summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-02-13nat: pnat only use save_rewrite_length on output pathOle Troan1-3/+2
Don't expect save_rewrite_length to be set correctly on RX path. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ieee40d119213f617c3d836181e5879f084b74548 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-12ipsec: Store thread-index in buffer meta-data during SA handoffNeale Ranns7-32/+22
Type: improvement negates the need to load the SA in the handoff node. don't prefetch the packet data, it's not needed. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I340472dc437f050cc1c3c11dfeb47ab09c609624
2021-02-12dpdk: use whole vmbus address as hash key for devconfVladimir Ratnikov2-21/+22
u32[0] is not enough unique for some platforms like azure where several devices(not only network) can have almost the same addresses and this can cause collisions. Change hash to mhash type for vmbus devices with key of whole 16 bytes of vmbus address. Type: improvement Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ic6c6a657ae29f45beddd0c69d8e785e702349460
2021-02-12policer: tidy upBrian Russell3-162/+50
Convert old logging style to new and remove unused tracepoints. Remove code always conditionally not compiled. Make comment style consistent. Type: improvement Change-Id: I13339f28539cf190fb92be2d5c8020b6249319c8 Signed-off-by: Brian Russell <brian@graphiant.com>
2021-02-12policer: use enum typesBrian Russell6-44/+37
Make the policer action enum packed and use it in the policer code. Use other policer enums where applicable. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I32f9735942af8bca3160b9ef8a75f605d9aba5fa
2021-02-12policer: remove SSE2 prefixBrian Russell11-531/+471
The policer code uses a naming convention of prefixing a lot of its definitions with "SSE2" when in fact there is nothing SSE2 specific about them. This is confusing so remove the prefix. Unfortunately it has to stay in the API definitions for backward compatibility. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I59a7df9fd5ded2575f2e587b2768a025a213b07c
2021-02-12vppapigen: coverity issues in autogenerated code pass 3.Ole Troan3-14/+88
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I5ee2e8aba3ee7281bbca11825dece79983e52f06
2021-02-11vppapigen: fix fromjson coverity errors in generationOle Troan4-42/+107
Fix memory leak coverity errors where free was not called on error conditions. Or called twice. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I21cffa8b01e4f72f10501f202f6a762ae300a941 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-11vppinfra: fix membulk coverity warningsFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4830656ad852de62211e31574a0e0afb62d00f37
2021-02-11tests: tag the tests that do not work with multi-worker configurationAndrew Yourtchenko16-0/+50
If the multi-worker default VPP configuration is triggered by setting VPP_WORKER_CONFIG="workers 2", some of the tests fail for various reasons. It's a substantial number, so this change marks all of the testsets that have this issue, such that they can be addressed later independently. Type: test Change-Id: I4f77196499edef3300afe7eabef9cbff91f794d3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-11wireguard: testing alternative timer dispatchMohammed Hawari3-3/+10
Change-Id: I645bb0a31b333a6160c74987dddb3fb50ff154d8 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-02-11policer: use ip dscpBrian Russell7-82/+20
Use the common IP definitions of DSCP rather than duplicating in the policer code. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iff4bc789356edc290b9c31eca33e93cf5b6211bf
2021-02-10vcl: validate seg handle on migrate only if neededFlorin Coras2-6/+11
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c15a465f84f2ceb6bd5f1c459899824d4bc1c90
2021-02-10tests: add policer testsBrian Russell1-0/+123
Add some tests which configure policer params, use the policer test helper CLI to police pretend packets and then check the policer stats. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib2688b6f77d84a4bfd3c8185e44c59fa2300716a
2021-02-10tests: add policer test helperBrian Russell2-0/+72
