vpp.git
3 weeks agosession: refactoring application_local.c 38/43138/20
Steven Luong [Tue, 10 Jun 2025 21:18:19 +0000 (14:18 -0700)]
session: refactoring application_local.c

Moved segment management code to segment_manager.c and rename functions to sm_custom.
Specifically,

ct_session_dealloc_fifos -> sm_custom_segment_dealloc_fifos
ct_lookup_free_segment   -> sm_lookup_free_custom_segment
ct_alloc_segment         -> sm_custom_alloc_segment
ct_init_accepted_session -> sm_custom_segment_alloc_fifos

Unified segment_manager_alloc_fifos and segment_manager_dealloc_fifos with
custom segment. Only exposed segment_manager_alloc/dealloc_fifos as public APIs.

Make use of session_transport_delete_notify instead of custom cleanup.

Type: improvement

Change-Id: Ibd0eaef92e3ebb8da536c5190bcd004571a35fc1
Signed-off-by: Steven Luong <[email protected]>
3 weeks agoquic: fix quicly plugin to use vpp crypto engine. 82/43782/12
Dave Wallace [Sat, 27 Sep 2025 02:22:00 +0000 (22:22 -0400)]
quic: fix quicly plugin to use vpp crypto engine.

- Make picotls the default crypto engine
- Improve debug output
- Fix vpp native crypto engine issues introduced
  during quic engine api & quic_quicly plugin
  development
- Convert c++ style comments to c-style
- Refactor 'quic set crypto api' command to
  remove quicly engine specific terminology
  and make it work properly.

Type: fix

Change-Id: I6b60b7b51e8b666fc075373d432b1031b8e5d9e3
Signed-off-by: Dave Wallace <[email protected]>
3 weeks agoige: native driver for Intel Gigabit Adapters (i211, i225, i226) 81/41081/16
Damjan Marion [Thu, 2 Oct 2025 12:01:39 +0000 (14:01 +0200)]
ige: native driver for Intel Gigabit Adapters (i211, i225, i226)

Type: feature
Change-Id: I79bd1111fdfc777843de917ed061c8e818e20d2e
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agointerface: interface monitor CLI displays incorrect rate statistics 13/43613/5
jinshaohui [Mon, 22 Sep 2025 12:07:21 +0000 (20:07 +0800)]
interface: interface monitor CLI displays incorrect rate statistics

   Fix interface rate monitoring discrepancy caused by
sw_if_index/hw_if_index mismatch in sub-interface scenarios

Type: fix

Change-Id: Ie6ea16b607da686e318473de05d5818fd7216ce0
Signed-off-by: jinshaohui <[email protected]>
3 weeks agovppinfra api: remove vppinfra api dependency 25/43825/2
Florin Coras [Fri, 3 Oct 2025 01:47:56 +0000 (21:47 -0400)]
vppinfra api: remove vppinfra api dependency

vppinfra should not dependend on api generated files. Move
jsonformat.[ch] to vlibapi.

Type: refactor

Change-Id: Ia8b46fd73e95eb90c86a0b3402b3a391ba0f4bcd
Signed-off-by: Florin Coras <[email protected]>
3 weeks agohttp: http/3 framing layer 21/43821/4
Matus Fabian [Wed, 1 Oct 2025 16:40:29 +0000 (12:40 -0400)]
http: http/3 framing layer

DATA, HEADERS, SETTINGS and GOAWAY frames parsing and serailizing

Type: feature

Change-Id: Id6e8ea3fe010292c73b4604496f8394c1ddba2c7
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agointerface: add cli config option for fq nelts 12/43712/3
Florin Coras [Wed, 17 Sep 2025 18:05:57 +0000 (14:05 -0400)]
interface: add cli config option for fq nelts

Allow configuration of frame queue nelts instead of the default 64

Type: improvement
Change-Id: Id2e2fe2d8f4d44800120114eb7f922a24d87b170
Signed-off-by: Florin Coras <[email protected]>
3 weeks agoip: move address related functions to types 22/43822/3
Florin Coras [Thu, 2 Oct 2025 06:23:08 +0000 (02:23 -0400)]
ip: move address related functions to types

Move functions that do basic operations on ip4/6/46 addresses from ip.h
to ip_types.h, to ease consumption / minimize dependencies, especially
on ip.h which pulls in the whole ip layer.

