summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-04-17vppinfra: native poly1305 implementationDamjan Marion5-6/+544
Type: feature Signed-off-by: Damjan Marion <damarion@cisco.com> Change-Id: Ic170464d7c63f243e7e676567d41d800647ebec3
2023-04-17build: add scalar (no-simd) march variantDamjan Marion4-3/+18
for testing purposes, disabled by default Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com> Change-Id: Id616e2b3b21ae0f0b44e2b55ecefd501afacc7f2
2023-04-17vppinfra: table based crc32c for targets without crc32c instructionsDamjan Marion1-0/+71
Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com> Change-Id: I45cef390c72f2102c8c3d94f49bed7d0e0e0d7b2
2023-04-17vppinfra: add format_hexdump_u{16,32,64}Damjan Marion2-0/+69
Change-Id: I0eeccfc5739276d58a81a6552a043c6c105fe67a Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-04-14linux-cp: Handle RTA_VIA routes.Adrian Pistol1-2/+3
RTA_VIA allows routes to have a next-hop in a different address family. This commit makes linux-cp import those types of routes correctly, instead of importing the routes without a gateway. This uses rtnl_route_nh_get_gateway, which is available since libnl 3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports. Type: fix Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121 Signed-off-by: Adrian Pistol <vifino@posteo.net>
2023-04-13nat: distribute nat44-ed in2out sessions by rx vrfVladislav Grishenko1-1/+3
Nat in2out sessions are distributing among workers by client addresses. In case there's multiple client vrfs with very similar client addresses (usually from rfc1918), session distribution/load can be unfair just due similar hash. Let's take dynamic client fib_index into account, it'll affect external port range only, outside address picking has own address-based hash therefore not affected. Type: improvement Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-04-13nat: fix the wrong unformat typeTed Chen2-2/+2
The unformat type for "%d" should be u32 or int. Type: fix Signed-off-by: Ted Chen <znscnchen@gmail.com> Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
2023-04-13nat: adding a new api nat44_ed_vrf_tables_v2_dumpDaniel Béreš2-0/+76
Adding api nat44_ed_vrf_tables_v2_dump which may replace nat44_ed_vrf_tables_dump in the future. - fixing endianess Type: improvement Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech> Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
2023-04-12vlib dhcp: default to logging without elogsFlorin Coras1-1/+1
Some components, like dhcp, log constantly changing strings which in turn forces elog string table to grow unbound. To avoid this, as a workaround, only turn on elog logging if requested. Actual fix that adds configuration for logging subclasses should come in a later patch. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6
2023-04-12ip: punt socket - take the tags in Ethernet header into considerationAndrew Yourtchenko1-1/+2
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t), which is incorrect if the header is tagged - resulting in truncated destination MAC address. Use ethernet_buffer_header_size() instead, which takes tags into account. Also add the unittest that verifies the issue and the fix. Type: fix Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-04-12misc: change of addressMohsin Kazmi4-4/+4
Type: style Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
2023-04-11linux-cp: don't create tap for non-eth ifacesStanislav Zaikin1-0/+8
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it. Type: fix Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-04-11rdma: disable compressed CQE mode for txq CQJieqiang Wang1-3/+1
Previously we encountered the issue of failing to create completion queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128 if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not satisfy the requirement of 64B size CQE by RDMA plugin. We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"), but some of CSIT test cases failed due to this code change. It turns out that we don't need to specify compressed CQE mode for txq CQ because RDMA tx doesn't have the code logic to handle compressed CQEs, which might cause unexpected behavior if it is enabled. Type: fix Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5") Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
2023-04-10vlib:process node scheduling use timing_wheel have problem.jinsh2-2/+6
The time wheel should not be started in the loop while processing expired events. can be set p->stop_timer_handle = ~0 to solve. Type: fix Signed-off-by: jinsh <jinsh11@chinatelecom.cn> Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2023-04-06vlib: reset stop_timer_handle on expired processesMatthew Smith1-8/+23
Type: fix The main loop populates a vector of suspended process nodes to dispatch by calling TW (tw_timer_expire_timers_vec), which identifies expired timers and appends the user handle for each one to the vector. Subsequently, the vector is iterated and the process node corresponding to each handle is dispatched. The vast majority of the time, the process node will end up suspending itself again to wait for a new timer or event. Given a process node A whose timer has expired, between the point when the timer expired and the point when A is dispatched and suspends itself again, its stop_timer_handle contains a stale value. If another process node B is dispatched before A is dispatched, it may end up using the timer ID that A formerly used. If another process node C is dispatched after B and before A and calls vlib_process_signal_event() to signal A, the timer started by B can be deleted by vlib_process_signal_event_helper(). After getting the vector of process node IDs for expired timers, reset the stop_timer_handle on each of those nodes. Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2023-04-06vppinfra: refactor uword bitmapsDamjan Marion5-42/+114
