summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-03-21wireguard: dont stacksmash bad peer base64 keysJon Loeliger1-1/+1
Just like commit 252647482b24bb3474e8f13bc86100718176832f did for Wireguard interface keys, prevent stack smashing the peer keys. Integer math on 32 bytes of base64 data might yield 33 bytes of data in some poorly formed user input of private key values. Rather than smashing the stack (detected) and aborting, simply allow for the possible yet irrelevant 33-rd byte of data. Type: fix Fixes: edca1325cf296bd0f5ff422fc12de2ce7a7bad88 Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
2022-03-21wireguard: improve peer dump detailsJon Loeliger2-11/+22
- Add peer_index, table_id, and keep-alive. - Fix some lingering cut-n-paste issues in the API file. Type: improvement Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I6fc0729ba0268bbcda0248f680979c44e68b6b0c
2022-03-21vppinfra: add new bihash exportsNathan Skrzypczak3-69/+185
This adds two new exported functions for the clib_bihash * clib_bihash_add_with_overwrite_cb allowing to pass a callback to be called on overwriting a key with bucket lock held. * clib_bihash_add_del_with_hash doing an add_del with a precomputed hash. Type: feature Change-Id: I1590c933fa7cf21e6a8ada89b3456a60c4988244 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-21hsa: add support for SAPI in vpp_echoFilip Tehlar5-48/+491
Type: feature Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: If24a43b7f79e05092306562c192de03994dec550
2022-03-18vppinfra: deprecate vec numa macrosDamjan Marion5-220/+101
More generic vector heap code coming in another patch... Type: refactor Change-Id: I2327128fb3aba9d5d330f46a35afec32e1e3942e Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18session: add infra for safe pool reallocsFlorin Coras2-0/+148
This is not to be used lightly. The idea is to forces pool reallocs to be done only on main thread with a barrier to make sure pools are always reallocated without peekers/readers. If rpcs are delayed and the pool runs out of elements, workers will block waiting for barrier and force the realloc. Consumers of this api should be session layer and transports. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I533272a29534338935a3fcf7027c0e7af2ca948c
2022-03-18udp: avoid grabbing vlib main if not neededFlorin Coras1-6/+4
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I88a747cac70cb88755f50c7b337207f4ba256530
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion14-113/+56
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18vppinfra: deprecate vec_free_h()Damjan Marion7-18/+10
vec_free() does the work Type: refactor Change-Id: I8a97607c3b2f58d116863642b32b55525dc15d88 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18vppinfra: use stored vec header size to find headerDamjan Marion11-81/+56
Type: refactor Change-Id: Iaa1e43c87c5725ab33ea8489bff2a7bda18b9c79 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18vppinfra: fixed pool from heapDamjan Marion2-89/+18
Immediate benefit is ability to use hugepage backed memory. Type: improvement Change-Id: Ibcae961aa09ea92d3e931a40bedbc6346a4b2039 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18memif: fix rx/txqueue RC on connectedNathan Skrzypczak1-9/+12
Type: fix Calling vnet_hw_if_register_tx_queue should be done with the worker barrier held, as virtio-pre-input might be grabbing a queue while a memif connect event is triggered. Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18ip: fix assert in ip4_ttl_incAloys Augustin1-1/+3
There is no need to verify the checksum for packets that have the IP checksum offload flag set. This uses the same logic as ip4_ttl_and_checksum_check. Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
2022-03-18bfd: remove source IP check from session addKlement Sekera1-55/+0
Checking for existence of source address on interface prevents creating session before assigning address to said interface. Removing this check allows more flexibility when configuring BFD feature. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ia57960e29b5dbdb758a7a64193c28f21482f229e
2022-03-17vlib: fix vlib_mains vector alignmentFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib3d1ac6c82bc0c00e445b15d4102e4fd755f8e2d
2022-03-17vcl: fix invalid socket readFilip Tehlar1-1/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic8cc12788d9062f30faa992afaecc0c64078c4d7
2022-03-17vppinfra: vec_max_len, vec_mem_size use stored header sizeDamjan Marion4-33/+40
Type: improvement Change-Id: I17778e89674da0e8204713302e2293377bdabcbc Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17vppinfra: store vector header size and alignment into headerDamjan Marion3-10/+24
