summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-07-29nat: fix ICMP checksum validationKlement Sekera1-9/+9
Handle case where extra data is present in buffer which is not part of IP/ICMP headers. Type: fix Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76 Change-Id: Icfef811470056d38c60fc45cc302139ed7594385 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-29ipsec: move startup config to common fileZachary Leaf3-51/+55
The ipsec startup.conf config currently exists in ipsec_tun.c. This is because currently the only ipsec{...} options are tunnel related. This patch moves the ipsec config to a common file (ipsec.c) for future extensibility/addition of non-tunnel related config options. Type: refactor Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
2021-07-28gre: set proper fib index for unnumbered interfaces, unset fib index before ↵Stanislav Zaikin5-7/+67
forwarding gre payload This commit introduces 2 fixes: 1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel. But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it. In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid. 2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one. Also, fix for the pipe test include setting the right unnumbered interface for the pipes Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
2021-07-27vppinfra: introduce CLIB_CACHE_PREFETCH_BYTESDamjan Marion3-70/+56
Type: improvement Change-Id: Ic07010f11ef303f5213a33b0faf24aaedb62f110 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-27vlib: don't ASSERT(vm) in worker thread bootstrapDave Barach1-2/+4
Otherwise, threads declared with .no_data_structure_clone=1 crash on startup. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5dcb25d1b61330fc9eee5427b815fcfcb9bf2153
2021-07-27vcl: configure the cert-key pair from appSivaprasad Tummala1-4/+4
add the cert/key pair as selected by app. Type: fix Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I3cef5bebadd8b192a65857d5f4aa6883c2a8d372
2021-07-27vppinfra: fix sock init netnsNathan Skrzypczak1-1/+5
Type: fix Change-Id: I0ce8183ded601bdab031c9689ca361414fed165f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-27udp: add option to disable icmp unreachablesFlorin Coras3-82/+49
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90c2a191ab34a2a7df3fb0a951e5fc78f40ccfe2
2021-07-27vcl: fix some risk after fork()liuyacan1-9/+17
1.Not only the session in state VCL_STATE_LISTEN_NO_MQ has no queue. Session in CLOSED also didn't. 2.Refresh vls->wrk_index in child process, or this value will become invalid if parent exit. 3.Set vlsh->vls_wrk_index once vls_worker_alloc() is called, then vls_get_worker_index() can be simplified. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: If4f5e134915eafd74ce38f585d65ce8836b2e553
2021-07-25vcl: fix shutdown deadlock issueliuyacan1-1/+1
Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I4974815ecb0e3bff01af983f086ca15d77fd6fb4
2021-07-24session: avoid vpp deadlock due to app crashliuyacan1-0/+6
In high traffic scenarios, if app crashed or hang on somewhere, app_mq will quickly accumulate to full, after which vpp worker will try 100 times before giving up allocating slot for every msg. This will cause vpp main thread barrier sync to fail. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
2021-07-23session vcl: support abstract sockets for app nsFlorin Coras4-16/+132
App namespaces can now be associated to a linux ip netns, e.g.: app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns> If session layer's app sock api is enabled, this triggers the creation of an abstract listening socket in the netns that has been configured. For the example above that would be @vpp/session/<ns_id>. Consequently, vcl, or other apps attaching to vpp, can connect to said abstract socket from an ip netns without the need to share unix domain socket files. In particular, for vcl it's enough to set app-socket-api to @vpp/session/<ns_id> in the conf file. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-07-22session vcl: explit mq indices in ctrl messagesFlorin Coras5-18/+21
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8e80252b85dda9a8f5699109264dc1b913581442
2021-07-22vppinfra: add abstract socket & netns fnsNathan Skrzypczak7-58/+164
* Add clib_socket_init support for abstract sockets if name starts with an '@' * Add clib_socket_init_netns to open socket in netns * Add clib_netns_open Type: feature Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-22nat: nat44-ed configuration refactor & cleanupFilip Varga9-896/+1195
