summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-11-23ip: unlock_fib on if deleteNathan Skrzypczak5-80/+116
On interface delete we were not removing the lock taken by a previous ip_table_bind() call thus preventing the VRFs to be removed. Type: fix Change-Id: I11abbb51a09b45cd3390b23d5d601d029c5ea485 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-11-22vlib: add virtual time supportBenoît Ganne4-15/+121
Type: feature Change-Id: Iabd76558e9c72ed8286cfeeb1fbaa4fde4832a90 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-11-22wireguard: add local variable in handshake processGabriel Oginski1-2/+4
Originally handshake process gets pointer to value of index peer. In the meantime this pointer can be invalid due to resize hash table for wireguard and passed poison value to another function. The fixes add local variable to keep index of peer instead of value from pointer. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I1b2535c44b4f987d19077c75c778aaa5ed71a457
2021-11-22gso: implement gso segementation copy with checksumMohsin Kazmi3-18/+240
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Iec9dacde170533ca16e8117787e62da8af69ae96
2021-11-22vlib: fix coverity warningKlement Sekera1-1/+1
Use correct signed type to allow testing for a failure (-1) from readlinkat(). Type: fix Fixes: 5714a49f14 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I06f1c8d91e907c151012ff9758c6b52caca4d625
2021-11-22dpdk: fix coverity warningKlement Sekera1-0/+2
Add a hint so that it's obvious that fall through in switch statement is intentional. Type: fix Fixes: 34c54dff5c Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I12271227424761fb89b03a390f626c2ab466472c
2021-11-22snort: fix coverity warningKlement Sekera1-2/+11
Add error handling for incomplete read. Type: fix Fixes: 839b1473e9 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibf1b2f633793510244ea1aa6af0902021aeb67ad
2021-11-22snort: fix coverity warningKlement Sekera1-2/+2
Add a cast to avoid coverity warning about potential integer underflow. Type: fix Fixes: 839b1473e9 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iae913e51c1e25aaeca6ce70438451c640d347383
2021-11-22vppinfra: annotate pool_dup() for asanBenoît Ganne1-22/+24
When using AddressSanitizer, pool objects are poisoned, but pool_dup() deep copy is ok. Type: fix Change-Id: Id801c4ab35666474a297d885c4b92878e44feab6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-11-22vppinfra: fix the memory leak while doing clib_bihash_freeHan Wu1-0/+1
Type: fix Signed-off-by: Han Wu <wuhan9084@163.com> Change-Id: I6ad3c313dcab5ed193c135676c1cebd0a141fea1
2021-11-22ipfix-export: support sending of ipv6 pktsPaul Atkins1-62/+176
The current code that sends ipfix packets assumes IPv4. Modify this so that it generates and sends packets based on whether the destination address is IPv4 or IPv6. Where code is common across multiple places pull it out into helper functions. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I216c6c4c1b58cacedca22019f74a38c64a368b7e
2021-11-22ipfix-export: Change exp to use ip_addressPaul Atkins8-73/+92
Modify the ipfix_exporter to use ip_address instead of the ipv4 specific version. Modify the current code so that it writes into the v4 specific part of the address, i.e. we are not yet fully supporting IPv6. For the exporter configured via the original API (the one that is always in slot0) we will not support IPv6 addresses. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ic9854ac62aaee76a7a55a958234c456fd9828c4c
2021-11-22ipfix-export: rename variables when building bufsPaul Atkins1-40/+40
Rename the local variables used when building ipfix export packets to make it clear that they are v4 specific variables. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I3a5a623aeb0b6f2b7fcdafb3fc19c500934c529b
2021-11-22ipfix-export: refactor params to the callback fnsPaul Atkins9-86/+46
When a new flow-report is created the caller provides 2 callback functions. These functions both take a pointer to the exporter, plus a pointer to the source and dest address. However the pointers to the address are not adding any value as these are always set to the src/dest addresses of the exporter (which is already being passed). Remove these parameters and leave the callback functions to get the addresses out of the exporter. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I36dec394f30e85cdca120dd8706b5d90f5e07c48
