summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-10-07ikev2: do not require optional IDr on IKE AUTHBenoît Ganne1-8/+26
IDr is optional in IKE AUTH from the initiator. In that case, the responder is free to use any matching profile and fills the corresponding IDr in the response. The initiator is then free to accept or reject it. Type: improvement Change-Id: I07a1c64a40ed22bd41767c259406238bbbab5cf4 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07ikev2: add logs in case of parsing errorsBenoît Ganne1-6/+24
Type: improvement Change-Id: Id0a6a9e68725ea7aa0b7da14cf54d14405a907fb Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07ikev2: do not send IDi on responder AUTHBenoît Ganne1-1/+0
The IDi is not mentioned in the RFC for the responder AUTH message, and it confuses some IKE implementations. Type: fix Change-Id: I2bcefa1efd315412a6f5fa592668d4e0da510264 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-07arp: source address selectionEd Warnicke2-5/+13
https://gerrit.fd.io/r/c/vpp/+/30197 introduced SAS and inadvertently broke ping in a variety of situations: https://jira.fd.io/browse/VPP-1992 https://jira.fd.io/browse/VPP-1970 https://lists.fd.io/g/vpp-dev/topic/84038840 all of which seem to be rooted in situations where there's literally nothing smarter ping can do for source address selection than to pick the first IP on the interface. This can happen for: 1. P2P interfaces, see attempted fix: https://gerrit.fd.io/r/c/vpp/+/32801 2. Interfaces with /32 IP addresses intentionally assigned After some discussion, this problem was partially fixed in https://gerrit.fd.io/r/c/vpp/+/33449 Unforunately, while source selection was fixed in ping, it continued to be broken in arp/nd. This gerrit builds on https://gerrit.fd.io/r/c/vpp/+/33449 and fixes arp/nd. Type: fix Ticket: VPP-1970 Ticket: VPP-1992 Fixes: e2fe097424fb169dfe01421ff17b8ccd0c26b4a6 Change-Id: Ief60c321676a15f4f30bf4cd84d50b2f1efec432 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2021-10-07perfmon: Topdown Level 1 support on SnowridgeRay Kinsella4-1/+102
Enable Topdown Level 1 support on Snowridge, enabled with standard CPU events on small core. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I58ad09383de7464265ac1b69e683f253591e3b5e
2021-10-07perfmon: check bundle is supportedRay Kinsella1-0/+23
Add a check bundle is supported before futher activation. Enable different bundles with same name, supported on different platforms. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I73e8bbd1e07c05ebccd9146d48a234eb598a2388
2021-10-07perfmon: fix peusdo eventsRay Kinsella1-1/+1
Fix peusdo events, missed populating "core" events with peusdo events. Type: fix Fixes: bf37bf6f7 Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I569fa876f1b58540adac0b095be0ff4ade664dec
2021-10-06ip: check if interface has link-local address (addition)Artem Glazychev1-1/+6
previous - b31fbc47f5fcf8234c757558d7b0285348774086 Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
2021-10-06wireguard: add events for peerArtem Glazychev8-33/+223
we can receive events from peer about its state: -WIREGUARD_PEER_STATUS_DEAD -WIREGUARD_PEER_ESTABLISHED Type: improvement Change-Id: Ide83fbe2cfafa79ded5bcf3f6a884c26a7583db0 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2021-10-06session: fix severity infoFilip Tehlar1-11/+10
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I6548274f8c0ae2a183b1d221cb195de445c2819f
2021-10-06wireguard: add ipv6 supportArtem Glazychev14-193/+517
Type: improvement Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: If1a7e82ce163c4c4acaa5acf45ad2b88371396f6
2021-10-06tcp: fix severity infoFilip Tehlar6-69/+69
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe39bc045c3b154209a83b59ef95a37c61b32c0c
2021-10-06docs: more nitfixesNathan Skrzypczak4-46/+49
Type: fix Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06build: fix lib dir in debian packagingDamjan Marion1-1/+1
Type: fix Change-Id: I64b0bbe5ba2317ab03b68f140df69a94a0dd7407 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-10-06docs: vnet comment nitfixesNathan Skrzypczak15-84/+108
Type: improvement Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06vlib: doc nitfixesNathan Skrzypczak3-3/+3
Type: improvement Change-Id: I9e761f908d9d2becbc61eb0515dc6b7c1e1e036f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-06ip: add classifier-based ACLs support on ip puntBenoît Ganne5-291/+301
This feature allows one to add classifier-based ACLs on packets punted from the ip infra, eg. to only whitelist specific sender(s). Type: feature Change-Id: Idab37b188583efbca980038875fc3e540cb2e880 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-05session: Add session_sapi_enable_disableNathan Skrzypczak5-5/+33
Type: feature This adds an API message to do the switch at runtime. Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-05build: don't hardcode triplet, allow specifying custom lib dirDamjan Marion9-18/+21
Type: fix Change-Id: I33f364fda88914f88f9b976cb83e6d3ff466f0bb Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
