Xiaoming Jiang [Wed, 13 Oct 2021 03:11:40 +0000 (03:11 +0000)]
session: app name should format with %v
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2c77066cc9f1d3063373cc9559cc5b369906cc24
Joshua Roys [Tue, 12 Oct 2021 13:25:47 +0000 (09:25 -0400)]
nat: fix static mapping segv
Adding a nat44 static mapping during startup on a DHCP interface leads
to a segv via this path:
- dhcp_client_acquire_address
- ip4_add_del_interface_address
- ip4_add_del_interface_address_internal
- nat44_ed_add_del_interface_address_cb
- nat44_ed_add_static_mapping
- ip4_interface_first_address
Type: fix
Signed-off-by: Joshua Roys <roysjosh@gmail.com>
Change-Id: I38dac8a096b052550f2b87b4e13a950d2cd868b0
Benoît Ganne [Wed, 13 Oct 2021 09:35:15 +0000 (11:35 +0200)]
dpdk: fix vmbus device name parsing
unformat_init_vector() expects a vector, not a NULL-terminated C-string.
Type: fix
Change-Id: I20a266243f63d94b0c6fe24e25ee8346c08c8ff2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Tue, 12 Oct 2021 20:55:19 +0000 (13:55 -0700)]
vapi: fix vapi test coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5ecb73009c6ebb00b5d9e14bd09b4b3e80ab5601
Florin Coras [Tue, 12 Oct 2021 15:52:12 +0000 (08:52 -0700)]
vppinfra: fix socket init netns coverity
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4f37c6601ace08ae886b08d2284b413d457e4eae
Florin Coras [Tue, 12 Oct 2021 15:45:46 +0000 (08:45 -0700)]
vppinfra: fix format_table coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ida114ba35227f70ddd87cad791a21f186be1cba8
Benoît Ganne [Wed, 13 Oct 2021 09:37:04 +0000 (11:37 +0200)]
vlib: fix vmbus error log
struct dirent *e is freed when calling closedir(). Use ifname instead.
Type: fix
Change-Id: Icc9ca52c33ecc1dee7a9e28802149e4e3e4c8ac0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Matthew Smith [Mon, 4 Oct 2021 20:19:44 +0000 (15:19 -0500)]
interface: handle error during admin-up correctly
Type: fix
In vnet_sw_interface_set_flags_helper(), the variable old_flags is set
to the original value of vnet_sw_interface_t.flags for an interface. If
an error occurs during the process of bringing an interface up, old_flags
is used to restore the original value.
Before the dev class or hw class admin_up_down_function can be called,
but after modifying vnet_sw_interface_t.flags to it's new value,
old_flags is set to the value of vnet_sw_interface_t.flags a second time.
This discards the original flags that were being preserved.
As a result, if an interface is being brought up and the dev class
or hw class function fails, at the end VPP believes that interface is up.
This can cause a crash if packets are routed through the interface
and some RX/TX initialization was not completed because of the error
while bringing the interface up.
Change-Id: Ica6b6bac13c24e88c4136bf084cd392e6217e7d9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Florin Coras [Tue, 12 Oct 2021 21:02:05 +0000 (14:02 -0700)]
dhcp: fix coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2367e86fb22176881d118342f6e991dbc708b1f2
Damjan Marion [Tue, 12 Oct 2021 13:34:31 +0000 (15:34 +0200)]
vppinfra: use unaligned non-vector load/stores in x86 memcpy
Type: fix
Change-Id: I54ef23a52f05cc95210a736f84b927dd69b8a6f7
Signed-off-by: Damjan Marion <damarion@cisco.com>
Neale Ranns [Tue, 12 Oct 2021 07:49:37 +0000 (07:49 +0000)]
fib: fix the drop counter for ipv6 RPF failures
Type: fix
the only change to the mfib forwarding node is to set the error code, the rest is checkstyle formatting.
The traces previously showed some bogus reason:
00:04:27:325550: ip6-mfib-forward-rpf
entry 10 itf -1 flags
00:04:27:325551: ip6-drop
fib:0 adj:10 flow:0
UDP: fe80::b203:eaff:fe02:604 -> ff02::1:2
tos 0x00, flow label 0x651ed, hop limit 1, payload length 64
UDP: 546 -> 547
length 64, checksum 0xec9a
00:04:27:325551: error-drop
rx:GigabitEthernet6/0/0
00:04:27:325553: drop
ip6-input: drops due to concurrent reassemblies limit
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I294684c36edc346b4ebdd83ba66888b3b2197704
Florin Coras [Tue, 12 Oct 2021 16:03:18 +0000 (09:03 -0700)]
unittest: fix crypto key len coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id41e22345be3ec401813ba43ddc7d92666784eb4
Florin Coras [Tue, 12 Oct 2021 15:41:09 +0000 (08:41 -0700)]
api: cli coverity fixes
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I515be7ea213250fe89a2b2be06f3636fe8f493a8
Govindarajan Mohandoss [Fri, 19 Mar 2021 19:20:49 +0000 (19:20 +0000)]
ipsec: Performance improvement of ipsec4_output_node using flow cache
Adding flow cache support to improve outbound IPv4/IPSec SPD lookup
performance. Details about flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using bihash without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, old entry will
be overwritten by the new entry. Worst case is when all the 256
packets in a batch result in collision and fall back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows.
