summaryrefslogtreecommitdiffstats
BranchCommit messageAuthorAge
masterhs-test: always build when running 'make build'Adrian Villin24 hours
stable/2410misc: VPP 24.10 Release NotesAndrew Yourtchenko6 weeks
stable/2406prom: test_prom fixMatus Fabian4 months
stable/2402build: update octeon-roc checksum to updated versionDave Wallace4 months
stable/2310sr: use correct reply to sr_policy_add_v2Vratko Polak8 months
stable/2306vpp-swan: fix configuration of policiesGabriel Oginski15 months
stable/2302vlib: reset stop_timer_handle on expired processesMatthew Smith15 months
stable/2210nat: fix nat44 vrf handlersDaniel Béreš21 months
stable/2206misc: VPP 22.06.1 Release NotesDave Wallace22 months
stable/2106ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2101ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2009ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2005ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2001ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/1904ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/1908ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2110ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/2202ipsec: fix AES CBC IV generation (CVE-2022-46397)Benoît Ganne22 months
stable/1901vlib: address vlib_error_t scaling issueSteven Luong5 years
stable/1807Clean up multi-thread barrier-sync hold-down timerDave Barach6 years
stable/1810mp_safe SW_INTERFACE_DUMP, SW_INTERFACE_DETAILS, SW_INTERFACE_TAG_ADD_DEL,Steven Luong6 years
stable/1804fix packets redirect ineffective on af-packet interfacechenxiang6 years
stable/1801fix issue with missing sample_main in sample pluginDamjan Marion6 years
stable/1710l2-flood: fix restore vnet buffer's flags in the replication routineSteve Shin7 years
stable/1707Add replicate DPO header to export list for VPPSBNeale Ranns7 years
stable/1704VPP debug image with worker threads hit assert on adding IP route with traffi...Neale Ranns7 years
stable/1701Fix pretty-printing in "api trace custom-dump" (VPP-683)Andrew Yourtchenko8 years
stable/1609Vhost: Add thread sync while receiving vhost messagePierre Pfister8 years
stable/1606Fix generate-deb-changelog to handle YY.MM releaseEd Warnicke9 years
stable/testWhitespace probe for CIEd Warnicke9 years
 
TagDownloadAuthorAge
v24.10commit cfa0953251...Andrew Yourtchenko7 weeks
v24.10-rc2commit 466b350538...Andrew Yourtchenko8 weeks
v24.10-rc1commit b91e15387d...Andrew Yourtchenko3 months
v25.02-rc0commit 8f989630b0...Andrew Yourtchenko3 months
v24.06commit 6e8b350a01...Andrew Yourtchenko6 months
v24.06-rc2commit 55457075d9...Andrew Yourtchenko6 months
v24.06-rc1commit b3304b2b76...Andrew Yourtchenko7 months
v24.10-rc0commit 71e0902454...Andrew Yourtchenko7 months
v24.02commit 455960759b...Andrew Yourtchenko10 months
v24.02-rc2commit 8cbf84dce0...Andrew Yourtchenko10 months
v24.02-rc1commit 3a56e86a73...Andrew Yourtchenko11 months
v24.06-rc0commit 6fb2b3dc72...Andrew Yourtchenko11 months
v23.10commit 7c4027fa5e...Andrew Yourtchenko14 months
v23.10-rc2commit 015a6f7f17...Andrew Yourtchenko14 months
v23.10-rc1commit 14df6fc1ea...Andrew Yourtchenko15 months
v24.02-rc0commit 7419bede7a...Andrew Yourtchenko15 months
v23.06commit 493b8990d1...Andrew Yourtchenko18 months
v23.06-rc2commit 5e6bc730ef...Andrew Yourtchenko18 months
