summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-03-05avf: don't memcpy if adminq output buffer size is 0Damjan Marion1-1/+1
Type: fix Change-Id: I0df14ff87d0bf51eeb392f72434febf6c4a2957a Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05fib: format function for adjacency flagsNeale Ranns2-0/+18
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib01ed3231321f0f38c4b1deb885c4cf718cc0147
2021-03-05interface: move vnet_pcap_t to vnetDamjan Marion5-30/+33
It naturally belogns there... Type: refactor Change-Id: I05f7ba01103a5e9b3756f1ea69c8cc5d8f26f0a0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05mss_clamp: TCP MSS clamping pluginNeale Ranns7-0/+1331
Type: feature Configure TCP MSS clamping on an interface as follows: set interface tcp-mss-clamp [rx|tx] <interface-name> ip4 [enable|disable|rx|tx] ip4-mss <size> ip6 [enable|disable|rx|tx] ip6-mss <size> Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-03-05api: crchcecker ignore version < 1.0.0 and outside of src directoryOle Troan2-0/+4
- For check patchset ignore files outside of src directory - For check patchset ignore files that have version < 1.0.0 - fix Pylint warnings - Modify vppapigen_crc to include version in JSON output Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I171cf6397e129e2438b2a494c5656236a7810f7b
2021-03-05l2: coverity woe in l2_rw_mod_entrySteven Luong1-3/+0
Coverity complains that the statement if (!e) return -1; is never true and is logically dead code in the subject function. It is right. e is assigned in both the if and else statementes immediately above and can never be null. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic2d0e76eff696ee689a68a07913876dcecf5c647
2021-03-05dpdk: fix rte mempool for rx_queuesVladimir Ratnikov1-1/+9
Change dpdk_ops_vpp_get_count() return value from 0 to actual available pool size; For some drivers/envs(azure,vmbus) rx_queue size will be zero and the only 1 element will be created (0 + 1) When more than one packet will arrive, it will cause SEGFAULT Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
2021-03-05ipsec: Support async mode per-SANeale Ranns11-205/+232
Type: feature This feautre only applies to ESP not AH SAs. As well as the gobal switch for ayncs mode, allow individual SAs to be async. If global async is on, all SAs are async. If global async mode is off, then if then an SA can be individually set to async. This preserves the global switch behaviour. the stratergy in the esp encrypt.decrypt nodes is to separate the frame into, 1) sync buffers, 2) async buffers and 3) no-op buffers. Sync buffer will undergo a cyrpto/ath operation, no-op will not, they are dropped or handed-off. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ifc15b10b870b19413ad030ce7f92ed56275d6791
2021-03-05ipsec: Submit fuller async framesNeale Ranns4-178/+146
Type: improvement In the current scheme an async frame is submitted each time the crypto op changes. thus happens each time a different SA is used and thus potentially many times per-node. thi can lead to the submision of many partially filled frames. change the scheme to construct as many full frames as possible in the node and submit them all at the end. the frame owner ship is passed to the user so that there can be more than one open frame per-op at any given time. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic2305581d7b5aa26133f52115e0cd28ba956ed55
2021-03-05marvell: check return value of vlib_trace_bufferRobert Shearman1-8/+10
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a compiler error for an unused result of the function. Type: fix Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
2021-03-05marvell: spelling fixesRobert Shearman2-3/+3
Fix places where "Marvel" is used incorrectly instead of "Marvell". Type: style Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-05marvell: fix implicit declaration of functionRobert Shearman1-0/+1
Fix compile error due to implicit declaration of vnet_hw_if_get_rxq_poll_vector by including the header file that declares this. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
2021-03-05crypto: revert "fix ops flags in crypto sw scheduler"Damjan Marion1-2/+7
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea. Type: fix Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-04ikev2: fix incorrect api messageFilip Tehlar1-1/+1
Type: fix Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04crypto: fix ops flags in crypto sw schedulerBenoît Ganne1-7/+2
The sw crypto scheduler converts crypto frames to individual crypto operations. This is done by reusing per-thread vectors for crypto, integrity and chained operations. The crypto op flags must be reset to frame flags minus invalid values depending of the operation. The previous tentative also cleared the chained buffer flag, breaking jumbo support. Type: fix Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04crypto: add support for aes-ctr+sha-1 chainsBenoît Ganne1-16/+19
Type: feature Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04hsa: fix builtin echo apps with multiple workersFlorin Coras2-25/+88
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
2021-03-04bonding: coverity woe in bond_dev_class fuctionSteven Luong1-5/+14
Coverity complans the line h = hashes; uses uninitialized variable if the prior ASSERT statement is hit. ASSERT is compiled out coverity as well as in release image. So the complain is legitimate. Change the ASSERT to drop the frame and log an error instead. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
2021-03-04dpdk: fix include directories with system dpdkRobert Shearman1-0/+1
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules to the include directories to allow use of system DPDK where the headers aren't under standard include directories. Type: fix Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1 Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04marvell: remove unused variableRobert Shearman1-1/+0
