summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-08-18ikev2: accept key exchange on CREATE_CHILD_SAAtzm Watanabe2-63/+126
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload to enable stronger guarantees of forward secrecy. When the KEi payload is included in the CREATE_CHILD_SA request, responder should reply with the KEr payload and complete the key exchange, in accordance with the RFC. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
2022-08-18ikev2: fix possible SEGVAtzm Watanabe1-3/+3
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icbd452b43ecaafe46def1276c98f7e8cbf761e51
2022-08-17svm: fix coverity 249207,249209Andrew Yourtchenko1-2/+2
Zero-initialize the temporary struct. Type: fix Change-Id: I6f7a35ace6002aa75dc986c7c7eca614c9c5c3ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-17vlib: fix coverity 274744Andrew Yourtchenko1-1/+4
Add a missing null check Type: fix Change-Id: Id1b27341480c9d62185496ae1d832360119ec198 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-17vlib: fix coverity 274750Andrew Yourtchenko1-1/+4
Add a missing null check. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ie6234804e2b89adc918ef9075f9defbb1fd35e44
2022-08-17memif: crash on recceiving a bad descriptorSteven Luong1-1/+1
We validate each descriptor via memif_validate_desc_data and set desc_status to non-zero for the corresponding descriptor when the descriptor is bad. However, desc_status is not propagated back to xor_status in memif_validate_desc_data which eventually sets ptd->xor_status. Not setting ptd->xor_status causes us to treat all descriptors as "simple". In that case, when we try to copy also the bad descriptors to the buffers, it results a crash since desc_data is not set to point to the correct memory in the descriptor. The fix is to set xor_status in memif_validate_desc_data such that if there is a bad descriptor in the frame, "is_simple" is set to false and we have to selectively copy only the good descriptors to the buffers. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I780f51a42aa0f8745edcddebbe02b2961c183598
2022-08-17wireguard: fix fib entry trackingAlexander Chernavin2-53/+35
Type: fix After peers roaming support addition, FIB entry tracking stopped working. For example, it can be observed when an adjacency is stacked on a FIB entry by the plugin and the FIB entry hasn't got ARP resolution yet. Once the FIB entry gets ARP resolution, the adjacency is not re-stacked as it used to. This results in endless ARP requests when a traffic is sent via the adjacency. This is broken because the plugin stopped using "midchain delegate" with peers roaming support addition. The reason is that "midchain delegate" didn't support stacking on a different FIB entry which is needed when peer's endpoint changes. Now it is supported there (added in 36892). With this fix, start using "midchane delegate" again and thus, fix FIB entry tracking. Also, cover this in tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Iea91f38739ab129e601fd6567b52565dbd649371
2022-08-17fib: support "midchain delegate" removalAlexander Chernavin2-0/+31
Type: improvement Currently, once an adjacency is stacked on a FIB entry via adj_midchain_delegate_stack(), "midchain delegate" is created for the adjacency and the FIB index is stored there. And all further calls to adj_midchain_delegate_stack() even passing another FIB index will cause the function to still use the stored one. In other words, there is currently no way to stack an adjacency on another FIB index if "midchain delegate" already exists for it. Being able to stack on another FIB index is needed for the wireguard plugin. As per the protocol, peers can roam between different external endpoints. When an authenticated packet is received and it was sent from a different endpoint than currently stored, the endpoint needs to be updated and all futher communication needs to happen with that endpoint. Thus, the corresponding to that peer adjacencies need to be stacked on the FIB entry that corresponds to the new endpoint. With this change, add adj_midchain_delegate_remove() that removes "midchain delegate". When stacking on another FIB entry is needed, existing "midchain delegate" can be removed and then, a new one created with a new FIB index via adj_midchain_delegate_stack(). Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