2021-11-22ipfix-export: Add APIs to get/send buffersPaul Atkins3-0/+234
The ipfix exporter should be doing most of the work of building packets and sending them rather than leaving every client of the exporter to do all the work themselves. Start to move towards that by adding APIs to get and send buffers. Store the state of this in new per thread data on the report so that we can send with minimal use of atomics. We do need an atomic for the sequence number in the packet though as that contains the number of data_records sent for the 'stream', not just for a single core. As the state is stored on the flow_report_t the caller needs to know which report they are using, so add a field to the args struct used to create the report that is used to pass back the report index on success. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I222b98a3f0326b3b71b11e0866a8c9736bed6dc1
2021-11-22ipfix-export: add a new API to dump all exportersPaul Atkins2-1/+86
Add a new API to dump all the exporters. As the destination struct type is not the same as for the existing dump/details API no attempt is made to use the existing code to populate the structure. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I409f80285b107a530e0e4f3c6a047a803815a0ec
2021-11-22ipfix-export: support creating multiple exportersPaul Atkins4-45/+169
The existing api set_ipfix_exporter only allows for the creation of a single exporter. In some cases it is desirable to export data to multiple different destinations. Allow users to create multiple ipfix exporters to support this. Add a new api that allows for the creation of multiple exporters, and store them in a pool of exporters. The exporter created by the old API will always be in index 0 of the pool. Exporters created by the new API will be given the next available index in the pool, and will return this index to the API caller so that they can track the exporter they created. The collector_address is the key for the exporter, so changes can be made by doing a further call to the API with the same collector_address. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Id71c98cffcf8d141d890b40fb90a40b90a91d1d6
2021-11-22ipfix-export: refactor ipfix_exporter_t_handler fnPaul Atkins1-34/+34
Split this api handler into 2 parts. The first is the top level handler and the second is the internal helper function that does all the work. This is in preparation for having a similar API that allows multiple exporters to exist at the same time. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ibd4037682742f4c2f52b4cd1346d35fb2029461d
2021-11-22ipfix-export: pass an exp to flow_report_add_delPaul Atkins10-251/+209
Pass an ipfix_exporter to this function so that callers can choose which exporter they are modifying. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: Ice0ed19a57baf15b1dc85cd27fe01913e36d7f4f
2021-11-22ipfix-export: make stream fns exporter awarePaul Atkins1-18/+11
The functions that work on streams were getting the set of streams directly from flow_report_main. Modify them to take an ipfix_exporter as an argument, and then any processing they do is only for this exporter. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I32bd9a6ba32a15ec4d4ec9556a9b75f3d83fcd6e
2021-11-22ipfix-export: refactor fields in flow_report_mainPaul Atkins9-133/+183
Pull out the fields in flow_report_main_t that are specific to a single exporter and move them into a new structure that represents an exporter. Add a pool of exporters to flow_report_main_t and do a pool_get() to get the entry at index 0, so that the existing users of the code need only change the path at which they access the old fields and have no need to make further code changes. In functions that were accessing the fields that now make up the ipfix_exporter create a local var that points to the first (always valid) exporter and use this as the base for the fields rather than finding them from flow_report_main. This is in preparation for supporting multiple flow_exporters. Note that at the moment the code supports multiple 'streams' for a given exporter, where each stream has its own source port, domain id and template space. But all streams within an exporter have the same destination address, so this is not the same as multiple exporters. Type: refactor Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I49f5c7fb9e901773351d31dc8a59178c37e99301
