summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns18-98/+85
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26crypto: fix coverity issue 218445Piotr Bronowski1-3/+0
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: return 4294967295U;. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
2021-02-25sr: Fix the coverity issue on srv6-mobile pluginTetsuya Murakami1-2/+2
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
2021-02-25tests: Add tests for IPSec async mode using the crypto SW schedulerNeale Ranns1-1/+2
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iabc8f2b09ee10a82aacebd36acfe8648cf69b7d7
2021-02-25ipsec: ipsec.h tidy upNeale Ranns6-56/+86
Type: refactor - remove the extern declaration of the nodes. keep the use of them to the files that declare them - remove duplicate declaration of ipsec_set_async_mode - remove unsued ipsec_add_feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
2021-02-25ikev2: Use the IPSec functions for UDP port managementNeale Ranns2-46/+2
Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
2021-02-25linux-cp: fix vector-used-a-C-string overflowBenoît Ganne2-4/+3
lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-25ipsec: enable input features on tunnelsBrian Russell4-30/+93
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga44-5781/+10760
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24virtio: enable the interrupt support for uio_pci_genericMohsin Kazmi1-11/+4
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan1-4/+14
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-24wireguard: coverity fixArtem Glazychev1-11/+12
explicit null dereferenced Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
2021-02-24crypto: A more memory efficient layout of the frame element structNeale Ranns2-18/+26
Type: improvement Also: - state as enum so my GDB life is easier - typo; s/indice/indices/; Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
2021-02-24docs: move pnat doc link into dev doc sectionDave Wallace1-1/+1
- "PNAT: 1:1 match and rewrite programmable NAT" link was hanging out on the top level of the doc tree. Move it to VPP->Developer Documentation. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
2021-02-23l2: coverity woe in l2_api.cSteven Luong1-23/+20
Coverify complains deref_ptr before null check. deref_ptr: Directly dereferencing pointer reg. 1214 vl_reg = vl_api_client_index_to_registration (reg->client_index); 1215 ALWAYS_ASSERT (vl_reg != NULL); 1216 CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL) check_after_deref: Null-checking reg suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 1217 if (reg && vl_api_can_send_msg (vl_reg)) I believe the check is for vl_reg instead of reg because vl_reg may be NULL after the call vl_api_client_index_to_registration. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
2021-02-23hsa: fifo detach cleanupFlorin Coras2-0/+27
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I907b2e560d6ecd748aa7c6d775c4f7122a39b4cb
2021-02-23vcl: segment index leak on attachFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If8840d455f8841264136adb19cc9a2046ba37b11
2021-02-23vcl: fix coverity warningFlorin Coras1-7/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id9f922eafe4a68661d2858d72fc548a372e9596a
2021-02-23vlib: fix offload flags value resetBenoît Ganne1-2/+11
When a buffer is freed and re-allocated for a new packet, opaque2 is not reset, so the offload flags can be set to a stale value. Make sure the offload flags are reset to the current value on 1st set. Type: fix Fixes: 6809538e646bf86c000dc1faba60b0a4157ad898 Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-22vcl: fix vls_intercept_sigchld_handler be called recursivelynandfan1-0/+5
The old_sa is rewrite with vls_intercept_sigchld_handler when parent process fork child second time, parent process will call vls_intercept_sigchld_handler recursively when received child signal. Type: fix Signed-off-by: nandfan <fanyufei521@outlook.com> Change-Id: Ia58a254d58058489aa2d91b76a3b3cab1e38f802
2021-02-22api: fix memory leak in vl_api_cli_inband_t_handlerAndrew Yourtchenko1-0/+1
I noticed the memory leak while sending a lot of cli_inband APIs: DBGvpp# memory-trace on main-heap ... send a lot of API cli_inband ... DBGvpp# show memory main-heap Thread 0 vpp_main base 0x7f85c8302000, size 1g, locked, unmap-on-destroy, name 'main heap' page stats: page-size 4K, total 262144, mapped 33129, not-mapped 229015 numa 0: 33129 pages, 129.41m bytes total: 1023.99M, used: 125.78M, free: 898.22M, trimmable: 897.59M Bytes Count Sample Traceback 9751632 145034 0x7f85d01696e8 clib_mem_alloc_aligned_at_offset + 0x80 vec_resize_allocate_memory + 0xa8 _vec_resize_inline + 0x240 va_unformat + 0xe4 unformat + 0x159 vlib_cli_dispatch_sub_commands + 0x11e vlib_cli_input + 0x8f vl_api_cli_inband_t_handler + 0xd9 vl_msg_api_handler_with_vm_node + 0x488 void_mem_api_handle_msg_i + 0x6f vl_mem_api_handle_msg_main + 0x38 vl_api_clnt_process + 0x28d 9723904 145034 0x7f85cd677238 clib_mem_alloc_aligned_at_offset + 0x80 vec_resize_allocate_memory + 0xa8 _vec_resize_inline + 0x240 unformat_init_string + 0x10d vl_api_cli_inband_t_handler + 0xc1 vl_msg_api_handler_with_vm_node + 0x488 void_mem_api_handle_msg_i + 0x6f vl_mem_api_handle_msg_main + 0x38 vl_api_clnt_process + 0x28d vlib_process_bootstrap + 0x5d 0x7f8608b0e038 290077 total traced objects Solution: free the input data structure. Type: fix Change-Id: I42de5572e8760237e793a53c1a94bce65a4ac5fa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-22vcl: cleanup fifos detached from segmentsFlorin Coras4-3/+60