Type: refactor

Change-Id: I92be1010337c65bdb132b32880633d519cf56fc8
Signed-off-by: Florin Coras <[email protected]>
3 weeks agodev: minor fixes and improvements 23/43823/2
Damjan Marion [Thu, 2 Oct 2025 12:03:08 +0000 (14:03 +0200)]
dev: minor fixes and improvements

Change-Id: Id38f58ec37768be00cbb106ca697ca61186111e6
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agohttp: qpack_encode_method fix 20/43820/2
Matus Fabian [Wed, 1 Oct 2025 16:13:26 +0000 (12:13 -0400)]
http: qpack_encode_method fix

missing break found by coverity

Type:fix

Change-Id: Ib63d9466c9282eebd0270a2cf0fb0dfe0fef6ae9
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agovcl: add option to build vcl wihout bapi support 19/43819/3
Florin Coras [Wed, 1 Oct 2025 03:01:29 +0000 (23:01 -0400)]
vcl: add option to build vcl wihout bapi support

Add compile time option to disable building vcl bapi infrastructure. For
now, the build is still enabled and the code is tested, but BAPI support
is deprecated and will be removed in time.

Type: improvement

Change-Id: I8d04b0496b53025637e3339cac600d2637f282a8
Signed-off-by: Florin Coras <[email protected]>
3 weeks agoip: ip6 frags should have as much space for headers as original 55/43755/3
Florin Coras [Fri, 26 Sep 2025 00:25:45 +0000 (20:25 -0400)]
ip: ip6 frags should have as much space for headers as original

Type: improvement

Change-Id: I10c924a391379151a09e2b81b364a4d796f751ec
Signed-off-by: Florin Coras <[email protected]>
3 weeks agosnort: add verbosity to show desc freelist 62/43762/2
Mohsin Kazmi [Tue, 30 Sep 2025 15:22:06 +0000 (15:22 +0000)]
snort: add verbosity to show desc freelist

Type: improvement

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ifeaefb24a4970a617d35c38cbdbd27ab00186ff5

3 weeks agosnort: fix the cli help 05/43605/2
Mohsin Kazmi [Tue, 16 Sep 2025 16:23:16 +0000 (16:23 +0000)]
snort: fix the cli help

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Iea94466dddfe71489ee8dd586ea205d47e1fb4eb

3 weeks agoocteon: add switch_header_type argument 58/43758/12
Yoann Desmouceaux [Fri, 26 Sep 2025 10:22:38 +0000 (03:22 -0700)]
octeon: add switch_header_type argument

This commit adds a new argument, switch_header_type, to the octeon port
config, which can be used to tell the NPC about the type of underlying
switch header (edsa, etc), so that it can properly skip it when
performing RSS computations.

Type: improvement

Change-Id: I80f05ea07f5c466bb13b30c2d353b9d0876ad497
Signed-off-by: Yoann Desmouceaux <[email protected]>
Signed-off-by: Damjan Marion <[email protected]>
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
3 weeks agodev: fix typos 17/43817/2
Damjan Marion [Tue, 30 Sep 2025 12:09:28 +0000 (14:09 +0200)]
dev: fix typos

Type: fix
Change-Id: I26a7799762907ac72f47ba2f07b1ace403c34d1f
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agohttp: QPACK encoding request 16/43816/2
Matus Fabian [Tue, 30 Sep 2025 10:02:20 +0000 (06:02 -0400)]
http: QPACK encoding request

Type: feature

Change-Id: Ic823d9db4f594b66fff14aefd5658350d5621fda
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agohttp: QPACK encoding response 92/43792/3
Matus Fabian [Mon, 29 Sep 2025 16:05:07 +0000 (12:05 -0400)]
http: QPACK encoding response

Type: feature

Change-Id: I238227966b9bb1056f371241b5d8e0667993a967
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agohttp: QPACK header encoding w/o dynamic table 80/43780/6
Matus Fabian [Fri, 26 Sep 2025 15:59:29 +0000 (11:59 -0400)]
http: QPACK header encoding w/o dynamic table