On the forst vector alloc values are stored into header. Later, when vector grows values from header are used istead of provided ones. In the debug image code will assert if same values are not provided. Type: improvement Change-Id: I8fdcfa495e9c1df0f6392c90f634e8c74b73b328 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17vppinfra: move hash bitmap out of vec headerDamjan Marion2-8/+11
Type: refactor Change-Id: Ibd29a717eaf12d795b3bceb31835d6fc655268b1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17misc: Improve go bindings genNathan Skrzypczak1-50/+67
Type: improvement Change-Id: Id705dab895602a60b053296b560ca3db5b0cd344 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-17nat: fix ICMP error translationKlement Sekera1-0/+3
Add missing translation of ICMP inner IP layer. Change responsible test so that it actually tests something. Type: fix Fixes: 4881cb4c6f Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
2022-03-16vpp: binary-api CLI weak linking workaroundDamjan Marion1-1/+1
For some unknown reason sometimes calling exec() ends up on weak exec() defined in src/vat/api_format.c which return -1 instead of using one few lines above. Another proof that use of weak symbols is bad idea. Luckily this can be easily workarounded. Type: fix Change-Id: Ic84e8525bff75c1b8186c233cd524aac4d95c8b5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-15tcp: update error counters in listen nodeFlorin Coras1-9/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib2e1d847607c9c7d928b174b87e5c21d53153ebe
2022-03-15tcp: update persist timer if data ackedFlorin Coras1-3/+7
Update persist timer if data sent during snd_wnd < snd_mss was acked. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5c75ff8ddc0e49750b2088237d32afa4eda99e7f
2022-03-15flow: add generic flow pattern for 5G flow enhancementTing Xu3-32/+87
In order to support the requirement of RSS and packet steering of new protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern is introduced in vnet flow. The generic flow pattern is based on DDP (Dynamic Device Personalization) function and Parser Library module in DPDK. Using generic flow pattern, we do not need to create new packet and field type and offset in API parser for every new protocols. We can create flows for any protocol immediately as long as supported by DDP. The generic flow can be used to support 5G related protocols in different scenarios. The input of this generic pattern are two binary strings for spec and mask. Spec is the binary presentation of the target packet type, and mask is used to mark the target fields. In this patch DPDK plugins is enabled for POC. Next step we will enable generic flow in native IAVF, which is the main target. Here is an example. If we want to create a flow for GTPU QFI, spec is: 00000000000100000000000208004500003C00000000001100000101010102020202000 008680028000034FF001C00000000000000850100010045000014000000000000000001 01010102020202 mask is: 00000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000007F0000000000000000000000000000 00000000000000 A naming API POC is created via VAPI to help create the rule with the target packet format similar to Scapy. It is based on a function module called PacketForge. In this way, the user no need to create binary string spec and mask by themselves. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
2022-03-15vlib: add vlib_frame_bitmap_andDamjan Marion1-0/+8
Type: improvement Change-Id: I531115f32c484e4c4794173d24e15f3b5b8f547b Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-15memif: fix memif_process_desc indexingMauro Sardara1-4/+2
The index i was incremented in the wrong place, and the check on the presence of a next buffer in the chain was actually done for the next desc_status rather than the current one. Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
2022-03-14vppinfra: fix vec capacityFlorin Coras4-20/+31
Rename vec_capacity to vec_mem_size as it returned the size of the underlying memory allocation not the number of bytes that can be used for vector elements. Add new vec_max_elts macro that returns number of elements that can fit into generic vector. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2e53a2bfa6e56a89af62d6ddc073ead58b8c49bb
2022-03-14stats: refactor vlib countersDamjan Marion6-161/+217
Change-Id: I09d2da73eff42c52ba1373acc99ff28f283a6725 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14crypto: Enabling IOMMU DMA translation table update for QAT cardGovindarajan1-1/+2
With DPDK plugin, VPP does the DMA page map in IOMMU, only when DPDK supported ethernet devices are present. As a result, Mellanox NIC and QAT combo doesn't work. As part of this fix, DPDK supported crypto device check is added to do the DMA page map. Type: fix Signed-off-by: mgovind <govindarajan.mohandoss@arm.com> Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
2022-03-14stats: support recursive lockingDamjan Marion3-5/+32
