Dave Wallace [Sat, 11 Feb 2023 00:20:28 +0000 (19:20 -0500)]
misc: VPP 22.10.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I70374ea376c895d92d5789debf4b437113e3d884
(cherry picked from commit
57302fe52f141c19b5448997774271d2eedf5cb1)
Dave Wallace [Fri, 10 Feb 2023 18:28:46 +0000 (13:28 -0500)]
misc: VPP 22.06.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9
(cherry picked from commit
1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
Takeru Hayasaka [Fri, 30 Dec 2022 07:41:44 +0000 (16:41 +0900)]
sr: support define src ipv6 per encap policy
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Maros Ondrejicka [Tue, 7 Feb 2023 19:40:27 +0000 (20:40 +0100)]
hs-test: refactor test cases from no-topo suite
This converts remaining tests to configation of VPP from test context.
Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Maros Ondrejicka [Thu, 2 Feb 2023 07:58:04 +0000 (08:58 +0100)]
hs-test: refactor test cases from ns suite
This converts more tests to configure VPP from test context.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6
Naveen Joy [Wed, 1 Feb 2023 00:51:58 +0000 (16:51 -0800)]
tests: use existing pip compiled req file for building the run.py venv
pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again
Type: improvement
Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <najoy@cisco.com>
Naveen Joy [Thu, 2 Feb 2023 21:56:59 +0000 (13:56 -0800)]
tests: use iperf3 for running interface tests on the host
Type: improvement
Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2
Signed-off-by: Naveen Joy <najoy@cisco.com>
Maros Ondrejicka [Thu, 26 Jan 2023 09:07:29 +0000 (10:07 +0100)]
hs-test: configure VPP from test context
Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.
This converts just some of the test cases, rest is to follow.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f
Florin Coras [Wed, 8 Feb 2023 17:47:54 +0000 (09:47 -0800)]
session: accept lcl ip updates on cl sessions
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
Mohammed Hawari [Thu, 2 Feb 2023 12:29:28 +0000 (13:29 +0100)]
build: allow skipping external-deps
Change-Id: I0e5090ec6978af0dc4baecc7654918cf40663f42
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
Ting Xu [Tue, 13 Dec 2022 03:10:54 +0000 (03:10 +0000)]
avf dpdk: fix incorrect handling of IPv6 src address in flow
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
Ting Xu [Tue, 17 Jan 2023 02:34:37 +0000 (02:34 +0000)]
avf: fix incorrect flag for flow director
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
Ting Xu [Thu, 2 Feb 2023 02:06:12 +0000 (02:06 +0000)]
avf: fix checksum offload configuration
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
Ting Xu [Mon, 6 Feb 2023 03:01:10 +0000 (03:01 +0000)]
avf: fix bit calculation function fls_u32
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
Alexander Chernavin [Thu, 2 Feb 2023 14:22:56 +0000 (14:22 +0000)]
ip6-nd: support dump/details for IPv6 RA
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
ipsec: fix AES CBC IV generation (CVE-2022-46397)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Tue, 7 Feb 2023 17:01:59 +0000 (09:01 -0800)]
vcl: drop lock on segment attach failure
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790
Florin Coras [Fri, 3 Feb 2023 06:56:03 +0000 (22:56 -0800)]
vcl: add ldp implementation for recvmmsg
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958
Florin Coras [Thu, 2 Feb 2023 20:56:16 +0000 (12:56 -0800)]
vcl: better handlig of ldp apis that rely on gnu source
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
Ting Xu [Mon, 30 Jan 2023 03:42:20 +0000 (03:42 +0000)]
packetforge: fix lack of edge for ipv6 after gtppsc
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
Filip Tehlar [Fri, 27 Jan 2023 12:14:34 +0000 (13:14 +0100)]
hs-test: add nginx perf tests
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic609cf70c1d381afa78f393700359434c8bd0452
Damjan Marion [Mon, 30 Jan 2023 10:48:38 +0000 (11:48 +0100)]
vppinfra: refactor clib_socket_init, add linux netns support
Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>
Arthur de Kerhor [Wed, 16 Nov 2022 17:45:24 +0000 (18:45 +0100)]
ipsec: fix SA names consistency in tests
In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.
Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.