Type: feature

Change-Id: I10eeb9b7b5a5e8fc8733ea33463cffaece7bd162
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agosnort: add support for daq-vpp msg dump 61/43761/2
Mohsin Kazmi [Tue, 30 Sep 2025 12:15:35 +0000 (12:15 +0000)]
snort: add support for daq-vpp msg dump

Type: feature

To enable msg debugging:
   --daq-var debug-msg

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ie2acd4aa763837c46d1908915ccf941743bf5b38

3 weeks agosession: add option to not dump segments in cores 81/43781/3
Florin Coras [Sat, 27 Sep 2025 00:59:57 +0000 (20:59 -0400)]
session: add option to not dump segments in cores

Type: improvement

Change-Id: Icdddfe2d610945e329ef86ec1244c3b53f227ace
Signed-off-by: Florin Coras <[email protected]>
3 weeks agosession: app socket api as default instead of bapi 94/43794/4
Florin Coras [Tue, 30 Sep 2025 05:24:02 +0000 (01:24 -0400)]
session: app socket api as default instead of bapi

Default to using app socket api instead of binary api for external
application attachment. It is more secure as the binary api socket no
longer needs to be exposed to apps to be able to attach.

Moved all python tests to app socket api and added a new one for basic
testing of bapi.

Type: improvement

Change-Id: Ib8c71e648871cd56492cb7bfb28997ebd117e009
Signed-off-by: Florin Coras <[email protected]>
3 weeks agodev: add enum arg type 90/43790/4
Damjan Marion [Mon, 29 Sep 2025 12:50:49 +0000 (14:50 +0200)]
dev: add enum arg type

Type: improvement
Change-Id: Iafae917a52b848f146f8a9651e26812702501751
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agohsa: remove sapi apps support for vpe api 93/43793/1
Florin Coras [Mon, 29 Sep 2025 22:12:20 +0000 (18:12 -0400)]
hsa: remove sapi apps support for vpe api

Type: improvement

Change-Id: I8f14db9ab7b65d2e55237bf19ec660490677c1bd
Signed-off-by: Florin Coras <[email protected]>
3 weeks agodev: add option to specify device-id(s) in "show device" 91/43791/2
Damjan Marion [Mon, 29 Sep 2025 15:03:57 +0000 (17:03 +0200)]
dev: add option to specify device-id(s) in "show device"

Type: improvement
Change-Id: Id0caddd67997fadb86ec493c01da7966146266c3
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agohttp: QPACK decoding request and response 53/43753/3
Matus Fabian [Thu, 25 Sep 2025 15:14:30 +0000 (11:14 -0400)]
http: QPACK decoding request and response

Type: feature

Change-Id: Ica48ee1bf432a88529c41b166f5a883e2a432677
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agohttp: move generic functions to hpack_inlines.h 51/43751/4
Matus Fabian [Thu, 25 Sep 2025 10:08:56 +0000 (06:08 -0400)]
http: move generic functions to hpack_inlines.h

Type: refactor

Change-Id: Ia7ce7b7651098a5e25e3adadaa854529008ccef6
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agohttp: QPACK header decoding w/o dynamic table 51/43651/5
Matus Fabian [Tue, 2 Sep 2025 15:27:00 +0000 (11:27 -0400)]
http: QPACK header decoding w/o dynamic table

Type: feature

Change-Id: Iee49328d21f4c2ab0f384de9864be6d2f65f50eb
Signed-off-by: Matus Fabian <[email protected]>
3 weeks agohs-test: add suite labels and label filtering 59/43759/3
Adrian Villin [Fri, 26 Sep 2025 14:09:30 +0000 (10:09 -0400)]
hs-test: add suite labels and label filtering

- https://onsi.github.io/ginkgo/#spec-labels

Type: test

Change-Id: I7ebb703d52d6e65efb7a24cd3abc949a749b26c8
Signed-off-by: Adrian Villin <[email protected]>
3 weeks agodev: remove duplicate cli 88/43788/2
Damjan Marion [Mon, 29 Sep 2025 11:58:49 +0000 (13:58 +0200)]
dev: remove duplicate cli

