summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-02-03ip nat: use ip rx sw_if_index in ip-local arc startFlorin Coras3-16/+39
This also changes the behavior of the nat44-ei hairpinning feature. Rather then enabling the feature on every nat interface, it is enabled only on local0. Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
2022-02-02prom: basic builtin prometheus stats exporterFlorin Coras6-0/+657
This is a vpp builtin alternative, not a replacement, for the existing vpp_prometheus_exporter. The plugin works by registering with http_static as a url handler for stats.prom and handles requests by scraping the stats segment in the main thread. It will therefore consume vpp process cpu cycles. By default the plugin is disabled. To enable, first start the http static server an then use "prom enable" cli. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If6888e965d1b2361f6a5546586068213d37079d1
2022-02-02bfd: restore the data within the packet after hash verificationAndrew Yourtchenko1-0/+5
The BFD delayed auth change test was failing intermittently within CI. Debugging has shown it depends on the initial random seed, e.g. the below will consistently fail: RND_SEED=1643734669.7126195 TEST='bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed' Same thing will happen with: RND_SEED=1643736595.1363552 RND_SEED=1643722239.8224792 The analysis of the behavior shown that the function that is doing the hash verification, modifies the content of the packet for the purposes of hash computation. In case of the auth rollover, this function may be called twice - resulting in the second comparison to be made with a bogus packet data, thus failing the check and the test. The above values of random seed are the ones where the test makes it to the point of this double comparison. The solution is to restore the data within the packet after the check from the array where we have copied it into before modifying the packet. Change-Id: Ibb09beb4b1230032db04527bbf38fa335651866b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-02-02http_static: add support for async tx from handlersFlorin Coras6-87/+161
URL handlers can send data asynchronously if needed. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I89eae690cb26543479c7659b5dc46604cbb22eba
2022-02-01gso: remove the assert if packet is geneve or gre encapedMohsin Kazmi1-4/+0
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I3265d4a3843b07c2e0050e297f1e014fc5b31cf7
2022-02-01virtio: coverity woes -- divide by zeroSteven Luong1-0/+7
Coverity complains the expression, j % vif->num_txq, may encounter divide by zero. While there is little chance that vif->num_txq is zero, it is easy to prevent divide by zero if vif->num_txq is ever zero. Type: fix Fixes: I337ec63d0868f665329d68eadf1744e080b73a0d Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I2e91f296737ce266ab70fffc1f442cc600724fa2
2022-02-01stats: vpp_get_stats crashes in stat_segment_data_freeSteven Luong1-0/+1
STAT_DIR_TYPE_EMPTY is not handled. This can happen when the interface is deleted. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic1f5a1a0e7005059628d1dde31118d692c1967d8
2022-02-01nat: memory leak on nat44_plugin_disableSteven Luong1-0/+2
We invoke nat_affinity_enable for nat44_plugin_enable. We need to invoke nat_affinity_disable for nat44_plugin_disable to free the memory for bihash. Type: fix Fixes: I2743f7b1104b627bcc5ef937e3a50655313a26ea Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I9adeb3225136e3fff853c2d5b8f9a30e98ddcf4c
2022-02-01nat: nat44-ei hairpinning code cleanupFilip Varga7-1547/+673
Removing obsolete unused nat44-ei nodes and functions. Type: refactor Change-Id: I1e03e283091c3c0d92908d04037cba00a348351a Signed-off-by: Filip Varga <fivarga@cisco.com>
2022-01-31ip: reassembly - add a way to disable for forusKlement Sekera11-34/+305
Add API to disable full reassembly of "forus" packets. Mark packets passing through ip[4|6]-local nodes with a new buffer flag and check for that flag in reassembly. Enable IP6 "forus" full reassembly by default to be consistent with existing IP4 setting. Type: improvement Change-Id: I7067792fcd4304182654237968e4c4d9293c6143 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2022-01-31ip: fix length calculation in ip6-receiveKlement Sekera1-1/+1
Replace unconditional usage of buffer->total_length_not_including_first_buffer with a logic checking whether that length is set to a valid value. Type: fix Fixes: 17478e4eb81d384f171ca27c9110a051cd434f16 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I161d0957d62cc23826edd821aa5560bcfc5c1a33
2022-01-30cnat: maglev fixes & improvementsNathan Skrzypczak7-103/+447
This fixes the maglev logic which previously included a wrong simplication. It moves the maglev logic to its own file, and adds a test function in the debug cli. Type: improvement Change-Id: I2790ae2a26fc1c5739ff02f41d436bfcafd5b380 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-01-30snort: feature support on interface outputSivaprasad Tummala4-12/+64
support snort plugin on interface output via ip4-output fa Type: feature Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com> Change-Id: I2d5e7d0719c03f88806b12debfe596675dbd66c1
