summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-03-18cnat: Fix conflicting rsessionNathan Skrzypczak4-39/+87
When dNAT-ing to a VIP, it can happen that the return session conflicts with another forward session than the one we own. This patchs adds a rsession_flags CNAT_SESSION_RETRY_SNAT that makes cnat_session_create search for a free src port to use for the resulting return session. It also makes forward & return session share their fate in the session scanner. Type: fix Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18memif: fix rx/txqueue RC on connectedNathan Skrzypczak1-9/+12
Type: fix Calling vnet_hw_if_register_tx_queue should be done with the worker barrier held, as virtio-pre-input might be grabbing a queue while a memif connect event is triggered. Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-18ip: fix assert in ip4_ttl_incAloys Augustin1-1/+3
There is no need to verify the checksum for packets that have the IP checksum offload flag set. This uses the same logic as ip4_ttl_and_checksum_check. Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
2022-03-18bfd: remove source IP check from session addKlement Sekera1-55/+0
Checking for existence of source address on interface prevents creating session before assigning address to said interface. Removing this check allows more flexibility when configuring BFD feature. Type: improvement Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Ia57960e29b5dbdb758a7a64193c28f21482f229e
2022-03-17vlib: fix vlib_mains vector alignmentFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib3d1ac6c82bc0c00e445b15d4102e4fd755f8e2d
2022-03-17vcl: fix invalid socket readFilip Tehlar1-1/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Ic8cc12788d9062f30faa992afaecc0c64078c4d7
2022-03-17vppinfra: vec_max_len, vec_mem_size use stored header sizeDamjan Marion4-33/+40
Type: improvement Change-Id: I17778e89674da0e8204713302e2293377bdabcbc Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17vppinfra: store vector header size and alignment into headerDamjan Marion3-10/+24
On the forst vector alloc values are stored into header. Later, when vector grows values from header are used istead of provided ones. In the debug image code will assert if same values are not provided. Type: improvement Change-Id: I8fdcfa495e9c1df0f6392c90f634e8c74b73b328 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17vppinfra: move hash bitmap out of vec headerDamjan Marion2-8/+11
Type: refactor Change-Id: Ibd29a717eaf12d795b3bceb31835d6fc655268b1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-17misc: Improve go bindings genNathan Skrzypczak1-50/+67
Type: improvement Change-Id: Id705dab895602a60b053296b560ca3db5b0cd344 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-03-17nat: fix ICMP error translationKlement Sekera1-0/+3
Add missing translation of ICMP inner IP layer. Change responsible test so that it actually tests something. Type: fix Fixes: 4881cb4c6f Signed-off-by: Klement Sekera <klement.sekera@gmail.com> Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
2022-03-16vpp: binary-api CLI weak linking workaroundDamjan Marion1-1/+1
For some unknown reason sometimes calling exec() ends up on weak exec() defined in src/vat/api_format.c which return -1 instead of using one few lines above. Another proof that use of weak symbols is bad idea. Luckily this can be easily workarounded. Type: fix Change-Id: Ic84e8525bff75c1b8186c233cd524aac4d95c8b5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-15tcp: update error counters in listen nodeFlorin Coras1-9/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib2e1d847607c9c7d928b174b87e5c21d53153ebe
2022-03-15tcp: update persist timer if data ackedFlorin Coras1-3/+7
Update persist timer if data sent during snd_wnd < snd_mss was acked. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5c75ff8ddc0e49750b2088237d32afa4eda99e7f
2022-03-15flow: add generic flow pattern for 5G flow enhancementTing Xu3-32/+87
In order to support the requirement of RSS and packet steering of new protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern is introduced in vnet flow. The generic flow pattern is based on DDP (Dynamic Device Personalization) function and Parser Library module in DPDK. Using generic flow pattern, we do not need to create new packet and field type and offset in API parser for every new protocols. We can create flows for any protocol immediately as long as supported by DDP. The generic flow can be used to support 5G related protocols in different scenarios. The input of this generic pattern are two binary strings for spec and mask. Spec is the binary presentation of the target packet type, and mask is used to mark the target fields. In this patch DPDK plugins is enabled for POC. Next step we will enable generic flow in native IAVF, which is the main target. Here is an example. If we want to create a flow for GTPU QFI, spec is: 00000000000100000000000208004500003C00000000001100000101010102020202000 008680028000034FF001C00000000000000850100010045000014000000000000000001 01010102020202 mask is: 00000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000007F0000000000000000000000000000 00000000000000 A naming API POC is created via VAPI to help create the rule with the target packet format similar to Scapy. It is based on a function module called PacketForge. In this way, the user no need to create binary string spec and mask by themselves. Type: feature Signed-off-by: Ting Xu <ting.xu@intel.com> Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
2022-03-15vlib: add vlib_frame_bitmap_andDamjan Marion1-0/+8
