Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
 
ipsec: make pre-shared keys harder to misuse
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
 - we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
 - for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
 - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <[email protected]>
Arthur de Kerhor [Wed, 16 Nov 2022 18:12:05 +0000 (19:12 +0100)]
 
ipsec: add per-SA error counters
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <[email protected]>
Maxime Peim [Mon, 6 Feb 2023 10:14:20 +0000 (10:14 +0000)]
 
vnet: throttling configuration improvement
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
Filip Tehlar [Tue, 14 Mar 2023 07:50:28 +0000 (08:50 +0100)]
 
session: add session stats
Type: feature
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
Tianyu Li [Tue, 21 Mar 2023 06:49:38 +0000 (06:49 +0000)]
 
build: fix rpm build error with test_infra
RPM build errors:
error: Installed (but unpackaged) file(s) found:
   /usr/bin/test_infra
Add NO_INSTALL tag in CMakeLists to avoid installing test binary.
Type: fix
Fixes: 
c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b
Stanislav Zaikin [Wed, 13 Jul 2022 18:29:15 +0000 (20:29 +0200)]
 
linux-cp: fix get_default_ns api method
Type: fix
Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920
Signed-off-by: Stanislav Zaikin <[email protected]>
Ole Troan [Wed, 7 Dec 2022 14:30:58 +0000 (15:30 +0100)]
 
papi: vla list of fixed strings
Handle a variable length array of fixed strings.
Like:
fixed_string = VPPType("fixed_string", [["string", "data", 32]])
s = VPPType("string_vla", [["u32", "length"], ["fixed_string", "services", 0, "length"]])
Previously instead of packing and unpacking as strings, exception packed as u8 instead
of list.
Type: fix
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I501a8a4755828042e1539fd5a54eacec21c5e364
Signed-off-by: Ole Troan <[email protected]>
Alexander Chernavin [Thu, 16 Mar 2023 09:48:45 +0000 (09:48 +0000)]
 
wireguard: fix sending peer events from worker threads
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
Piotr Bronowski [Mon, 13 Feb 2023 18:18:59 +0000 (18:18 +0000)]
 
ipsec: set fast path 5tuple ip addresses based on sa traffic selector values
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <[email protected]>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
Vladislav Grishenko [Wed, 28 Sep 2022 08:37:02 +0000 (13:37 +0500)]
 
vppinfra: fix pool free bitmap allocation
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <[email protected]>
Dave Barach [Thu, 16 Mar 2023 17:03:47 +0000 (13:03 -0400)]
 
vppinfra: fix corner-cases in bihash lookup
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <[email protected]>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
Damjan Marion [Thu, 16 Mar 2023 16:37:56 +0000 (16:37 +0000)]
 
vppinfra: move sha2.h to crypto/
Type: refactor
Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Mar 2023 16:55:38 +0000 (16:55 +0000)]
 
vppinfra: auto-free test memory
Type: improvement
Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Mar 2023 16:34:30 +0000 (16:34 +0000)]
 
vppinfra: add FOREACH_ARRAY_ELT macro
Type: improvement
Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da
Signed-off-by: Damjan Marion <[email protected]>
Andrew Yourtchenko [Tue, 14 Mar 2023 09:28:35 +0000 (09:28 +0000)]
 
vppinfra: add clib_crc32c testcase into infra tests
Type: test
Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969
Signed-off-by: Andrew Yourtchenko <[email protected]>
Florin Coras [Tue, 14 Mar 2023 16:59:02 +0000 (09:59 -0700)]
 
session: support active opens with same source port
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
Filip Tehlar [Thu, 16 Mar 2023 12:52:54 +0000 (13:52 +0100)]
 
hs-test: check exit value of ab/wrk
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I967e91e4ea97edff427013c92376b388d6ce5d85
Maros Ondrejicka [Tue, 28 Feb 2023 15:55:01 +0000 (16:55 +0100)]
 
hs-test: use consistent naming convention
Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd
Damjan Marion [Wed, 15 Mar 2023 11:42:06 +0000 (11:42 +0000)]
 
vppinfra: widen the scope of test_vector_funcs
Location changed and binary renamed to test_infra
Also it is built by default.
Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 14 Mar 2023 18:04:45 +0000 (18:04 +0000)]
 
