summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-01-24wireguard: fix passing argumentGabriel Oginski1-1/+1
Fixed coverity-issue CID 248456. Originally passing argument of type "uint64_t *" to function: "memcopy_s_inline". This patch fixes the problem by changing type of passing argument and make a portable assumption. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I17e4583a05ea1263e4d8a4acc9949454e5fd92c0
2022-01-24nat: TCP state tracking based on RFC 7857/RFC 6146Klement Sekera10-332/+589
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs are no longer required/tracked. This is more friendly to peers and accounts for lost packets and retransmits. This change also means that all traffic is translated and forwarded while in transitory timeout, which helps delivering e.g. retransmitted FINs, FINACKs and other messages. Also support reopening a session in transitory timeout after seeing both FINs by seeing both SYNs again. This helps quick connection reestablishment if the peers want to. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
2022-01-24dpdk-cryptodev: add support chacha20-poly1305Gabriel Oginski4-6/+44
Originally cryptodev doesn't support chacha20-poly1305 with aad length 0. This patch add support in cryptodev for chacha20-poly1305 with aad length 0. This length is using in Wireguard. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
2022-01-24policer: fix memory leakLeung Lai Yung1-1/+4
Type: fix policer_add_del does not free "clib_error_t*" when it is not null. Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: I00ad8e53797e46adeb1819856262bb9f3c068c63
2022-01-24sr: fix coverity warningKlement Sekera2-7/+0
Remove dead code. Pool element cannot be NULL. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7812efdcdc414af8352474c4e527c878d2e2c459
2022-01-24ip6-nd: fix coverity warningKlement Sekera1-6/+3
Restructure code to avoid NULL dereference. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: If3a4319f1b93af272b7b315a9b15ba4ee1f8e7ae
2022-01-24vppinfra: fix compilation on riscvDamjan Marion1-8/+10
Type: fix Change-Id: I2bc58a711c9429d7989bfd0bfccd289d43fc35d0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-22session: separate transports from apps in show cliFlorin Coras1-11/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If9d6153ddce836ec34842fb5e581b2f4565e33df
2022-01-22session: update time for list of subscribersFlorin Coras4-1/+53
Instead of constantly scanning all transport vfts for update time functions, build list at transport enable time. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id5c07cc03ee1fdd072ebbbd40119d1a440a5e3b1
2022-01-21wireguard: add async mode for decryption packetsGabriel Oginski5-217/+445
Originally wireguard doesn't support async mode for decryption packets. This patch add async mode for decryption in wireguard. In addition, it contains some performance improvement such as prefetching packet header and reducing the number of current time function calls. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ieba6ae0078f3ff140c05b517891afb57232b3b7d
2022-01-21wireguard: add async mode for encryption packetsGabriel Oginski11-107/+616
Originally wireguard doesn't support async mode for encryption packets. This patch add async mode for encryption in wireguard and also adds support chacha20-poly1305 algorithm in cryptodev for async handler. In addition it contains new command line to activate async mode for wireguard: set wireguard async mode on|off and also add new command to check active mode for wireguard: show wireguard mode Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6
2022-01-20hsa: refactor test http server to use http protoFlorin Coras2-451/+188
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7c80d75ca511e1905fa73db48d329f7e1fa86ff
2022-01-20fib: missing includeDamjan Marion1-0/+1
Type: fix Change-Id: Idefded3443b383ba916a66051b003aac106af8e8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-20wireguard: add burst modeGabriel Oginski7-181/+538
Originally wireguard does packet by packet encryption and decryption. This patch adds burst mode for encryption and decryption packets. In addition, it contains some performance improvement such as prefetching packet header and reducing the number of current time function calls. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I04c7daa9b6dc56cd15c789661a64ec642b35aa3f
2022-01-20dpdk: fix compilation for DPDK < 21.11Benoît Ganne2-2/+5
Type: fix Change-Id: Ic5b74fb7a8e479e8cdccbb6a564ff3fdd299455c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-01-20http: add http protocol pluginFlorin Coras7-4/+1399
Basic HTTP/1.1 server side implementation. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I06bddaf7f11e28db802b4cd7ef8160c78cb019b6
2022-01-19svm: update number of segments in svm_fifo_segmentsFlorin Coras5-14/+15
In addition to returning the number of bytes also update the number of segments to reflect the number used. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia87dc2aa62cea38b18dfa83df94dc2abe29d5121
2022-01-19svm: fix return for partial segment enqueueFlorin Coras1-8/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9953d9bf04e708ac8ea475127e3d2f606cc1c8d9