v23.06-rc1commit b60a6477eb...Andrew Yourtchenko19 months
v23.10-rc0commit a7dd04d73b...Andrew Yourtchenko19 months
v23.02commit 5516fc0f3b...Andrew Yourtchenko22 months
v22.10.1commit 57302fe52f...Dave Wallace22 months
v22.06.1commit 1513b381d8...Dave Wallace22 months
v23.02-rc2commit be1b844214...Andrew Yourtchenko22 months
v23.02-rc1commit 42b5a8767c...Andrew Yourtchenko23 months
v23.06-rc0commit 2ebb95228f...Andrew Yourtchenko23 months
v22.10commit 07e0c05e69...Andrew Yourtchenko2 years
v22.10-rc2commit 61bae8a54d...Andrew Yourtchenko2 years
v22.10-rc1commit f845abb5dd...Andrew Yourtchenko2 years
v23.02-rc0commit a2a7a4031b...Andrew Yourtchenko2 years
v22.06commit 0d352a97c5...Andrew Yourtchenko2 years
v22.06-rc2commit ea4bcec987...Andrew Yourtchenko3 years
v22.06-rc1commit 211fa4748c...Andrew Yourtchenko3 years
v22.10-rc0commit e0301eeb7b...Andrew Yourtchenko3 years
v22.02commit 7911f29c51...Andrew Yourtchenko3 years
v22.02-rc2commit 9d2db2eb2e...Andrew Yourtchenko3 years
v22.02-rc1commit 93e5bea2d3...Andrew Yourtchenko3 years
v22.06-rc0commit 017a676654...Andrew Yourtchenko3 years
v21.10.1commit 0385458a56...Andrew Yourtchenko3 years
v21.10commit 0e0384cde9...Andrew Yourtchenko3 years
v21.10-rc2commit c1931b2f09...Andrew Yourtchenko3 years
v21.10-rc1commit fd9d936b3c...Andrew Yourtchenko3 years
v22.02-rc0commit 192c55f2e7...Andrew Yourtchenko3 years
v21.01.1commit 54f8aff02a...Andrew Yourtchenko3 years
v21.06commit fc83f8cc67...Andrew Yourtchenko3 years
v21.06-rc2commit 8b297dbceb...Andrew Yourtchenko3 years
v21.06-rc1commit e82d59f381...Andrew Yourtchenko4 years
v21.10-rc0commit 91d6a94845...Andrew Yourtchenko4 years
v21.01commit 3d2d96e554...Andrew Yourtchenko4 years
v21.01-rc2commit 15db851d93...Andrew Yourtchenko4 years
v21.01-rc1commit 9dab7b9416...Andrew Yourtchenko4 years
v21.06-rc0commit 7742d5b355...Andrew Yourtchenko4 years
v20.09commit 072def4738...Andrew Yourtchenko4 years
v20.09-rc2commit a87deb77da...Andrew Yourtchenko4 years
v20.09-rc1commit fb6d768419...Andrew Yourtchenko4 years
v21.01-rc0commit 0b31630ce7...Andrew Yourtchenko4 years
v19.08.3commit 37e99c22df...Andrew Yourtchenko4 years
v20.05.1commit b1500e9fff...Andrew Yourtchenko4 years
v20.05commit ab572152d9...Andrew Yourtchenko5 years
v20.05-rc2commit 63f9e7cc0e...Andrew Yourtchenko5 years
v20.05-rc1commit b8e9009400...Andrew Yourtchenko5 years
v20.09-rc0commit b163bbb748...Andrew Yourtchenko5 years
v19.08.2commit ec9ce338f0...Andrew Yourtchenko5 years
v20.01commit fce396738f...Andrew Yourtchenko5 years
v20.01-rc2commit 29acfa2ad5...Andrew Yourtchenko5 years
v20.01-rc1commit c7fe31cfff...Andrew Yourtchenko5 years
v20.05-rc0commit 8ad070e102...Andrew Yourtchenko5 years
v19.04.4-rc0commit dfec10d137...Dave Wallace5 years
v19.04.3commit bdb89b9897...Dave Wallace5 years
v19.08.1commit f4dcae4164...Andrew Yourtchenko5 years
v19.08commit 1c586de48c...Andrew Yourtchenko5 years
v19.08-rc2commit 2f51729bb3...Andrew Yourtchenko5 years
v19.08-rc1commit 23526f78a8...Andrew Yourtchenko5 years
v20.01-rc0commit e41fd65381...Andrew Yourtchenko5 years
v19.04.2commit d95a226047...Dave Wallace5 years
v19.01.3commit bef25c30a1...Andrew Yourtchenko5 years
v19.04.2-rc0commit e4a0f9fdc0...Dave Wallace6 years
v19.01.3-rc0commit 6af8243814...Dave Wallace6 years