Refactoring static mapping configuration functions based on feature type. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
2021-07-22api: enable trace / replay flag on messagesOle Troan1-0/+2
For an unknown reason the trace/replay flags where missed when moving API message registration code from manually cut and pasted to aut-generated. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ib7625a57d3a263aac154682007459648953b1803
2021-07-22interface: Byte swap the duplex value in interface detailsNeale Ranns1-2/+2
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d9473a7b5ab0fbd460e80df36368dd43c5e4fee
2021-07-21session: fix unlisten rpc barrier releaseFlorin Coras1-4/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9301fbbcd611033b4b6ad5313edbc66840f5bb3a
2021-07-21hsa: separate ctrl and test session accept vcl serverFlorin Coras1-1/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bcf6511c904c8625c0845cd9758539f35e6b50
2021-07-19session: option to use memfd segs for builtin appsFlorin Coras2-41/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecb171c9451c0fa9a7c6ae4b3e9ab7774a4fe585
2021-07-19nat: harden ICMP handlingKlement Sekera4-49/+110
Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-16vppinfra: remove pool_foreach_old, pool_foreach_index_old, ↵Damjan Marion2-28/+0
clib_bitmap_foreach_old Type: refactor Change-Id: Ifacdd001bdeb5d609d495406f53546090b86476d Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-16build: fix formatting of CMake config outputDamjan Marion2-13/+15
Type: make Change-Id: I6e40817609d022cb70887f70aa3608dc759fcd76 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-16vlib: add tunnel offload flags for vlib_buffer_tMohsin Kazmi2-3/+18
Type: improvement Change-Id: Iaad50b2044702c46eff287708dfcb24e61022104 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16dpdk: improve tx offload formattingMohsin Kazmi1-16/+32
Type: improvement Change-Id: I06eaf39b1e441045c3402cbf40339054ad26ade9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16snort: snort3 plugin and DAQDamjan Marion8-0/+2326
Zero copy interface which exposes VPP buffers to snort instance(s). Includes VPP DAQ which is compiled only if libdaq 3 API headers are available. Type: feature Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-07-16vppinfra: add array mask funcMohsin Kazmi3-0/+185
Type: feature Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I6869221917f30f7e59709e20571b4615bc68dc8c
2021-07-16ip6-nd: refactor neighbour advertisement codeMohsin Kazmi2-61/+104
Type: refactor Refactor neighbour advertisement code into inline function to be used solely in feature nodes. Change-Id: I1e84c54f9807b4e3d90c37526c78a7afcb0ba087 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-15dpdk: enable RX interrupts for the virtio driverRobert Shearman1-0/+8
Type: improvement Request use of RX interrupts for virtio if the system will support it, which is done by applying the same check as in the virtio driver, namely whether multiple interrupts are supported. This allows the use of RX adaptive/interrupt mode instead of just polling, which is useful in virtualised environments where functionality may be more important than performance and so using polling mode is wasteful. Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: I29527b6f04b0b1d0c9f9424751b2bd252ed10505
2021-07-15ip-neighbor: GARP sent to bogus ip addressSteven Luong1-2/+2
The function ip4_neighbor_advertise may be called with NULL addr. In that case, it looks up addr from fib by calling fib_sas4_get which returns true or false to indicate whether there is an ip address associated with the interface or not. But the caller to fib_sas4_get does not check the return code and blindly assumes there is always an ip address associated with the interface. As a result, it ends up sending GARP to the bogus ip address if there is no ip address associated with the interface. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
2021-07-15vppinfra: fix the vector funcs test for march variantsMohsin Kazmi1-1/+12
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I4208c2622817eb51a4b192cf420f9f1b5f193eef
2021-07-15acl: Fix the CLI to accept IPv6 prefixesNeale Ranns1-16/+5