2022-01-30perfmon: topdown level 1 and 2 for icxRay Kinsella4-63/+183
Topdown level 1 and 2 for Intel Ice Lake (ICX). Limiting topdown support to THREAD for the moment on Ice Lake, as NODE support is still unreliable. Also removing Topdown Level 1 from Sapphire Rapids onwards, as Topdown LeveL 2 also shows Level 1 on Sapphire, and it reduces the overall number of bundles. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Iaa68b711dc8b6fb1090880b411debadb3c37f8bc
2022-01-30perfmon: fix init of bundles with pseudo eventsRay Kinsella3-18/+41
Previously Linux pseudo events were being counted as multiple fixed events, such that a bundle with pseudo events could exceed the number of available fixed counters. Reworked to ignore pseudo events in the accounting for the moment. Type: fix Fixes: 0024e53ad Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Ic938f8266fd04d7731afbd02e261c61ef22a8522
2022-01-30perfmon: check for duplicates after other checksRay Kinsella1-3/+3
Move checking for duplicate bundle names after the other checks. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I7fed5be758814e166eb8756b3df090130ac13bfd
2022-01-30http_static: incorporate builtinurl pluginFlorin Coras7-53/+291
External handlers can still be registered via hss_register_url_handler but url handlers must be enabled when server is created. builtinurl plugin to be removed in a future patch Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I94e103d908b9e118c7927b997a21ce3f67809889
2022-01-30linux-cp: check if libmnl headers are presentFlorin Coras1-0/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icb86be8b37fa821f05300ee4415065ca96425fcb
2022-01-30perfmon: topdown backend bound core bundleRay Kinsella3-0/+118
Add a bundle to measure topdown backend bound core cycles, will indicate if any given execution port has contention. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I37d1b38c101ac42d51c10fa4452b822d34b729c9
2022-01-28linux-cp: Fix coverity issuePim van Pelt1-1/+1
Type: fix Possible negative return in open(), do not use curr_ns_fd if it is negative. Addresses Coverity issue 248535 Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I8429ede0f1fe9fe6619e3c4dbd83adb620ea62c2
2022-01-28misc: vppctl - fix coverity warningKlement Sekera1-4/+8
Calculate space left to silence coverity. Type: fix Fixes: 31f192434660 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9cd2e91ce74444e2625bf86721a8d3e44bf6afdd
2022-01-28misc: vppctl - fix coverity warningKlement Sekera1-0/+7
Check that provided path fits into defined buffer. Don't write too many bytes to avoid having an unterminated string. Type: fix Fixes: 31f192434660 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I1ea8b6d6a3474c032e542b6980ed14bac72093a8
2022-01-28linux-cp: Linux Control Plane Netlink ListenerNeale Ranns8-16/+1768
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6255fd9953d0b03e6b4fe75b67a6845a7c206f74 Signed-off-by: Pim van Pelt <pim@ipng.nl>
2022-01-27build: fix compilation on OpenSSL 3.0Damjan Marion3-0/+3
So far by suppressing depreciation messages, as there was no transition period. Type: make Change-Id: I9887613fd71a22bf11bf22a04c129aca4a16867f Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-27vppinfra: sparse_vec_free free should free the sparse_vec_header not the ↵Neale Ranns1-1/+10
embedded vec_header_t Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie9532543c4d4439beec8ce097eafa34588ad1266
2022-01-27perfmon: frontend and backend boundness bundlesRay Kinsella6-68/+334
Renamed memory stalls to topdown backend-bound-mem, added topdown frontend-bound-latency and frontend-bound-bandwidth. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I70f42b6b63fe2502635cad4aed4271e2bbdda5f1
2022-01-27perfmon: prune bundles by available pmu countersRay Kinsella4-7/+64
Prune perfmon bundles that exceed the number of available pmu counters. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I70fec26bb8ca915f4b980963e06c2e43dfde5a23
2022-01-27http_static: code cleanupFlorin Coras5-351/+225
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic8838c8ef558d671740094a98b5a627a18c8c808
2022-01-27perfmon: add cli to show perf configRay Kinsella2-9/+37
Added a cli to show Linux perf config for a give perfmon bundle. This makes it easier to format Linux perf commands for next level analysis. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I9adafa7d441b72120390d186e3c8f884b1bc9828
2022-01-26hsa: cleanup and rename http test serverFlorin Coras2-206/+156
- cleanup data structures, functions and cli - remove option to return static html. For similar results, use http static server - rename to http_cli.c as it better describes what the app does Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I502e7566fba4376c68fbe41de9e45079a159e864
2022-01-26http_static: refactor to use http transportFlorin Coras5-774/+276
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I66396a1879eb3c87ef64783eab82a22896413cd0
2022-01-26http: generalize buffer implementationFlorin Coras6-73/+323
And add support for passing of pointers Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ida3e5ae4ff7842366ae92a5f33c5e761355951a6
2022-01-26dpdk: not having cryptodev resources should not produce warningsDamjan Marion1-4/+1