Type: fix
Change-Id: I40c3536892d41a068dd2c2e4f7a80ae9cc5c9767
Signed-off-by: Damjan Marion <[email protected]>
3 weeks agobuild: add keyword none to VPP_PLUGINS= 87/43787/1
Damjan Marion [Mon, 29 Sep 2025 11:38:14 +0000 (13:38 +0200)]
build: add keyword none to VPP_PLUGINS=

Type: improvement
Change-Id: I5301e4df91f2486446acb4a6049170357b51cf5d
Signed-off-by: Damjan Marion <[email protected]>
4 weeks agovlib: native fuse filesystem implementation 84/43684/15
Damjan Marion [Fri, 26 Sep 2025 13:13:45 +0000 (15:13 +0200)]
vlib: native fuse filesystem implementation

Type: feature
Change-Id: I2445b30ec570fe608a4b60128a5e5bde7d4c96ee
Signed-off-by: Damjan Marion <[email protected]>
4 weeks agomisc: include hs_apps in cov reports 78/43778/3
Semir Sionek [Fri, 26 Sep 2025 09:42:14 +0000 (09:42 +0000)]
misc: include hs_apps in cov reports

Type: make
Change-Id: Iceeb1ff03da4d12e3d24fb6ceea5044448d807d5
Signed-off-by: Semir Sionek <[email protected]>
4 weeks agostats: histogram, gauge and ring buffer types 71/43471/11
Ole Troan [Wed, 23 Jul 2025 10:46:49 +0000 (12:46 +0200)]
stats: histogram, gauge and ring buffer types

A new log2 histogram type with prometheus exporter support.
min_exp can be set in the first element to adjust the bins.

The ring buffer is intended for exporting records to a client side
reader. If the reader cannot keep up the writer will overwrite oldest
entry.

Added a new gauge type, which is like scalar index, but being
explicit allows the prometheus exported to set type corretly.

Type: improvement
Change-Id: Ibe1244f28e01eee8d61a3ca6edb6fd1801f1c942
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I1a6046c6962d67db8c510a571e9414723acbbd7e
Signed-off-by: Ole Troan <[email protected]>
4 weeks agoip: frags should have as much space for headers as original 54/43754/2
Florin Coras [Thu, 25 Sep 2025 17:52:21 +0000 (13:52 -0400)]
ip: frags should have as much space for headers as original

Type: improvement

Change-Id: Ic8ef26f588a7c161abbe63b3887a76faa32872de
Signed-off-by: Florin Coras <[email protected]>
4 weeks agohs-test: flaky Http2ContinuationTxTest fix 46/43746/2
Matus Fabian [Wed, 24 Sep 2025 10:37:06 +0000 (06:37 -0400)]
hs-test: flaky Http2ContinuationTxTest fix

curl container output get rarely corrupted for unknown reason

Type: test

Change-Id: I3c832e1bfddffe590b3b3667065c28d4ded8183e
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agohsa: http connect proxy client multiworker support 16/43616/24
Matus Fabian [Wed, 20 Aug 2025 16:18:46 +0000 (12:18 -0400)]
hsa: http connect proxy client multiworker support

Type: improvement

Change-Id: I24e80476136712ee8dd4c8c4b3cd7e5c017acc80
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agohsa: http connect proxy client 90/43490/56
Matus Fabian [Mon, 28 Jul 2025 16:44:13 +0000 (12:44 -0400)]
hsa: http connect proxy client

Type: feature

Change-Id: Ibe6c01378688b0b47ef26149663b3de1aa02a083
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agohttp: h2 fix app closed tunnel 40/43740/2
Matus Fabian [Tue, 23 Sep 2025 13:55:07 +0000 (09:55 -0400)]
http: h2 fix app closed tunnel

do not change stream state if there is more data to send when app
closed tunnel

Type: fix

Change-Id: I41a39b10ceeabc02d6f23a6bdf8c51b421cffb61
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agohttp: add stream reset countres to the stats 32/43732/3
Matus Fabian [Mon, 22 Sep 2025 15:18:25 +0000 (11:18 -0400)]
http: add stream reset countres to the stats