This can be made as a configurable option as a next step.
4. Whenever a SPD rule is added/deleted by the control plane, the
flow cache entries will be completely deleted (reset) in the
control plane. The assumption here is that SPD rule add/del is not
a frequent operation from control plane. Flow cache reset is done,
by putting the data plane in fall back mode, to bypass flow cache
and do linear search till the SPD rule add/delete operation is
complete. Once the rule is successfully added/deleted, the data
plane will be allowed to make use of the flow cache. The flow
cache will be reset only after flushing out the inflight packets
from all the worker cores using
vlib_worker_wait_one_loop().
Details about bihash usage:
1. A new bihash template (16_8) is added to support IPv4 5 tuple.
BIHASH_KVP_PER_PAGE and BIHASH_KVP_AT_BUCKET_LEVEL are set
to 1 in the new template. It means only one KVP is supported
per bucket.
2. Collision handling is avoided by calling
BV (clib_bihash_add_or_overwrite_stale) function.
Through the stale callback function pointer, the KVP entry
will be overwritten during collision.
3. Flow cache reset is done using
BV (clib_bihash_foreach_key_value_pair) function.
Through the callback function pointer, the KVP value is reset
to ~0ULL.
MRR performance numbers with 1 core, 1 ESP Tunnel, null-encrypt,
64B for different SPD policy matching indices:
SPD Policy index : 1 10 100 1000
Throughput : MPPS/MPPS MPPS/MPPS MPPS/MPPS KPPS/MPPS
(Baseline/Optimized)
ARM Neoverse N1 : 5.2/4.84 4.55/4.84 2.11/4.84 329.5/4.84
ARM TX2 : 2.81/2.6 2.51/2.6 1.27/2.6 176.62/2.6
INTEL SKX : 4.93/4.48 4.29/4.46 2.05/4.48 336.79/4.47
Next Steps:
Following can be made as a configurable option through startup
conf at IPSec level:
1. Enable/Disable Flow cache.
2. Bihash configuration like number of buckets and memory size.
3. Dual/Quad loop unroll can be applied around bihash to further
improve the performance.
4. The same flow cache logic can be applied for IPv6 as well as in
IPSec inbound direction. A deeper and wider flow cache using
bihash_40_8 can replace existing bihash_16_8, to make it
common for both IPv4 and IPv6 in both outbound and
inbound directions.
Following changes are made based on the review comments:
1. ON/OFF flow cache through startup conf. Default: OFF
2. Flow cache stale entry detection using epoch counter.
3. Avoid host order endianness conversion during flow cache
lookup.
4. Move IPSec startup conf to a common file.
5. Added SPD flow cache unit test case
6. Replaced bihash with vectors to implement flow cache.
7. ipsec_add_del_policy API is not mpsafe. Cleaned up
inflight packets check in control plane.
Type: improvement
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I62b4d6625fbc6caf292427a5d2046aa5672b2006
Florin Coras [Tue, 12 Oct 2021 01:10:41 +0000 (18:10 -0700)]
session: set actual lcl ip on accepted ct
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic2ba5fa234a394acb524b61573fc49f2d58c2dea
Mohsin Kazmi [Mon, 11 Oct 2021 15:43:15 +0000 (15:43 +0000)]
memif: fix the memif crash when slave disconnect
Type: fix
Fixes:
3effb4e63068 ("memif: integrate with new tx infra")
memif is recently integrated with new tx infra. But it
introduces a crash when slave disconnect from master but
interface is not deleted. Disconnect routine was missing
unregister of all tx queues. This patch fixes it.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I81c59cc1a03561248ec8595d5e3caa54f421833e
Ole Troan [Tue, 12 Oct 2021 10:45:08 +0000 (12:45 +0200)]
Revert "nat: static mappings in flow hash"
This reverts commit
69b7599e4b061a8996205f0304232ede84cb70d4.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: If531b122ae5a9f91c2fe6eaa0da69922a91f16d3
Klement Sekera [Wed, 26 May 2021 11:02:35 +0000 (13:02 +0200)]
nat: static mappings in flow hash
Put static mappings in flow hash, drop existing hash tables used for
static mappings. Drop refcount variables and use hash table as a single
point of truth. Allow creating a static mapping conflicting with dynamic
mapping, which will take precedence after dynamic mapping is freed, so
that the existing flow can finish transferring data.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ieeba691d83a83887d0a0baccd5f3832f66126096
Filip Tehlar [Mon, 11 Oct 2021 15:22:38 +0000 (15:22 +0000)]
api: set missing handlers
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1fdefeaa4661c03e819b2f2f25762c633f9ab42c
Filip Tehlar [Mon, 11 Oct 2021 15:08:25 +0000 (15:08 +0000)]
vat: move memset after init
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ia65fd2f99dfe6538411c247aeb9691c590c2e00b
Benoît Ganne [Fri, 8 Oct 2021 15:17:19 +0000 (17:17 +0200)]
l3xc: skip load balancing if not multipath
Type: improvement
Change-Id: I3d8e1c7a83530bbc4b1751358ad7d034476ff13f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Nathan Skrzypczak [Fri, 17 Sep 2021 15:29:14 +0000 (17:29 +0200)]
ip: fix fib and mfib locks
This patches fixes an issue that could cause
fib locks to underflow: if an API user deletes
a fib and quickly recreates it, the fib may not
have been actually deleted. As a result, the
lock would not be incremented on the create call
leading to the fib potentially disappearing
afterwards - or to the lock to underflow when
the fib is deleted again.