2022-08-16nat: fix potential out-of-bound worker array indexJing Peng3-24/+36
In several NAT submodules, the number of available ports (0xffff - 1024) may not be divisible by the number of workers, so port_per_thread is determined by integer division, which is the floor of the quotient. Later when a worker index is needed, dividing the port with port_per_thread may yield an out-of-bound array index into the workers array. As an example, assume 2 workers are configured, then port_per_thread will be (0xffff - 1024) / 2, which is 32255. When we compute a worker index with port 0xffff, we get (0xffff - 1024) / 32255, which is 2, but since we only have 2 workers, only 0 and 1 are valid indices. This patch fixes the problem by adding a modulo at the end of the division. Type: fix Signed-off-by: Jing Peng <pj.hades@gmail.com> Change-Id: Ieae3d5faf716410422610484a68222f1c957f3f8
2022-08-14vrrp: fix SIGABRT crash by ASSERT() when deleting vrrp vr(MASTER state)luoyaozu1-0/+1
we need cancel vrrp_vr_timer when deleting vrrp vr Type: fix Signed-off-by: luoyaozu <luoyaozu@chinatelecom.cn> Change-Id: I8ea01f1943d6e3e60c4990c5be945de613bc8b53
2022-08-12http_static: validate session before sendingFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I18b9d0d67f5fe4c1714427259df29026153d8dd1
2022-08-11ip: only set rx_sw_if_index when connection found to avoid following crash ↵Xiaoming Jiang1-5/+5
like tcp punt Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1
2022-08-11mpls: Use the .api for the definition of error/info countersNeale Ranns8-64/+111
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540
2022-08-11ip: Use .api declared error countersNeale Ranns20-424/+678
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621
2022-08-11ipsec: Use .api declared error countersNeale Ranns6-179/+336
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9
2022-08-11arp: Use the new style error count declarationNeale Ranns4-133/+229
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifda8ca8d26912c750a77d2ca889e1638ca83d85a
2022-08-11linux-cp: FIB lookup for P2MP tunnel interfacesMatthew Smith1-4/+22
Type: improvement If a tun/L3 interface is paired with a multipoint tunnel interface, pass packets arriving from the host to ip[46]-lookup instead of cross-connecting them to the tunnel interface. Adjacencies are used to drive the rewrite for Multipoint tunnel interfaces, so the generic adjacency used with a P2P tunnel will not work correctly. Change-Id: I2d8be56dc5029760978c05bc4953f84c8924a412 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-08-11tunnel: Fix API encoding of tunnel flagsNeale Ranns1-2/+7
Type: fix API and internal flags do not match 1:1. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
2022-08-10ikev2: do not accept rekey until old SA is deletedAtzm Watanabe2-14/+36
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I11b6107492004a45104857dc2dae01b9a5a01e3b
2022-08-10bfd: Express node stats using the .api fileNeale Ranns2-59/+77
Type: improvement This method allows the assignment of a severity to the error. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
2022-08-10bfd: More descriptive error codes during packet receive handlingNeale Ranns3-59/+74
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8907fecde6d48f5362f0f91372d5a9a1bba6f931
2022-08-09wireguard: add peers roaming supportAlexander Chernavin7-49/+187
Type: feature With this change, peers are able to roam between different external endpoints. Successfully authenticated handshake or data packet that is received from a new endpoint will cause the peer's endpoint to be updated accordingly. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c
2022-08-09wireguard: add handshake rate limiting supportAlexander Chernavin6-7/+178
Type: feature With this change, if being under load a handshake message with both valid mac1 and mac2 is received, the peer will be rate limited. Cover this with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Id8d58bb293a7975c3d922c48b4948fd25e20af4b
2022-08-09ip-neighbor: ARP and ND stats per-interface.Neale Ranns13-53/+303
Type: feature stats of the like from: https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-arp-yang-model-03#section-4 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Icb1bf4f6f7e6ccc2f44b0008d4774b61cae96184