Type: improvement

Change-Id: Id255a0e03f127576abcdc7a0e025c9f3c3eb6981
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agolinux-cp: fix multicast route setup with lcp-sync 41/43741/2
Matthew Smith [Mon, 22 Sep 2025 13:32:29 +0000 (08:32 -0500)]
linux-cp: fix multicast route setup with lcp-sync

Type: fix
Fixes: 344dab5a22e1

Code which tries to avoid removing multicast routes prematurely or
adding them multiple times causes problems when lcp-sync is enabled. At
the time the decision is made whether this is the first interface
address added, multiple addresses may already configured on the VPP
interface. This causes the route to not be added.

Retain the check which avoids premature removal and remove the one
which tries to avoid adding the route multiple times. Adding the route
more than once is innocuous.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I2a29f87db5ba97e847a6e29ad2283386b1f1dc7b

4 weeks agocrypto-native: respect platform flags if platform build 50/43750/2
Damjan Marion [Thu, 25 Sep 2025 09:23:18 +0000 (11:23 +0200)]
crypto-native: respect platform flags if platform build

Type: improvement
Change-Id: I79200230c6ebfba988b5f36baa98ef976c9ba58f
Signed-off-by: Damjan Marion <[email protected]>
4 weeks agobuild: change cpu flags for octeon10 platform 49/43749/1
Damjan Marion [Thu, 25 Sep 2025 08:42:19 +0000 (10:42 +0200)]
build: change cpu flags for octeon10 platform

Type: improvement
Change-Id: Ieb28e07aa6159d5cd670e816cae0d0b3599c417e
Signed-off-by: Damjan Marion <[email protected]>
4 weeks agohsa: include rtt & jitter measurements in echo client periodic reports 69/43669/13
Semir Sionek [Mon, 8 Sep 2025 12:18:49 +0000 (12:18 +0000)]
hsa: include rtt & jitter measurements in echo client periodic reports

Periodic reports in echo client now include RTT measurements by default
in TCP & UDP echo-bytes runs. They can be swapped for basic jitter
measurements with report-jitter.

Type: improvement

Change-Id: I8ee0b17b49ed24799adb95ac7a3bbad383e339e1
Signed-off-by: Semir Sionek <[email protected]>
4 weeks agomisc: Initial 26.02-rc0 commit 56/43756/1 v26.02-rc0
Andrew Yourtchenko [Wed, 24 Sep 2025 12:09:17 +0000 (14:09 +0200)]
misc: Initial 26.02-rc0 commit

Type: docs
Change-Id: If76365a42efd88ac49af02fb4c86d62c4bafe24b
Signed-off-by: Andrew Yourtchenko <[email protected]>
4 weeks agodhcp: fix lease renewal for non-default fibs 43/43743/4
Florin Coras [Tue, 23 Sep 2025 19:32:11 +0000 (15:32 -0400)]
dhcp: fix lease renewal for non-default fibs

Type: fix

Change-Id: Ic6f02e47cd7f83d3ac0f273b9bff5c6c1d8d5a43
Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: Steven Luong <[email protected]>
4 weeks agohsa: adjust echo client reporting for udp runs 39/43739/2
Semir Sionek [Tue, 23 Sep 2025 12:13:07 +0000 (12:13 +0000)]
hsa: adjust echo client reporting for udp runs

Do not print handshake times for UDP, include total dgram
sent/received/loss percentage statistics.

Type: improvement
Change-Id: I67df73d56b2971c8fddd757fceef76c0f208aed4
Signed-off-by: Semir Sionek <[email protected]>
4 weeks agokube-test: fix and update image tags 14/43614/1
Adrian Villin [Tue, 23 Sep 2025 08:52:27 +0000 (04:52 -0400)]
kube-test: fix and update image tags

Type: test

Change-Id: I6514cad1349c65a4ae79e657a3d64d380ce1c1e4
Signed-off-by: Adrian Villin <[email protected]>
4 weeks agohsa: proxy active_open_rx_callback fix 31/43731/3
Matus Fabian [Mon, 22 Sep 2025 12:32:37 +0000 (08:32 -0400)]
hsa: proxy active_open_rx_callback fix

Do not program tx evt on passive open when session is closed

Type: fix

Change-Id: Iddf1e40689caf87e1846534c58b0d42f07ca046e
Signed-off-by: Matus Fabian <[email protected]>
4 weeks agohsa: remove unused test_send_buffer from echo client 28/43728/2
Semir Sionek [Mon, 22 Sep 2025 10:05:35 +0000 (10:05 +0000)]
hsa: remove unused test_send_buffer from echo client

test_send_buffer was originally supposed to be used for assembling
dgrams with included data buffer offsets. As we decided on using
segments, this is not needed.