crypto-native: 256-bit AES CBC support
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 15 Mar 2023 11:08:53 +0000 (11:08 +0000)]
 
build: add support for intel alderlake and sapphirerapids, part 2
Type: improvement
Change-Id: I64ca5bd3a959190111f61c5311a908d242c10bad
Signed-off-by: Damjan Marion <[email protected]>
Marvin Liu [Wed, 15 Mar 2023 15:00:52 +0000 (23:00 +0800)]
 
dma_intel: fix potential invalid batch status
DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.
Type: fix
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
Maros Ondrejicka [Wed, 8 Mar 2023 15:01:43 +0000 (16:01 +0100)]
 
hs-test: create temporary folder at init
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I6444582ce83beddc5cb2fcb31942a4c2e9556bb6
Marvin Liu [Tue, 14 Mar 2023 19:41:26 +0000 (03:41 +0800)]
 
dpdk: enable Google Virtual Ethernet
Recognize and drive google virtual ethernet (gve) in google cloud.
Type: feature
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
Andrew Yourtchenko [Tue, 14 Mar 2023 14:38:01 +0000 (14:38 +0000)]
 
vlib: fix clib_crc32c on odd lengths and clib_crc32c_u8
Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e
Florin Coras [Fri, 10 Mar 2023 18:22:21 +0000 (10:22 -0800)]
 
session vcl: refactor builtin tx event for main tx
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.
Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
Marvin Liu [Tue, 14 Mar 2023 15:56:31 +0000 (23:56 +0800)]
 
session: pre-alloc required dma batches
Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
Marvin Liu [Tue, 14 Mar 2023 15:43:28 +0000 (23:43 +0800)]
 
vlib: pre-alloc dma backend batches
Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
Florin Coras [Mon, 13 Mar 2023 21:33:37 +0000 (14:33 -0700)]
 
session: format transport connection flags
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Id87c41c472898d4f66b0771f18f822d1069bbfd0
Florin Coras [Mon, 13 Mar 2023 23:31:52 +0000 (16:31 -0700)]
 
session: cleanup lcl endpt freelist before all alloc
Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27
Damjan Marion [Tue, 14 Mar 2023 12:34:59 +0000 (13:34 +0100)]
 
build: add support for intel alderlake and sapphirerapids
Disabled by default..
Type: improvement
Change-Id: I36176c009e0873c048874ae38a7ea0a91449235c
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 14 Mar 2023 12:15:58 +0000 (13:15 +0100)]
 
crypto-native: avoid crash on 12th and 13th gen Intel client CPUs
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 
73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 8 Mar 2023 13:28:51 +0000 (13:28 +0000)]
 
memif: don't leak error strings in API handlers
Type: fix
Fixes: 
ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <[email protected]>
Steven Luong [Mon, 13 Mar 2023 18:07:40 +0000 (11:07 -0700)]
 
udp: Use udp_output_get_connection instead of udp_connection_get
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
Leyi Rong [Wed, 8 Mar 2023 05:46:05 +0000 (13:46 +0800)]
 
avf: 512-bit SIMD version of avf_tx_prepare
Exploiting AVX-512 operations on avf_tx_prepare().
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
Florin Coras [Fri, 10 Mar 2023 02:23:05 +0000 (18:23 -0800)]
 
vcl: init ldp config before vcl init
This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0
Leyi Rong [Wed, 8 Mar 2023 05:34:56 +0000 (13:34 +0800)]
 
vlib: 512-bit SIMD version of vlib_buffer_free
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
Mohsin Kazmi [Tue, 7 Mar 2023 11:07:56 +0000 (11:07 +0000)]
 
af_packet: fix the broken functionality upon admin down
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
Florin Coras [Fri, 10 Mar 2023 00:43:02 +0000 (16:43 -0800)]
 
vcl: fix select connected deq notification
Also make sure that only sessions with fifos try to set deq notification
flag on fifo
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f
Florin Coras [Wed, 8 Mar 2023 22:14:38 +0000 (14:14 -0800)]
 
