19f8796773a1f19
2022-12-07tcp: avoid retransmit head with no dataFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369
2022-12-07vat2: add plugin-path parameterOle Troan3-68/+101
Add plugin-path parameter to aid external plugin development. Multiple directories are supported as a colon separated list. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ida35dedceccd0019ea68e56f7a3672c530258447
2022-12-07papi: export packed message structuresOle Troan1-0/+16
Use the Python API binding to generate a set of API messages in binary format, that can later be replayed independently of the Python API. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Iaab6ca31fd2809193e461ab53f7cc7332a231eb5 Signed-off-by: Ole Troan <ot@cisco.com>
2022-12-07tests: multiple apidir locationsOle Troan1-1/+6
To support testing of external plugins, add support to the test framework and PAPI for specifying a list of locations to look for api.json files. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d Signed-off-by: Ole Troan <ot@cisco.com>
2022-12-07api: avoid sigpipe for unruly api clientOle Troan1-1/+7
if the api client didn't wait for the last message, we'd get a SIGPIPE from Unix and VPP would crash. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Iac7705ec09ccd67cc249cc9a9525a7cb379e2f6f Signed-off-by: Ole Troan <ot@cisco.com>
2022-12-07papi: fix async support for socket transportOle Troan2-4/+5
Async use of the API is much faster than blocking calls. Seemed like it only worked over shared memory transport. This patches re-enables support for async calls over socket transport. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I05f3b362035ce0a1c16788ba9003a35601ddb04e Signed-off-by: Ole Troan <ot@cisco.com>
2022-12-07http_static: misc bug fixesDave Barach2-1/+3
The request vector generated by hss_ts_rx_callback() must be NULL terminated. The hss_main_t use_ptr_thresh member must be a u64 since unformat_memory_size() expects it. Otherwise, the adjacent u8 enable_url_handlers may have an accident. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf
2022-12-07classify: increase metadata from 16- to 32-bitsBenoît Ganne2-9/+11
The metadata in classifier entries is used to index a fib or a dpo in the acl nodes which can exceeds UINT16_MAX in large configurations. To maintain entries size and alignment, decrease next_index from 32- to 16-bits: next_index should not exceed 16-bits in VPP, as it is already shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node. Type: fix Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-06http_static: fix http(s) redirectsDave Barach4-15/+37
Add an http redirect template to generate correct-looking "301 Moved Permanently" replies. Supply a default value of 1<<31 for the use_ptr_thresh config parameter. Expose hss_session_get() so friend plugins which register GET / POST handlers with the http_static server can add data to the session fifos. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f
2022-12-05stats: return empty vector rather than NULL if stat_segment_dump_r() is run ↵Andrew Yourtchenko1-0/+9
on an empty vector from ls The return value in this function is initialized with 0, so if a vector of length 0 is passed to stat_segment_dump_r, then this return value is never populated, resulting in inability to distinguish between a successful dump of an empty vector and an error. Solution: call vec_alloc(). As a side effect might get some trivial speed-up. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I33fefd801df457152e9ec257742305182e91f339
2022-12-02session: move connects to first workerFlorin Coras12-106/+72
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978
2022-12-02quic: update to quicly v0.1.4Dave Wallace4-24/+36
Type: improvement Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-12-02buffers: revert protect against bad thread indicesBenoît Ganne1-4/+1
This change was introduced to workaround a bug in the NAT code, but we should not woraround plugin bugs in infra. Type: fix Fixes: f8631ce7e8886136b4543a7926ffdf1bc760fb11 Change-Id: Id6ee281cf1fe8466b6522905fc2a176716e3d52f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-12-02vlib: clib_panic if sysconf() can't determine page size on startupAndrew Yourtchenko1-1/+7
Account for the potential of sysconf() returning -1 if it can not get the page size and make it a fatal error. Coverity: 277313 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628
2022-12-02vnet: fix trace flag copying in icmp4Klement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6
2022-12-02vhost: convert vhost device driver to a pluginSteven Luong13-23/+345
convert vhost device driver to a plugin as described in https://jira.fd.io/browse/VPP-2065 Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
2022-12-02avf: support generic flowTing Xu8-52/+638
Support generic flow in native avf. Enable necessary RSS hash function for generic flow. Extend some structures and functions from for FDIR only to for both RSS and FDIR flows. Modify virtual channel message to align with ice kernel driver. Add functions to parse generic flow patterns. The parsing results will be delivered to the kernel driver and create corresponding flow rules. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
2022-12-01wireguard: add atomic mutexGabriel Oginski3-2/+19
The initiate handshake process can be called a numbers times for each peers, then the main VPP thread called by Wireguard starting to allocate memory. This behaviour can lead to out of memory when VPP has a lot of Wireguard tunnels concurrently. This fix add mutex to send only once handshake initiate at time for each peers. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
2022-11-30hsa: session rpc for echo client cli notificationsFlorin Coras1-7/+12
Also, use connected udp for builtin echo apps Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie24d7e97f4f27b67df9ceff3c268954485255c2d
2022-11-30stats: add boot time in stats segmentOle Troan2-1/+5
Write time into /sys/boottime on VPP start. This allows a stateless control plane agent to validate if it's reconnecting to the same VPP instance. Type: improvement Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0 Signed-off-by: Ole Troan <ot@cisco.com>
2022-11-29udp: refactor port allocation and sharingFlorin Coras4-72/+28
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47
2022-11-29session: transport endpt cleanup on owner threadFlorin Coras4-16/+83