v19.04.1commit 1662c9cd23...Dave Wallace6 years
v19.01.2commit fa63602fcb...Andrew Yourtchenko6 years
v19.01.2-rc0commit 67a3e2d130...Dave Wallace6 years
v19.04.1-rc0commit 873b9ed405...Dave Wallace6 years
v19.04commit 3d18a191aa...Dave Wallace6 years
v19.04-rc2commit 0d7332e43f...Dave Wallace6 years
v19.08-rc0commit 40fd1f3dfd...Dave Wallace6 years
v19.04-rc1commit e29b8228a2...Dave Wallace6 years
v19.01.1commit cbd68cb711...Dave Wallace6 years
v19.01commit 67d9475ae3...Andrew Yourtchenko6 years
v19.01-rc2commit 0cb68778ec...Andrew Yourtchenko6 years
v19.01-rc1commit 3e2bc759f4...Damjan Marion6 years
v19.04-rc0commit ef080e1f9b...Andrew Yourtchenko6 years
v18.10commit 3a9a6f72d1...Marco Varlese6 years
v18.10-rc2commit b3aff922ff...Marco Varlese6 years
v19.01-rc0commit 4f611176e9...Marco Varlese6 years
v18.10-rc1commit 90395743d3...Marco Varlese6 years
v18.07.1commit 55fbdb9941...Ed Warnicke6 years
v18.07commit db6d6b3058...Ed Warnicke6 years
v18.07-rc2commit c16a23c596...Ed Warnicke6 years
v18.10-rc0commit 0e6f4d6af4...Ed Warnicke6 years
v18.07-rc0commit 3e21eba4d2...Ed Warnicke6 years
v18.07-rc1commit e400a6d1a5...Ed Warnicke6 years
v18.01.2commit 540b31ac8f...Dave Wallace7 years
v18.04commit ac2b7363f4...Chris Luke7 years
v18.04-rc2commit 18744ee680...Chris Luke7 years
v18.04-rc1commit 7ace56b9d8...Chris Luke7 years
v18.01.1commit f13bac295d...Dave Wallace7 years
v18.01commit 9d21268d0a...Dave Wallace7 years
v18.01-rc2commit bbdfeaebf2...Dave Wallace7 years
v18.01-rc1commit 8c2bacde4f...Dave Wallace7 years
v18.04-rc0commit a3a6ec63d3...Dave Wallace7 years
v17.10commit 116af2170e...Florin Coras7 years
v17.10-rc2commit cf6c343710...Florin Coras7 years
v18.01-rc0commit 75a17ecddc...Florin Coras7 years
v17.10-rc1commit 7ea28045aa...Florin Coras7 years
v17.07.01commit 839fa732c1...Neale Ranns7 years
v17.07commit f4f635e7c0...Neale Ranns7 years
v17.07-rc2commit 01d2b4b13a...Neale Ranns7 years
v17.10-rc0commit cdc74273df...Neale Ranns7 years
v17.07-rc1commit ea89b8cf66...Neale Ranns7 years
v17.04.2commit fc69a97116...Ole Troan7 years
v17.04.1commit 7d68ec6134...Ole Troan8 years
v17.04commit 511ee63cbb...Ole Troan8 years
v17.04-rc2commit 92bcecfdcc...Ole Troan8 years
v17.07-rc0commit 87edd671d7...Ole Troan8 years
v17.04-rc1commit cb92fc6edc...Ole Troan8 years
v17.01.1commit 8099e90346...Damjan Marion8 years
v17.01commit cd111b2228...Damjan Marion8 years
v17.01-rc2commit 235c64f067...Damjan Marion8 years
v17.04-rc0commit 2e70d8b31d...Damjan Marion8 years
v17.01-rc1commit 436b319354...Damjan Marion8 years
v17.01-rc0commit 931be3aca2...Ed Warnicke8 years
v16.09commit 21bc8624f5...Keith Burns (alagalah)8 years
v16.09-rc2commit 08377f8ff7...Keith Burns (alagalah)8 years
v16.12-rc0commit 694265d4f1...Dave Barach8 years
v16.09-rc1commit dbc6e3f0bb...Dave Barach8 years
v16.06commit 693f4358de...Ed Warnicke9 years
v16.06-rc3commit cf6511560e...Dave Barach9 years
v16.06-rc2commit b98a3a87a9...Dave Barach9 years
v16.09-rc0commit 862623da6e...Ed Warnicke9 years
v16.06-rc1commit 826d4f7b1f...Ed Warnicke9 years
v1.0.0commit cb9cadad57...Ed Warnicke9 years