Type: improvement Change-Id: I531115f32c484e4c4794173d24e15f3b5b8f547b Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-15memif: fix memif_process_desc indexingMauro Sardara1-4/+2
The index i was incremented in the wrong place, and the check on the presence of a next buffer in the chain was actually done for the next desc_status rather than the current one. Type: fix Signed-off-by: Mauro Sardara <msardara@cisco.com> Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
2022-03-14vppinfra: fix vec capacityFlorin Coras4-20/+31
Rename vec_capacity to vec_mem_size as it returned the size of the underlying memory allocation not the number of bytes that can be used for vector elements. Add new vec_max_elts macro that returns number of elements that can fit into generic vector. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2e53a2bfa6e56a89af62d6ddc073ead58b8c49bb
2022-03-14stats: refactor vlib countersDamjan Marion6-161/+217
Change-Id: I09d2da73eff42c52ba1373acc99ff28f283a6725 Type: improvement Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14crypto: Enabling IOMMU DMA translation table update for QAT cardGovindarajan1-1/+2
With DPDK plugin, VPP does the DMA page map in IOMMU, only when DPDK supported ethernet devices are present. As a result, Mellanox NIC and QAT combo doesn't work. As part of this fix, DPDK supported crypto device check is added to do the DMA page map. Type: fix Signed-off-by: mgovind <govindarajan.mohandoss@arm.com> Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
2022-03-14stats: support recursive lockingDamjan Marion3-5/+32
Type: improvement Change-Id: I85dd3d34bcb175dd68dda34a58cd454848a0fc2b Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14hsa: fix error messageFilip Tehlar1-3/+3
Fixes a minor issue that causes printing an error message when there is no error. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
2022-03-14vppinfra: don't account vec_header_t size twice in the pool headerDamjan Marion2-4/+5
Type: fix Change-Id: I298d2a5067f7949002e6c010f892553f1eb9f477 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14dpdk: improve rx burst count per loopFan Zhang1-4/+5
Type: improvement This patch improves the per dpdk-input loop number of packets received from the port. The change mimics how packets rx happened before VPP 22.02/DPDK 21.11: instead of trying to rx huge number of packets (256) in one go, rx more times with up to 32 packets max each time. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
2022-03-11map: fix memory leakBenoît Ganne1-1/+2
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report. Type: fix Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-11tls: remove pkg dependencies on mbedtlsFlorin Coras1-3/+0
The tlsmbedtls plugin should only be built if mbedtls libraries are present. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I24364177d24ea744f24f808f492be08adff3690b
2022-03-11session: fix crash during client detachFilip Tehlar1-1/+3
This fixes a crash caused by client closing socket before adding worker. During detach vpp tries to delete worker based on invalid worker index. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
2022-03-11vlib: remoove unused fieldDamjan Marion4-25/+1
Type: refactor Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10vlib: init logging eearlierDamjan Marion3-5/+9
Type: improvement Change-Id: I2eb5543aa470094d4c5ad420a2fcc9873b7808e1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10dpdk: fix program vlans on ixgbevfDzmitry Sautsa1-2/+7
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF. Type: fix Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com> Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
2022-03-10devices: remove the unused code from af_packetMohsin Kazmi2-6/+0
Type: refactor Change-Id: If180816303909b92c9aa4ff9fd70dc7938a6cfbe Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-10ipsec: remove the redundant codeMohsin Kazmi1-1/+0
Type: refactor Change-Id: I0a40e22e1439e13ffdbcbd6fd7cad40c8178418c Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-09vppinfra: fix pool_free_eltsFlorin Coras1-19/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3425350f5e874df79716bd726900540629793beb
2022-03-09ip: IPv4 Fragmentation fix for l2fragmetable sizeNeale Ranns1-10/+7
Type: fix The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
2022-03-09stats: refactorDamjan Marion36-1800/+1666
Type: refactor Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-09vat: fix vat_suspend crashDamjan Marion2-2/+8
Deadly combination is clib_{set,long}jmp + lazy linking + tail call compiler optimization. On the first call to clib_setjmp, dynamic linker executes loader code which then calls clib_setjmp, so stored stack position contains dynamic loader data. Tail call optimization simply jumps back to the calling code when clib_longjump is called and that results in wrong return address used from the stack. Change-Id: Ia7d8dbd5b2c425cdd0449374aa07ab6b684a330e Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-08classify: add API to retrieve punt ACL tablesBenoît Ganne2-0/+45
Type: feature Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-08ipsec: input: drop by default for non-matching pktsZachary Leaf1-0/+14
As per IPSec RFC4301 [1], any non-matching packets should be dropped by default. This is handled correctly in ipsec_output.c, however in ipsec_input.c non-matching packets are allowed to pass as per a matched BYPASS rule. For full details, see: https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480 It appears the ipsec6_input_node only matches PROTECT policies. Until this is extended to handle BYPASS + DISCARD, we may wish to not drop by default here, since all IPv6 traffic not matching a PROTECT policy will be dropped. [1]: https://datatracker.ietf.org/doc/html/rfc4301 Type: fix Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