In order to keep the existing API semantics,
we use the locks with API and CLI source as flags.
This means we need to use a different counter
for the interface-related locks.
This also prevents an issue where an interface being
bound to a vrf via API and released via CLI could
mess up the lock counter.
Finally, this will help with cleaning up the
interface-related locks on interface deletion
in a later patch.
Type: fix
Change-Id: I93030a7660646d6dd179ddf27fe4e708aa11b90e
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Nathan Skrzypczak [Fri, 8 Oct 2021 13:13:07 +0000 (15:13 +0200)]
docs: nitfixes in FEATURE.yaml
Type: improvement
Change-Id: Iec585880085b12b08594a0640822cd831455d594
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Joshua Roys [Fri, 1 Oct 2021 20:41:04 +0000 (16:41 -0400)]
af_xdp: ensure at least one queue is created
Attempting to create an af_xdp interface with zerocopy where the
underlying driver didn't support it would lead to a crash due to
queue creation silently failing.
Type: fix
Signed-off-by: Joshua Roys <roysjosh@gmail.com>
Change-Id: Ifd9070b8c2b3023d71120c5cf20f7e89d04e4cb3
Florin Coras [Fri, 8 Oct 2021 20:43:55 +0000 (13:43 -0700)]
tls: shutdown openssl context on app close
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie0fde16fb4e41637169474628808fddf343884f3
Artem Glazychev [Fri, 28 May 2021 12:09:14 +0000 (19:09 +0700)]
vxlan-gpe: add udp-port configuration support
similar behavior as here:
839dcc0fb7313638d9b8f52a9db81350dddfe461
Type: improvement
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I1b0a8f8f3dab48839e27df7065cf5f786cf0b5e9
Benoît Ganne [Tue, 28 Sep 2021 16:59:53 +0000 (18:59 +0200)]
ikev2: lazy initialization
- do not initialize resources if ikev2 is not used.
- process IKE packets only if we have profile(s) configured
Type: improvement
Change-Id: I57c95a888532eafd70989096c0555ebb1d7bef25
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Tianyu Li [Tue, 28 Sep 2021 05:00:16 +0000 (13:00 +0800)]
build: fix centos rpm build
When build vpp-plugins rpm package, found
/home/vpp/build-root/rpmbuild/vpp-21.10/build-root/\
install-vpp-native/vpp/lib/vpp_plugins: No such file or directory
RPM build errors:
File not found: /home/vpp/build-root/rpmbuild/../usr/lib/vpp_plugins/*
After
e3cf4d0 ("build: use GNUInstallDirs install destinations")
vpp_plugins on centos src path changed from lib to lib64
Update RPM spec file accordingly.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I9c4d91f97f2faa474bce28893ab763b414f759b8
Benoît Ganne [Thu, 7 Oct 2021 15:37:07 +0000 (17:37 +0200)]
ipsec: fix protect update log if nexthop is NULL
If logging is on, it will try to print the address nh. Make sure it is
not NULL.
Type: fix
Change-Id: I81c0295865901406d86e0d822a103b4d5adffe47
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Artem Glazychev [Thu, 7 Oct 2021 09:20:38 +0000 (16:20 +0700)]
wireguard: peers dump fix
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I4450b8c8b50a3be8d6a399f6a58bc0e8eb500b28
Benoît Ganne [Wed, 8 Sep 2021 13:36:56 +0000 (15:36 +0200)]
vppinfra: asan: improve overflow semantic
Type: improvement
Change-Id: Ia63899b82e34f179f9efa921e4630b598f2a86cb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Andrew Yourtchenko [Wed, 14 Jul 2021 20:13:02 +0000 (22:13 +0200)]
misc: MAINTAINERS fixes for lldp and lisp
They are now plugins
Type: docs
Change-Id: I37d0db10872218cb645feda83fc47b14a57ceada
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Fan Zhang [Wed, 6 Oct 2021 13:23:33 +0000 (14:23 +0100)]
build: fix ipsecmb version check
Type: fix
This patch fixes the chacha20-poly1305 support check in ipsecmb
engine build.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com>
Change-Id: I74b52a27f78a0f6a65c867dbd44a44a8f4a2ed60
Filip Tehlar [Wed, 6 Oct 2021 12:48:34 +0000 (12:48 +0000)]
udp: fix severity error info
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I415d68b39ecac546b531f6eb98bca51e7eb6f7f7
Benoît Ganne [Thu, 9 Sep 2021 09:58:28 +0000 (11:58 +0200)]
ip: fix path MTU node errors definition
The path mtu node uses errors defined by ip fragmentation.