vcl: fix epoll out evt on connect
Make sure session has a tx fifo.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ibde40645b401ca0255da298ea4ba691ee924a2d2
Steven Luong [Thu, 9 Mar 2023 00:28:27 +0000 (16:28 -0800)]
 
session: Use session->thread_index to correctly retrieve the session
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
Dave Wallace [Wed, 8 Mar 2023 18:53:32 +0000 (13:53 -0500)]
 
hs-test: fix install-deps
- Skip addition of docker apt source/key if
  already installed.
Type: fix
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I747e4dd5e79e23b64e6eb11c6a9348e2ae1a157f
Florin Coras [Wed, 8 Mar 2023 06:15:24 +0000 (22:15 -0800)]
 
quic: use tx instead of builtin_tx event with timers
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e
Dave Wallace [Wed, 8 Mar 2023 03:09:20 +0000 (22:09 -0500)]
 
hs-test: fix docker-ce install
Type: fix
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I449cd4ad71e33a2dd41e53accc6b325803a32c70
Filip Tehlar [Wed, 8 Mar 2023 10:55:50 +0000 (11:55 +0100)]
 
hs-test: add vppctl wrapper script
Type: test
Add a helper wrapper script for vppctl called vppcli to vpp docker image
with proper cli socket path.
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I1a51aa54bc91c1c812698501a56401c525d498e8
Filip Tehlar [Tue, 7 Mar 2023 09:13:19 +0000 (10:13 +0100)]
 
hs-test: fix envoy test
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I776e0f1f7ea700439d1fe6a598772776ae6a1493
Xinyao Cai [Fri, 17 Feb 2023 08:17:13 +0000 (16:17 +0800)]
 
avf: enable rss action of flow
This patch enables RSS action of avf flow.
Type: feature
Signed-off-by: Xinyao Cai <[email protected]>
Change-Id: I65de18d0c2eaa415893959563ea917a6b1956550
Vladislav Grishenko [Thu, 30 Dec 2021 14:08:42 +0000 (19:08 +0500)]
 
vlib: stop worker threads on main loop exit
If not, worker threads may continue own loops after deinit and/or
thread0 exit with related crashes due no rpc capability, unmapped
shared memory, etc. Main loop exit handlers that uses barrier sync
will be happy too as long as recursive barrier sync is supported.
Type: feature
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: I255a796b06936d96715683e3f062128060233dc6
Tianyu Li [Tue, 31 Jan 2023 07:07:49 +0000 (07:07 +0000)]
 
avf: fix cli memory leak with incorrect options
Remove extra line_input and unformat_user.
Type: fix
Fixes: 
b4ff07a2f843 ("Intel Adaptive Virtual Function native device driver plugin")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I9e502f3b254d0b1c7d8fd4b80925338a18da8269
Steven Luong [Tue, 7 Mar 2023 04:28:51 +0000 (20:28 -0800)]
 
udp: crash in format_udp_connection
format_udp_connection takes 2 arguments from the caller.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
Damjan Marion [Wed, 15 Feb 2023 21:10:05 +0000 (22:10 +0100)]
 
build: check for presence of python ply
Type: improvement
Change-Id: I4f190607bfce404fbe68ec968e6923509ea9519b
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Mon, 6 Mar 2023 18:29:26 +0000 (18:29 +0000)]
 
build: make Python3 mandatory
Type: refactor
Change-Id: Iac27ac4d11745b68c57a0394ced51942db8f0431
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Fri, 17 Feb 2023 02:59:38 +0000 (18:59 -0800)]
 
tcp: allow syns in closed state
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9
Florin Coras [Thu, 2 Mar 2023 06:22:30 +0000 (22:22 -0800)]
 
vcl: do not stop listeners on vls epoll del
Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7
Florin Coras [Sun, 5 Mar 2023 19:45:38 +0000 (11:45 -0800)]
 
vcl: always drain libc epoll with eventfds in ldp
Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5
Florin Coras [Mon, 6 Mar 2023 17:46:11 +0000 (09:46 -0800)]
 
hs-test: nginx mirroring test improvements
- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea
luoyaozu [Wed, 23 Nov 2022 07:59:17 +0000 (15:59 +0800)]
 