Fix compile error in mrvl_pp2_delete_if caused by unused variable by removing that variable. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04memif: Validate descriptors within process boudarySteven Luong1-20/+27
We hit a crash when the client sends us a bogus deescriptor which causes us to access memory beyong the mapping. While the client clearly should not do that, it is rather cheap for VPP to validate the descriptor instead of crash and burn. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id09035810939f5f98530f212f0b23e606132251d
2021-03-04dpdk: enable AVX-512 on ICLRay Kinsella1-0/+5
Enable DPDK AVX-512 Vector PMDs on Intel Icelake Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
2021-03-04dpdk: deprecate ipsec backendFan Zhang11-4533/+578
Type: refactor DPDK crypto devices are now accessible via the async infra, so there is no need for the DPDK ipsec plugin. In addition this patch fixes the problem that cryptodev backend not working when master core and worker cores lies in different numa nodes. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
2021-03-04vppinfra: fix compiling error due to incompatible udphdr field namesJieqiang Wang1-6/+3
Compiling VPP on CentOS 7 will fail shown as below. The root cause is that uh_sport/uh_dport field names for struct udphdr are chosen only if macro __FAVOR_BSD in /usr/include/netinet/udp.h is defined for glibc version less than 2.19. Fix this issue by using source and dest field names in struct udphdr for compatibility reasons. FAILED: vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o ccache /opt/rh/devtoolset-9/root/bin/cc -Dvppinfra_EXPORTS -I/vpp/src -I. -Iinclude -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=corei7 -mtune=corei7-avx -O2 -fstack-protector -D_FORTIFY_SOURCE=2 -fno-common -flto -fno-fat-lto-objects -fPIC -fvisibility=hidden -ffunction-sections -fdata-sections -MD -MT vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -MF vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o.d -o vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -c /vpp/src/vppinfra/unix-formats.c /vpp/src/vppinfra/unix-formats.c: In function 'format_udp4_packet': /vpp/src/vppinfra/unix-formats.c:319:19: error: 'struct udphdr' has no member named 'uh_sport' 319 | u16 source = udp->uh_sport; | ^~ /vpp/src/vppinfra/unix-formats.c:320:17: error: 'struct udphdr' has no member named 'uh_dport' 320 | u16 dest = udp->uh_dport; Type: fix Change-Id: Ifc99c7286ea3fac463096152267033ac0518c230 Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com>
2021-03-03udp: allocate rx lock only for non-connectedFlorin Coras1-3/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
2021-03-03api: fix crash when cf removedwanghanlin1-2/+16
cf may be removed when: 1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal message, secondly reading 0 bytes because of socket client crash, then cf removed without clear message added to pending event data vectors before 2. clib_file_write called Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I4523e9bb322e98357575925f3113f710d70dd679
2021-03-03nsh: Resolve SA errors in NSH plugin.Vengada Prasad Govindan1-15/+0
Type: fix Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a Signed-off-by: Vengada Govindan <venggovi@cisco.com>
2021-03-03dhcp: calls to vnet_feature_enable_disable needs to be protectedSteven Luong1-1/+7
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync protection. This can cause data contention with the worker threads. Wrap all calls to vnet_feature_enable_disable with barrier sync and barrier release. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I74545b074599273429f47e3e726551156bc11bbc
2021-03-02ikev2: fix authFilip Tehlar1-1/+1
Old auth data is needed when generating new one. Type: fix Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-02classify: fix crash if no pcap filter has been configuredBenoît Ganne1-1/+2
If no pcap filters have ever been configured and we try to enable pcap capture with a filter, cm->classify_table_index_by_sw_if_index is not initialized yet. Type: fix Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-02classify: fix multiple filters supportBenoît Ganne1-11/+22
This fix the classify filter if we attach several different filters. This also fix some issues with l3 and l4 parsing. Type: fix Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-28session svm: segment manager and fifo segment leaksFlorin Coras2-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
2021-02-27vlib: fix clear trace buffer race conditionBenoît Ganne1-4/+15
Type: fix Change-Id: I2384e052bee91a275c3b97a00542819b1d646c88 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-26vppinfra: mem leak in show memory main-heapFlorin Coras1-1/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I23d1dda86c781ac077dbee7cb0e1ddeaa328c660
2021-02-26udp: avoid locking connected udp sessions on rxFlorin Coras3-2/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26virtio: place the event fds on worker threads for pci deviceMohsin Kazmi1-0/+11
Type: improvement Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-26svm: fix shared hdr migrationFlorin Coras2-7/+9
Avoid changing the header on attach as it may be in use. Instead, as for chunks, allocate header to be collected on detach. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib316ecb5d61ae161032869b6f6a1863f1105a1d9
2021-02-26nat: optimize flow matching in ED NATKlement Sekera5-81/+87
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-26nat: NAT44ED fail if using old plugin optionFilip Varga4-450/+498
Fail if obsolete flag is used. Type: fix Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-26interface: Fix rxq deletionNathan Skrzypczak1-2/+11
Type: fix Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26interface: fix sh int rxNathan Skrzypczak2-2/+2
Type: fix Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns18-98/+85
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>