summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-07-06misc: pass NULL instead of 0 for pointer in variadic functionsAndreas Schultz5-18/+14
0 is not NULL (at least not in all cases), passing 0 into a variadic function in a place where the consumer reads it as pointer might leave parts of the pointer uninitilized and hence filled with random data. It seems that this used to work with gcc, but clang seems to treat the 0 in those places as a 32bit integer. Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
2022-07-01buffers: protect against bad thread indicesJon Loeliger1-0/+3
There is a very rare bug in NAT processing that yeilds a thread index of ~0. When this happens, vlib_get_frame_queue_elt() suffers a segfault and VPP quits. Prevent an outright fault by dropping the packet instead. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
2022-06-30vcl: check if listener valid on disconnect cleanupFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie057d0d5a51d3226a1a188cf9d48a5d82dc4a3c7
2022-06-30vrrp: while delete vr can't delete multi virtual address.GaoChX1-1/+4
Here is bug example: vpp# create loopback interface loop0 vpp# vrrp vr add loop0 vr_id 1 priority 100 192.168.1.1 192.168.1.2 vpp# vrrp vr del loop0 vr_id 1 vpp# vrrp vr add loop0 vr_id 1 priority 100 192.168.1.1 192.168.1.2 vrrp vr add: vrrp_vr_add_del returned -105 Type: fix Signed-off-by: GaoChX <chiso.gao@gmail.com> Change-Id: I3e0d086ac8fb52756339cff19b9a83911ec9748b
2022-06-30sr: SRv6 Path Tracing Sink node behaviorAhmed Abdelsalam1-0/+10
Type: feature Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I2d3a0211abfee3501d3d77c80da20e67e1e9e133
2022-06-29vlib: enqueue_to_next_with_aux implementationMohammed Hawari4-37/+233
Change-Id: I0e1bb39d765ec3efa7b28ca02fb7beeb23607e51 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-06-29classify: use 32 bits hashBenoît Ganne11-55/+54
classify hash used to be stored as u64 in buffer metadata, use 32 bits instead: - on almost all our supported arch (x86 and arm64) we use crc32c intrinsics to compute the final hash: we really get a 32-bits hash - the hash itself is used to compute a 32-bits bucket index by masking upper bits: we always discard the higher 32-bits - this allows to increase the l2 classify buffer metadata padding such as it does not overlap with the ip fib_index metadata anymore. This overlap is an issue when using the 'set metadata' action in the ip ACL node which updates both fields Type: fix Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-29sr: code refactor and style fixAhmed Abdelsalam2-15/+14
Type: refactor Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: Iff5e85952273526d5c9d9e7e73bd2b6c15bcd7f6
2022-06-29svm: check svm_msg_q_size_to_alloc successOfer Heifetz1-0/+3
svm_msg_q_size_to_alloc must return a valid base address, if it fails pass up the error for handling Type: fix Change-Id: I408492f65f646862122acb9a187819b3bbf4f91c Signed-off-by: Ofer Heifetz <oferh@marvell.com>
2022-06-29sr: Add support for SRv6 Path Tracing InfrastructureAhmed Abdelsalam3-0/+349
This patch adds support for the infrastructure required to support SRv6 Path Tracing defined in https://datatracker.ietf.org/doc/draft-filsfils-spring-path-tracing/ Type: feature Change-Id: If3b09d6216490a60dd5a816577477b6399abc124 Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
2022-06-29hsa: reduce number of preallocated vcl test server sessionsFlorin Coras2-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7afc6116ca9a609992f26d9e78084732bba1b2ea
2022-06-29tests: add ipsec flow performance unit testPiotr Bronowski1-0/+309
This patch adds performacne and functional tests for ip4 outbound traffic policy matching. Test setup is configurable in startup.conf and though the test parameters. Cache, fast path, fast path burst mode can be enabled and disabled, and performance for different lookup setup can be measured. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
2022-06-29ipsec: show fast path flag in cliFan Zhang1-8/+27
This patch updates the "show ipsec spd" cli to display policies maintained by fast path bihash table. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
2022-06-29ipsec: add fast path configuration parserPiotr Bronowski1-2/+19
Parser can be configured from the level of startup.conf file: fast path can be enabled and disabled. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
2022-06-29ipsec: add spd fast path matchingPiotr Bronowski3-0/+584