2021-10-05tap: free the tap_fds vec on interface deletionMohsin Kazmi1-0/+1
Type: fix Tap fds are stored in vector array but deleting tap was not freeing this vector. This patch fixes it. Change-Id: I5228e3b9f432c69cf2656b2ee7402360d775964b Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-05perfmon: bundles with multiple typesRay Kinsella4-35/+147
Allow perfmon bundles to support more than one bundle type, either node or thread. Only used for topdown bundle for the moment. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Iba3653a4deb39b0a8ee8ad448a7e8f954283ccd8
2021-10-05nat: NAT44 ED api fix and improvementFilip Varga3-14/+178
Backward compatibility fix returns erroneous behavior that lets user add internally unused inside interface for the purpose of complying with the old add/dump/details API behavior. Change introduced in https://gerrit.fd.io/r/c/vpp/+/32951 removed extra inside interface that wasn't required or any how used by the output feature. This patch also changed outside interface flags to inside & outside. This fix returns the old behavior by imitating the old behavior through dummy registratoin data. Added new API calls nat44_ed_add_del_output_interface and nat44_ed_output_interface_get/details as a replacement of old API's. New API introduces simplified and cleaner way of configuring outside feature without requirement of config flags. Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I7a170f7325727c04da5e2e3ffbe3f02179531284
2021-10-04interface: free the output_node_thread_runtimesMohsin Kazmi1-0/+1
Type: fix output_node_thread_runtimes was not freed when an interface is deleted. This patch fixes it. Change-Id: I763b0109be1904d43839528a346f3b9aa8927205 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04interface: remove the redundant vec_free on rx_queue_indicesMohsin Kazmi1-1/+0
Type: fix vnet_delete_hw_interface() calls vec_free on rx_queue_indices. function vnet_hw_if_unregister_all_rx_queues() is used to free rx_queue_indices which is also called by vnet_delete_hw_interface(). So, second vec_free is redundant. Change-Id: Ibda4be38fd122d33532bb384c97b0b9e5f441134 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04build: Allow ipsec-mb plugin to build with libipsec_mb 0.55Nick Brown2-0/+14
The 0.55 version of libipsec_mb does not support the chacha functions used in the plugin. The missing symobls are: ipsecmb_ops_chacha_poly ipsecmb_ops_chacha_poly_chained IMB_CIPHER_DIRECTION Check for ipsecmb_ops_chacha_poly() and conditionalise the chacha code in the plugin on this. ipsec_mb 0.55 is the version currently found in Debian Stable (bullseye) Type: make Signed-off-by: Nick Brown <nickbroon@gmail.com> Change-Id: I88c962ac4f99a58b5cd61fb9b75f692e27d4ec30
2021-10-04memif: integrate with new tx infraMohsin Kazmi3-15/+17
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I7c2b9891e269f23c3aa2a0abfee3cf0a0f1e2135
2021-10-04vcl: remove unsed configsFlorin Coras3-38/+2
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If755cf38e6b30e8757f2c6fb4cf5e6642fa87e52
2021-10-04hsa: do not drop the barrier when creating echo serverFilip Tehlar1-14/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I25d3ac72360bea130f567095b486d8e295d2f2f7
2021-10-04wireguard: use the same udp-port for multi-tunnelArtem Glazychev5-29/+62
now we can reuse udp-port for many wireguard interfaces Type: improvement Change-Id: I14b5a9dbe917d83300ccb4d6907743d88355e5c5 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2021-10-04vppinfra: fix potential memory access error in _pool_init_fixedJieqiang Wang2-16/+24
_pool_init_fixed uses mmap to initialize a fixed-size and preallocated pool, whose size is the sum of vector_size and free_index_size with alignment to the CLIB_CACHE_LINE_BYTES and page size. In this way vector_size equals to pool_header_t + vec_header_t + elt_size * max_elts so moving to the end of the pool space should be pool_header_t pointer + vector_size, instead of vec_header_t pointer + vector_size. Simple code to reproduce this error: u64 *pool; pool_init_fixed(pool, 2042); Improve unit test to cover this case Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com> Change-Id: If088ef89b3dcb2d874ee837ae9da60983b14615c Signed-off-by: Dave Barach <dave@barachs.net>
2021-10-04virtio: remove control queue support from virtio_show() for tap/tunMohsin Kazmi1-6/+0
Type: fix Tap/Tun interfaces do not have control queue. This patch removes the support of control queue from virtio_show() which is used by show tap/tun cli. Change-Id: Ib89144ad488ed548fb1ce50ee232a1b8659ccf29 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-04fib: fix unitialized padding in fib_api_next_hop_decodeBenoît Ganne1-4/+2
If the type is IPv4, makes sure the padding bytes are set to 0 as this is used by ip46_address_is_ip4() to detect the type. Type: fix Change-Id: I6a81fa05a6b227086853901bf3dcdc66e6d04d2c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04ip: fix punt for ipv6Benoît Ganne1-4/+9
Type: fix Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-10-04perfmon: topdown events as peusdo eventsRay Kinsella1-9/+13