2022-08-09vnet: install reass headersMohammed Hawari1-0/+2
Change-Id: I42a138628b06a412b8fce7fb4fc500caf9057169 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-08-09vlib: vlib_validate_buffer_enqueue_with_aux_x1Mohammed Hawari2-0/+71
This change implement a flavour of vlib_validate_buffer_enqueue_x1 with aux data support Change-Id: I2ecf7af49cf15ecd23b12d8acd57fe90546c1af7 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-08-09interface: fix show_or_clear_hw_interfacesMohammed Hawari1-1/+2
Change-Id: I2f3163a7a158afa8e2debc6f545c3d1a2a12ac1d Type: fix Fixes: 3414977152ae6362277158dc732e6b9958a6e618 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-08-08devices: af_packet, fix tx stall by retrying failed sendtoMohammed Hawari3-6/+24
Change-Id: I6bed66f740b34673a4883eda1c7f7310c57e131b Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-08wireguard: add dos mitigation supportAlexander Chernavin10-64/+224
Type: feature With this change: - if the number of received handshake messages exceeds the limit calculated based on the peers number, under load state will activate; - if being under load a handshake message with a valid mac1 is received, but mac2 is invalid, a cookie reply will be sent. Also, cover these with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
2022-08-08ikev2: fix rekeying with multiple notify payloadsAtzm Watanabe1-5/+8
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I065bd5c26055d863d786023970e7deeed261b31c
2022-08-05vnet: On rx-mode set, return error for an actual error.Wayne Morrison1-1/+6
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode() returns an error it actually returns success. This has been changed to return a clib_error_return() value. Type: fix Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522 Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
2022-08-05vppapigen: make json in parallelNathan Skrzypczak5-100/+140
Type: improvement This patches makes the make json-api-files run in parallel in the same python runtime. Default number of workers is 8, and run time goes from ~20s to ~2s on average. Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-08-04dpdk: enable interrupt support for vmxnet3Benoît Ganne1-0/+1
Type: feature Change-Id: I0abbe925d6b9d3dd7196cd8beaf4f471beb45bd6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-04arping: validate am->interfaces before check addressGaoChX1-1/+2
May cause pointers point to unexpected non-zero addresses if not validate vec Type: fix Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829 Signed-off-by: GaoChX <chiso.gao@gmail.com>
2022-08-03wireguard: add processing of received cookie messagesAlexander Chernavin11-81/+308
Type: feature Currently, if a handshake message is sent and a cookie message is received in reply, the cookie message will be ignored. Thus, further handshake messages will not have valid mac2 and handshake will not be able to be completed. With this change, process received cookie messages to be able to calculate mac2 for further handshake messages sent. Cover this with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d51459778b7145be7077badec479b2aa85960b9
2022-08-02ipsec: fix coverity warnings found in fast path implementationPiotr Bronowski2-14/+15
This patch fixes followig coverity issues: CID 274739 Out-of-bounds read CID 274746 Out-of-bounds access CID 274748 Out-of-bounds read Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9bb6741f100a9414a5a15278ffa49b31ccd7994f
2022-07-29ip6-nd: fix ip6 ra cli issueTakanori Hirano1-2/+1
Fix parse problem with per-prefix settings (e.g. valid-lifetime) in ip6 ra. Type: fix Signed-off-by: me@hrntknr.net Change-Id: I2a00bf5b9621ebc16211227d70e376fc2f61bae1
2022-07-28session: fix a crash when using unregistered transport protoFilip Tehlar2-1/+6
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39e3e007da2b99321bebf3e1c1ebb1d87547f532
2022-07-28ip6-nd: copy mac address to wrong buffer current_dataliangrq1-0/+2
Type: fix Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right Signed-off-by: liangrq <liangrq@efly.cc> Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
2022-07-26vppinfra: fix formatting of format_base10Pim van Pelt2-6/+8
