summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-08-31ipsec: fix coverity 249212Andrew Yourtchenko1-2/+2
zero-initialize the variables Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216
2022-08-31udp: store mss and sw_if_index to udp_connection_tSteven Luong4-4/+11
Store mss and sw_if_index to udp_connection_t and display them via show sessipn verbose 2 Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
2022-08-31nat: fix coverity 249194Andrew Yourtchenko1-1/+1
Zero-initialize a variable. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iccf2eb4bf26755d6cd93fc70df3c5481d69ce7eb
2022-08-31nat: fix coverity 249178Andrew Yourtchenko1-1/+1
Zero-initialize the variable Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4ee127ac3e2a3beffa11bbc96db1f3254b3f7c5d
2022-08-31pppoe: fix coverity 218437, 218401Andrew Yourtchenko1-0/+3
Initialize the session index in case of error to ~0, so is defined in case trace needs to copy it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
2022-08-31gso: zero-initialize gho structVladislav Grishenko2-0/+6
It may contain garbage in debug builds resulting in wrong gho detected flags and offsets. Type: fix Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru> Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
2022-08-31devices: fix coverity warningMohsin Kazmi1-1/+1
Type: fix Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e
2022-08-31devices: add support for polling modeMohsin Kazmi3-6/+45
Type: improvement Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00
2022-08-30l2: skip arp term for locally originated packetsStanislav Zaikin3-0/+6
Mark arp packet as locally originated when probing/replying and don't apply any arp-term logic against it. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
2022-08-30tcp: do not overcount ooo bytesFlorin Coras1-1/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2
2022-08-30dma_intel: fix the wrong unformat typeHaiyue Wang1-1/+1
The unformat type for "%d" should be u32 or int, otherwise the 'did' in high stack address will be overflow to zero by the 'qid' which is in the low stack address. Like input "dev wq3.2" will return "did=0, qid=2". Type: fix Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90
2022-08-30memif: Process bad descriptors correctly in memif_process_descSteven Luong1-10/+35
When there is a bad descriptor, it may in the beginning, in the middle, or at the end of the batch if the batch has more than 3 descriptors. When processing a bad descriptor is encountered in the batch, we need to rollback n_buffers in memif_process_desc(), or the statement in the same function memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy, dst_off, n_buffers - 1); is wrong because it picks up the wrong buffer_vec_index of the bad descriptor while parsing a good descriptor immediately following the bad descriptor. n_buffers was incremented in the beginning of while (n_left) loop. The other problem is we should count the number of bad packets and reduce ptd->n_packets to get the correct number of packets for subsequent processing in device_input. The last fix is to check if n_buffers == 0 in device_input and skip doing any descriptor copy. This case can happen when all the descriptors are bad in the batch. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I28ed1d87236b045657006755747b5750a9a733be
2022-08-30ethernet: fix coverity 214973Andrew Yourtchenko1-15/+14
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei, is called only if ei is set. Type: fix Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 274750, part 2Andrew Yourtchenko1-1/+1
Add another missing null check. Type: fix Change-Id: Iec4de548810efe369a6e61b8787131230506cff6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-30vlib: fix coverity 277203Andrew Yourtchenko1-1/+1
Fix integer overflow. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I72de6f88be064f188204d0f6d3167a3a8d7de58d
2022-08-30ethernet: refactor the redundant codeAndrew Yourtchenko1-8/+7
Following the discussion during the review of b46a4e69e5db18ef792415439d04a0ab22c59386, remove the redundant ei0. This resulted in realization that in order for this code to do anything useful, the ei must be always non-zero, so rewrite the logical condition for it. Also, make it a conjunction which seems simpler to understand. Type: improvement Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29vlib: use error description when dropping packetsArthur de Kerhor1-1/+1