Maintain a single writer multiple readers usage model for transport endpoints pool. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8555700ed725971341f145ea97f031042a298e83
2022-11-29wireguard: compute checksum for outer ipv6 headerArtem Glazychev2-2/+41
Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I477e92712e441c91789afdf9be389d967acfa799
2022-11-29stats: fix the memory leak in stat_client.cAndrew Yourtchenko1-0/+2
The issue can be reproduced by running "vpp_get_stats tightpoll" The root cause is that the control flow discards the "result" struct being prepared, along with pointer its allocated name. This results in a memory leak. Type: fix Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-11-29rdma: fix for-loop initialization in scalar pathJieqiang Wang1-20/+35
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution will fall into scalar path of processing packets. But with a wrong initialization value for n_left set to zero, i in the for-loop will equal to n_rx_packets. This leads to the bypass of required ip4 checksum validation and byte count endianness conversion in scalar path. Besides, refactor the code using while instead of for-loop to keep consistency with VPP code style. Type: fix Fixes: bf93670c515d ("rdma: fix ipv4 checksum check in rdma-input node") Signed-off-by: Lijian Zhang <lijian.zhang@arm.com> Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
2022-11-29ipsec: use correct reply messageVratko Polak2-1/+2
Type: fix Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6 Ticket: VPP-2068 Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2022-11-28vapi: write enumflag types to vapi headersMatthew Smith2-0/+15
Type: fix Fixes: a51f9b3747 Some IPsec message type definitions were not being written to ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and ipsec_sad_entry_add. The cause appears to be that tunnel_flags, which is defined in tunnel_types.api is a special case of enum called an enumflag. These do not appear to have been handled in the code that generates the vapi header files. This patch adds processing of enumflag objects for vapi. Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-11-28ipsec: remove redundant policy array in fast path spdPiotr Bronowski3-90/+178
Fast path spd was explicitely storing array of policy id vectors. This information was redundand, as this inofrmation is already stored in bihash table. This additional array was affecting performance when adding and removing fast path policies. The other place that needed refactoring after removing this array was cli command showing fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
2022-11-28udp: preallocate ports sparse vec mapFlorin Coras1-2/+80
Not ideal. The sparse vector used to map ports to next nodes assumes only a few ports are ever used. When udp transport is enabled this does not hold and, to make matters worse, ports are consumed in a random order. This can lead to a lot of slow updates to internal data structures which in turn can slow udp connection allocations until all ports are eventually consumed. Consequently, reallocate sparse vector, preallocate all ports and have them point to UDP_NO_NODE_SET. We could consider switching the sparse vector to a preallocated vector but that would increase memory consumption for vpp deployments that do not rely on host stack. For reference, populating one of the v4 or v6 sparse vectors in reverse order takes about 9.8s on a skylake cpu. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
2022-11-25interface: remove the pending interrupt from deleting interfaceMohsin Kazmi2-5/+16
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd
2022-11-24sr: srv6 path tracing apiJulian Klaiber4-0/+160
Implements the API for SRv6 Path Tracing Type: feature Signed-off-by: Julian Klaiber <julian@klaiber.me> Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
2022-11-23gso: add gso documentationMohsin Kazmi1-0/+154
Type: docs Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84
2022-11-23linux-cp: fix FIB_ENTRY_FLAG_ATTACHEDAlexander Skorichenko1-0/+10
Type: fix     Fib entries for attached routes when sourced from FIB_SOURCE_API or FIB_SOURCE_CLI get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source. Such a route added from linux-cp doesn't get this flag.     Fix this flag for linux-cp sources by passing it to the fib entry's update/create function in lcp_router_route_add(). Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
2022-11-22policer: adding documentationMaxime Peim2-4/+231
Type: docs Several kinds of policers are implemented in VPP. However, they could differ from the RFCs it is said they are from. Additionally, the CLI command's help has been updated with the current list of acceptable parameters. Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
2022-11-22acl: fix set acl-plugin cli unformat free.Huawei LI1-1/+2
Type: fix Signed-off-by: Huawei LI <lihuawei_zzu@163.com> Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7
2022-11-21ipsec: improve ipsec policy adding performanceXiaoming Jiang1-19/+15
Type: improvement Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761
2022-11-18tls: memory leak due to missing call to vnet_crypto_key_delSteven Luong1-1/+6
We add the crypto key to the vnet crypto library via vnet_crypto_key_add. However, when the session is disconnected, we don't call vnet_crypto_key_del and the memory is leaked in vnet_crypto library as well as in pico tls key store. It seems dispose crypto is the appropriate place to add vnet_crypto_key_del. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
2022-11-18ipsec: Failure at the start of the batch should not invalidate the rest of ↵Neale Ranns2-15/+25
the batch Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icd1e43a5764496784c355c93066273435f16dd35
2022-11-15session: add transport main structureFlorin Coras1-39/+37
Leave tp_vfts vector out for now. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f
2022-11-14crypto-ipsecmb: fix plugin crash in VirtualBoxMaros Ondrejicka2-1/+2
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec Multi-Buffer library checks for both AVX2 and BMI2 sets during init. VirtualBox VM doesn't provide BMI2 by default to guest operating system. Result is that VPP plugin decides to use AVX2 initialization and library then doesn't do it. Since flush_job remains empty, the self-check fails and with that the whole VPP crashes on start-up. Type: fix Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech> Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a