This patch adds matching functionality for spd fast path policy matching. Fast path matching has been introduced for outbound traffic only. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
2022-06-29ipsec: make match function inlinePiotr Bronowski2-145/+171
This patch introduces ipsec_output.h file. Matching implementation is moved there. The reason behind is the possibility of unit testing matching mechanism. Therefore we need to have functions that are in scope of our intrest there and since these are inline their implementation needs to be moved to the header file as well. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444
2022-06-29ipsec: add/delete ipsec fast path policyPiotr Bronowski6-59/+717
This patch introduces functions to add and delete fast path policies. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
2022-06-28session: fix connected udp acceptsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0963bae4b56b08c0a9ab4ee1f2738013217e1fb7
2022-06-28session quic: allow custom config of rx mqs seg sizeFlorin Coras1-2/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Idc0fdebfea29c241d8a36128241ccec03eace5fd
2022-06-28ipsec: introduce spd fast path typesPiotr Bronowski1-0/+63
This patch introdcues basic types supporting fast path lookup. Fast path performs policy matching with use of hash lookup (particularly bihash tries has been used for that purpose). Fast path lookup addresses situation where huge number of policies is created (~100k or more). In such scenario adding/removing a policy and policy matching is not efficient and poorly scales (for example adding 500k policies takes a few hours. Also lookup time increases significantly). With fast path adding and matching up to 1M flows scales up linearly (adding 1M of policies takes about 150s on the test machine vs many hours in case of original implementation, also matching time is significantly improved). Fast path will not deal well with a huge number of policies that are spanning large ip/port ranges. Large range will be masked out almost entirely leaving only a few bits for calculating the hash key. Such keys will tend to gather much more policies than other keys and hash will match most of the packets anihilating advantages of hashing. Having said that we also think that it is not the real life scenario. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I600dae5111a37768ed4b23aa18426e66bbf7b529
2022-06-28ipsec: change wildcard value for any protocol of spd policyPiotr Bronowski8-58/+300
Currently 0 has been used as the wildcard representing ANY type of protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore it should not be used as a wildcard. Instead 255 is used which is guaranteed by IANA to be reserved and not used as a protocol id. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
2022-06-17quic:fix crash rx_fifo full or growfanxb1-0/+16
if when the rx_fifo grows, svm_fifo_enqueue() return -4, stream_data->app_rx_data_len += rlen type conversion occurs, Finally,stream->recvstate.data_off calculation is wrong. Type:fix Signed-off-by: fanxb <fxb_mail@163.com> Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
2022-06-15stats: fix prometheus exporter crash on large number of FIB entriesAlexander Chernavin1-2/+2
Type: fix Currently, prometheus exporter may crash because of memory exhaustion when dumps metrics if the FIB contains large number of routes. With this fix, increase memory size for prometheus exporter to be able to handle large number of FIB entries. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ia2b9a665368883c87448deee9bcf8d2ac1168357
2022-06-14ip: reassembly - Add node level stats, fix customapp behaviorVijayabhaskar Katamreddy2-16/+77
Type: fix Added stats for success and failure cases Fixed Custom app behaviors for the error / drop cases Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
2022-06-10vcl: fix iperf3 server crash issue when it runs over vpp host stack.Liangxing Wang1-1/+8
Issue: Let iperf3 server run via ldp and vcl on top of vpp's host stack. If iperf3 client connects this iperf3 server with tcp MSS setting option, iperf3 server will always crash. Root cause: When MSS option is specified by iperf3 client, iperf3 server will recreate the listening socket firstly, then call setsockopt() to set MSS immediately. Iperf3 code can be referred here: https://github.com/esnet/iperf/blob/58332f8154e2140e40a6e0ea060a418138291718/src/iperf_tcp.c#L186. However, in vcl layer vpp_evt_q of this recreated session is not allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access. Fix: Add session vpp_evt_q null pointer check in vcl_session_transport_attr(). Add a vcl test case for this MSS option scenario. Type: fix Signed-off-by: Liangxing Wang <liangxing.wang@arm.com> Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7