Using the error name makes it less explicit in the packet trace than the error description when a packet is dropped. Example of the trace when the TTL is <=1: 01:03:17:015278: drop ip4-input: time_expired We should have "ip4 ttl <= 1" instead of "time_expired" Type: fix Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
2022-08-29ethernet: fix mac address increment errorJieqiang Wang1-2/+2
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add static ARP entries will output wrong mac addresses due to lack of big/little endian conversion. Fix this error by converting mac address from big endian to little endian before doing the self-increment. Before patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0 4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 After patched: vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5 vpp# show ip neighbor Time IP Flags Ethernet Interface 4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0 4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0 4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0 4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0 4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0 Type: fix Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
2022-08-29fib: fix coverity 249175Andrew Yourtchenko1-0/+1
Add an assert to express the constraint to coverity without incurring the overhead in release builds. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
2022-08-29fib: fix coverity 253539Andrew Yourtchenko1-0/+1
Add an ASSERT so coverity is aware of the assumption taken, without incurring any penalty in release build. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-29ethernet: fix coverity 218549Andrew Yourtchenko1-1/+1
Check that the pointer is non-null before dereferencing it. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
2022-08-29nat: fix coverity 249202Benoît Ganne1-2/+2
In case of a bad packet, the bihash kv is not initialized before being copied in the trace. Make sure it is initialized to 0. Type: fix Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-26linux-cp: fix coverity 216937Andrew Yourtchenko1-1/+1
Initialize the host_sw_if_index to ~0 so in the error cases the variable is set to something predictable. Type: fix Change-Id: Ic55e4f0cbfa286e85dfb54b89b5321af18a439a1 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-26nsh: fix coverity 249201Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct, else a->map.adj_index is being used unset. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: Ia02636ea1e911250d6aa5e413de48e1e09863880
2022-08-25build: disable gcc warning stringop-overflow for gcc-10 or greaterDave Wallace1-0/+4
- this warning causes build errors with gcc on ubuntu 22.04 Type: make Change-Id: Id8f6ab44b2315ce8a4564ea924d799ecb6f57fdf Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-08-25vlib: introduce DMA infrastructureMarvin Liu12-0/+1341
This patch introduces DMA infrastructure into vlib. This is well known that large amount of memory movements will drain core resource. Nowadays more and more hardware accelerators were designed out for freeing core from this burden. Meanwhile some restrictions still remained when utilizing hardware accelerators, e.g. cross numa throughput will have a significant drop compared to same node. Normally the number of hardware accelerator instances will less than cores number, not to mention that applications number will even beyond the number of cores. Some hardware may support share virtual address with cores, while others are not. Here we introduce new DMA infrastructure which can fulfill the requirements of vpp applications like session and memif and in the meantime dealing with hardware limitations. Here is some design backgrounds: Backend is the abstract of resource which allocated from DMA device and can do some basic operations like configuration, DMA copy and result query. Config is the abstract of application DMA requirement. Application need to request an unique config index from DMA infrastructure. This unique config index is associated with backend resource. Two options cpu fallback and barrier before last can be specified in config. DMA transfer will be performed by CPU when backend is busy if cpu fallback option is enabled. DMA transfer callback will be in order if barrier before last option is enabled. We constructs all the stuffs that DMA transfer request needed into DMA batch. It contains the pattern of DMA descriptors and function pointers for submission and callback. One DMA transfer request need multiple times batch update and one time