Type: fix
Change-Id: I1f173955919a4f555ab0309cd8201ec342a0ae92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Tue, 28 Sep 2021 09:19:37 +0000 (11:19 +0200)]
ikev2: do not require optional IDr on IKE AUTH
IDr is optional in IKE AUTH from the initiator. In that case, the
responder is free to use any matching profile and fills the
corresponding IDr in the response.
The initiator is then free to accept or reject it.
Type: improvement
Change-Id: I07a1c64a40ed22bd41767c259406238bbbab5cf4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Wed, 29 Sep 2021 17:02:58 +0000 (19:02 +0200)]
ikev2: add logs in case of parsing errors
Type: improvement
Change-Id: Id0a6a9e68725ea7aa0b7da14cf54d14405a907fb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Wed, 29 Sep 2021 16:51:31 +0000 (18:51 +0200)]
ikev2: do not send IDi on responder AUTH
The IDi is not mentioned in the RFC for the responder AUTH message, and
it confuses some IKE implementations.
Type: fix
Change-Id: I2bcefa1efd315412a6f5fa592668d4e0da510264
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Ed Warnicke [Sat, 14 Aug 2021 21:19:43 +0000 (16:19 -0500)]
arp: source address selection
https://gerrit.fd.io/r/c/vpp/+/30197 introduced SAS and inadvertently
broke ping in a variety of situations:
https://jira.fd.io/browse/VPP-1992
https://jira.fd.io/browse/VPP-1970
https://lists.fd.io/g/vpp-dev/topic/
84038840
all of which seem to be rooted in situations where there's literally
nothing smarter ping can do for source address selection than
to pick the first IP on the interface. This can happen for:
1. P2P interfaces, see attempted fix: https://gerrit.fd.io/r/c/vpp/+/32801
2. Interfaces with /32 IP addresses intentionally assigned
After some discussion, this problem was partially fixed in
https://gerrit.fd.io/r/c/vpp/+/33449
Unforunately, while source selection was fixed in ping, it continued
to be broken in arp/nd. This gerrit builds on
https://gerrit.fd.io/r/c/vpp/+/33449
and fixes arp/nd.
Type: fix
Ticket: VPP-1970
Ticket: VPP-1992
Fixes:
e2fe097424fb169dfe01421ff17b8ccd0c26b4a6
Change-Id: Ief60c321676a15f4f30bf4cd84d50b2f1efec432
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Ray Kinsella [Wed, 6 Oct 2021 15:21:33 +0000 (15:21 +0000)]
perfmon: Topdown Level 1 support on Snowridge
Enable Topdown Level 1 support on Snowridge,
enabled with standard CPU events on small core.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I58ad09383de7464265ac1b69e683f253591e3b5e
Ray Kinsella [Wed, 6 Oct 2021 15:15:41 +0000 (15:15 +0000)]
perfmon: check bundle is supported
Add a check bundle is supported before futher activation.
Enable different bundles with same name, supported on different platforms.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I73e8bbd1e07c05ebccd9146d48a234eb598a2388
Ray Kinsella [Thu, 7 Oct 2021 10:42:26 +0000 (11:42 +0100)]
perfmon: fix peusdo events
Fix peusdo events, missed populating "core" events with peusdo events.
Type: fix
Fixes:
bf37bf6f7
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I569fa876f1b58540adac0b095be0ff4ade664dec
Artem Glazychev [Mon, 23 Aug 2021 06:35:31 +0000 (13:35 +0700)]
ip: check if interface has link-local address (addition)
previous -
b31fbc47f5fcf8234c757558d7b0285348774086
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I7ea2d693d3ad5bf41ece066b3511fbfa156c1e4b
Artem Glazychev [Thu, 10 Jun 2021 17:10:00 +0000 (00:10 +0700)]
wireguard: add events for peer
we can receive events from peer about its state:
-WIREGUARD_PEER_STATUS_DEAD
-WIREGUARD_PEER_ESTABLISHED
Type: improvement
Change-Id: Ide83fbe2cfafa79ded5bcf3f6a884c26a7583db0
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Filip Tehlar [Wed, 6 Oct 2021 12:54:51 +0000 (12:54 +0000)]
session: fix severity info
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6548274f8c0ae2a183b1d221cb195de445c2819f
Artem Glazychev [Thu, 3 Jun 2021 13:11:54 +0000 (20:11 +0700)]
wireguard: add ipv6 support
Type: improvement
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: If1a7e82ce163c4c4acaa5acf45ad2b88371396f6
Filip Tehlar [Wed, 6 Oct 2021 09:47:41 +0000 (09:47 +0000)]
tcp: fix severity info
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe39bc045c3b154209a83b59ef95a37c61b32c0c
Nathan Skrzypczak [Wed, 6 Oct 2021 13:03:35 +0000 (15:03 +0200)]
docs: more nitfixes
Type: fix
Change-Id: I41455e1cdc62e7c0baa148630b0701b042f3b156
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Damjan Marion [Wed, 6 Oct 2021 10:07:04 +0000 (12:07 +0200)]
build: fix lib dir in debian packaging
Type: fix
Change-Id: I64b0bbe5ba2317ab03b68f140df69a94a0dd7407
Signed-off-by: Damjan Marion <damarion@cisco.com>
Nathan Skrzypczak [Wed, 29 Sep 2021 13:36:51 +0000 (15:36 +0200)]
docs: vnet comment nitfixes
Type: improvement
Change-Id: Iac01d7830b53819ace8f199554be10ab89ecdb97
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Wed, 29 Sep 2021 13:35:31 +0000 (15:35 +0200)]
vlib: doc nitfixes
Type: improvement
Change-Id: I9e761f908d9d2becbc61eb0515dc6b7c1e1e036f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Wed, 29 Sep 2021 13:38:50 +0000 (15:38 +0200)]
docs: extras/deprec nitfixes
Type: improvement
Change-Id: I39038072eff3c09536917a32984daebab69e6fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Benoît Ganne [Thu, 30 Sep 2021 11:41:00 +0000 (13:41 +0200)]
ip: add classifier-based ACLs support on ip punt
This feature allows one to add classifier-based ACLs on packets punted
from the ip infra, eg. to only whitelist specific sender(s).
