summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2020-09-15lisp: fix lisp|one_eid_table_dump's local|remote options in vatOnong Tayeng1-1/+1
The local|remote options to vat's lisp|one_eid_table_dump api command does not print the eid details instead it produces the following error messages: Filter error, unknown filter: 1 Filter error, unknown filter: 2 Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: I000c290b400dbf39bd883d57115923167092c9bd
2020-09-15crypto: Crypto SW Scheduler Coverity WarningsNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I7f98d0c7847ecc40b90b78e5ae83f320575be310
2020-09-15crypto-native: fix issues detected by coiverityDamjan Marion2-3/+11
Type: fix Change-Id: Id61aa407eeeb4d44cf47ed39283a0c79ed3abbee Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-14l2: allocate l2fib only when neededDamjan Marion5-10/+99
Currently l2 fib allocates 512MB hash table unconditionally on startup. This patch postpones table creation up to the point where first interface is put into l2 mode or mac entry is added. In addition it reduces default table size to 128MB and increases number of buckets 4 times. This default setting should be enough to keep 1M mac entries. Also, new startup.conf section is added which allows user to change memory and bucket size. .i.e: l2fib { table-size 512M num-buckets 524288 } Type: improvement Change-Id: I2a29209aa3545181f0087544c97a54d8157b6ec5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-14session: del app worker on socket detachFlorin Coras1-5/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic904abedcd270c95e782159170d457bc396424a0
2020-09-14wireguard: coverity fixesNeale Ranns2-6/+10
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ib1eabbc87a573c660ac251602d631f167928259b
2020-09-14vcl: add support for app socket apiFlorin Coras7-12/+456
To enable add "app-socket-api /path/to/socket" to vcl.conf. On vpp side, add use-app-socket-api to session stanza in startup.conf VPP allocates a socket per application namespace which it places in the app_ns_sockets subfolder of the run folder (default /var/run/vpp). The socket used implicitly selects the app namespace for the vcl app. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifc14b93dcbf6ef9bed1852d46cd069f4855b92ef
2020-09-14vcl: cleanup bapi and wrk registrationFlorin Coras6-361/+360
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0391db5c3ad038265cb8ebf9de02925653e35959
2020-09-14session: add unix socket api for app attachmentFlorin Coras6-18/+743
This is an af_unix socket alternative to the binary api. To enable it, add use-app-socket-api under session stanza in startup.conf. When the socket api is enabled, attachments through the binary api are disabled. The socket api only works with memfd fifo segments, i.e., shm segments are not supported. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I55ffcee201d004846daeeec85c700c7e7a578d43
2020-09-14vcl: always fill buffer or drain rx fifoFlorin Coras1-4/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibbe438aa6f2fe6d9f55c56ca6d3aec1a29b32cad
2020-09-14wireguard: increase FIB source priorityNeale Ranns1-2/+7
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Icc1c458474d357c7d9b3b4df1897500de0c314a1
2020-09-14nat: delay datastructure allocation until configuredOle Troan2-18/+33
The dslite plugin would on plugin load initialize large bihash datastructures. Postpone until configured. Type: improvement Change-Id: Ie790ab8c5fc39fac18153acd54dcd051805e763a Signed-off-by: Ole Troan <ot@cisco.com>
2020-09-14vppinfra: add clib_log2_page_sz and format/unformat functionsDamjan Marion5-22/+98
Type: improvement Change-Id: Ie44dbf9396cfed19dba153810b7bd76ce5377cd4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-10ikev2: fix copy-paste error when freeing memoryFilip Tehlar1-1/+1
Type: fix Change-Id: If44c807d188b3e88d819f4132d73e6a34402a525 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-09-12wireguard: Fix for tunnel encapNeale Ranns7-89/+468