batch submission. DMA backends will assigned to config's workers threads equally. Lock will be used for thread-safety if same backends assigned to multiple threads. Backend node will check all the pending requests in worker thread and do callback with the pointer of DMA batch if transfer completed. Application can utilize cookie in DMA batch for selves usage. DMA architecture: +----------+ +----------+ +----------+ +----------+ | Config1 | | Config2 | | Config1 | | Config2 | +----------+ +----------+ +----------+ +----------+ || || || || +-------------------------+ +-------------------------+ | DMA polling thread A | | DMA polling thread B | +-------------------------+ +-------------------------+ || || +----------+ +----------+ | Backend1 | | Backend2 | +----------+ +----------+ Type: feature Signed-off-by: Marvin Liu <yong.liu@intel.com> Change-Id: I1725e0c26687985aac29618c9abe4f5e0de08ebf
2022-08-25wireguard: fix ipv6 payload_length computationAloys Augustin1-4/+3
The ipv6 header length should not be counted in the ipv6 payload length. This is similar to https://gerrit.fd.io/r/c/vpp/+/36945. Type: fix Change-Id: I22de0ff828175829102a85288513ee3f55709108 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2022-08-24vlib: allow longer version stringMatthew Smith1-2/+2
Type: improvement When trying to use a version string in a downstream build that appends a timestamp to the standard version string, compiling fails because the version string is too long for the version and version_required fields in vlib_plugin_registration_t. Increase the size of those arrays from 32 to 64 chars. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I3632139e5ae7110aa4769359f380ad29522ad4ed
2022-08-24ipsec: fix coverity 249204Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
2022-08-23linux-cp: handle AF_BRIDGE neighborsMatthew Smith1-2/+8
Type: improvement VPP crashes when a linux-cp tap is added to a bridge on the host system because rtnl_neigh_get_dst() returns NULL for the neighbor message that is sent by the kernel. Check for NULL before trying to use the address from a neighbor in a netlink message. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I8a683d815a09620df9c0cc76e18df39828428e2c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-08-23lisp: address the issues raised by coverity 249165Andrew Yourtchenko1-4/+12
Add the error checks in parsing, aimed to avoid parser walking past the end of packet in case the data is garbage. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I9541b555a18baf63cb8081bcd7a4c2750f2ed012
2022-08-23rdma: fix coverity 249197Benoît Ganne1-2/+2
flags is u64, makes sure we do not overflow when shifting. Type: fix Change-Id: Ieea34187c0b568dc4d24c9415b9cff36907a5a87 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-23vppinfra: fix coverity 249217Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I8d73feae427a17470c47d1551ba7078213b589fc
2022-08-23classify: fix coverity 249223Andrew Yourtchenko1-1/+1
Day1 latent integer overflow. vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32 in split_and_rehash as well. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
2022-08-19nat: simplify per-protocol code by using an arrayJon Loeliger4-243/+158
rather than using obfuscated macro hacery, simplify the per-protocol data management by directly using an array of NAT protocol types. Type: refactor Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I6fe987556ac9f402f8d490da0740e2b91440304c
2022-08-19vlib: memory leak in vlib_register_errors on create and delete interfaceSteven Luong1-0/+1
format returns a vector which must be free or memory is leaked. From show memory 3716528 66716 0x7fffbfeb0db0 _vec_resize_internal + 0xe6 _vec_add + 0x164 do_percent + 0xb82 va_format + 0xb9 format + 0x156 vlib_register_errors + 0x76c setup_tx_node + 0x5c vnet_register_interface + 0xca6 vnet_eth_register_interface + 0xdd memif_create_if + 0x975 memif_create_command_fn + 0x461 vlib_cli_dispatch_sub_commands + 0xec8 (gdb) list *(vlib_register_errors + 0x76c) 0x7ffff6e8280c is in vlib_register_errors (/home/sluong/vpp/vpp/src/vlib/error.c:224). 219 220 vec_validate (nm->node_by_error, n->error_heap_index + n_errors - 1); 221 222 for (u32 i = 0; i < n_errors; i++) 223 { 224 t.format = (char *) format (0, "%v %s: %%d", n->name, cd[i].name); 225 vm->error_elog_event_types[n->error_heap_index + i] = t; 226 nm->node_by_error[n->error_heap_index + i] = n->index; 227 } Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I2983f081b7e2c1b2d18d66afe45282933efbe127