This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
Benoît Ganne [Tue, 3 Jan 2023 17:35:04 +0000 (18:35 +0100)]
ipsec: fix async crypto linked keys memory leak
Type: fix
Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Fri, 3 Feb 2023 04:07:19 +0000 (20:07 -0800)]
session: fix out of bounds event memcpy
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If5300653edd2dad470985f4591959d00cad2a43b
Dmitry Valter [Fri, 9 Dec 2022 19:34:22 +0000 (19:34 +0000)]
nat: fix accidental o2i deletion/reuse
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
Atzm Watanabe [Wed, 25 Jan 2023 05:11:10 +0000 (14:11 +0900)]
vpp-swan: allow SAs to be used to the route-based IPsec
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa"
key into strongswan.conf. If this is turned off, SAs will be
installed without tunnel information and can be used to
"ipsec tunnel protect". For the route-based IPsec, it will be
used with turning "policies" off in swanctl.conf.
Type: feature
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
Ondrej Fabry [Fri, 3 Feb 2023 10:33:39 +0000 (11:33 +0100)]
vppapigen: fix incorrect comments in json
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I241cefbbce98cf6fef83f36bd87ae2c1f4b067f0
Ofer Heifetz [Thu, 2 Feb 2023 14:57:26 +0000 (06:57 -0800)]
tls: openssl: fix SSL_read partial read scenario
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
Stanislav Zaikin [Thu, 2 Feb 2023 08:54:17 +0000 (09:54 +0100)]
linux-cp: fix auto-sub-int
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
Benoît Ganne [Fri, 18 Nov 2022 16:05:10 +0000 (17:05 +0100)]
ip: fix ip ACL traces
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Yulong Pei [Wed, 25 Jan 2023 08:05:03 +0000 (08:05 +0000)]
af_xdp: update custom XDP program example
Update custom XDP program example to work with libbpf 0.8.0 and
libxdp 1.2.9.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ib8d03f0be7f71fe996dfb7da0cfe35165711ebb0
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Ting Xu [Wed, 18 Jan 2023 04:22:00 +0000 (04:22 +0000)]
packetforge: fix order of dst/src address of mac
In the defination of mac node, the order of dst and src address is
reversed. Swap their order in this patch.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
Yulong Pei [Wed, 25 Jan 2023 07:41:19 +0000 (07:41 +0000)]
af_xdp: fix default xdp program unload fail
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
Maxime Peim [Fri, 6 Jan 2023 11:57:38 +0000 (11:57 +0000)]
policer: API policer selection by index
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
Benoît Ganne [Thu, 26 Jan 2023 16:16:54 +0000 (17:16 +0100)]
fib: keep AddressSanitizer happy
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Damjan Marion [Tue, 31 Jan 2023 19:14:13 +0000 (20:14 +0100)]
memif: improve error reporting
Type: improvement
Change-Id: I12b120d988347cced3df82810e86dc2fd5cfca80
Signed-off-by: Damjan Marion <dmarion@me.com>
Artem Glazychev [Tue, 24 Jan 2023 08:34:00 +0000 (15:34 +0700)]
wireguard: update ESTABLISHED flag
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
Dave Wallace [Thu, 26 Jan 2023 17:44:01 +0000 (12:44 -0500)]
tests: refactor quic tests to use app-socket-api
- clean up nomenclature & use f-strings where applicable
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
Benoît Ganne [Thu, 26 Jan 2023 18:23:19 +0000 (19:23 +0100)]
vppinfra: keep AddressSanitizer happy
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Damjan Marion [Thu, 26 Jan 2023 19:23:11 +0000 (20:23 +0100)]
vlib: chdir to runtime_dir
Type: improvement
Change-Id: Id8ab75ef4384a1029ab7ee84048f347708307830
Signed-off-by: Damjan Marion <dmarion@me.com>
Benoît Ganne [Thu, 26 Jan 2023 18:28:16 +0000 (19:28 +0100)]
api: keep AddressSanitizer happy
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Thu, 26 Jan 2023 16:04:58 +0000 (17:04 +0100)]
api: keep AddressSanitizer happy
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Thu, 26 Jan 2023 18:27:20 +0000 (19:27 +0100)]
api: keep AddressSanitizer happy
Type: fix