Type: feature
Change-Id: Idab37b188583efbca980038875fc3e540cb2e880
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Nathan Skrzypczak [Wed, 28 Jul 2021 12:09:50 +0000 (14:09 +0200)]
session: Add session_sapi_enable_disable
Type: feature
This adds an API message to do the switch
at runtime.
Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Damjan Marion [Thu, 30 Sep 2021 18:04:14 +0000 (20:04 +0200)]
build: don't hardcode triplet, allow specifying custom lib dir
Type: fix
Change-Id: I33f364fda88914f88f9b976cb83e6d3ff466f0bb
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Mohsin Kazmi [Fri, 1 Oct 2021 10:34:42 +0000 (12:34 +0200)]
tap: free the tap_fds vec on interface deletion
Type: fix
Tap fds are stored in vector array but deleting tap
was not freeing this vector.
This patch fixes it.
Change-Id: I5228e3b9f432c69cf2656b2ee7402360d775964b
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Ray Kinsella [Thu, 30 Sep 2021 14:15:32 +0000 (15:15 +0100)]
perfmon: bundles with multiple types
Allow perfmon bundles to support more than one bundle type, either node
or thread. Only used for topdown bundle for the moment.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Iba3653a4deb39b0a8ee8ad448a7e8f954283ccd8
Filip Varga [Mon, 30 Aug 2021 14:23:38 +0000 (16:23 +0200)]
nat: NAT44 ED api fix and improvement
Backward compatibility fix returns erroneous behavior that lets user
add internally unused inside interface for the purpose
of complying with the old add/dump/details API behavior.
Change introduced in https://gerrit.fd.io/r/c/vpp/+/32951 removed
extra inside interface that wasn't required or any how used by the
output feature. This patch also changed outside interface flags to
inside & outside. This fix returns the old behavior by imitating
the old behavior through dummy registratoin data.
Added new API calls nat44_ed_add_del_output_interface
and nat44_ed_output_interface_get/details as a
replacement of old API's. New API introduces
simplified and cleaner way of configuring outside
feature without requirement of config flags.
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I7a170f7325727c04da5e2e3ffbe3f02179531284
Mohsin Kazmi [Mon, 4 Oct 2021 09:29:08 +0000 (11:29 +0200)]
interface: free the output_node_thread_runtimes
Type: fix
output_node_thread_runtimes was not freed when an interface
is deleted. This patch fixes it.
Change-Id: I763b0109be1904d43839528a346f3b9aa8927205
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Mohsin Kazmi [Mon, 4 Oct 2021 09:21:57 +0000 (11:21 +0200)]
interface: remove the redundant vec_free on rx_queue_indices
Type: fix
vnet_delete_hw_interface() calls vec_free on rx_queue_indices.
function vnet_hw_if_unregister_all_rx_queues() is used to free
rx_queue_indices which is also called by vnet_delete_hw_interface().
So, second vec_free is redundant.
Change-Id: Ibda4be38fd122d33532bb384c97b0b9e5f441134
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Nick Brown [Mon, 27 Sep 2021 15:53:23 +0000 (16:53 +0100)]
build: Allow ipsec-mb plugin to build with libipsec_mb 0.55
The 0.55 version of libipsec_mb does not support the chacha functions
used in the plugin.
The missing symobls are:
ipsecmb_ops_chacha_poly
ipsecmb_ops_chacha_poly_chained
IMB_CIPHER_DIRECTION
Check for ipsecmb_ops_chacha_poly() and conditionalise the chacha code
in the plugin on this.