vlib: fix vlib_log for elog
test output before fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      53.
022586433: log-notice: test-log for-elog
      60.
318329361: log-debug: test-log for-elog
DBGvpp#
test output after fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      18.
362721151: log-warn: test-log for-elog
      25.
124570555: log-info: test-log for-elog
DBGvpp#
Type: fix
Signed-off-by: luoyaozu <[email protected]>
Change-Id: Ie1122787f9efb611cdafc671b4ccf68b43984924
Benoît Ganne [Fri, 24 Feb 2023 15:13:29 +0000 (16:13 +0100)]
 
stats: fix tests with multiple workers
Type: fix
Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 15:04:43 +0000 (16:04 +0100)]
 
lb: keep AddressSanitizer happy
vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.
Type: fix
Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Wed, 16 Nov 2022 18:36:15 +0000 (19:36 +0100)]
 
vppinfra: fix memory traces
 - allocates the memory trace spinlock independently from the main heap
 - disable tracing on a per thread basis
 - make sure we hold the memory trace spinlock when changing tracing
Type: fix
Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <[email protected]>
Mohsin Kazmi [Fri, 3 Mar 2023 20:25:17 +0000 (20:25 +0000)]
 
af_packet: fix the first packet offset
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb
Benoît Ganne [Fri, 27 Jan 2023 10:37:59 +0000 (11:37 +0100)]
 
af_xdp: fix netns configuration
 - clib_open_netns() expects a NULL-terminated C-string
 - if no netns was given, we should not try to format it otherwise we'll
   get "(nil)" as netns name.
Type: fix
Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Tue, 11 Oct 2022 08:09:55 +0000 (10:09 +0200)]
 
build: add sanitizer option to configure script
Type: improvement
Change-Id: Ia679d6e5fb7eff6dbd7363465e5667119751e908
Signed-off-by: Benoît Ganne <[email protected]>
Vladislav Grishenko [Fri, 9 Jul 2021 23:02:46 +0000 (04:02 +0500)]
 
vlib: avoid non-mp-safe cli process node updates
Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.
Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:
    DBGvpp# sh cli-sessions
    PNI   FD    Name                     Flags
    708   14    unix-cli-local:10558     iSLpa
    710   15    unix-cli-127.0.0.1:33252 ISlpA
    DBGvpp# sh terminal
    Terminal name:   unix-cli-127.0.0.1:33252
    Terminal node:   unix-cli-process-1
    Terminal mode:   char-by-char
    Terminal width:  158
    Terminal height: 43
    ANSI capable:    yes
    Interactive:     yes
    History enabled: yes
    History limit:   50
    Pager enabled:   yes
    Pager limit:     100000
    CRLF mode:       CR+LF
Type: improvement
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b
varasteh [Sun, 2 Jan 2022 10:50:32 +0000 (14:20 +0330)]
 
interface: more cleaning after set flags is failed in vnet_create_sw_interface
There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called
Type: fix
Signed-off-by: varasteh <[email protected]>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <[email protected]>
Mohsin Kazmi [Thu, 26 Jan 2023 15:14:17 +0000 (15:14 +0000)]
 
interface: add the missing tag keyword in the cli helper
Type: style
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67
Benoît Ganne [Wed, 19 Jan 2022 09:09:42 +0000 (10:09 +0100)]
 
crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <[email protected]>
Liangxing Wang [Fri, 13 Jan 2023 05:19:47 +0000 (05:19 +0000)]
 
memif: fix input vector rate of memif-input node
Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.
Type: fix
Signed-off-by: Liangxing Wang <[email protected]>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
Xiaoming Jiang [Thu, 8 Dec 2022 07:54:06 +0000 (07:54 +0000)]
 
vlib: fix macro define command not work in startup config exec script
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Idb34490199a78d5b0c1fe2382b6483a6e3a6fd1f
Xiaoming Jiang [Sat, 10 Dec 2022 03:44:16 +0000 (03:44 +0000)]
 
vlib: fix ASAN fake stack size set error when switching to process
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: I2add6cb8dba837e47596983ec8303883aba3a138
Xiaoming Jiang [Mon, 12 Dec 2022 02:56:43 +0000 (02:56 +0000)]
 