Type: fix
Change-Id: I3cdbfc077aefeecc44615cb93f7d9f3274b6b5fb
Signed-off-by: Semir Sionek <[email protected]>
4 weeks agodev: add ability for process node to wait for device config 25/43725/3
Damjan Marion [Fri, 19 Sep 2025 08:36:57 +0000 (10:36 +0200)]
dev: add ability for process node to wait for device config

This also reverts commit f36243c which was causing issues with queue
setup.

Change-Id: I5997d226c4bbf8c58d9ad538fa59563ea4fe2f69
Type: fix
Fixes: f36243c
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agosnort: add support for DIOCTL_GET_PRIV_DATA_LEN 09/43609/2
Mohsin Kazmi [Fri, 19 Sep 2025 16:07:56 +0000 (16:07 +0000)]
snort: add support for DIOCTL_GET_PRIV_DATA_LEN

Type: improvement

This patch implements support for retrieving private data length via ioctl.
The private data pointer is set in the message header,
and when Snort processes the packet, it can request the length
of this private data through the ioctl interface.

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I02a831557b349bab7c9c8fe2e00cd8b085d3e5f7

5 weeks agosession svm: fix session migrate attach data corruption 23/43723/5
Florin Coras [Fri, 19 Sep 2025 07:38:39 +0000 (03:38 -0400)]
session svm: fix session migrate attach data corruption

Fifo ooo_deq is used when peeking. Consequently, when migrating a
udp session already scheduled for sending, the owner thread will read
corrupted data. Overload enq/deq rbtrees instead.

Type: fix

Change-Id: I5bf25355f64513911a349e42c056b3a9b6eb3523
Signed-off-by: Florin Coras <[email protected]>
5 weeks agosession: fix handling of closed during migration 14/43714/6
Florin Coras [Thu, 18 Sep 2025 04:34:13 +0000 (00:34 -0400)]
session: fix handling of closed during migration

Close the new session.

Type: fix

Change-Id: I5cc231b68e7da9c9c459bab1706490ac18cfeabc
Signed-off-by: Florin Coras <[email protected]>
5 weeks agobfd: add API to configure TOS for IP of BFD packets 39/43439/9
Mihut Aronovici [Mon, 14 Jul 2025 19:32:22 +0000 (15:32 -0400)]
bfd: add API to configure TOS for IP of BFD packets

Change-Id: I2753b5b200791130b83fa07b0fa731e636f79252
Signed-off-by: Mihut Aronovici <[email protected]>
Type: improvement

5 weeks agoipsec: Improve tunnel mode detection in ESP decrypt post-crypto 43/43643/2
Denys Haryachyy [Thu, 28 Aug 2025 09:56:42 +0000 (12:56 +0300)]
ipsec: Improve tunnel mode detection in ESP decrypt post-crypto

Type: fix

 - Use irt->is_tunnel flag to properly detect IPSec tunnel mode SAs
 - Skip IP address verification for IPSec tunnel mode (outer IP already validated)

Change-Id: Icd57b699b745f764e7e87bbbb4cf891e82320f37
Signed-off-by: Denys Haryachyy <[email protected]>
5 weeks agovapi: uds transport pass client index correctly 15/43015/5
Stanislav Zaikin [Tue, 27 May 2025 11:20:59 +0000 (13:20 +0200)]
vapi: uds transport pass client index correctly

client_index inside vapi message is an opaque cookie. client_index in
vapi is just index inside sockclnt_create/sockclnt_delete messages.