ipsec_mb 0.55 is the version currently found in Debian Stable (bullseye)
Type: make
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I88c962ac4f99a58b5cd61fb9b75f692e27d4ec30
Mohsin Kazmi [Thu, 30 Sep 2021 09:28:07 +0000 (09:28 +0000)]
memif: integrate with new tx infra
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I7c2b9891e269f23c3aa2a0abfee3cf0a0f1e2135
Florin Coras [Fri, 1 Oct 2021 21:57:03 +0000 (14:57 -0700)]
vcl: remove unsed configs
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If755cf38e6b30e8757f2c6fb4cf5e6642fa87e52
Filip Tehlar [Fri, 24 Sep 2021 06:21:25 +0000 (06:21 +0000)]
hsa: do not drop the barrier when creating echo server
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I25d3ac72360bea130f567095b486d8e295d2f2f7
Artem Glazychev [Tue, 25 May 2021 05:06:42 +0000 (12:06 +0700)]
wireguard: use the same udp-port for multi-tunnel
now we can reuse udp-port for many wireguard interfaces
Type: improvement
Change-Id: I14b5a9dbe917d83300ccb4d6907743d88355e5c5
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Jieqiang Wang [Thu, 29 Jul 2021 17:03:16 +0000 (17:03 +0000)]
vppinfra: fix potential memory access error in _pool_init_fixed
_pool_init_fixed uses mmap to initialize a fixed-size and preallocated
pool, whose size is the sum of vector_size and free_index_size with
alignment to the CLIB_CACHE_LINE_BYTES and page size. In this way
vector_size equals to pool_header_t + vec_header_t + elt_size * max_elts
so moving to the end of the pool space should be pool_header_t pointer +
vector_size, instead of vec_header_t pointer + vector_size.
Simple code to reproduce this error:
u64 *pool;
pool_init_fixed(pool, 2042);
Improve unit test to cover this case
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If088ef89b3dcb2d874ee837ae9da60983b14615c
Signed-off-by: Dave Barach <dave@barachs.net>
Mohsin Kazmi [Mon, 4 Oct 2021 11:43:19 +0000 (13:43 +0200)]
virtio: remove control queue support from virtio_show() for tap/tun
Type: fix
Tap/Tun interfaces do not have control queue.
This patch removes the support of control queue
from virtio_show() which is used by show tap/tun cli.
Change-Id: Ib89144ad488ed548fb1ce50ee232a1b8659ccf29
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Benoît Ganne [Fri, 1 Oct 2021 17:20:02 +0000 (19:20 +0200)]
fib: fix unitialized padding in fib_api_next_hop_decode
If the type is IPv4, makes sure the padding bytes are set to 0 as this
is used by ip46_address_is_ip4() to detect the type.
Type: fix
Change-Id: I6a81fa05a6b227086853901bf3dcdc66e6d04d2c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Mon, 4 Oct 2021 10:03:20 +0000 (12:03 +0200)]
ip: fix punt for ipv6
Type: fix
Change-Id: I583c30e9b63c0b0b6cd5fef0b2cb9ed7ec9856e2
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Ray Kinsella [Thu, 30 Sep 2021 15:02:04 +0000 (16:02 +0100)]
perfmon: topdown events as peusdo events
Topdown events are peusdo events exposed by linux,
and are only present on Intel platforms.
Change to clarifies this.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I6a3dcea5f43f53dbb96475329baf5e596a24d54f
Nathan Skrzypczak [Wed, 29 Sep 2021 13:37:34 +0000 (15:37 +0200)]
docs: plugin comment nitfixes
Type: improvement
Change-Id: Ib7e2f5f314144064de7b6be0fade3db2f9c943fe
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Mohsin Kazmi [Fri, 1 Oct 2021 17:01:48 +0000 (19:01 +0200)]
interface: remove the input_node_thread_index_by_queue
Type: fix
input_node_thread_index_by_queue is not being used anymore.
Change-Id: I0141fa0d024affb39771acf7516e064c5c8acfe9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Sivaprasad Tummala [Thu, 30 Sep 2021 13:43:46 +0000 (19:13 +0530)]
hsa: proxy app worker thread deadlock
proxy main lock not released in certain cases and resulting in deadlock.
Type: fix
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: Ib869f459b447189bb921c05fd260f3691c2ac787
Neale Ranns [Fri, 6 Aug 2021 09:03:45 +0000 (09:03 +0000)]
mpls: Save the L3 header offset in the meta-data before label imposition
Type: improvement
Subsequent features in the data-path can thus easily find the l3 header
without parsing the label stack.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I26f7d4bbe9186aeb8654706579c72424e8ecca2c
Mohsin Kazmi [Tue, 23 Feb 2021 14:55:04 +0000 (15:55 +0100)]
devices: add support for pseudo header checksum
Type: improvement
Linux uses pseudo header checksum when checksum of l4 is offloaded.
This patch adds similar support in virtual interfaces.
Change-Id: I6a94d1104e59356f95057e7c122e3be9cd8659a3
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Artem Glazychev [Thu, 20 May 2021 05:33:52 +0000 (12:33 +0700)]
wireguard: move adjacency processing from wireguard_peer to wireguard_interface
now we should add routes manually
Type: improvement
Change-Id: I877511a18854efdfad02939267d38a216b2ccec3
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Nathan Skrzypczak [Wed, 29 Sep 2021 13:28:26 +0000 (15:28 +0200)]
fib: doc nitfixes
Type: improvement
Change-Id: I29346c849a5e1ff3c2ea399671f9f50d075e9f18
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nick Brown [Wed, 29 Sep 2021 15:13:23 +0000 (16:13 +0100)]
build: consistent use of CMAKE_INSTALL_LIBDIR
Set the RPATH to based on CMAKE_INSTALL_LIBDIR so that libraries are
correctly found.