dpdk: plugin init should be protect by thread barrier
Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
Mohsin Kazmi [Wed, 15 Feb 2023 13:31:27 +0000 (13:31 +0000)]
 
vppinfra: adding support for socket mounting paths
Type: improvement
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If894b2b741d0d417a6fc458dda83ca1d8192385d
Xinyao Cai [Tue, 28 Feb 2023 06:44:58 +0000 (14:44 +0800)]
 
flow dpdk: introduce IP in IP support for flow
This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
	MAC-IPv4-IPv4-TCP/UDP/None,
	MAC-IPv4-IPv6-TCP/UDP/None,
	MAC-IPv6-IPv4-TCP/UDP/None,
	MAC-IPv6-IPv6-TCP/UDP/None,
IP in IP flow rules can be created by using the following new keywords in vppctl:
	in-src-ip, in-dst-ip        : to provide information for inner IPv4 header
	in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
	in-proto                    : to specify inner transport layer protocol type (TCP or UDP)
	in-src-port, in-dst-port    : to provide information for inner TCP/UDP header
An example to create flow rule for MAC-IPv6-IPv6-TCP:
	test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default
Another example to create flow rule for MAC-IPv6-IPv6:
	test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default
Type: feature
Signed-off-by: Xinyao Cai <[email protected]>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
Vladislav Grishenko [Tue, 14 Feb 2023 07:34:29 +0000 (12:34 +0500)]
 
vppinfra: fix clib_bitmap_will_expand() result inversion
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
Benoît Ganne [Thu, 5 Jan 2023 09:56:26 +0000 (10:56 +0100)]
 
crypto: make it easier to diagnose keys use-after-free
Type: improvement
Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67
Signed-off-by: Benoît Ganne <[email protected]>
Jieqiang Wang [Fri, 24 Feb 2023 08:40:58 +0000 (16:40 +0800)]
 
build: replace phony target with .ok file
When VPP builds its external packages from source, it will download the
package, patch it, configure it, build and install it. For DPDK, it will
depend on rdma-core if mlx4/mlx5 PMD is enabled. So phony target
dpdk-config needs to have the prerequisites of rdma-core-install and
ipsec-mb-install(x86 only), which are both phony targets. This leads to
redundant behavior of recipes executing twice in dpdk-config.
Replace the phony target with hidden file *.install.ok to avoid that.
Type: improvement
Signed-off-by: Lijian Zhang <[email protected]>
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: Ibf3b766ab7a4ccfcbffe08f6cdb90da72ca1ce29
Christian Svensson [Mon, 6 Feb 2023 16:24:26 +0000 (17:24 +0100)]
 
misc: define SElinux mapped file permissions
SElinux added support for defining what files can be mmap()'d a while back.
This change defines those files that VPP maps.
This is needed for EL9 support
Type: fix
Signed-off-by: Christian Svensson <[email protected]>
Change-Id: Iedd26914e29347169c4cc138628df7823ddd5691
Christian Svensson [Mon, 6 Feb 2023 16:25:16 +0000 (17:25 +0100)]
 
build: add Rocky Linux 9 support
Currently only RHEL/CentOS 8 and Fedora are supported.
EL9 is a middle ground and thus require some different dependencies.
Type: feature
Signed-off-by: Christian Svensson <[email protected]>
Change-Id: I7be79e61994800bb796d4e9141f0ff6ad8bdead2
jiangxiaoming [Wed, 30 Mar 2022 06:12:26 +0000 (06:12 +0000)]
 
snort: fix descriptor offset may be truncated if buffers num too large
Type: fix
Signed-off-by: jiangxiaoming <[email protected]>
Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb
lijinhui [Mon, 15 Aug 2022 09:41:39 +0000 (17:41 +0800)]
 
interface: fix 4 or more interfaces equality comparison bug with xor operation using (a^a)^(b^b)
Type: fix
Signed-off-by: lijinhui <[email protected]>
Change-Id: I80783eed2b819a9e6fd4cee973821c9d97c285a6
Benoît Ganne [Wed, 8 Feb 2023 17:54:30 +0000 (18:54 +0100)]
 