Type: fix DBGvpp# set acl-plugin acl src 1::1/128 dst 2::/64 DBGvpp# sh acl-plugin acl acl-index 0 count 1 tag {cli} 0: ipv4 permit src 1.1.1.1/32 dst 1.1.1.2/32 proto 0 sport 0-65535 dport 0-65535 acl-index 1 count 1 tag {cli} 0: ipv6 permit src 1::1/128 dst 2::/64 proto 0 sport 0-65535 dport 0-65535 Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibb8e20dd4ec2792f423a61eefe7398175e45a577
2021-07-15linux-cp: clear all db entries when deleting a pairSergio Gonzalez Monroy1-1/+2
Type: fix Change-Id: I5677cbb183b10c974a3a2e569d1a7a525a7eb45d Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
2021-07-15misc: replace CLIB_PREFETCH with clib_prefetch_{load,store}Damjan Marion70-288/+282
Type: refactor Change-Id: Id10cbf52e8f2dd809080a228d8fa282308be84ac Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-15nat: nat44-ed sm fixFilip Varga1-15/+13
Fixing nat44-ed identity map in2out communication. TCP packets would get dropped because of the order of testing TCP state. Type: fix Change-Id: Ib11e7e75c66945224fecc0bb311733672e315c7d Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-07-14vppinfra: remove old and unused vector macros and inlinesDamjan Marion3-257/+0
Type: refactor Change-Id: Ic504bcfca6e7fbd85e858c3bc7a4f5e72d931789 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14api: fix memory error in multi-thread environmentXiaoming Jiang1-1/+7
When reading vm->pending_rpc_requests in main thread, the content may be changed by other workers. Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: I27e9d357b5ecec0f97cd8b950019b35f72fc5f76
2021-07-14vcl:fix segfault when unshare NO_MQ sessionliuyacan1-1/+2
Session in LISTEN_NO_MQ state has no vpp_evt_q.This would cause a segfault when vcl try to send msg to vpp. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I0d21831dbed148cd1b0ca7c083aeeef9e813ef2f
2021-07-14nat: refactoring NAT44ED cfg functionsFilip Varga4-344/+500
Refactored & fixed NAT44ED configuration functions used for handling interfaces and nodes. Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I6fbbb7f0fe35d572675997745d53290152987424
2021-07-14ip: fix check_adj_port_range_x1Damjan Marion1-2/+2
Type: fix Change-Id: I776bf797e07bb3cfd0510a4c09d8182edfa193bd Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14classify: cheaper way to check if all elements are zeroDamjan Marion1-1/+1
Type: improvement Change-Id: I5f4517c65c37c5d73fcd608dc29dfb1d25d4cd8d Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-14ip: improve check_adj_port_range_x1Damjan Marion1-35/+5
Type: improvement Change-Id: I8337f81fdcd196fcb0e61f8129fec322e9a1e8f1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13vppinfra: fix saturate add/sub NEON wrappersLijian.Zhang1-40/+60
Fix the saturate add/sub wrappers in vector_neon.h by using the correct intrinsics. Type: fix Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Tianyu Li <Tianyu.Li@arm.com> Change-Id: I38a85633948472d4bdb1c199a806633d3070013f
2021-07-13vppinfra: put each vector function into own fileDamjan Marion9-81/+94
Type: refactor Change-Id: I2dd9a18497992ac7e2686c14f5d17eccccda0cda Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-13misc: remove vnet_all_api_h and vnet_msg_enumFilip Tehlar11-135/+3
These file are no longer needed Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I34f8e0b7e17d9e8c06dcd6c5ffe51aa273cdec07
2021-07-13fib: Set the GLEAN flag on attached export routes so that the SAS worksNeale Ranns4-38/+63
correctly. Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4bc2eb394a8f9d01c5a12de2ce963c22209d5439
2021-07-13tcp session: next node config on connectsFlorin Coras2-3/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ief06b1509d31b55efc8d1436b6ff9e01c6037a32
2021-07-13mss_clamp: coverity test fixMiklos Tirpak1-3/+6
Silence the coverity test with setting the interface index in a variable before the boundary check. Type: fix Change-Id: I9bd6db08bfef93142581dada0b6a7d78b7de91e7 Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
2021-07-13misc: fix init order to avoid startup warningsBin Zhou (bzhou2)4-27/+14
Put plugin init order inside plugin instead of in vnet Type: improvement Signed-off-by: Bin Zhou (bzhou2) <bzhou2@cisco.com> Change-Id: Icbacdb3f1cb4ac9d74e3f78458e8bc333793b4d6
2021-07-13dpdk: add base-virtaddr config optionRobert Shearman1-1/+4
Type: improvement Allow the use of the base-virtaddr config option to be passed through to DPDK. This is useful to allow use of devices with an IOMMU in nested VMs without resorting to PA IOVA mode. Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: I32b6513377e6d20bf155e12c45f902d51ea982c4