2022-03-08ip: set fib_index before exiting input ACL nodeArthur de Kerhor1-40/+75
While setting an ACL, a user can specify the adjacency to follow after the input ACL node. Thus, we may skip a lookup and enter directly a local node (ex: ip4_local). To prevent the local source check from failing, we need to specify the fib index. And, we have to do it just before exiting the input ACL node because the l2_classify object is overlapping with the fib_index in the vnet_buffer_opaque_t struct. We could have added a padding to avoid this overlap but there is no place for that in the structure. Type: fix Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com> Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
2022-03-07linux-cp: handle ipv4 routes when interface is disabledAlexander Chernavin1-2/+88
Type: improvement Currently, when an interface is brought down administratively, IPv4 routes that resolve through that interface remain in the FIB. However, the kernel removes those routes but doesn't send any notifications about that. Desynchronization between the kernel and VPP happens. With this change, when a notification received from the kernel indicating that an interface was brought down, in addition to bringing the VPP interface down, walk the IPv4 FIB bound to that interface and remove any entries that resolve through that interface and were added with one of the linux-cp FIB sources. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
2022-03-07ip: Fixes for IPv6 and MPLS fragmentationNeale Ranns2-52/+76
Type: fix - IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer - IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places - IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local - IPv6oMPLS should send back TooBig ICMP6 for non locally generated Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
2022-03-04linux-cp: fix issue of possibly closing negative fdAlexander Chernavin1-5/+14
Type: fix Primarily fix an issue reported by Coverity in lcp_nl_open_sync_socket() that close() could possibly be run with negative fd. Also, add more checks and error logging there. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
2022-03-04linux-cp: stop signaling read event on every notifAlexander Chernavin1-7/+9
Type: improvement Currently, read event signal is sent on every notification message received and added in the queue. With this change, signal read event only when all currently available notification messages are received. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
2022-03-04linux-cp: stop ignoring ENOBUFS while reading notifAlexander Chernavin1-9/+2
Type: improvement Currently, while reading notifications, ENOBUFS error is ignored and reading continues. This was done to minimize the number of notifications that are lost due to reopening the socket. Now that synchronization is implemented to recover from socket errors, ignoring ENOBUFS and reading as much notifications as possible is not actual. Before synchronization, all currently enqueued notification are discarded in any case. With this change, stop reading notifications if any error occurs. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
2022-03-04api: harden api trace parsingBenoît Ganne1-23/+22
- make sure we do not overflow - skip unknown messages if we can Type: fix Change-Id: I0efbe7376d9d78f6b0ec8018c0813400e6653698 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-04ping: correct the fib-index used for the replyNeale Ranns1-15/+27
Type: fix if original packet was to the link local, then the fib index in the buffer is that of the LL table, we can't use that to foward the response if the new destination is global, so reset to the fib index of the link. In other case, the fib index we need has been written to the buffer already. Add a test for IPv6 ping in an MPLS-VPN where int inout interface is not the the same VRF as the response should be sent. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
2022-03-04ip: rate-limit the sending of ICMP error messagesNeale Ranns2-2/+58
Type: improvement For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages. The rate limiting is done based on src,dst IP address of the received packet. the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
2022-03-04linux-cp: ignore neighbors if ip addr is multicastAlexander Chernavin1-0/+17
Type: improvement When dump of neighbors is requested, the replies will also include neighbor entries for IPv6 multicast addresses: GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16 GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35 GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02 Such entries are not reported in netlink notification messages and VPP is unlikely to use these. With this change, ignore neighbor entries when the IP address is a multicast address. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
2022-03-04ip: fix overflow in ip6_ext_header_walkBenoît Ganne1-1/+1
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements. Type: fix Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-04pg: fixing the cliMohsin Kazmi1-2/+0
Type: fix This patch removes the assert and it is unnecessary. Because given variable is used for branch testing. Change-Id: I64f57f909fcba205216296e86c1cde2a5dadbb45 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>