2022-01-18dpdk: limit number of TX queues to max supportedDamjan Marion1-3/+17
Also improve logging.... Type: fix Change-Id: I3d3aee52cd45e59ecd6ce13bd516c66559638fec Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-18vlib: allow bigger scalar data sizeDamjan Marion1-1/+2
Type: improvement Change-Id: I1031c6ce80d90814edda7b52b11039874b95714f Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-18misc: fix coverity warningsDave Barach2-1/+7
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8ea0193ebb2a721a0582451ffd64c4063ac6d233
2022-01-18linux-cp: fix possible null derefPim van Pelt1-0/+2
Found by coverity as defect id 243763 Signed-off-by: Pim van Pelt <pim@ipng.nl> Type: fix Change-Id: Idbada5528a1f2625f6498072d538edf306268b6d
2022-01-18virtio: remove admin-up flag during interface creationMohsin Kazmi2-4/+0
Type: fix During the interface creation time, (by default) admin-up flag is locally set for tap and virtio interfaces. While, in VPP the state of these interfaces are still admin-down. User needs to explicitly call 'set interface state <interface-name> up' to admin-up the newly created tap or virtio interface(s) in VPP. So, this behavior is inconsistent. This patch fixes the issue to have consistent behavior for given interface between local and global administration state. Change-Id: Ifd8904a09fbdbe7b386874ac3231dc0527064518 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-01-18srv6-mobile: Fix the coverity issueTetsuya Murakami1-2/+2
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I35c36401ce3ab59900be59a9abddba66f6399978
2022-01-18vnet: distinguish between max_frame_size and MTUDamjan Marion17-106/+148
Type: improvement Change-Id: I3659de6599f402c92e3855e3bf0e5e3388f2bea0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17ipsec: IPSec interface correct drop w/ no protectionNeale Ranns3-8/+19
Type: improvement When an IPSec interface is first constructed, the end node of the feature arc is not changed, which means it is interface-output. This means that traffic directed into adjacencies on the link, that do not have protection (w/ an SA), drop like this: ... 00:00:01:111710: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:6 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111829: local0-output ipsec0 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 5858585858585858585858585858585858585858585858585858585858585858 00000040: 58585858585858585858585858585858585858585858585858585858c2cf08c0 00000060: 2a2c103cd0126bd8b03c4ec20ce2bd02dd77b3e3a4f49664 00:00:01:112017: error-drop rx:pg1 00:00:01:112034: drop local0-output: interface is down although that's a drop, no packets should go to local0, and we want all IPvX packets to go through ipX-drop. This change sets the interface's end-arc node to the appropriate drop node when the interface is created, and when the last protection is removed. The resulting drop is: ... 00:00:01:111504: ip4-midchain tx_sw_if_index 4 dpo-idx 24 : ipv4 via 0.0.0.0 ipsec0: mtu:9000 next:0 flags:[] stacked-on: [@1]: dpo-drop ip4 flow hash: 0x00000000 00000000: 4500005c000100003f01cb8cac100202010101010800ecf40000000058585858 00000020: 58585858585858585858585858585858585858585858585858585858 00:00:01:111533: ip4-drop ICMP: 172.16.2.2 -> 1.1.1.1 tos 0x00, ttl 63, length 92, checksum 0xcb8c dscp CS0 ecn NON_ECN fragment id 0x0001 ICMP echo_request checksum 0xecf4 id 0 00:00:01:111620: error-drop rx:pg1 00:00:01:111640: drop null-node: blackholed packets Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I7e7de23c541d9f1210a05e6984a688f1f821a155
2022-01-17interface: improve MTU handlingDamjan Marion8-47/+98
- per hw-interface-class handlers - ethernet set_mtu callback - driver can now refuse MTU change Type: improvement Change-Id: I3d37c9129930ebec7bb70caf4263025413873048 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-17vnet: introduce vnet_error()Damjan Marion9-175/+259
Decouples vnet return values from API return codes. New vnet_error() creates vnet_error_t whicgh contains both vnet function return value and return string. vnet_api_error() converts vlib_error_t constructed with vnet_error() to API return value. Type: improvement Change-Id: I17042954d48c010150fc1dfc5fce9330e8149e87 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-16vppinfra: bitops cleanupDamjan Marion10-145/+56
Type: refactor Change-Id: I7fa113e924640f9d798c1eb6ae64b9c0a9e2104c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-15mactime: fix memory leakDave Barach1-1/+2
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I1ef5cb250ac1e35b9a5003597eda3d54d2e5ca73
2022-01-14dpdk: refactor device setupDamjan Marion7-540/+328
Type: improvement Change-Id: I9772088bca176fd0fdb162677ec55c59aa8f3adf Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-14dpdk: fix burst function outputDamjan Marion1-3/+3
Type: fix Fixes: 65105c95f Change-Id: I8dee4b560a49891f954d7eb8e79ea535cedeaa88 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12hsa: echo clients connect improvementsFlorin Coras2-19/+34
Do burst of connects with barrier held. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7e6dcf097022b56d6880de0cba7b8492a938077b
2022-01-12hsa: cleanup echo client appFlorin Coras2-228/+268