Type: make
Change-Id: I82d649345edea2c5d3f6b3f43e3e5869b9e580a7
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Nathan Skrzypczak [Wed, 29 Sep 2021 13:34:29 +0000 (15:34 +0200)]
nat: doc nitfixes
Type: improvement
Change-Id: I9a4303030b9657c28bbd73168def72c7daa13483
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Filip Tehlar [Wed, 29 Sep 2021 14:20:49 +0000 (14:20 +0000)]
vat2: do not require _crc field in API messages
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Icc2ce594225c3197c9e5be8faa3dc2ee5b0a553e
Andrew Yourtchenko [Tue, 28 Sep 2021 08:26:26 +0000 (10:26 +0200)]
misc: package the devtool plugins
a274c3a2ed8c4f1f38cb6f126326b4e6798869d2 has split the devtool plugins into a separate component,
which caused them not to be packaged as part of the existing .deb, however this can still be useful
to have them.
This commit adds the new deb vpp-plugin-devtools which contains that component.
Change-Id: I3cf44493745c3d4951ffd2194c6ae539e8ad5926
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Alexander Chernavin [Mon, 30 Aug 2021 08:55:27 +0000 (08:55 +0000)]
nat: nat44-ed add session timing out indicator in api (2)
Type: improvement
Currently, NAT44-ED users sessions details are returned for both active
and timed out NAT sessions. It may confuse users that expect to see only
active sessions in the response and make them think that timeouts for
NAT sessions do not work.
With this change, introduce an indicator of timing out for NAT sessions
returned in NAT44-ED user session details.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4d689f77cec4b0b0cc8484019e13733cc8bdc0d
Filip Tehlar [Sun, 23 May 2021 18:40:40 +0000 (18:40 +0000)]
ikev2: build only when deps requirements are met
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I89bcc1ba804ded676b194dbda52704cd0c54a67e
Matthew Smith [Tue, 28 Sep 2021 21:02:10 +0000 (16:02 -0500)]
classify: fix message IDs on API replies
Type: fix
When the API cleanup of classify messages was done, the code was not
updated to add the message enums to REPLY_MSG_ID_BASE. So the wrong
message IDs are being sent back in replies to classify API requests.
Add REPLY_MSG_ID_BASE when populated vl_msg_id on a reply.
Change-Id: Ic7c828f14d42a346fc58fc9ff062b954f494cdbd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Neale Ranns [Tue, 21 Sep 2021 12:34:19 +0000 (12:34 +0000)]
ipsec: Record the number of packets lost from an SA
Type: feature
Gaps in the sequence numbers received on an SA indicate packets that were lost.
Gaps are identified using the anti-replay window that records the sequences seen.
Publish the number of lost packets in the stats segment at /net/ipsec/sa/lost
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8af1c09b7b25a705e18bf82e1623b3ce19e5a74d
Nathan Skrzypczak [Wed, 22 Sep 2021 15:46:02 +0000 (17:46 +0200)]
tap: Fix tap create with ns
This fixes the interface creation passing
a netns. [0] made the renaming of the new
tuntap interface before switching netns
Thus, preventing creating an interface in
another netns if one exists in VPP's netns
with the same name.
This also fixes restore netns on errors
Type: fix
[0] https://gerrit.fd.io/r/c/vpp/+/33696
Change-Id: I5c83bb37d664057bcf231cd0c636f0e51aa542ad
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Fri, 7 May 2021 17:39:07 +0000 (19:39 +0200)]
libmemif: Fix abstract sockets
This fixes size computation when using
abstract sockets with libmemif
Type: fix
Change-Id: I3a686e4ff2132b9fb295bbe30633958dcfec672b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Stanislav Zaikin [Tue, 28 Sep 2021 16:31:32 +0000 (18:31 +0200)]
fib: add barrier lock for fib_urpf_list_pool and fib_entry_pool
Pools fib_urpf_list_pool and fib_entry_pool can grow while ip6_urpf_loose_check/fib_entry_get_flags_for_source are being executed. That may result as a crash in mt environment.
Type: fix
Change-Id: I44ca2cb70255e7aaf2e1f7a7d2eecd25cbdd0aaa
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Filip Tehlar [Fri, 23 Jul 2021 08:51:10 +0000 (08:51 +0000)]
api: API trace improvements
Type: improvement
* add support for JSON format in API trace
* add ability to replay JSON API trace in both VPP and VAT2
* use CRC for backward compatibility check during JSON API replay
* fix API trace CLI (and remove duplicits)
* remove custom dump
* remove vppapitrace.py
* update docs accordingly
Change-Id: I5294f68bebe6cbe738630f457f3a87720e06486b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Signed-off-by: Ole Troan <ot@cisco.com>
Ole Troan [Mon, 27 Sep 2021 15:11:34 +0000 (17:11 +0200)]
misc: vpe.api messages dynamically allocated
This is the last in the series of moving API messages from vpp/api/vpe.api to vlibmemory/memclnt.api.
This patch makes the remaining vpe.api messages dynamic, to help VAT2 binary-api command.