Change-Id: I793206068b8dca15b2f7f525ae1049139333c5b8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Thu, 26 Jan 2023 15:03:55 +0000 (16:03 +0100)]
dns: keep AddressSanitizer happy
Type: fix
Change-Id: I0ae4071ee317f38daa882fec17087a55afe75d1d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Nathan Skrzypczak [Mon, 28 Mar 2022 16:39:58 +0000 (18:39 +0200)]
dpdk: add intf tag to dev{} subinput
This patch allows to pass a tag when specifying
the dpdk `dev { }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Artem Glazychev [Tue, 24 Jan 2023 09:10:29 +0000 (16:10 +0700)]
wireguard: sending the first handshake
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Filip Tehlar [Wed, 25 Jan 2023 12:56:38 +0000 (13:56 +0100)]
hs-test: handle error in config serialization
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: If5bbf390df08acd1f67d31428b763f246dbcedf2
Maxime Peim [Fri, 13 Jan 2023 08:04:55 +0000 (08:04 +0000)]
api: pcap capture api update
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
Chen Yahui [Wed, 28 Sep 2022 13:30:07 +0000 (21:30 +0800)]
af_xdp: fix xdp socket create fail
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Stanislav Zaikin [Thu, 21 Jul 2022 17:06:26 +0000 (19:06 +0200)]
vppapigen: enable codegen for stream message types
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Dmitry Valter [Sun, 22 Jan 2023 13:09:15 +0000 (13:09 +0000)]
vppinfra: fix random buffer OOB crash with ASAN
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
Benoît Ganne [Fri, 20 Jan 2023 08:52:01 +0000 (09:52 +0100)]
vlib: make pending_interrupts valid for AddressSanitizer
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Maxime Peim [Wed, 18 Jan 2023 10:57:31 +0000 (10:57 +0000)]
vppinfra: clib_bitmap fix
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
Steven Luong [Mon, 24 Oct 2022 16:10:59 +0000 (09:10 -0700)]
vxlan: convert vxlan to a plugin
per https://jira.fd.io/browse/VPP-2058
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ica0828de218d25ada2d0d1491e373c3b78179ac1
Mohsin Kazmi [Mon, 16 Jan 2023 15:28:26 +0000 (15:28 +0000)]
ip: add the missing offload check
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I64283648985c98e81f315da32a451cef6e60f933
Mohsin Kazmi [Wed, 18 Jan 2023 19:34:00 +0000 (19:34 +0000)]
af_packet: add the missing header-len for packets with checksum offload
Type: fix
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ifb790c25b38b2b1865cda7d95891bddd4195c601
Andrew Yourtchenko [Wed, 18 Jan 2023 13:01:05 +0000 (13:01 +0000)]
misc: Initial 23.06-rc0 commit
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I28c5cc0d54963389fe513c7de634f1a84c0bf11b
Nobuhiro MIKI [Wed, 28 Sep 2022 06:53:17 +0000 (15:53 +0900)]
lb: add source ip based sticky load balancing
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
Guillaume Solignac [Wed, 11 Jan 2023 10:56:29 +0000 (11:56 +0100)]
build: use CMAKE_C_COMPILER_LAUNCHER for ccache
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
Ole Troan [Wed, 5 May 2021 21:00:58 +0000 (23:00 +0200)]
vppapigen: include comments in json
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ibd796adea734b64d9209c5e18c5b9800cbaf62c6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Florin Coras [Tue, 17 Jan 2023 21:02:51 +0000 (13:02 -0800)]
hs-test: zero timeout on docker stop
Should drop execution time for all tests by about 80%.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
Tianyu Li [Thu, 8 Dec 2022 02:08:32 +0000 (02:08 +0000)]
pppoe: fix memcpy out of bounds with gcc-11 on arm
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes:
62f9cdd82c52 ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
aihua2013 [Fri, 21 Oct 2022 02:32:08 +0000 (02:32 +0000)]
vppinfra:fix pcap write large file(> 0x80000000) error.
Type: improvement
Signed-off-by: aihua2013 <51931196@qq.com>
Change-Id: I22670f49abfb5d1fd728686fc7d65fb40ea6bda2
Klement Sekera [Mon, 14 Nov 2022 10:26:18 +0000 (11:26 +0100)]
tests: improve packet checksum functions
Fool-proof assert_checksum_valid so that one does not verify checksum on
wrong layer (because of how scapy internally works).