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iada49493635a9c3db8b725ca367d0d4ca5007357
2022-01-12hsa: allow large segments for echo appsFlorin Coras2-36/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e60d83644878f7d267582c2497d785e0f6facc1
2022-01-12dpdk: bump to DPDK v21.11Damjan Marion5-17/+31
Type: feature This patch bumps dpdk version from 21.08 to 21.11 Change-Id: Id37fdba75f1ea4f4eac3c92226f3b1c539e1daca Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12dpdk: improve loggingDamjan Marion3-10/+49
Type: improvement Change-Id: If61d7409ff14b9f771c1dc8ec9f35e179cea7a28 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12dpdk: update packet offload flagsDamjan Marion2-41/+89
Type: improvement Change-Id: Ib2c55dd2a246a690b2089f5c0b88508f732281f2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12session: pass tx buffers in bulk to transportsFlorin Coras6-22/+83
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1025cccd784f80b557847f69c3ea1ada5c9de60d
2022-01-12perfmon: skipping bundle messageRay Kinsella1-1/+1
Change the skipping bundle message to debug Type: refactor Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I942ff72bd9c26ccad923442fdedddf22ba75e117
2022-01-12dpdk: postpone updating runtime dataDamjan Marion1-1/+3
This prevents crash due to worker tread accessing device data while device vector is growing. Type: fix Change-Id: I5cf9f53ddbe97fe52db8fd431ea7c0e480f3d4bc Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12dpdk: use blunt force to skip irrelevant and confusing logsDamjan Marion1-1/+13
Type: improvement Change-Id: I2cd37f0c1a1ed33438bfa4b7590e5609e5094fc8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12dpdk: always display burst function nameDamjan Marion1-12/+10
Also change the way how we dig function pointer so it works with dpdk 21.11+ Type: improvement Change-Id: I38d5909eea9c2893651710bd45057b1635aa7b37 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-12ip: coverity illegal access in ip6_ext_header_walkOle Troan1-9/+2
*** CID 243670: Memory - illegal accesses (OVERRUN) /src/vnet/ip/ip6_packet.h: 713 in ip6_ext_header_walk() CID 243670: Memory - illegal accesses (OVERRUN) Overrunning array "res->eh" of 4 4-byte elements at element index 5 (byte offset 23) using index "i" (which evaluates to 5). Type: fix Fixes: 03092c1 Change-Id: I27e0435cf10534f3b41e11bf7a5629b5428b0651 Signed-off-by: Ole Troan <ot@cisco.com>
2022-01-12dpdk-cryptodev: run dequeue again in case of interrupt mode being usedDastin Wilski1-0/+6
Type: fix Change-Id: I7aa172e58c970c4971db6ef2ff5b199b7f3c0b99 Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
2022-01-12crypto: omit loop iterationDastin Wilski1-4/+6
This fix adds check that will omit loop iteration in case dequeue handler is zero. Type: fix Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com> Change-Id: I7526e3fe7d8c8da9662b4e9204efd5e2d8be1908
2022-01-11hsa: allow use of default port for vcl test appsFlorin Coras2-23/+28
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I30ec7af3baf56d74a5050ea9335053e6e12de630
2022-01-11linux-cp: Add VPP->Linux synchronizationPim van Pelt9-167/+743
Part 1 -- notes in https://ipng.ch/s/articles/2021/08/13/vpp-2.html Add the ability for VPP to copy out (sync) its state from the dataplane to Linux Interface Pairs, when they exist. Gated by a configuration flag (linux-cp { lcp-sync }), and by a CLI option to toggle on/off, synchronize the following events: - Interface state changes - Interface MTU changes - Interface IPv4/IPv6 address add/deletion In VPP, subints can have any link state and MTU, orthogonal to their phy. In Linux, setting admin-down on a phy forces its children to be down as well. Also, in Linux, MTU of children must not exceed that of the phy. Add a state synchronizer which walks over phy+subints to ensure Linux and VPP end up in the same consistent state. Part 2 -- notes in https://ipng.ch/s/articles/2021/08/15/vpp-3.html Add the ability for VPP to autocreate sub-interfaces of existing Linux Interface pairs. Gated by a configuration flag (linux-cp { lcp-auto-subint }), and by a CLI option to toggle on/off, synchronize the following event: - Sub-interface creation (dot1q, dot1ad, QinQ and QinAD) A few other changes: - Add two functions into netlink.[ch] to delete ip4 and ip6 addresses. - Remove a spurious logline (printing MTU) in netlink.c. - Resolve a TODO around vnet_sw_interface_supports_addressing() Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I34fc070e80af4013be58d7a8cbf64296cc760e4e Signed-off-by: Pim van Pelt <pim@ipng.nl>
2022-01-11tls: ssl close only after all data drainedFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia77b26db61b6f58b4ff659f09192b4ea93ed50b4
2022-01-11vlib: fix the total len not including first buffer formatingMohsin Kazmi1-1/+1
Type: fix total len not including first buffer is in vlib_buffer_t second cacheline. It is not reset after the buffer has been consumed. It leads to printing garbage in packet trace for subsequent use of this buffer. This patch fixes the issue to only print when VLIB_BUFFER_NEXT_PRESENT flag is set. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ied72308bdb907a5e1ca16d181f2add062807e968