Type: fix add UT for sneding handshale init and transport packets Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iab1ed8864c666d5a0ae0b2364a9ca4de3c8770dc
2020-09-11lisp: fix spelling mistake in option nameOnong Tayeng1-1/+1
In the vat help msg for one_add_del_l2_arp_entry the IP address option is misspelled as "ip4 <ip4>" when it should have been "ip <ip4>". Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: Id4058a3ddfdb78b840d7e5a3c330e67b393f5d3b
2020-09-11quic: Clean quic_crypto_setup_cipherNathan Skrzypczak1-16/+13
Type: fix Change-Id: I4c19636c2be8a577c6cba272708cb04bcc24785b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-11lisp: fix help msg of show eid-table commandOnong Tayeng2-4/+4
The lisp|one show eid-table command's help msg does not display the available options. This patch fixes that. show lisp eid-table [local|remote|eid <eid>] show one eid-table [local|remote|eid <eid>] Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: Id39148db2ff291a7fe859830c1488b69ccd15c05
2020-09-11dpdk: fix coverity defect #214232, #182930Chenmin Sun2-1/+8
Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie328834159687cdb4314c37d36697f2fb9081fbd
2020-09-11avf: add assert to ensure that adminq is used only from avf processDamjan Marion2-0/+12
Type: improvement Change-Id: Ib64c9b8207776986656e5a26c13a221edc6cc950 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11avf: change promisc mode from the avf process nodeDamjan Marion2-7/+26
Avoid situations where promisc mode is chaged while avf process is suspended in the middle of adminq operation. Type: fix Change-Id: Ia1fc6551e83218b5938630ad3a15d4f3f0ceceff Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11nat: Fix next feature for ED with multiple workersVladimir Isaev3-2/+25
Multiple (> 1) workers leads to handoff node being enabled. This node pops next feature index to nat.arc_next to make sure that packet will be pushed to the next feature in the arc. But node nat44-ed-in2out-output also pops next feature and changes arc_next. So actual next feature will be skipped in that case. It leads to all nat44-ed-in2out packets being dropped if we have multiple workers (handoff node enabled). To resolve this a new node was added (nat-pre-in2out-output) to fill arc_next in single worker case and multiple worker case is already handled by handoff node. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
2020-09-11avf: fix race between avf and cli/api processDamjan Marion6-35/+43
device pool my grow during suspemd which will cause crash in avf process after it exits from suspend. Type: fix Change-Id: I51fec90088c909cfbaaca6c245272a28c0827ca0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11vlib: fix call to vlib_get_node_by_nameBenoît Ganne1-1/+4
Type: fix Change-Id: I1b4f52e186165b04db5bd5f11058dc77b647bc94 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11nat: endian mismatchFilip Varga1-7/+13
Type: fix Change-Id: Icf6ce0ddb5fe9d078503e9d9ff7e7b26423f53f8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-09-11build: fix build for Debian 9 and Debian 10Benoît Ganne3-11/+18
Type: fix Change-Id: Ic07d0ae313b32e420ba93693cb75960a86f752a9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11avf: fix race between avf process node and avf_delete_if(...)Damjan Marion4-18/+34
It may happen that process node is suspended while it waits for response from adminq and during that time CLI or API process can call avf_delete_if. When avf process node resumes, it may happen that device is not there anymeore. This patch delegates interface deletion to process node, so CLI/API process just sends signal instead of deleting device instance itself. Type: fix Change-Id: I7f12e12df3071650f6e60ad7eb5af23b7acfe335 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-11l2: fix null deref in l2_to_bvi()Matthew Smith1-1/+1
Type: fix Static analysis identified a possible null pointer dereference. It was introduced by a recent patch which expanded the DMAC comparison on inbound packets on a BVI interface to include any secondary MAC addresses which were added to an interface. Check if the pointer is null before dereferencing. Change-Id: Ic2afe2b062eda32977e05bf3f98d82c1fe64620c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-11ikev2: fix memory leaksBenoît Ganne1-7/+20