2022-06-10vppinfra: fix bihash_8_16 entry format functionBenoît Ganne1-2/+1
Type: fix Change-Id: I1e8655baaf09b455f7f0052452402a372f738d0f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-10hsa: allow first segments larger than 4g for proxyFlorin Coras2-14/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9c502a491ff56806a2e631f7a4c18903a2e93ab2
2022-06-10ip: improve ip ACL tracesBenoît Ganne3-10/+26
Type: improvement Change-Id: I85c73cb940d81d0b249eda0d57de135bcd798418 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-09vppinfra: missing __clib_export for clib_pmalloc_alloc_alignedDamjan Marion1-2/+2
Type: improvement Change-Id: I7489327d8b9c5f69b4ceb2159456f00f8a3612df Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-06-08udp: add cli to dump registered portsBenoît Ganne1-0/+93
Type: improvement Change-Id: Ic949e3136a7cf27011d098a50e91920f83226ea9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-08wireguard: increment interface RX countersMatthew Smith1-0/+15
Type: improvement When packets were received and processed successfully, increment the byte/packet counters for the tunnel interface. Change-Id: I42855607ac6916de641be42aac86c9942cc97140 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-06-07classify: fix sesssion details apiNathan Skrzypczak1-1/+1
We were not allocating space for the variable length payload in the response message. Type: fix Change-Id: I345102f4555f66c5632ab0882ca1dd178e98eb7b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-06-07vlib: fix crash on packet on deleted interfacePim van Pelt1-3/+6
If ip4_neighbor_probe (or any other) is sending packet to a deleted interface, ASSERT trips and dataplane crashes. Example: create loopback interface instance 0 set interface ip address loop0 10.0.0.1/32 set interface state GigabitEthernet3/0/1 up set interface state loop0 up set interface state loop0 down set interface ip address del loop0 10.0.0.1/32 delete loopback interface intfc loop0 set interface state GigabitEthernet3/0/1 down set interface state GigabitEthernet3/0/1 up comment { the following crashes VPP } set interface state GigabitEthernet3/0/1 down This sequence reliably crashes VPP: (gdb)p n->name $4 = (u8 *) 0x7fff82b47578 "interface-3-output-deleted” If the interface doesn't exist, return ~0 and be tolerant of this in the two call sites of counter_index() Type: fix Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I90ec58fc0d14b20c9822703fe914f2ce89acb18d
2022-06-07sr: SRv6 TEF behavior supportAhmed Abdelsalam3-3/+87
Adding support for the SRv6 TEF (Timestamp, Encapsulation and Forward) behavior defined in draft-filsfils-spring-path-tracing (https://datatracker.ietf.org/doc/draft-filsfils-spring-path-tracing/). Type: feature Change-Id: I7f38b593147daf8d27af9c983448cf82947e5bed Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
2022-06-05wireguard: fix crash by not sending arp via wg interfaceAlexander Chernavin2-1/+9
Type: fix Currently, neighbor adjacencies on a wg interface are converted into a midchain only if one of the peers has a matching allowed prefix configured. If create a route that goes through a wg interface but the next-hop address does not match any allowed prefixes, an ARP/ND request will try to be sent via the wg interface to resolve the next-hop address when matching traffic occurs. And sending an ARP request will cause VPP to crash while copying hardware address of the wg interface which is NULL. Sending an ND message will not cause VPP to crash but the error logged will be unclear (no source address). With this fix, convert all neighbor adjacencies on a wg interface into a midchain and update tests to cover the case. If there is no matching allowed prefix configured, traffic going such routes will be dropped because of "Peer error". No changes if there is matching allowed prefix configured. Also, fix getting peer by adjacency index. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd
2022-06-03hsa: dealloc proxy fifos on right threadFlorin Coras2-1/+46
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia66c12e1da126d0d8d101b645e6dc8454c3826d6