Add a helper CLI to exercise a policer pre-configured by the test harness. The test harness will check the stats afterwards. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I913dda4a9f8179c1c6b3061a68164bf1e698a392
2021-02-10vppinfra: fix bihash test-debug aarch64 sporadic failureDave Barach1-0/+3
Turns out that both the multi-core and single-core add / del tests run for just under 5 seconds (aarch64, debug image). Increase the vapi => debug CLI timeout to avoid spurious failures. Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ia64bffa82a908172a21c34f3ae4402ad774af28a
2021-02-10ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns16-292/+410
support Type: feature attmpet 2. this includes changes in ah_encrypt that don't use uninitialised memory when doing tunnel mode fixups. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie3cb776f5c415c93b8a5ee22f22586fd0181110d
2021-02-10nat: fix EI hairpinning thread safetyKlement Sekera7-64/+811
Avoid doing inter-thread reads without locks by doing a handoff before destination address rewrite. Destination address is read from a session which is possibly owned by a different thread. By splitting the work in two parts with a handoff in the middle, we can do both in a thread safe way. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I1c50d188393a610f5564fa230c75771a8065f273
2021-02-09l2: crash on l2_input_is_xconnectSteven Luong1-10/+8
Running vpp without any interface configured and then invoking the binary-api l2_xconnect_dump causes vpp to crash in l2_input_is_xconnect due to l2input_main.configs has no memory allocated to it, not even for the local interface which exists all the times. The reason that l2input_main.configs has no memory allocated to it was due to gerrit patch 29232 which took out a line in l2input_init /* Create the config vector */ vec_validate (mp->configs, 100); The fix is to iterate through l2input_main.configs for each interface in l2 to call l2_input_is_xconnect when dumping l2_xconnect interfaces. Type: fix Fixes: gerrit 29232 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I8d9cba4b7eba4c2e0c60887c4fd57d5ec3b06d3b
2021-02-09tls: dtls initial implementationFlorin Coras15-77/+751
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2021-02-09session: coverity fixesFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2828287c58115aa08c0a4297c01cea60f41f4749
2021-02-09crypto: fix bad-hmac in sw scheduler if async modeAlexander Chernavin1-0/+1
When IPsec async mode is enabled, packets don't pass through the tunnel if ciphers other than AES GCM are used for child SAs. An error that arises is "bad-hmac" in the "crypto-dispatch" node. On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set for the integrity crypto operation when it's not supposed to. It seems that the flag remains from the previous operation. With this change, zero flags of crypto operations in the SW scheduler during operation filling. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
2021-02-09gbp: fix typo in macroPaul Vinciguerra2-7/+7
Type: fix Change-Id: I1f8245e8cccacb5bbb511aef39e31d0a76bba95f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2021-02-09papi: expose vpp_papi version to clientPaul Vinciguerra1-0/+6
root@ae2a2e85c5d4:/vpp/src/vpp-api/python# python3 Python 3.6.9 (default, Oct 8 2020, 12:12:24) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import vpp_papi >>> vpp_papi.__version__ '1.6.2' Type: feature Change-Id: I73025427a58214a842245fceaa77daa7acd3e6f8 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2021-02-09papi: remove python2 vpp-api-python.debPaul Vinciguerra4-27/+4
Type: fix Change-Id: I4901f7eb9d739afd4d45a25306434e9d122a4068 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2021-02-09nat: bump default max translations to 63KKlement Sekera1-1/+1
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibea7ec844d1d910e8a3235e11154b1ecea8302ac
2021-02-09nat: deny adding intf addr if static-mapping-onlyAlexander Chernavin1-0/+8