- make sure everything is freed on cleanup - reuse already allocated vectors where possible Type: fix Change-Id: Ibd8da1edb37126522dc2d525596521d32dceb73a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-11quic: fix coverity warningAloys Augustin1-1/+1
Type: fix Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Change-Id: Ic51ba3450b3d0722ebff4280127f526b5a9934b1
2020-09-10lisp: fix vat crash with one_add_del_local_eid apiOnong Tayeng1-1/+1
VAT crashes when the one_add_del_local_eid api is invoked with mac address as eid. Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: I29e246f6cad4b350fec52d54e94dbed586d488c4
2020-09-10wireguard: fix handshake procedureArtem Glazychev2-12/+17
Type: fix Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
2020-09-10lisp: fix crash with arp and packet trace onOnong Tayeng2-3/+7
With packet trace on, VPP crashes when an arp packet arrives. This patch fixes the crash and also ensures that the packet trace displays the eid info. Type: fix Signed-off-by: Onong Tayeng <otayeng@cisco.com> Change-Id: Iaad09a5e2b33e931ab9bd7bc3d4573b5ed5e4bfd
2020-09-10af_xdp: documents incompatibility with 1GB hugepages and high buffers-per-numa.Mohammed Hawari1-0/+2
Type: docs Change-Id: If8602d4b73cc1f04e42d19b8df60a05f67aa90c9 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-09-09vlib: support interrupt re-arm from nodev21.01-rc0Damjan Marion1-10/+21
Type: improvement Change-Id: I13517bff4129497644e0efc3495d0ee7897fe5a7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-09l2: check secondary macs on BVI interfaceMatthew Smith1-2/+35
Type: fix VRRP cannot be used on a BVI interface currently because packets sent to the virtual mac address of the VR fail the destination mac check in l2_to_bvi(). Apparently people want to use VRRP on BVI interfaces, so update the check in l2_to_bvi() so that it will check any secondary mac addresses which have been added to the ethernet interface if the destination mac address does not match the primary mac address for the interface. An equivalent check is already done in ethernet_input_inline() for L3 interfaces which are in promiscuous mode. Change-Id: I7c5bf624dafda8744fea236c704e8e17e5f53b35 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-09-09svm: fix non-null-terminated stringBenoît Ganne1-1/+1
Type: fix Change-Id: Ia9cd71ce12584cd8ef90bfe357cf762dd7653f71 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-09-09wireguard: initial implementation of wireguard protocolArtem Glazychev31-0/+6216
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-09-09crypto: change cryptodev with new cryptodev APIFan Zhang3-1/+1582
Type: feature This patch updateds cryptodev engine uses new DPDK Cryptodev API planned to be upstreamed in DPDK 20.11. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com> Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
2020-09-09interface: support configuring RSS steering queuesChenmin Sun10-36/+320
This patch adds the RSS steering queues set interface, and it's implementation in DPDK device: /* Interface to set rss queues of the interface */ typedef clib_error_t *(vnet_interface_rss_queues_set_t) (struct vnet_main_t * vnm, struct vnet_hw_interface_t * hi, clib_bitmap_t *bitmap); This patch also introduces a command line to set the RSS queues: set interface rss queues <interface> <list <queue-list>> To display the rss queues, use "show hardware-interfaces" Below is the example to configure rss queues for interface Gig0: vpp# set interface rss queues Gig0 list 0,2,4-7 vpp# show hardware-interfaces brief Name Idx Link Hardware VirtualFunctionEthernet18/1/0 1 down VirtualFunctionEthernet18/1/0 Link speed: unknown RSS queues: 0 2 4 5 6 7 local0 0 down local0 Link speed: unknown vpp# Users can also configure the rss queues on a dpdk interface in startup.conf: dpdk { dev 0000:18:01.0 { rss-queues 0,2,5-7 } } Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I1835595a1c54016a84eabee9fd62ce137935385d