Type: fix Change-Id: Ifb2e4d93dcf8648b1bd66f4c0ee937295683bd87 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-25vppinfra: add support for mask_compare for u64Mohsin Kazmi2-0/+103
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ie323a8445f8540cd26d92eb61807afad7f7a0b74
2022-01-25http hsa: avoid extra space in requestFlorin Coras2-12/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70f22350811ef3cd029d69af75659f95cc9a74c8
2022-01-25api: vapi: honor non-blocking settingKlement Sekera2-12/+25
Pass correct conditional based on how vapi is configured wrt blocking. Type: fix Fixes: 3fca567ff438145e28dd1318ad5b1734c1091257 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I47adca19f104d7a758cb2940e93c9fd8c7cc9bfa
2022-01-25ip: reassembly - fix missing ip6 owner thread initKlement Sekera1-0/+1
Initialize ip6 memory owner thread index in reassembly context to avoid unnecessary handovers. Type: fix Fixes: 630ab5846bceddf8d663e9f488a2dc0378949827 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2996caf1f82a0649c97d481b74dce24a96dce326
2022-01-25bonding: refactor bonding hash functions to vnet/hashSteven Luong5-294/+409
- move bonding hash functions to vnet/hash - register the corresponding hash function when the bond interface is created - remove floating point vec256 usage - split bond_tx_inline into bond_tx_hash and bond_tx_no_hash Type: refactor Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I1698023c48470290d11c9b2bd00996eee9aa079d
2022-01-25http: fix rescheduling when transport fifo fullFlorin Coras1-3/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5ae1039fd614865154bae94150371e42f3e6fd2a
2022-01-24wireguard: fix passing argumentGabriel Oginski1-1/+1
Fixed coverity-issue CID 248456. Originally passing argument of type "uint64_t *" to function: "memcopy_s_inline". This patch fixes the problem by changing type of passing argument and make a portable assumption. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I17e4583a05ea1263e4d8a4acc9949454e5fd92c0
2022-01-24nat: TCP state tracking based on RFC 7857/RFC 6146Klement Sekera10-332/+589
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs are no longer required/tracked. This is more friendly to peers and accounts for lost packets and retransmits. This change also means that all traffic is translated and forwarded while in transitory timeout, which helps delivering e.g. retransmitted FINs, FINACKs and other messages. Also support reopening a session in transitory timeout after seeing both FINs by seeing both SYNs again. This helps quick connection reestablishment if the peers want to. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
2022-01-24dpdk-cryptodev: add support chacha20-poly1305Gabriel Oginski4-6/+44
Originally cryptodev doesn't support chacha20-poly1305 with aad length 0. This patch add support in cryptodev for chacha20-poly1305 with aad length 0. This length is using in Wireguard. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
2022-01-24policer: fix memory leakLeung Lai Yung1-1/+4
Type: fix policer_add_del does not free "clib_error_t*" when it is not null. Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com> Change-Id: I00ad8e53797e46adeb1819856262bb9f3c068c63
2022-01-24sr: fix coverity warningKlement Sekera2-7/+0
Remove dead code. Pool element cannot be NULL. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7812efdcdc414af8352474c4e527c878d2e2c459
2022-01-24ip6-nd: fix coverity warningKlement Sekera1-6/+3
Restructure code to avoid NULL dereference. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: If3a4319f1b93af272b7b315a9b15ba4ee1f8e7ae
2022-01-24vppinfra: fix compilation on riscvDamjan Marion1-8/+10
Type: fix Change-Id: I2bc58a711c9429d7989bfd0bfccd289d43fc35d0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-01-22session: separate transports from apps in show cliFlorin Coras1-11/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If9d6153ddce836ec34842fb5e581b2f4565e33df
2022-01-22session: update time for list of subscribersFlorin Coras4-1/+53
Instead of constantly scanning all transport vfts for update time functions, build list at transport enable time. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id5c07cc03ee1fdd072ebbbd40119d1a440a5e3b1
2022-01-21wireguard: add async mode for decryption packetsGabriel Oginski5-217/+445
Originally wireguard doesn't support async mode for decryption packets. This patch add async mode for decryption in wireguard. In addition, it contains some performance improvement such as prefetching packet header and reducing the number of current time function calls. Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ieba6ae0078f3ff140c05b517891afb57232b3b7d
2022-01-21wireguard: add async mode for encryption packetsGabriel Oginski11-107/+616
Originally wireguard doesn't support async mode for encryption packets. This patch add async mode for encryption in wireguard and also adds support chacha20-poly1305 algorithm in cryptodev for async handler. In addition it contains new command line to activate async mode for wireguard: set wireguard async mode on|off and also add new command to check active mode for wireguard: show wireguard mode Type: improvement Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6