2021-11-19tls: add option to config additional segment sizeFlorin Coras2-4/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-11-19fib: Don't use [midchain] adjacencies to change an interface's feature arcNeale Ranns29-298/+371
Type: fix Using the adjacency to modify the interface's feature arc doesn't work, since there are potentially more than one adj per-interface. Instead have the interface, when it is created, register what the end node of the feature arc is. This end node is then also used as the interface's tx node (i.e. it is used as the adjacency's next-node). rename adj-midhcain-tx as 'tunnel-output', that's a bit more intuitive. There's also a fix in config string handling to: 1- prevent false sharing of strings when the end node of the arc is different. 2- call registered listeners when the end node is changed For IPSec the consequences are that one cannot provide per-adjacency behaviour using different end-nodes - this was previously done for the no-SA and an SA with no protection. These cases are no handled in the esp-encrypt node. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If3a83d03a3000f28820d9a9cb4101d244803d084
2021-11-19af_xdp: integrate with new tx infraarikachen3-31/+83
Type: improvement Signed-off-by: arikachen <eaglesora@gmail.com> Signed-off-by: Benoît Ganne <bganne@cisco.com> Change-Id: If8d57bcf033864935bd5e3a9912b2c1a7c712f44
2021-11-18af_xdp: introduce to netns apiarikachen7-10/+227
In some situation, we support to deploy vpp as per host and handler packet in container, so we use xdp to redirect the flow. Type: improvement Signed-off-by: arikachen <eaglesora@gmail.com> Change-Id: Iab42d6a0abb2b330a284d519018a90aff2fa4371
2021-11-18session: deprecate mq segments basevaFlorin Coras2-15/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5b6cb8dd9db7e003a470ca4aeb8472fa7cb9a128
2021-11-18session: improve wrk mq segment allocationFlorin Coras3-53/+62
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9e5438a2f82762aa8a88bbacf4290151ef30969e
2021-11-18ip: comparing IP prefixes should not modify themNeale Ranns5-13/+40
Type: improvement make the ip_prefix_cmp take const paramenters. plus some other miscellaneous functions. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib69bacfb09483a8a8f8b89900c92d3d55c354ac6
2021-11-17session: fix state check in switch poolFlorin Coras1-3/+3
This affect udp only Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5e05e9c77b733b9e10c14cc9ef610c9bff216fa0
2021-11-17session: support close during migrationFlorin Coras2-9/+41
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ife1e046b62bb0679419fd1346e973d0e3ea55489
2021-11-17session: try to coalesce ct accept rpcsFlorin Coras1-7/+44
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I11de851949afd90a37c102ed0c00969a4cc73df4
2021-11-17ip6: ip6_not_enabled_node is a sibling of ip6-dropPaul Atkins1-6/+2
The node ip6_not_enabled should be marked as sibling of ip6-drop as both are start nodes of the ip6-drop arc. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I212c25444a81b11d8085ba7930ddb67b47502d5c
2021-11-17ipfix-export: remove unused code in flow_report.hPaul Atkins1-2/+0
There are no implementations for this function so remove it. Type: improvement Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I793b015ea1657edd1de719c2a574799aeb8b74d5
2021-11-17ipfix-export: tidy code style in flow_report.cPaul Atkins1-46/+46
Indent sections of code properly in vec_foreach loops. Type: style Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I90183ace164df753f3f47b6c4a6305ded21d744d
2021-11-17ipfix-export: set msg id correctly for dump msgPaul Atkins1-1/+2
When sending the reply to the VL_API_IPFIX_EXPORTER_DUMP message the message id has to be added to the message base. Type: fix Signed-off-by: Paul Atkins <patkins@graphiant.com> Change-Id: I9565be7887046739b5f309e021f34ed75c9e370e
2021-11-17nat: VPP crashes when route is not reachableDaniel Béreš1-0/+3
The problem was reproducible only with icmp packet type when det44 in, out interfaces were swapped. Dst addr was unknown but packet has been forwarded. Type: fix Ticket: VPP-1958 Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech> Change-Id: Ie446cf2ac866955cc668fe2848f954a2ef92e3fa
