summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04crypto: fix ops flags in crypto sw schedulerBenoît Ganne1-7/+2
The sw crypto scheduler converts crypto frames to individual crypto operations. This is done by reusing per-thread vectors for crypto, integrity and chained operations. The crypto op flags must be reset to frame flags minus invalid values depending of the operation. The previous tentative also cleared the chained buffer flag, breaking jumbo support. Type: fix Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04crypto: add support for aes-ctr+sha-1 chainsBenoît Ganne1-16/+19
Type: feature Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04hsa: fix builtin echo apps with multiple workersFlorin Coras2-25/+88
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
2021-03-04bonding: coverity woe in bond_dev_class fuctionSteven Luong1-5/+14
Coverity complans the line h = hashes; uses uninitialized variable if the prior ASSERT statement is hit. ASSERT is compiled out coverity as well as in release image. So the complain is legitimate. Change the ASSERT to drop the frame and log an error instead. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
2021-03-04dpdk: fix include directories with system dpdkRobert Shearman1-0/+1
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules to the include directories to allow use of system DPDK where the headers aren't under standard include directories. Type: fix Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1 Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04marvell: remove unused variableRobert Shearman1-1/+0
Fix compile error in mrvl_pp2_delete_if caused by unused variable by removing that variable. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04memif: Validate descriptors within process boudarySteven Luong1-20/+27
We hit a crash when the client sends us a bogus deescriptor which causes us to access memory beyong the mapping. While the client clearly should not do that, it is rather cheap for VPP to validate the descriptor instead of crash and burn. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id09035810939f5f98530f212f0b23e606132251d
2021-03-04dpdk: enable AVX-512 on ICLRay Kinsella1-0/+5
Enable DPDK AVX-512 Vector PMDs on Intel Icelake Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
2021-03-04dpdk: deprecate ipsec backendFan Zhang11-4533/+578
Type: refactor DPDK crypto devices are now accessible via the async infra, so there is no need for the DPDK ipsec plugin. In addition this patch fixes the problem that cryptodev backend not working when master core and worker cores lies in different numa nodes. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
2021-03-04vppinfra: fix compiling error due to incompatible udphdr field namesJieqiang Wang1-6/+3
Compiling VPP on CentOS 7 will fail shown as below. The root cause is that uh_sport/uh_dport field names for struct udphdr are chosen only if macro __FAVOR_BSD in /usr/include/netinet/udp.h is defined for glibc version less than 2.19. Fix this issue by using source and dest field names in struct udphdr for compatibility reasons. FAILED: vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o ccache /opt/rh/devtoolset-9/root/bin/cc -Dvppinfra_EXPORTS -I/vpp/src -I. -Iinclude -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=corei7 -mtune=corei7-avx -O2 -fstack-protector -D_FORTIFY_SOURCE=2 -fno-common -flto -fno-fat-lto-objects -fPIC -fvisibility=hidden -ffunction-sections -fdata-sections -MD -MT vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -MF vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o.d -o vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -c /vpp/src/vppinfra/unix-formats.c /vpp/src/vppinfra/unix-formats.c: In function 'format_udp4_packet': /vpp/src/vppinfra/unix-formats.c:319:19: error: 'struct udphdr' has no member named 'uh_sport' 319 | u16 source = udp->uh_sport; | ^~ /vpp/src/vppinfra/unix-formats.c:320:17: error: 'struct udphdr' has no member named 'uh_dport' 320 | u16 dest = udp->uh_dport; Type: fix Change-Id: Ifc99c7286ea3fac463096152267033ac0518c230 Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Reviewed-by: Lijian Zhang <lijian.zhang@arm.com> Reviewed-by: Tianyu Li <tianyu.li@arm.com>
2021-03-03udp: allocate rx lock only for non-connectedFlorin Coras1-3/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
2021-03-03api: fix crash when cf removedwanghanlin1-2/+16
cf may be removed when: 1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal message, secondly reading 0 bytes because of socket client crash, then cf removed without clear message added to pending event data vectors before 2. clib_file_write called Type: fix Signed-off-by: wanghanlin <wanghanlin@corp.netease.com> Change-Id: I4523e9bb322e98357575925f3113f710d70dd679
2021-03-03nsh: Resolve SA errors in NSH plugin.Vengada Prasad Govindan1-15/+0
Type: fix Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a Signed-off-by: Vengada Govindan <venggovi@cisco.com>
2021-03-03dhcp: calls to vnet_feature_enable_disable needs to be protectedSteven Luong1-1/+7
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync protection. This can cause data contention with the worker threads. Wrap all calls to vnet_feature_enable_disable with barrier sync and barrier release. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I74545b074599273429f47e3e726551156bc11bbc