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I412024731c1f561680736ad7bfabb99b595e3dff
2021-02-22svm: free shared fifo on detachFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I639560ee3dd0a1d605ec2866dce5cdd13fda8201
2021-02-22vcl: support sockopt of SO_REUSEPORT and SO_DOMAINwanghanlin3-0/+26
Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I800cfffb07bf7d4c4d1454b73febdba03f7d6b75
2021-02-22ip-neighbor: add set ip neighbor-config CLI commandIvan Shvedunov1-0/+54
Type: improvement Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
2021-02-20svm: return chunks to slice on fifo detachFlorin Coras2-18/+14
Ensure chunk alloc distribution is maintained on fifo detach. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5aa5524e06a703dc50e90da6d177663d2d997aa4
2021-02-19dpdk: fix cryptodev offset updateFan Zhang1-11/+8
Type: fix This patch fixes the missed crypto and integ offset update for every packet. Previously the offset is updated only when the key is changed. This is ok for encryption but not always true for decryption. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Iccd0011f4ae488746ce487a14b94ddd24fb0c07c
2021-02-19tests: add input policer thread handoff testsBrian Russell1-2/+74
Test worker thread handoff on an interface input policer. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
2021-02-19policer: add thread handoff for device inputBrian Russell4-13/+71
Add worker thread handoff for policers on the device input feature arc on an interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
2021-02-19policer: move handoff checks into policer codeBrian Russell4-47/+41
The IP punt policer currently checks if it needs to do worker thread handoff based on the thread index stored in the policer. Move this functionality into the policer code so it can be common for all users of the policer. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
2021-02-19tests: test input policerBrian Russell1-0/+74
Apply a policer to an interface, check it's policing packets. Remove it and check it no longer polices packets. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
2021-02-19policer: add api to configure input policingBrian Russell4-0/+76
Add a new API to apply a policer to an input interface. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700
2021-02-19policer: add policing as device-input featureBrian Russell3-233/+19
Add input per-interface policing as an input feature, repurposing vnet_policer_inline which formermly allowed input policing to be configured via a CLI. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I2fd00e964ae358a05e507c844f5476372124fae1
2021-02-19ikev2: start counting msgid from 0Filip Tehlar1-2/+2
This fixes an issue when initiator is expecting request with intitial msgid being 0 but 1 is received instead which results in retransmission (instead of normally processing the new request). Type: fix Change-Id: I60062276bd93de78128847c5b15f5d6cecf1df65 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-19session vppinfra: asan fixesFlorin Coras2-4/+17
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie709d76438542783cbc8c6174b5e712ef18a6276
2021-02-18svm: fix active fifo ll on attachFlorin Coras1-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf44f8d54c97fc43da5d5760e5ce477af07e5fbf
2021-02-18tests: remove unnecessary setup in policer testBrian Russell1-6/+0
The policer test class overrides setup and teardown methods from VppTestCase but doesn't do anything other than call the parent's method. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I76bac084c4cb5cb5195e34afe95b38affd585942
2021-02-18vlib: add a "vpplog" debug CLIDave Barach2-0/+25
To add arbitrary text to the vlib log. Combines nicely with comment/uncomment and the macro expander: define MY_FEATURE uncomment # or comment ... $(MY_FEATURE) { vpplog { My feature was enabled } } Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ia019f0a8fa670d8593ae01595f5ef410796e5b1c
2021-02-18vcl: epoll out deq notifications only if fifo existsFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia37d8474224f6074826c9ffb82feb919b2ef52f7
2021-02-18tests: re-enable NAT44ED tests for multiworkerAndrew Yourtchenko1-1/+0
Re-enable the test for 2-worker config test Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-18tests: policer test check unformat return valuesBrian Russell1-4/+6
Keep coverity happy by checking the return value of unformat calls. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iccd0296da527d079f79cc7bd8b57af1b524299bd
2021-02-18vat2: jsonconvert return checking - coverityOle Troan4-58/+66
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I8348645927519800d2390d27e01fae612602a6eb
2021-02-17vat2: add sanity checking - coverity errorsOle Troan1-0/+9
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I3cd56690fe52402d4cfa9ea67f1de53d8d919dee
2021-02-17vppapigen: resource leakage in fromjson array - coverityOle Troan1-1/+1
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I43283c59fd121dcb2486b26151108c90b027748b
2021-02-17linux-cp: fix coverity defectMatthew Smith1-0/+6
Type: fix If no host interface name is passed to the CLI command which creates an interface pair, NULL gets passed to lcp_itf_pair_create() and a seg fault occurs. Check whether a host interface name was provided and fail gracefully if none was given. Change-Id: I82886f4c2ee710e206c751c34a74399112e9062c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-17vppapigen: more _fromjson autogeneration coverity fixesOle Troan4-7/+45
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9a7bb617a3fa87d6ef49c75277e53425310cdcf9 Signed-off-by: Ole Troan <ot@cisco.com>