vppinfra: display only the 1st 50 memory traces by default
When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.
Type: improvement
Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <[email protected]>
Xiaoming Jiang [Thu, 8 Dec 2022 08:08:41 +0000 (08:08 +0000)]
 
stats: fix node name compare error when updating stats segment
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Ib39aa345415720dd05a1b3e12e3e03eac43c5606
Nathan Skrzypczak [Wed, 15 Dec 2021 18:15:32 +0000 (19:15 +0100)]
 
memif: autogenerate socket_ids
This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.
It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.
socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)
Type: feature
Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <[email protected]>
Filip Tehlar [Tue, 28 Feb 2023 17:59:15 +0000 (18:59 +0100)]
 
hs-test: add support for running vpp in gdb
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I6e03b88ca013cafd73f424ea63f706f105bebe6b
Gabriel Oginski [Tue, 14 Feb 2023 08:46:36 +0000 (08:46 +0000)]
 
vpp-swan: fix memory leaks
This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
Gabriel Oginski [Tue, 21 Feb 2023 08:42:06 +0000 (08:42 +0000)]
 
wireguard: add barrier to sync data
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
Ole Troan [Fri, 17 Feb 2023 13:23:48 +0000 (14:23 +0100)]
 
stats: expose symlink to stats client
For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.
The VPP symlink metric:
/interfaces/local0/rx_unicast
that points to
/if/rx_unicast
Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0
Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
Nobuhiro MIKI [Tue, 28 Feb 2023 09:30:09 +0000 (18:30 +0900)]
 
docs: fixed to use unified "pcap trace" command
Type: docs
Fixes: 
33909777c637 ("misc: unify pcap rx / tx / drop trace")
Signed-off-by: Nobuhiro MIKI <[email protected]>
Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
Florin Coras [Wed, 1 Mar 2023 08:49:25 +0000 (00:49 -0800)]
 
vcl: accept bound notifications in epoll wait
Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.
App does not need to be notified of the event.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
Florin Coras [Wed, 1 Mar 2023 08:45:31 +0000 (00:45 -0800)]
 
vcl: accept vcl spurious wakeup in epoll wait eventfd
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
Florin Coras [Wed, 1 Mar 2023 06:32:31 +0000 (22:32 -0800)]
 
vcl: close libc epfd on vls epfd close
Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
Florin Coras [Wed, 1 Mar 2023 05:13:50 +0000 (21:13 -0800)]
 
vcl: only add sessions to lt list if needed
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I777979dbb89f9af774533cb280e77af58b81fb29
Maros Ondrejicka [Tue, 21 Feb 2023 12:42:35 +0000 (13:42 +0100)]
 
hs-test: update hs-test documentation
Type: docs
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I123898923afa382ff0d4410652f4a17a8740d711
Maros Ondrejicka [Wed, 1 Mar 2023 08:43:24 +0000 (09:43 +0100)]
 
hs-test: fix error check
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I445f5357817fceeb9b5ead01c3530edaae45189a
Mohammed Hawari [Mon, 27 Feb 2023 14:33:30 +0000 (15:33 +0100)]
 
udp: fix optimistic assert for UDP RX
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797
Signed-off-by: Mohammed Hawari <[email protected]>
Type: improvement
Fan Zhang [Wed, 1 Mar 2023 14:45:46 +0000 (14:45 +0000)]
 
vpp-swan: improve Makefile
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <[email protected]>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
Tianyu Li [Mon, 27 Feb 2023 09:14:34 +0000 (09:14 +0000)]
 
vcl: fix undeclared UDP_SEGMENT for centos 8
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: 
eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
Florin Coras [Tue, 28 Feb 2023 22:51:03 +0000 (14:51 -0800)]
 
hs-test: fix wait for app after ldp change
After gerrit 38370 (
729b9c94), apps are registered via ldp using program
name. Update tests to support that.
Also add make file help for UNCONFIGURE.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d
Florin Coras [Mon, 30 Jan 2023 19:18:36 +0000 (11:18 -0800)]
 
session: consolidate port alloc logic
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
Florin Coras [Tue, 28 Feb 2023 20:43:39 +0000 (12:43 -0800)]
 
tcp: add dispatch errors to counters
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I27112947071a757065162f0e50f69983d258525d