If static-mapping-only is enabled, NAT pool cannot be configured, only static mappings. There're two ways to add addresses to the NAT pool: by address range, or by first found address from an interface. NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If static-mapping-only is enabled, adding addresses by range is rejected but by interface not. With this change, if static-mapping-only is enabled, do not allow to add addresses to the NAT pool both ways. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29
2021-02-09nat: fix coverity errorsOle Troan4-8/+7
Including a general missing free in fromjson autogenerated code. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9ab2b0193135e2fb3d62d51b3c114df56969e341 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-09nat: improve type safety and remove unused paramKlement Sekera3-96/+76
Type: improvement Change-Id: I456f9b14e6a4eb46c9c49f6e09acccae530e4ebc Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-02-09Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"Matthew Smith16-374/+263
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-08vlib: ASSERT vm == vlib_get_main()Dave Barach1-0/+5
To catch coding mistakes: calling vlib_get_frame_to_node() from a worker thread with vm = &vlib_global_main instead of vm = vlib_mains[worker_thread_index] Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5a8f01fdf9f35daeeada2d6eaa7180a60c4ca529
2021-02-08ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns16-263/+374
support Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
2021-02-08interface: automask interrupts to polling rxqsMohammed Hawari1-1/+3
Sometimes, vnet_hw_if_rx_queue_set_int_pending is called on rxqs which are not in interrupt mode. Currently, it segfaults due to a too small clib_interrupt_t structure. This change prevents that and makes the framework slightly more robust to driver bugs (that might be subtle to track in some cases involving concurrency...) Change-Id: I9643b9b1aa37e6852754b93f10cd2f96ed9e6118 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix
2021-02-08virtio: use vpp clib_memset instead glibc memsetMohsin Kazmi1-2/+2
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ib3cefe5d27286c4853eb0c0e1803a94787a62c97
2021-02-08virtio: add atomic call for kickingMohsin Kazmi3-20/+9
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I41faa2ca249ff75e564a732af896e6b5d76bf665
2021-02-08ipsec: Checking wrong DB for initialistationNeale Ranns1-17/+17
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2325d311a6fd7343c7041dc516777f4db0029823
2021-02-08tests: allow for externally supplied VPP workers config for testsAndrew Yourtchenko1-0/+2
Allow to supply the external VPP worker config for tests which do not specify the workers config explicitly, and use the tags infra to flag those that need attention in this configuration. This commit shows one example use of such a tag, there will be a separate commit with the rest of the places needing it, since that change is rather mechanical. Thus, the assumption is that the test should by default be agnostic of the VPP configuration, unless it explicitly specifies so. Type: test Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-08ping: fix aborting on keypressIvan Shvedunov3-9/+11
Type: fix Currently ping stops on events like SOCKET_READ_EVENT, which makes it hard to use over e.g. govpp as it aborts immediately most of the time. With this patch, ping only stops upon real CLI read / quit events. Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: Id7a8d0b0fdeb7bbc7b85240e398d27bd5199345b
2021-02-08tunnel: support copying TTL and flow label from inner to outerNeale Ranns11-56/+488
Type: feature The added functionality is to support copying TTL and flow label from inner to outer. The .api was extened to support expressing this and also adding a common tunnel endpoint type. i find it best to make API changes in one patch so there are less versions of the API. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I755c1e3f4c475058792af39c1abeda92129efb76
2021-02-08misc: support api generated dependency for multiarch sourceOle Troan6-15/+36
Fix dependency issues where multi-arch file is using API generated file. Type: improvement Change-Id: I5d4af7a630529bc138c35841723e38938f36d963 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-07vppinfra: do not crash if format string is nullAndrew Yourtchenko1-4/+4