Make assert_packet_checksums_valid start checksum checking at inner
layers and outwards to make it more obvious where the error is. With old
behaviour, if one received an ICMP packet carrying a truncated TCP
packet, an error would be raised for ICMP checksum, as that one would be
the first to be wrong after recalculating all packet checksums, while
the real issue is TCP header being truncated and thus unsuitable for use
with this function.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
Benoît Ganne [Mon, 19 Dec 2022 17:23:03 +0000 (18:23 +0100)]
pci: fix musl crash
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Mon, 16 Jan 2023 21:21:35 +0000 (13:21 -0800)]
hs-test: add http proxy env to container builds
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c116efb41d561e30fd0db1388cdba903e2edffe
Maros Ondrejicka [Tue, 17 Jan 2023 09:52:20 +0000 (10:52 +0100)]
hs-test: autodetect ubuntu version during build
Since VPP binaries are being compiled on host system,
it makes sense to autodetect Ubuntu version when building test images
so that containers would be running version equal to host system.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
Pim van Pelt [Sun, 15 Jan 2023 19:04:56 +0000 (19:04 +0000)]
acl: CLI allow replace, allow deletion
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
Mohammed Hawari [Tue, 17 Jan 2023 11:18:15 +0000 (12:18 +0100)]
vlib: install dma.h to fix out-of-tree plugins
Change-Id: I7888ab58abced93859ce15d0dbd1c3d7c94a02f5
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes:
0654242d1ef51566f0d58445a16053cf376e5a6e
Filip Tehlar [Mon, 16 Jan 2023 09:21:29 +0000 (10:21 +0100)]
hs-test: better directory structure
Move config files to resources and docker files to separate directory
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
Filip Tehlar [Fri, 13 Jan 2023 20:33:43 +0000 (21:33 +0100)]
hs-test: restrict concurrency on envoy
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I8b06f4554a6ee5b13de829e47eaa82431a76c332
Gabriel Oginski [Thu, 10 Nov 2022 09:22:17 +0000 (09:22 +0000)]
wireguard: add local variable
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
Piotr Bronowski [Fri, 21 Oct 2022 15:48:55 +0000 (15:48 +0000)]
ipsec: fix transpose local ip range position with remote ip range in fast path implementation
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
Sergey Nikiforov [Fri, 13 Jan 2023 19:15:13 +0000 (00:15 +0500)]
vlib: add const to char* params of several funcs
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
Sergey Nikiforov [Fri, 13 Jan 2023 19:12:05 +0000 (00:12 +0500)]
vppinfra: add const to char* params of several funcs
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
Florin Coras [Fri, 13 Jan 2023 17:44:14 +0000 (09:44 -0800)]
vcl: set deq notify flag on epoll connected sessions
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I021f8e8bba247b0050d390a37dbc75900dc6a598
Maros Ondrejicka [Fri, 13 Jan 2023 09:09:14 +0000 (10:09 +0100)]
hs-test: use equal ubuntu versions in test images
Official nginx image is based on Debian with older libc version,
that causes a runtime fail when VPP libraries are compiled in Ubuntu
which has newer libc.
Using equal version of Ubuntu in VPP image and in nginx image
ensures that running nginx won't fail due to different libc versions.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I48f3b23be30a9d9d9144351437ce163d64a4bb6b
Liangxing Wang [Fri, 13 Jan 2023 03:48:37 +0000 (03:48 +0000)]
vppinfra: fix else if check in _vec_set_len()
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I1f757abccd228b9e73f25c96754738c8e6bff259
Nick Brown [Tue, 13 Dec 2022 14:20:35 +0000 (14:20 +0000)]
build: cmake NAMELINK_COMPONENT in vpp libraries
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Yulong Pei [Thu, 5 Jan 2023 02:26:32 +0000 (02:26 +0000)]
af_xdp: update af_xdp driver plugin to depend on libxdp
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/
277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Dave Barach [Thu, 12 Jan 2023 21:07:26 +0000 (16:07 -0500)]
vppinfra: fix longstanding corner case bug in serialize_get()
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
Filip Tehlar [Thu, 12 Jan 2023 15:21:55 +0000 (16:21 +0100)]
hs-test: fix tests using wget
This fixes an issue on systems with http proxy set.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic84fcd0b8a7698ef101b369d46be858cbe85fc73
Guillaume Solignac [Tue, 10 Jan 2023 14:37:18 +0000 (15:37 +0100)]
misc: use right include for fctnl.h and poll.h
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
Josh Dorsey [Wed, 4 Jan 2023 21:28:07 +0000 (21:28 +0000)]
abf: exclude networks with deny rules
Type: improvement
Signed-off-by: Josh Dorsey <jdorsey@netgate.com>
Change-Id: Iee43ca9278922fc7396764b88cff1a87bcb28349
Filip Tehlar [Wed, 11 Jan 2023 09:58:58 +0000 (10:58 +0100)]
hs-test: optimize size of docker image
Copy necessary only plugins in docker image
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5f60a8a1ccbbe099ac60774562dc5901f3b4fbed
Maros Ondrejicka [Tue, 20 Dec 2022 14:10:50 +0000 (15:10 +0100)]
hs-test: use anchors in yaml config files
Volumes can be referenced with anchors to reduce text duplication
and to explicitly show which containers share a volume.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Id408a78262573b3faf2257c32bfa569eca2e2049
Benoît Ganne [Thu, 13 Oct 2022 12:01:03 +0000 (14:01 +0200)]
virtio: add option to bind interface to uio driver
Type: improvement
Change-Id: I30e66370c927afeb62ba3a2b3334bdc2a31d4561
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Thu, 13 Oct 2022 15:22:26 +0000 (17:22 +0200)]
pci: add option to force uio binding
Type: improvement
Change-Id: Ifea4badd58f7e2b5e792d7506f6747851a08587f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Pim van Pelt [Wed, 11 Jan 2023 11:31:41 +0000 (11:31 +0000)]
linux-cp: Fix endianness in lcp response
Creation of LCP will return garbled host_sw_if_index of the newly
created TAP interface.