format_base10 reads 64b but is fed 32b values at the callsite; change to u64 consistently. The function has only one call site in interface/monitor.c which has a few additional bugs (spurious character, and ambiguous 'bits' versus 'bytes' in the output). Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
2022-07-21linux-cp: fix endianess for autoendian methodsStanislav Zaikin1-9/+9
If an API methos is specified as "autoendian" it should use macros with _END at the end. Type: fix Change-Id: I73b7b4f6996b30631c4355ace156ed0665c4b8ad Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-07-20vcl: new vcl api to get detailed session errorsRadha krishna Saragadam3-0/+42
Sometimes VPP rejects application connection requests due to various reasons. Some errors application can retry to get a successful connection. In a non-blocking session, VCL sends EPOLLHUP. An application can call a new API vppcom_session_get_error to find the details and retry depending on the error. Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: If0e21a8e25701f66a190a2799b2209e0c31f897c
2022-07-19linux-cp: change namespace to netnsStanislav Zaikin2-33/+28
namespace is a keyword for c++ compilers Type: fix Change-Id: Ia8fc9ef1cc15fe9d0e40b3f543f9e8f411203b89 Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-07-19stats: add loops per second counter in the stats segment.Radha krishna Saragadam1-3/+15
This change adds loops per second in the stats segment. Applications using the stats segment to monitor VPP can use this for better monitoring Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: I53081f40ee918eec9763513a639b9d8a02488b20
2022-07-19session: increase retries to grab mq lockRadha krishna Saragadam1-1/+1
With thousands of UDP sessions, Sometimes VPP needs more time to grab the MQ lock for a session. So increased tries from 5 to 75. Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
2022-07-19linux-cp: API downgrade due to namespace keywordMatthew Smith1-0/+5
Type: fix A user had trouble compiling C++ code to work with the linux-cp APIs because some messages contain a field called namespace, which is a reserved word for C++. We wish to rename those fields so the messages which are affected are being set to in_progress. Change-Id: I3bd1dc898c146a9980161a562b2b453313bb58fd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-07-18dpdk: fix mlx5 dpdk init with no-multi-segTianyu Li1-1/+2
Build vpp with MLX DPDK PMD, make DPDK_MLX4_PMD=y DPDK_MLX5_PMD=y DPDK_MLX5_COMMON_PMD=y build-release With no-multi-seg in startup.conf, Mellanox NIC init failed with following message, rte_eth_rx_queue_setup[port:2, errno:-12]: Unknown error -12 mlx5_net: port 2 Rx queue 0: Scatter offload is not configured and no enough mbuf space(2176) to contain the maximum RX packet length(2065) with head-room(128) In Mellanox NIC PMD driver, 'di.max_rx_pktlen' is returned as 65536, and 'di.max_mtu' is returned as 65535, which makes the driver_frame_overhead logic not suitable for Mellanox NICs. So skip the logic code if MAX_MTU is returned as 65535. Type: fix Fixes: 1cd0e5dd533f ("vnet: distinguish between max_frame_size and MTU") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I027b76b8d07fb453015b8eebb36d160b4bc8df9c
2022-07-15ipsec: fast path outbound policy matching implementation for ipv6Piotr Bronowski8-171/+227
With this patch fast path for ipv6 policy lookup is enabled. This impelentation scales and outperforms original implementation when the number of defined flows is higher thatn 100k. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
2022-07-12quic: fix coverity warningFlorin Coras1-1/+2
Type: fix Fixes: 5b4b4c0 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4bd8f30cd23d862109cab665251ad89804b1734
2022-07-12perfmon: add Arm event bundlesZachary Leaf9-0/+874
Included statistic bundles (all NODE type): - Instructions and CPU cycles, including IPC - Data cache access/refills/% - Data TLB cache access/refills/% - Instruction cache access/refills/% - Instruction TLB cache access/refills/% - Memory/Bus accesses, memory errors - Branch (mis)predictions, architecturally & speculatively executed - Processor frontend/backend stalls (stalled cycles) Type: feature Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I7ea4a27c8df8fc7222b743a98bdceaff727e4112