Topdown events are peusdo events exposed by linux, and are only present on Intel platforms. Change to clarifies this. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I6a3dcea5f43f53dbb96475329baf5e596a24d54f
2021-10-04docs: plugin comment nitfixesNathan Skrzypczak11-52/+52
Type: improvement Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-10-04interface: remove the input_node_thread_index_by_queueMohsin Kazmi2-4/+0
Type: fix input_node_thread_index_by_queue is not being used anymore. Change-Id: I0141fa0d024affb39771acf7516e064c5c8acfe9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-10-03hsa: proxy app worker thread deadlockSivaprasad Tummala1-5/+10
proxy main lock not released in certain cases and resulting in deadlock. Type: fix Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: Ib869f459b447189bb921c05fd260f3691c2ac787
2021-10-03mpls: Save the L3 header offset in the meta-data before label impositionNeale Ranns1-1/+9
Type: improvement Subsequent features in the data-path can thus easily find the l3 header without parsing the label stack. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I26f7d4bbe9186aeb8654706579c72424e8ecca2c
2021-10-01devices: add support for pseudo header checksumMohsin Kazmi8-23/+371
Type: improvement Linux uses pseudo header checksum when checksum of l4 is offloaded. This patch adds similar support in virtual interfaces. Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-09-30wireguard: move adjacency processing from wireguard_peer to wireguard_interfaceArtem Glazychev7-233/+123
now we should add routes manually Type: improvement Change-Id: I877511a18854efdfad02939267d38a216b2ccec3 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2021-09-30fib: doc nitfixesNathan Skrzypczak10-19/+19
Type: improvement Change-Id: I29346c849a5e1ff3c2ea399671f9f50d075e9f18 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-30build: consistent use of CMAKE_INSTALL_LIBDIRNick Brown1-1/+1
Set the RPATH to based on CMAKE_INSTALL_LIBDIR so that libraries are correctly found. Type: make Change-Id: I82d649345edea2c5d3f6b3f43e3e5869b9e580a7 Signed-off-by: Nick Brown <nickbroon@gmail.com>
2021-09-30nat: doc nitfixesNathan Skrzypczak5-8/+8
Type: improvement Change-Id: I9a4303030b9657c28bbd73168def72c7daa13483 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-30vat2: do not require _crc field in API messagesFilip Tehlar1-6/+5
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Icc2ce594225c3197c9e5be8faa3dc2ee5b0a553e
2021-09-30misc: package the devtool pluginsAndrew Yourtchenko1-0/+8
a274c3a2ed8c4f1f38cb6f126326b4e6798869d2 has split the devtool plugins into a separate component, which caused them not to be packaged as part of the existing .deb, however this can still be useful to have them. This commit adds the new deb vpp-plugin-devtools which contains that component. Change-Id: I3cf44493745c3d4951ffd2194c6ae539e8ad5926 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-09-29nat: nat44-ed add session timing out indicator in api (2)Alexander Chernavin2-1/+146
Type: improvement Currently, NAT44-ED users sessions details are returned for both active and timed out NAT sessions. It may confuse users that expect to see only active sessions in the response and make them think that timeouts for NAT sessions do not work. With this change, introduce an indicator of timing out for NAT sessions returned in NAT44-ED user session details. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib4d689f77cec4b0b0cc8484019e13733cc8bdc0d
2021-09-29ikev2: build only when deps requirements are metFilip Tehlar2-113/+5
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I89bcc1ba804ded676b194dbda52704cd0c54a67e
2021-09-29classify: fix message IDs on API repliesMatthew Smith1-33/+42
Type: fix When the API cleanup of classify messages was done, the code was not updated to add the message enums to REPLY_MSG_ID_BASE. So the wrong message IDs are being sent back in replies to classify API requests. Add REPLY_MSG_ID_BASE when populated vl_msg_id on a reply. Change-Id: Ic7c828f14d42a346fc58fc9ff062b954f494cdbd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-09-29ipsec: Record the number of packets lost from an SANeale Ranns7-22/+102
Type: feature Gaps in the sequence numbers received on an SA indicate packets that were lost. Gaps are identified using the anti-replay window that records the sequences seen. Publish the number of lost packets in the stats segment at /net/ipsec/sa/lost Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I8af1c09b7b25a705e18bf82e1623b3ce19e5a74d
2021-09-29tap: Fix tap create with nsNathan Skrzypczak1-55/+24
This fixes the interface creation passing a netns. [0] made the renaming of the new tuntap interface before switching netns Thus, preventing creating an interface in another netns if one exists in VPP's netns with the same name. This also fixes restore netns on errors Type: fix [0] https://gerrit.fd.io/r/c/vpp/+/33696 Change-Id: I5c83bb37d664057bcf231cd0c636f0e51aa542ad Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>