2021-11-17nat: det44 plugin session scavenging fixFilip Varga1-15/+27
det44 plugin process node would only run once on the first plugin enable call. this patch ads the required calls into while loop in the process node funciton. Type: fix Change-Id: I38c94b29fd1e2c842a1330e8628e3019f23f2b69 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-11-16vlib: fix coverity warningKlement Sekera1-1/+0
Remove now unused computation result. Type: fix Fixes: 3f8b8d30cade20afa8975a5e7a6d79346cec8f3e Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iea142cb044d31e364fdc5b8b6dd69681e77d745f
2021-11-16perfmon: fix coverity warningKlement Sekera1-2/+9
Check for possible hash lookup failure to avoid NULL dereference. Type: fix Fixes: e15c999c30 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib806b4d124be26fbccf36fe9d19af1aec63f487b
2021-11-16session: add per worker ct contextFlorin Coras1-26/+43
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie20dc1e369735965bd780f04cd8703c099065fcc
2021-11-16vapi: verify message size when receivedKlement Sekera3-18/+51
Verifying message size including VLA size allows to dismiss some coverity warnings in generated code. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I824658881254b3e7a9bfca228a266cfee448cc2e
2021-11-15session: postpone ct segment deleteFlorin Coras1-47/+70
Only delete segments only after both server and client detach. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idea6b2141f406aad1f19a5312ecea89d35f2b5de
2021-11-15vcl: add DSCP support in VCLFilip Tehlar5-0/+17
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I835675267c997b5dc92a0aaccdb58648bc786bb9
2021-11-15misc: vppctl - remove the dependency on vppinfraAndrew Yourtchenko1-89/+158
56f54af21d18f9fdd471b81db77a3942b0aa4d9c introduced the new memcpy. It also made a vector support mandatory in order to compile anything that depends on vppinfra. This broke extras/scripts/build_static_vppctl.sh Since the vppctl is just a two-pronged epoll+basic telnet client handler, remove dependencies on the vpp infra libs, and trim the build script accordingly. Change-Id: I394bc65c485cbf8e7143a818ca0c86367bb15d90 Type: improvement Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-11-15vppinfra: fix masks in AVX512 clib_count_equal_*Dmitry Valter2-31/+40
Mask result of uAxB_is_equal_mask when buffer is masked. Otherwise it return vector length B as a result for zeroed words. This bug caused crashes in error_drop in tests on Ice Lake. Type: fix Fixes: 7459be1b3626b608e60df574343a1432a068ebce Change-Id: I56183e77f8a8ab6c530e79b465067958de84dceb Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
2021-11-15memif: fix the coverity warningMohsin Kazmi1-5/+8
Type: fix Fixes: 2bae16b238bd ("memif: fix the default txq placement") Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8fbb2aa92dc31d84a5cd0f7b9a3c7f39dfb064ee
2021-11-15perfmon: rename bundle to memory stallsRay Kinsella2-9/+9
Rename the memory bandwidth bundle to memory stalls, to differentiate it from the bundle that measures memory controller bandwidth boundedness. Type: refactor Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I828c73b6f769046e1ab592712bdf81ceefcd7911
2021-11-15fib: re-evaluate the import/export state of a prefix.Neale Ranns5-77/+225
Type: fix re-evaluate the import/export state of a prefix when the interface it is attached to rebinds to a different table. Only attached routes have import/export requirements, so we can back walk from the glean adjacency when the interface rebinds tables. There are two cases to consider. 1. the rebind may change the prefix from/to import 2. the import VRF may change Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I25b6af43b3b2d8f701dfbe7a08710dc56b3f5778
2021-11-14flowprobe: right values in records from subinterfacesDaniel Béreš1-2/+14
Skip 802.1q headers due to correct EtherType, ip addresses, ports. Ticket: VPP-1997 Type: fix Change-Id: I1a552fa6abe5b1459dd7d2c5ac6ad0f62c51417c Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
2021-11-12session: add support for DSCPFilip Tehlar3-7/+12
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I817b1503ada1ae53c1134a85263f9b801d74e88a