2021-03-02ikev2: fix authFilip Tehlar1-1/+1
Old auth data is needed when generating new one. Type: fix Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-02classify: fix crash if no pcap filter has been configuredBenoît Ganne1-1/+2
If no pcap filters have ever been configured and we try to enable pcap capture with a filter, cm->classify_table_index_by_sw_if_index is not initialized yet. Type: fix Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-02classify: fix multiple filters supportBenoît Ganne1-11/+22
This fix the classify filter if we attach several different filters. This also fix some issues with l3 and l4 parsing. Type: fix Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-28session svm: segment manager and fifo segment leaksFlorin Coras2-0/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
2021-02-27vlib: fix clear trace buffer race conditionBenoît Ganne1-4/+15
Type: fix Change-Id: I2384e052bee91a275c3b97a00542819b1d646c88 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-26vppinfra: mem leak in show memory main-heapFlorin Coras1-1/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I23d1dda86c781ac077dbee7cb0e1ddeaa328c660
2021-02-26udp: avoid locking connected udp sessions on rxFlorin Coras3-2/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26virtio: place the event fds on worker threads for pci deviceMohsin Kazmi1-0/+11
Type: improvement Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-02-26svm: fix shared hdr migrationFlorin Coras2-7/+9
Avoid changing the header on attach as it may be in use. Instead, as for chunks, allocate header to be collected on detach. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib316ecb5d61ae161032869b6f6a1863f1105a1d9
2021-02-26nat: optimize flow matching in ED NATKlement Sekera5-81/+87
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-26nat: NAT44ED fail if using old plugin optionFilip Varga4-450/+498
Fail if obsolete flag is used. Type: fix Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-26interface: Fix rxq deletionNathan Skrzypczak1-2/+11
Type: fix Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26interface: fix sh int rxNathan Skrzypczak2-2/+2
Type: fix Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns18-98/+85
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26crypto: fix coverity issue 218445Piotr Bronowski1-3/+0
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: return 4294967295U;. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
2021-02-25sr: Fix the coverity issue on srv6-mobile pluginTetsuya Murakami1-2/+2
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
2021-02-25tests: Add tests for IPSec async mode using the crypto SW schedulerNeale Ranns1-1/+2
Type: test Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Iabc8f2b09ee10a82aacebd36acfe8648cf69b7d7
2021-02-25ipsec: ipsec.h tidy upNeale Ranns6-56/+86
Type: refactor - remove the extern declaration of the nodes. keep the use of them to the files that declare them - remove duplicate declaration of ipsec_set_async_mode - remove unsued ipsec_add_feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
2021-02-25ikev2: Use the IPSec functions for UDP port managementNeale Ranns2-46/+2
Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
2021-02-25linux-cp: fix vector-used-a-C-string overflowBenoît Ganne2-4/+3
lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-25ipsec: enable input features on tunnelsBrian Russell4-30/+93
Make the ipsec[46]-tun-input nodes siblings of device-input so that input features can be enabled on them. Register ipsec-tun for feature updates. When a feature is enabled on the device-input arc and the ifindex is an IPSec tunnel, change the end node of the arc for that ifindex to be the appropriate ESP decrypt node. Set a flag on the tunnel to indicate that the feature arc should be started for packets input on the tunnel. Test input policing on ESP IPSec tunnels. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga44-5781/+10760
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24virtio: enable the interrupt support for uio_pci_genericMohsin Kazmi1-11/+4
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-24fib: fix sa selection for fib routed destinationsJúlius Milan1-4/+14
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed the behavior, so that the new looked only to adjacent gleans. This caused a problem for destinations routed according to FIB table. To reproduce: vpp# create tap vpp# set interface state tap0 up vpp# set interface ip address tap0 192.168.11.1/24 vpp# ip route add 192.168.20.0/24 via 192.168.11.2 linux$ sudo ip addr add 192.168.20.1/24 dev lo linux$ sudo ip link set tap0 up linux$ sudo ip addr add 192.168.11.2/24 dev tap0 vpp# ping 192.168.20.1 Failed: no source address for egress interface Type: fix Signed-off-by: Július Milan <julius.milan@pantheon.tech> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
2021-02-24wireguard: coverity fixArtem Glazychev1-11/+12
explicit null dereferenced Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
2021-02-24crypto: A more memory efficient layout of the frame element structNeale Ranns2-18/+26
Type: improvement Also: - state as enum so my GDB life is easier - typo; s/indice/indices/; Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463