Type: improvement Change-Id: I85dd3d34bcb175dd68dda34a58cd454848a0fc2b Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14hsa: fix error messageFilip Tehlar1-3/+3
Fixes a minor issue that causes printing an error message when there is no error. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
2022-03-14vppinfra: don't account vec_header_t size twice in the pool headerDamjan Marion2-4/+5
Type: fix Change-Id: I298d2a5067f7949002e6c010f892553f1eb9f477 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14dpdk: improve rx burst count per loopFan Zhang1-4/+5
Type: improvement This patch improves the per dpdk-input loop number of packets received from the port. The change mimics how packets rx happened before VPP 22.02/DPDK 21.11: instead of trying to rx huge number of packets (256) in one go, rx more times with up to 32 packets max each time. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
2022-03-11map: fix memory leakBenoît Ganne1-1/+2
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report. Type: fix Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-11tls: remove pkg dependencies on mbedtlsFlorin Coras1-3/+0
The tlsmbedtls plugin should only be built if mbedtls libraries are present. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I24364177d24ea744f24f808f492be08adff3690b
2022-03-11session: fix crash during client detachFilip Tehlar1-1/+3
This fixes a crash caused by client closing socket before adding worker. During detach vpp tries to delete worker based on invalid worker index. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
2022-03-11vlib: remoove unused fieldDamjan Marion4-25/+1
Type: refactor Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10vlib: init logging eearlierDamjan Marion3-5/+9
Type: improvement Change-Id: I2eb5543aa470094d4c5ad420a2fcc9873b7808e1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10dpdk: fix program vlans on ixgbevfDzmitry Sautsa1-2/+7
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF. Type: fix Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com> Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
2022-03-10devices: remove the unused code from af_packetMohsin Kazmi2-6/+0
Type: refactor Change-Id: If180816303909b92c9aa4ff9fd70dc7938a6cfbe Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-10ipsec: remove the redundant codeMohsin Kazmi1-1/+0
Type: refactor Change-Id: I0a40e22e1439e13ffdbcbd6fd7cad40c8178418c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-09vppinfra: fix pool_free_eltsFlorin Coras1-19/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3425350f5e874df79716bd726900540629793beb
2022-03-09ip: IPv4 Fragmentation fix for l2fragmetable sizeNeale Ranns1-10/+7
Type: fix The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
2022-03-09stats: refactorDamjan Marion36-1800/+1666
Type: refactor Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-09vat: fix vat_suspend crashDamjan Marion2-2/+8
Deadly combination is clib_{set,long}jmp + lazy linking + tail call compiler optimization. On the first call to clib_setjmp, dynamic linker executes loader code which then calls clib_setjmp, so stored stack position contains dynamic loader data. Tail call optimization simply jumps back to the calling code when clib_longjump is called and that results in wrong return address used from the stack. Change-Id: Ia7d8dbd5b2c425cdd0449374aa07ab6b684a330e Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-08classify: add API to retrieve punt ACL tablesBenoît Ganne2-0/+45
Type: feature Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-08ipsec: input: drop by default for non-matching pktsZachary Leaf1-0/+14
As per IPSec RFC4301 [1], any non-matching packets should be dropped by default. This is handled correctly in ipsec_output.c, however in ipsec_input.c non-matching packets are allowed to pass as per a matched BYPASS rule. For full details, see: https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480 It appears the ipsec6_input_node only matches PROTECT policies. Until this is extended to handle BYPASS + DISCARD, we may wish to not drop by default here, since all IPv6 traffic not matching a PROTECT policy will be dropped. [1]: https://datatracker.ietf.org/doc/html/rfc4301 Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
2022-03-08ip: set fib_index before exiting input ACL nodeArthur de Kerhor1-40/+75
While setting an ACL, a user can specify the adjacency to follow after the input ACL node. Thus, we may skip a lookup and enter directly a local node (ex: ip4_local). To prevent the local source check from failing, we need to specify the fib index. And, we have to do it just before exiting the input ACL node because the l2_classify object is overlapping with the fib_index in the vnet_buffer_opaque_t struct. We could have added a padding to avoid this overlap but there is no place for that in the structure. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74