an> r->dst_port_or_code_last >= match->l4.port[1]) ); } always_inline int single_rule_match_5tuple (acl_rule_t * r, int is_ip6, fa_5tuple_t * pkt_5tuple) { if (is_ip6 != r->is_ipv6) { return 0; } if (is_ip6) { if (!fa_acl_match_ip6_addr (&pkt_5tuple->ip6_addr[1], &r->dst.ip6, r->dst_prefixlen)) return 0; if (!fa_acl_match_ip6_addr (&pkt_5tuple->ip6_addr[0], &r->src.ip6, r->src_prefixlen)) return 0; } else { if (!fa_acl_match_ip4_addr (&pkt_5tuple->ip4_addr[1], &r->dst.ip4, r->dst_prefixlen)) return 0; if (!fa_acl_match_ip4_addr (&pkt_5tuple->ip4_addr[0], &r->src.ip4, r->src_prefixlen)) return 0; } if (r->proto) { if (pkt_5tuple->l4.proto != r->proto) return 0; /* A sanity check just to ensure we are about to match the ports extracted from the packet */ if (PREDICT_FALSE (!pkt_5tuple->pkt.l4_valid)) return 0; if (!fa_acl_match_port (pkt_5tuple->l4.port[0], r->src_port_or_type_first, r->src_port_or_type_last, pkt_5tuple->pkt.is_ip6)) return 0; if (!fa_acl_match_port (pkt_5tuple->l4.port[1], r->dst_port_or_code_first, r->dst_port_or_code_last, pkt_5tuple->pkt.is_ip6)) return 0; if (pkt_5tuple->pkt.tcp_flags_valid && ((pkt_5tuple->pkt.tcp_flags & r->tcp_flags_mask) != r->tcp_flags_value)) return 0; } /* everything matches! */ return 1; } always_inline u32 multi_acl_match_get_applied_ace_index (acl_main_t * am, int is_ip6, fa_5tuple_t * match) { clib_bihash_kv_48_8_t kv; clib_bihash_kv_48_8_t result; fa_5tuple_t *kv_key = (fa_5tuple_t *) kv.key; hash_acl_lookup_value_t *result_val = (hash_acl_lookup_value_t *) & result.value; u64 *pmatch = (u64 *) match; u64 *pmask; u64 *pkey; int mask_type_index, order_index; u32 curr_match_index = (~0 - 1); u32 lc_index = match->pkt.lc_index; applied_hash_ace_entry_t **applied_hash_aces = vec_elt_at_index (am->hash_entry_vec_by_lc_index, lc_index); hash_applied_mask_info_t **hash_applied_mask_info_vec = vec_elt_at_index (am->hash_applied_mask_info_vec_by_lc_index, lc_index); hash_applied_mask_info_t *minfo; DBG ("TRYING TO MATCH: %016llx %016llx %016llx %016llx %016llx %016llx", pmatch[0], pmatch[1], pmatch[2], pmatch[3], pmatch[4], pmatch[5]); for (order_index = 0; order_index < vec_len ((*hash_applied_mask_info_vec)); order_index++) { minfo = vec_elt_at_index ((*hash_applied_mask_info_vec), order_index); if (minfo->first_rule_index > curr_match_index) { /* Index in this and following (by construction) partitions are greater than our candidate, Avoid trying to match! */ break; } mask_type_index = minfo->mask_type_index; ace_mask_type_entry_t *mte = vec_elt_at_index (am->ace_mask_type_pool, mask_type_index); pmatch = (u64 *) match; pmask = (u64 *) & mte->mask; pkey = (u64 *) kv.key; /* * unrolling the below loop results in a noticeable performance increase. int i; for(i=0; i<6; i++) { kv.key[i] = pmatch[i] & pmask[i]; } */ *pkey++ = *pmatch++ & *pmask++; *pkey++ = *pmatch++ & *pmask++; *pkey++ = *pmatch++ & *pmask++; *pkey++ = *pmatch++ & *pmask++; *pkey++ = *pmatch++ & *pmask++; *pkey++ = *pmatch++ & *pmask++; /* * The use of temporary variable convinces the compiler * to make a u64 write, avoiding the stall on crc32 operation * just a bit later. */ fa_packet_info_t tmp_pkt = kv_key->pkt; tmp_pkt.mask_type_index_lsb = mask_type_index; kv_key->pkt.as_u64 = tmp_pkt.as_u64; int res = clib_bihash_search_inline_2_48_8 (&am->acl_lookup_hash, &kv, &result); if (res == 0) { /* There is a hit in the hash, so check the collision vector */ u32 curr_index = result_val->applied_entry_index; applied_hash_ace_entry_t *pae = vec_elt_at_index ((*applied_hash_aces), curr_index); collision_match_rule_t *crs = pae->colliding_rules; int i; for (i = 0; i < vec_len (crs); i++) { if (crs[i].applied_entry_index >= curr_match_index) { continue; } if (single_rule_match_5tuple (&crs[i].rule, is_ip6, match)) { curr_match_index = crs[i].applied_entry_index; } } } } DBG ("MATCH-RESULT: %d", curr_match_index); return curr_match_index; } always_inline int hash_multi_acl_match_5tuple (void *p_acl_main, u32 lc_index, fa_5tuple_t * pkt_5tuple, int is_ip6, u8 *action, u32 *acl_pos_p, u32 * acl_match_p, u32 * rule_match_p, u32 * trace_bitmap) { acl_main_t *am = p_acl_main; applied_hash_ace_entry_t **applied_hash_aces = vec_elt_at_index(am->hash_entry_vec_by_lc_index, lc_index); u32 match_index = multi_acl_match_get_applied_ace_index(am, is_ip6, pkt_5tuple); if (match_index < vec_len((*applied_hash_aces))) { applied_hash_ace_entry_t *pae = vec_elt_at_index((*applied_hash_aces), match_index); pae->hitcount++; *acl_pos_p = pae->acl_position; *acl_match_p = pae->acl_index; *rule_match_p = pae->ace_index; *action = pae->action; return 1; } return 0; } always_inline int acl_plugin_match_5tuple_inline (void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t * pkt_5tuple, int is_ip6, u8 * r_action, u32 * r_acl_pos_p, u32 * r_acl_match_p, u32 * r_rule_match_p, u32 * trace_bitmap) { acl_main_t *am = p_acl_main; fa_5tuple_t * pkt_5tuple_internal = (fa_5tuple_t *)pkt_5tuple; pkt_5tuple_internal->pkt.lc_index = lc_index; if (PREDICT_TRUE(am->use_hash_acl_matching)) { if (PREDICT_FALSE(pkt_5tuple_internal->pkt.is_nonfirst_fragment)) { /* * tuplemerge does not take fragments into account, * and in general making fragments first class citizens has * proved more overhead than it's worth - so just fall back to linear * matching in that case. */ return linear_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } else { return hash_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } } else { return linear_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } } always_inline int acl_plugin_match_5tuple_inline_and_count (void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t * pkt_5tuple, int is_ip6, u8 * r_action, u32 * r_acl_pos_p, u32 * r_acl_match_p, u32 * r_rule_match_p, u32 * trace_bitmap, u32 packet_size) { acl_main_t *am = p_acl_main; int ret = 0; fa_5tuple_t * pkt_5tuple_internal = (fa_5tuple_t *)pkt_5tuple; pkt_5tuple_internal->pkt.lc_index = lc_index; if (PREDICT_TRUE(am->use_hash_acl_matching)) { if (PREDICT_FALSE(pkt_5tuple_internal->pkt.is_nonfirst_fragment)) { /* * tuplemerge does not take fragments into account, * and in general making fragments first class citizens has * proved more overhead than it's worth - so just fall back to linear * matching in that case. */ ret = linear_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } else { ret = hash_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } } else { ret = linear_multi_acl_match_5tuple(p_acl_main, lc_index, pkt_5tuple_internal, is_ip6, r_action, r_acl_pos_p, r_acl_match_p, r_rule_match_p, trace_bitmap); } if (PREDICT_TRUE(ret)) { u16 thread_index = os_get_thread_index (); vlib_increment_combined_counter(am->combined_acl_counters + *r_acl_match_p, thread_index, *r_rule_match_p, 1, packet_size); } return ret; } #endif