Example PAPI code:
```
lcp_add = vpp.api.lcp_itf_pair_add_del_v2(is_add=True, sw_if_index=17,
host_if_type=VppEnum.vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP,
host_if_name="loop0", netns="dataplane")
print(lcp_add)
lcp_ret = vpp.api.lcp_itf_pair_get()
print(lcp_ret)
```
Before, the returned host_sw_if_index has the wrong endianness:
VPP version is 23.02-rc0~
212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=
301989888)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=
4294967295),[lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=594, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
After, it is correctly showing idx 18:
VPP version is 23.02-rc0~
212-gf06a518f8
lcp_itf_pair_add_del_v2_reply(_0=103, context=2, retval=0, host_sw_if_index=18)
(lcp_itf_pair_get_reply(_0=105, context=3, retval=0, cursor=
4294967295), [lcp_itf_pair_details(_0=106, context=3, phy_sw_if_index=17, host_sw_if_index=18, vif_index=595, host_if_name='loop0', host_if_type=<vl_api_lcp_itf_host_type_t.LCP_API_ITF_HOST_TAP: 0>, netns='dataplane')])
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: I9085bac0c4a9ad64356c67f9b85f4910131e349e
Nathan Skrzypczak [Mon, 19 Dec 2022 08:38:02 +0000 (09:38 +0100)]
sr: remove stale runs_after
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Benoît Ganne [Thu, 22 Dec 2022 14:01:21 +0000 (15:01 +0100)]
nat: do not use nat session object after deletion
Type: fix
Change-Id: Ifc709b6e7217a893d13aee6d3019e699637366ef
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Guillaume Solignac [Fri, 6 Jan 2023 12:55:04 +0000 (13:55 +0100)]
sr: fix compilation errors
Uses VPP's clib_host_to_net functions, and initializes a potentially
uninitialized variable.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie6b035c698f57ff39aeb955b35db8ec40f383b7a
Naveen Joy [Tue, 20 Dec 2022 16:39:06 +0000 (08:39 -0800)]
tests: update install-deps to support interface test runs in the CI
Change-Id: I704c35644b3caf6567be4b43dc4e550d1394e438
Type: improvement
Signed-off-by: Naveen Joy <najoy@cisco.com>
Benoît Ganne [Wed, 4 Jan 2023 16:56:58 +0000 (17:56 +0100)]
build: do not link with libssl if not needed
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Mon, 9 Jan 2023 20:46:07 +0000 (12:46 -0800)]
udp: avoid listener cleanups with active opens
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibff9f32e4fcaf0344207d8e43f3547180cbd4eef
Marcel Cornu [Mon, 9 Jan 2023 23:15:11 +0000 (23:15 +0000)]
crypto-ipsecmb: fix perf scaling in ipsecmb v1.3
Type: fix
This patch adds a fix for an issue in the ipsecmb library resulting in
lower than expected performance in multi-threaded scenarios. This is
due to multiple threads writing the same global variable simultaneously.
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: Ibcac321aa40da4b1709198dec3e18226e3891138
gaochx [Mon, 9 Jan 2023 09:56:09 +0000 (17:56 +0800)]
vrrp: fix update virtual addr make mistake
When use update api delete a virtual address, no matter which IP want to delete, always delete the last one.
Type: fix
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Change-Id: Ia67c06dd53a442740794e1884d1a4aaa06965398
Florin Coras [Tue, 10 Jan 2023 00:00:10 +0000 (16:00 -0800)]
session: avoid trying to send incomplete dgram
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibebe9e4ab7331c3ae66c9502e910368acaba51ec
Florin Coras [Mon, 9 Jan 2023 22:00:33 +0000 (14:00 -0800)]
udp: initialize gso_size on dgram enqueue
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1b5a35b9d53cc56d4d8050de70f40b95e92f1011
Code Review / vpp.git / log