2022-08-19ipsec: enable UDP encap for IPv6 ESP tun protectMatthew Smith9-51/+101
Type: improvement If an SA protecting an IPv6 tunnel interface has UDP encapsulation enabled, the code in esp_encrypt_inline() inserts a UDP header but does not set the next protocol or the UDP payload length, so the peer that receives the packet drops it. Set the next protocol field and the UDP payload length correctly. The port(s) for UDP encapsulation of IPsec was not registered for IPv6. Add this registration for IPv6 SAs when UDP encapsulation is enabled. Add punt handling for IPv6 IKE on NAT-T port. Add registration of linux-cp for the new punt reason. Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
2022-08-18unittest: fix coverity 274736Andrew Yourtchenko1-0/+1
Free up the vapi context in case of failure. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I4f64e8718014d714f1b82877e69d2354b5fa44fb
2022-08-18wireguard: fix error type for crypto backendBenoît Ganne1-1/+1
Crypto backend errors should not be using the same error as missing keypair. Type: fix Change-Id: I78c2b3df3f08a354463b7824349b08627f2b023c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-18wireguard: fix ipv6 handshake packetBenoît Ganne1-3/+1
IPv6 payload length should not include the size of the IPv6 header. Type: fix Change-Id: Iedcd17d0af8d72d9b5f8f9b605da7c99e151bc9d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-18vppinfra: correct clib_bitmap_set() return commentJon Loeliger1-1/+1
Fix a copy-n-paste issue that left clib_bitmap_set()'s return type documentation incorrect. Chnage it to indicate that the function returns a new pointer for the bitmap that could be different due to a possible reallocation. Type: docs Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Ia193c4673c0e4d1760e91cd7f80ebe1868a3c9b5
2022-08-18nat: Replace port refcounts with simple bitvectorsJon Loeliger2-17/+80
Previously, each address maintained an array of 32-bit reference counts for each of 65K possible ports for each of 4 NAT protocols. Totalling 1MB per address. Wow. A close read of the code shows that an "is used" check precedes each attempted reference count increment. That means the refcount never actually gets above 1. That in turn means algorithmically, a bit vector is sufficient. And one need not be allocated for more than the highest validated port referenced. These changes introduce a dynamically sized bit vector replacing the reference counts, for a maximum of 32K if all 4 protocols use port 65535. In fact, protocol OTHER is never used, so at most 24K will be used, and none of it will be "statically" allocated per address. Type: fix Fixes: 85bee7548bc5a360851d92807dae6d4159b68314 Change-Id: I7fd70050e7bf4871692a862231f8f38cf0158132 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2022-08-18dns: fix coverity 249189, 249198Andrew Yourtchenko1-2/+2
Zero-initialize the temporary struct on stack. Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I89ced4cca8e832827fe054e2e60986de5910360c
2022-08-18nsh: fix coverity 249169Andrew Yourtchenko1-1/+1
Zero-initialize the temporary struct on stack. Type: fix Change-Id: I651f87deeb79c6c073d5c510435fa268893a3b0e Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-18ip-neighbor: Declarative .api counters.Neale Ranns4-56/+109
Type: improvement plus the addition of the 'thorttle' counter of IP6. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
2022-08-18ip: Use .api declarative counters for ICMP.Neale Ranns6-85/+247
Type: improvement Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b
2022-08-18ikev2: accept key exchange on CREATE_CHILD_SAAtzm Watanabe2-63/+126
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload to enable stronger guarantees of forward secrecy. When the KEi payload is included in the CREATE_CHILD_SA request, responder should reply with the KEr payload and complete the key exchange, in accordance with the RFC. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
2022-08-18ikev2: fix possible SEGVAtzm Watanabe1-3/+3
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icbd452b43ecaafe46def1276c98f7e8cbf761e51
2022-08-17svm: fix coverity 249207,249209Andrew Yourtchenko1-2/+2
Zero-initialize the temporary struct. Type: fix Change-Id: I6f7a35ace6002aa75dc986c7c7eca614c9c5c3ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2022-08-17vlib: fix coverity 274744Andrew Yourtchenko1-1/+4
Add a missing null check Type: fix Change-Id: Id1b27341480c9d62185496ae1d832360119ec198 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>