2022-06-03hsa: refactor proxy session lookup and cleanupFlorin Coras2-103/+52
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic68627bbca676cc78b0be05bc1fa0f386f5d27fa
2022-06-03session: fix double free in CLIFilip Tehlar1-7/+2
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I646ac946d0b07929dfdd1966a4f4a3b697768040
2022-06-02ipfix-export: Fix frame leak in flow_report_process_send()Jon Loeliger1-1/+9
The flow_report_process_send() function always allocates a frame. However, when no template_send is needed, template_bi is ~0. When this happens, no vectors are placed in the frame. When the frame is then "put", a check for n_vectors == 0 prevents the frame from actually being placed back on the free list. Fix that by using a direct call to vlib_frame_free() when there are no frame vctors. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
2022-06-01session: make sure fifos are freed on right threadFlorin Coras1-0/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c573641bd95fe899823b66f6c59a2525a18d293
2022-06-01stats: swap used and total statsLeland Krych1-2/+2
Type: fix reported stats seem to have mixed up used and total counters Signed-off-by: Leland Krych <leland.krych@gmail.com> Change-Id: I221c7b114c0da2ed53171d7f047a4bda07ee6cb2
2022-06-01papi: vpp_serializer.py - replace slow bytes() with fast bytearray()Viktor Velichkin1-8/+8
https://docs.python.org/3/library/stdtypes.html "if concatenating bytes objects, you can similarly use bytes.join() or io.BytesIO, or you can do in-place concatenation with a bytearray object. bytearray objects are mutable and have an efficient overallocation mechanism" Type: improvement Signed-off-by: Viktor Velichkin <avisom@yandex.ru> Change-Id: Id20d337f909cce83fcd9e08e8049bb0bf5970fbc
2022-06-01vlib: add VLIB_NUM_WORKERS_CHANGE_FN() handlerDamjan Marion4-10/+15
Allows features to update their data structures after change in number of worker threads. Type: improvement Change-Id: Icd4d197e28608f5bbb1edd13eb624cd98e33cafe Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-06-01ip: unformat_ip_address should no modify its argument on failureBenoît Ganne2-16/+18
When failing to match an ip address, we should not reset the ip address that could have been initialized by a previous match. Type: fix Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-05-31nat: disable nat44-ei-in2out-output ttl checkAlexander Skorichenko1-3/+3
Type: fix A packet passing through nat44-ei-in2out-output, has its ttl value validated in earlier nodes. "ip4-input" node checks ttl for locally generated packets. "ip4-rewrite" node validates ttl in forwarded packets. Thus for example, the ED counterpart disables ttl checks in its "nat44-ed-in2out-output" node. This patch updates nat44 EI conditions for ttl checks to those currently used in nat44 ED case, meaning no extra ttl validation for in2out when output-feature is enabled. Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com> Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
2022-05-30vppapigen: fix make go-api for go1.18Nathan Skrzypczak1-58/+71
This patch updates the go-api-files logic for supporting go1.18. Notable changes are that `go get ...` changed to `go install` and that we need to bump the govpp binapigen version to integrate a go1.18 fix. This patch also simplifies the cli execution syntax Type: fix Change-Id: I1d8aac65490fe3ea4c1965a4775b6bf8d5c05d26 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-05-27ip: reassembly - Fixing buffer leaks, corruption in v6 reasmVijayabhaskar Katamreddy2-42/+117
Type: fix *Buffer leaks and corruptions during internal errors, either overriding or missing to add the buffer to the list Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
2022-05-26ip: reassembly - pacing reassembly timeouts for v6Vijayabhaskar Katamreddy1-9/+35
Type: fix Pace the main thread activity for reassembly timeouts, to avoid barrier syncs Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
2022-05-25docs: update spelling word list and fix typosDave Wallace1-5/+5
- update wordlist and fix typos so that 'make docs-spell' passes - sort spelling_wordlist.txt - update docs maintainers list Type: docs Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I38ac7850c604c323427d2bb6877ea98bd10bcc38
2022-05-24devices: add af-packet v3 apiMohsin Kazmi2-0/+114
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I4679acbe4fd4400d57c0a79b0a6c74c8f1639703