Type: improvement Change-Id: I4f05a0435825cd23b8ad8a6f8f1397e60c522319 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-04-04session: fix ct connect session flush assertFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
2023-04-02vlib: add vlib_frame_bitmap_{set,clear}_bit_at_indexDamjan Marion1-0/+16
Type: improvement Change-Id: I5703728f680f0c8431e4099b398827bd094b60df Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-31nat: fix nat44 vrf handlersDaniel Béreš1-2/+2
Change of enums used in REPLY_MACRO() to appropriate one for handlers: -vl_api_nat44_ed_add_del_vrf_table_t_handler -vl_api_nat44_ed_add_del_vrf_route_t_handler Type: fix Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
2023-03-31ip: support flow-hash gtpv1teidTakeru Hayasaka8-14/+98
support with GTPv1 TEID added to the flow hash. This can able to ECMP to PGW and parallelization. Type: feature Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
2023-03-30session: async flush of pending connects to workersFlorin Coras1-32/+109
Since connects can be done without a worker barrier, first worker should flush connects to destination workers only after session layer has a chance to fully initialize the half-open session. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
2023-03-30vlib: fix segfault on panic in workerMikhail Sokolovskiy1-1/+7
Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit field on initialization, so this jump corrupts registers and causes segfault. There I add clib_warning and abort if longjmp context hasn't been set. Type: fix Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com> Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202
2023-03-29dpdk-cryptodev: fix name formatting of session poolsGabriel Oginski1-2/+2
Originally the name for each session pool is incorrectly prepared. It doesn't have right length. It is not null terminated. The fix corrects the name formatting for each session pool. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
2023-03-27vppinfra: small improvement and polishing of AES GCM codeDamjan Marion2-74/+95
Type: improvement Change-Id: Ie9661792ec68d4ea3c62ee9eb31b455d3b2b0a42 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-24api: Remove deprecated message from APIOndrej Fabry3-57/+0
Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
2023-03-24udp: fix udp_local length errors accountingVladislav Grishenko1-31/+64
In case of UDP length errors in udp_local node, these errors are being lost and incomplete header may be advanced by wrong offset. Fix it with only full packets processing and explicit error set otherwise. Also, optimize two buffer loop perfomance into fast path with both buffers are ok and slow path with one or none. Type: fix Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-03-24dpdk-cryptodev: fix formatting name of poolsGabriel Oginski1-2/+2
Originally the name for each session pool can be incorrect prepared. The fix changes formatting for name for each session pool. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
2023-03-24session: fix session node switching to interrupt mode failded if no user eventsXiaoming Jiang1-2/+2
wrk->event_elts has 5 elements if no user events Type: fix Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com> Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
2023-03-23session: fix formatting of half open sessionsFlorin Coras1-2/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
2023-03-23vppinfra: AES-CBC and AES-GCM refactor and optimizationsDamjan Marion15-2294/+3308
- crypto code moved to vppinfra for better testing and reuse - added 256-bit VAES support (Intel Client CPUs) - added AES_GMAC functions Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-23ipsec: make pre-shared keys harder to misuseBenoît Ganne10-137/+208
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2 instead, but one does not always have the choice. For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix C) whereas for AES-CTR or AES-GCM, the IV should never be reused with the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d section 8). If one uses pre-shared keys and VPP is restarted, the IV counter restarts at 0 and the same IVs are generated with the same pre-shared keys materials. To fix those issues we follow the recommendation from NIST SP800-38a and NIST SP800-38d: - we use a PRNG (not cryptographically secured) to generate IVs to avoid generating the same IV sequence between VPP restarts. The PRNG is chosen so that there is a low chance of generating the same sequence - for AES-CBC, the generated IV is encrypted as part of the message. This makes the (predictable) PRNG-generated IV unpredictable as it is encrypted with the secret key - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine Most of the changes in this patch are caused by the need to shoehorn an additional state of 2 u64 for the PRNG in the 1st cacheline of the SA object. Type: improvement Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2023-03-23ipsec: add per-SA error countersArthur de Kerhor11-115/+337
Error counters are added on a per-node basis. In Ipsec, it is useful to also track the errors that occured per SA. Type: feature Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2023-03-23vnet: throttling configuration improvementMaxime Peim6-18/+14