Moves the VAT test code to a separate file and removes the now unnused API meta files.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I01dd78eaff1d3715dff17d2643bf0f7f0089935b
Signed-off-by: Ole Troan <ot@cisco.com>
Nathan Skrzypczak [Wed, 23 Jun 2021 09:28:39 +0000 (11:28 +0200)]
devices: Add queues params in create_if
Type: feature
Change-Id: I027ff2c5c905a7ccebd3705a58e35218a94f4880
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
arikachen [Wed, 22 Sep 2021 03:13:11 +0000 (11:13 +0800)]
af_xdp: fix init lock for shared txq
Type: fix
Signed-off-by: arikachen <eaglesora@gmail.com>
Change-Id: Idb5e66d7a2a7ccb6fb5155341df54586186eb11f
Július Milan [Fri, 10 Sep 2021 07:43:31 +0000 (09:43 +0200)]
nat: NAT44 ED & EI session filtering CLI
Improving session filtering capabilities of
show nat44 sessions CLI command for EI and ED NAT
plugins. Adding filtering options: saddr, sport,
daddr, dport, proto for both i2o and o2i flows.
Type: improvement
Change-Id: I70bc94a2e922cddf9451eb7dcbf4a7be21ebf0df
Signed-off-by: Filip Varga <fivarga@cisco.com>
Alexander Chernavin [Fri, 17 Sep 2021 12:37:48 +0000 (12:37 +0000)]
stats: add name vectors to prometheus exporter output
Type: improvement
Counters are labeled with interface indices in the Prometheus exporter
output. For example:
# TYPE _if_drops counter
_if_drops{thread="0",interface="0"} 0
_if_drops{thread="0",interface="1"} 0
_if_drops{thread="0",interface="2"} 2112
[..]
Currently, it's unable to map interface indices to the interface names
using only output provided by the Prometheus exporter. However, this
mapping is present in the vpp_get_stats output:
# vpp_get_stats dump /if/names
[0]: local0 /if/names
[1]: GigabitEthernet0/8/0 /if/names
[2]: GigabitEthernet0/9/0 /if/names
[..]
With this change, add name vectors to Prometheus exporter output as info
metrics. Thus exposing interfaces and their indices:
# TYPE _if_names_info gauge
_if_names_info{index="0",name="local0"} 1
_if_names_info{index="1",name="GigabitEthernet0/8/0"} 1
_if_names_info{index="2",name="GigabitEthernet0/9/0"} 1
[..]
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iff86c4d6fea8805e71fb04fccf278bae855e88d1
arikachen [Tue, 28 Sep 2021 10:43:44 +0000 (18:43 +0800)]
af_xdp: fix free mem in tx while no free slot
Type: fix
Signed-off-by: arikachen <eaglesora@gmail.com>
Change-Id: Id305b9d311b2d0d11583db1a14a45d9187a1e628
Nick Brown [Thu, 16 Sep 2021 09:56:33 +0000 (10:56 +0100)]
build: complete python3 support, no hardcode path
find_package(Python3) will not set variables that are later used, so set
those needed. Perhaps the python2 support, which is EOL, could be
dropped?
Use DESTDIR, instead of hardcoding the path. This allows system
packaging, or local installs, to work properly.
Type: make
Signed-off-by: Nick Brown <nickbroon@gmail.com>
Change-Id: I045516c61473c612ab70858cd9b58c4e2838b347
Filip Tehlar [Thu, 2 Sep 2021 10:32:40 +0000 (10:32 +0000)]
sr: add API test files
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Iefc88107ae96915570ae425a527c3969f7ce7b1d
Benoît Ganne [Mon, 27 Sep 2021 13:37:48 +0000 (15:37 +0200)]
ikev2: support variable-length nonces
IKEv2 nonces can be 16 to 256 bytes.
Type: fix
Change-Id: Ib332028594355c9e5b462bddb7e4dffbcdc9a927
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Dmitry Valter [Sun, 19 Sep 2021 20:47:19 +0000 (23:47 +0300)]
tests: don't install vapi_c{,pp}_test
Don't install vapi_c{,pp}_test. It confuses dpkg-shlibdeps to think we
need libsubunit as shared lib dependency
Type: fix
Fixes:
a2d6d352c6926d2f8d4e50aeb1ec59802f32b37b
Signed-off-by: d-valter@yandex-team.ru
Change-Id: Ifb702a61be32b37e79b48780cc61cb0838e87153
Jakub Grajciar [Mon, 4 Jan 2021 10:10:42 +0000 (11:10 +0100)]
libmemif: refactor connection establishment
per_thread_ namespace fuctionality replaced by memif socket.
Interfaces are grouped by memif socket which holds interface database.
Each thread can create it's unique memif socket. The path name
can be equal across threads so that the app only uses one
UNIX socket. In case of listener socket, listener fd
can be obtained and set using APIs.
This change allows:
- No lookup on file descriptor events
- improves interrupt handling
- Loopback support (connect two interfaces in one app)
- usefull for debugging and testing
- Improves code readability by providing control channel
abstraction for each interface and listener sockets
Type: refactor
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I1b8261042431c0376646ab4c4c831f6e59dd3eed