Sending 128 bytes of zeroes via API shared memory interface (or putting any other message ID that results in null message name - e.g. 2,4,5) results in this crash: Program received signal SIGSEGV, Segmentation fault. va_format (s=0x7fffb5643a60 "memclnt_create", fmt=0x0, va=0x7fffa739ccf0) at /home/ubuntu/vpp/src/vppinfra/format.c:395 395 c = *f; (gdb) bt 0 va_format (s=0x7fffb5643a60 "memclnt_create", fmt=0x0, va=0x7fffa739ccf0) at /home/ubuntu/vpp/src/vppinfra/format.c:395 1 0x00007ffff50e7259 in elog_string (em=0x7ffff5f2fbc8 <vlib_global_main+968>, fmt=0x0) at /home/ubuntu/vpp/src/vppinfra/elog.c:592 2 0x00007ffff7bc4cec in vl_msg_api_handler_with_vm_node (am=0x7ffff7dd1c90 <api_global_main>, vlib_rp=0x130023000, the_msg=0x130086d50, vm=0x7ffff5f2f800 <vlib_global_main>, node=0x7fffb5edd4c0, is_private=0 '\000') at /home/ubuntu/vpp/src/vlibapi/api_shared.c:585 3 0x00007ffff7ba6c86 in void_mem_api_handle_msg_i (am=0x7ffff7dd1c90 <api_global_main>, vlib_rp=0x130023000, vm=<optimized out>, node=<optimized out>, is_private=0 '\000') at /home/ubuntu/vpp/src/vlibmemory/memory_api.c:696 4 vl_mem_api_handle_msg_main (vm=0x7ffff5f2f800 <vlib_global_main>, node=0x7fffb5edd4c0) at /home/ubuntu/vpp/src/vlibmemory/memory_api.c:707 5 0x00007ffff7bb573e in vl_api_clnt_process (vm=0x7ffff5f2f800 <vlib_global_main>, node=0x7fffb5edd4c0, f=<optimized out>) at /home/ubuntu/vpp/src/vlibmemory/vlib_api.c:338 6 0x00007ffff5cb3bb7 in vlib_process_bootstrap (_a=<optimized out>) at /home/ubuntu/vpp/src/vlib/main.c:1477 7 0x00007ffff514088c in clib_calljmp () from /home/ubuntu/vpp/build-root/install-vpp-native/vpp/lib/libvppinfra.so.21.01 8 0x00007fffa95b0550 in ?? () 9 0x00007ffff5ca93e2 in vlib_process_startup (vm=0x7ffff5f2f800 <vlib_global_main>, p=0x7fffb5edd4c0, f=0x0) at /home/ubuntu/vpp/src/vlib/main.c:1502 10 dispatch_process (vm=0x7ffff5f2f800 <vlib_global_main>, p=0x7fffb5edd4c0, f=0x0, last_time_stamp=<optimized out>) at /home/ubuntu/vpp/src/vlib/main.c:1558 11 0x0000000000000000 in ?? () (gdb) I am not sure if this place is better to fix it or the 4-5 places in vl_msg_api_handler_with_vm_node that it gets called from, but submitting this one since it is the shortest Type: fix Change-Id: I659d2bea7405d8763181336f35ef468682f64cf2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-07flowprobe: set collector port for data from settingjan_cavojsky1-2/+2
Type: fix Ticket: VPP-1859 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Change-Id: Iaa5045001621ec99dc8579e8e989adf81dc60525
2021-02-06ipsec: CLI improvement for udp port encapMohammed Hawari1-0/+5
Change-Id: I59f55db7209549ad43a1205470a2f5ea9ea8a1c7 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-02-05tcp: fix port reuse with multiple listenersFlorin Coras2-3/+11
The check in listen state that the listener is not valid is not enough if the time wait session's index overlaps an actual listener's index. Thanks wanghanlin@corp.netease.com for the report! Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3dff0cb134940a8265ff908faa607c67dba5e56b
2021-02-05devices: af-packet gso mtuNathan Skrzypczak4-38/+126
Type: fix Set the GSO flag when buffer length exceeds the linux mtu. Don't listen for mtu changes on linux side for now. This also fixes a TX issue, as we only search for valid frames on tx to the extent of n_left, we might stay stuck. Change-Id: Idf0bdd88990254a614962c2f7bc3e0292ccfd61a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-05session svm: non blocking mqFlorin Coras7-197/+222
Avoid synchronizing producers and the consumer. Instead, only use mutex or spinlock (if eventfds are configured) to synchronize producers. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
2021-02-05ip: Remove unused include fileNeale Ranns1-1/+0
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iae135cbca372def29b1dd5e9f29b7db546ef1a3e
2021-02-05nat: 1:1 policy NATOle Troan17-7/+2451
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-05ipsec: add support for AES CTRBenoît Ganne6-139/+182
Type: feature Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-05ikev2: fix bad ip in logsFilip Tehlar1-5/+9
Type: fix Change-Id: Icd01491043e9fd1bb8f51f4f55e1252fd78512de Signed-off-by: Filip Tehlar <ftehlar@cisco.com>