2020-09-09stats: Fix stat_segment to set timeout directlyRajesh Goel1-0/+13
Type: fix Signed-off-by: Rajesh Goel <rajegoel@cisco.com> Change-Id: Ib37802f4270fe894a31e871c7fbb12b5a1cdf058
2020-09-09tcp: fix the tcp unittest to workRyujiro Shibuya1-0/+2
Type: fix Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: If5a8313262da828616db8b1d9ef831d42b11d952
2020-09-08dpdk-ipsec: don't leak buffers on crypto alloc failureChristian Hopps2-6/+8
Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: I4dee2ea723631e1bd95b33a74b9431d984565aef
2020-09-08dpdk: fix extended stat stringsChristian Hopps1-2/+2
- These were displaying blank, apparently dpdk extended stat strings must be within the heap so they are identified as vectors by format_c_identifier even though they are not. Type: fix Change-Id: I2b153b100203b9856ce3af6d5ecb2daae410fb5b Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08dpdk: fix interface counters to never go backwardChristian Hopps1-33/+24
Was seeing imissed counter become negative. Reuse the RX_ERROR code for all three error counters to avoid the problem. Type: fix Change-Id: I99a69c8816326682745785ecd30e18a131ac2969 Signed-off-by: Christian Hopps <chopps@labn.net>
2020-09-08svm session: document unsupported fifo deq combinationsFlorin Coras4-7/+33
Type: fix - Document that ooo dequeues with ooo lookups cannot be done in combination with in order dequeues. - Added assert to capture this scenario and de-initialized rbtrees for cut-through tx fifo Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic40d020b3f0391fcf022ea3c906b86121744144f
2020-09-07ipsec: fix padding/alignment for native IPsec encryptionChristian Hopps5-19/+19
Not all ESP crypto algorithms require padding/alignment to be the same as AES block/IV size. CCM, CTR and GCM all have no padding/alignment requirements, and the RFCs indicate that no padding (beyond ESPs 4 octet alignment requirement) should be used unless TFC (traffic flow confidentiality) has been requested. CTR: https://tools.ietf.org/html/rfc3686#section-3.2 GCM: https://tools.ietf.org/html/rfc4106#section-3.2 CCM: https://tools.ietf.org/html/rfc4309#section-3.2 - VPP is incorrectly using the IV/AES block size to pad CTR and GCM. These modes do not require padding (beyond ESPs 4 octet requirement), as a result packets will have unnecessary padding, which will waste bandwidth at least and possibly fail certain network configurations that have finely tuned MTU configurations at worst. Fix this as well as changing the field names from ".*block_size" to ".*block_align" to better represent their actual (and only) use. Rename "block_sz" in esp_encrypt to "esp_align" and set it correctly as well. test: ipsec: Add unit-test to test for RFC correct padding/alignment test: patch scapy to not incorrectly pad ccm, ctr, gcm modes as well - Scapy is also incorrectly using the AES block size of 16 to pad CCM, CTR, and GCM cipher modes. A bug report has been opened with the and acknowledged with the upstream scapy project as well: https://github.com/secdev/scapy/issues/2322 Ticket: VPP-1928 Type: fix Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Iaa4d6a325a2e99fdcb2c375a3395bcfe7947770e
2020-09-06marvell: add cli options to configure rxq and txq sizesChristian E. Hopps1-1/+6
Add the ability to configure the pp2 rx and tx queue sizes in the CLI. Type: improvement Signed-off-by: Christian E. Hopps <chopps@chopps.org> Change-Id: I6a824f92e22fa47fec3d84525cc2d82524ddf639
2020-09-05vlib: vlib_get_node_by_name fails via APINathan Skrzypczak1-2/+1
Type: fix Calling vlib_get_node_by_name via the VPE api doesn't work due to hash weirdness. Haven't gotten around the real cause of this. But this fixes it. Change-Id: I89f95dba2bcd9573b8f1f435e063e9dd57f9ca93 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-05docs: Improve & link cnat docNathan Skrzypczak1-13/+79
Type: docs Change-Id: Ib985ed6a644ae3f4c330bf6a27dc69c49a489a2f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>