To allow a more flexible throttling configuration, the number of bits used in the throttling bitmap can be chosen. Type: improvement Signed-off-by: Maxime Peim <mpeim@cisco.com> Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
2023-03-22session: add session statsFilip Tehlar5-13/+99
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
2023-03-22build: fix rpm build error with test_infraTianyu Li1-0/+1
RPM build errors: error: Installed (but unpackaged) file(s) found: /usr/bin/test_infra Add NO_INSTALL tag in CMakeLists to avoid installing test binary. Type: fix Fixes: c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b
2023-03-21linux-cp: fix get_default_ns api methodStanislav Zaikin1-13/+7
Type: fix Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920 Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
2023-03-21papi: vla list of fixed stringsOle Troan2-4/+28
Handle a variable length array of fixed strings. Like: fixed_string = VPPType("fixed_string", [["string", "data", 32]]) s = VPPType("string_vla", [["u32", "length"], ["fixed_string", "services", 0, "length"]]) Previously instead of packing and unpacking as strings, exception packed as u8 instead of list. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I501a8a4755828042e1539fd5a54eacec21c5e364 Signed-off-by: Ole Troan <ot@cisco.com>
2023-03-20wireguard: fix sending peer events from worker threadsAlexander Chernavin1-5/+23
Type: fix API clients can register for peer events (e.g. to be notified when connection is established). In a multi-worker setup, peer events might be triggered from a worker thread. In order to send a peer event to the clients, an API message needs to be allocated and populated. API messages allocation is only allowed from the main thread. Currently, the code does not handle the case when a peer event is trying to be sent from a worker thread. In debug builds, when this happens, it causes SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 || vlib_get_thread_index () == 0" fails. In production builds, when this happens, it might cause unexplained behavior. There is a test that is supposed to catch this but all multi-worker Wireguard tests are currently disabled. This problem is likely to be one of the reasons they were disabled. With this fix, when a peer event is triggered from a worker thread, allocate and send corresponding API message from the main thread using RPC. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
2023-03-20ipsec: set fast path 5tuple ip addresses based on sa traffic selector valuesPiotr Bronowski1-4/+35
Previously, even if sa defined traffic selectors esp packet src and dst have been used for fast path inbound spd matching. This patch provides a fix for that issue. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
2023-03-19vppinfra: fix pool free bitmap allocationVladislav Grishenko3-1/+58
Using clib_bitmap_vec_validate makes free bitmap vector to be x64 times bigger (assuming x86_64) than necessary when non-zero and possible oom due (u32)(0 - 1) math with zero alloc. Fix it with clib_bitmap_validate which takes bit size, not index and ensure at least one bit is allocated. Type: fix Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9 Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
2023-03-18vppinfra: fix corner-cases in bihash lookupDave Barach18-39/+205
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL table, the code would sporadically return a transitional value (junk) from a half-deleted kvp. At most, 64-bits worth of the kvp will be written atomically, so using memset(...) to smear 0xFF's across a kvp to free it left a lot to be desired. Performance impact: very mild positive, thanks to FC for doing a multi-thread host stack perf/scale test. Added an ASSERT to catch attempts to add a (key,value) pair which contains the magic "free kvp" value. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
2023-03-17vppinfra: move sha2.h to crypto/Damjan Marion2-1/+591
Type: refactor Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-17vppinfra: auto-free test memoryDamjan Marion5-59/+10
Type: improvement Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-17vppinfra: add FOREACH_ARRAY_ELT macroDamjan Marion1-0/+2
Type: improvement Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-16vppinfra: add clib_crc32c testcase into infra testsAndrew Yourtchenko2-0/+55
Type: test Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2023-03-16session: support active opens with same source portFlorin Coras2-3/+14
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
2023-03-15vppinfra: widen the scope of test_vector_funcsDamjan Marion12-23/+23
Location changed and binary renamed to test_infra Also it is built by default. Type: improvement Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-15crypto-native: 256-bit AES CBC supportDamjan Marion8-86/+369
Used on intel client CPUs which suppport VAES instruction set without AVX512 Type: improvement Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-15build: add support for intel alderlake and sapphirerapids, part 2Damjan Marion1-1/+3
Type: improvement Change-Id: I64ca5bd3a959190111f61c5311a908d242c10bad Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-03-15dma_intel: fix potential invalid batch statusMarvin Liu1-5/+6
DMA batch status was set by hardware. Its value may be variable between cpus twice accesses. Saving the value of status can fix it. Type: fix Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: Ibc9337239555744a571685b486c986991c3e9b18