Type: fix

Change-Id: Id06ff078788994d6c426e85e5ce08a259e236bc0
Signed-off-by: Stanislav Zaikin <[email protected]>
5 weeks agokube-test: MW iperf tests, improvements 03/43603/6
Adrian Villin [Fri, 12 Sep 2025 13:38:39 +0000 (09:38 -0400)]
kube-test: MW iperf tests, improvements

- caching calico images in local registry
- updated calico config template

Type: test

Change-Id: I9f1b3b1301914c4e44e7963f9fdfe6a5dd7ddd2a
Signed-off-by: Adrian Villin <[email protected]>
5 weeks agobuild: add knob to specify which plugins to build 21/43721/2
Damjan Marion [Thu, 18 Sep 2025 15:13:37 +0000 (17:13 +0200)]
build: add knob to specify which plugins to build

Type: make
Change-Id: I6bd6df968577a4b5335f0604e02c2ea05d938355
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agosnort: fix the libdaq required version 08/43608/2
Mohsin Kazmi [Thu, 18 Sep 2025 15:26:27 +0000 (15:26 +0000)]
snort: fix the libdaq required version

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Iffc86d9a59a86c3acf3959ef4eb66c5379c8d659

5 weeks agobuild: update octeon-roc version 16/43716/1
Monendra Singh Kushwaha [Thu, 18 Sep 2025 07:19:21 +0000 (07:19 +0000)]
build: update octeon-roc version

Type: feature

Change-Id: Iaa1df805417e1997dca44e588f84e6a7daff56c7
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
5 weeks agoquic: refactor crypto context index encoding and debug output 05/43705/4
Dave Wallace [Tue, 16 Sep 2025 05:29:41 +0000 (01:29 -0400)]
quic: refactor crypto context index encoding and debug output

- add encode / decode macros for consistency across quic engine
  implementations
- debug code cleanup

Type: refactor

Change-Id: I7d0412b78a7555dbd346c4cfee56481effe054a5
Signed-off-by: Dave Wallace <[email protected]>
5 weeks agosnort: add more debug logs in vpp_daq library 07/43607/2
Mohsin Kazmi [Wed, 17 Sep 2025 12:54:25 +0000 (12:54 +0000)]
snort: add more debug logs in vpp_daq library

Type: improvement

To enable debugging information in vpp_daq, one needs to pass:
--daq-var debug

daq_vpp: daq_vpp_instantiate: creating instance 1 out of 2 with input vpp0
daq_vpp: daq_vpp_socket_connect: connecting to socket /run/vpp/snort.sock
daq_vpp: daq_vpp_socket_connect: connected to socket /run/vpp/snort.sock
daq_vpp: daq_vpp_request: send msg: { type: CONNECT, connect: { num_snort_instances: 2, daq_version: 3.0.2
daq_vpp: daq_vpp_request: recv msg: { err: 0, connect: { num_bpools: 2 } }
daq_vpp: daq_vpp_request: send msg: { type: GET_BUFFER_POOL, get_buffer_pool: { buffer_pool_index: 0 } }
daq_vpp: daq_vpp_request: recv msg: { err: 0, get_buffer_pool: { size: 320864256 } }
daq_vpp: daq_vpp_request: send msg: { type: GET_BUFFER_POOL, get_buffer_pool: { buffer_pool_index: 1 } }
daq_vpp: daq_vpp_request: recv msg: { err: 0, get_buffer_pool: { size: 320864256 } }
daq_vpp: daq_vpp_request: send msg: { type: GET_INPUT, get_input: { input_name: "vpp0" } }
daq_vpp: daq_vpp_request: recv msg: { err: 0, get_input: { input_index: 0, num_qpairs: 2, shm_size: 61440
daq_vpp: daq_vpp_request: send msg: { type: ATTACH_QPAIR, attach_qpair: { input_index: 0, qpair_index: 0 }
daq_vpp: daq_vpp_request: recv msg: { err: 0, attach_qpair: { qpair_id: { thread_id: 0, queue_id: 0 }, log
daq_vpp: daq_vpp_find_or_add_input: input vpp0 qpair 0.0: size 1024, hdr 0x7f01543bc000, enq 0x7f01543c208
daq_vpp: daq_vpp_request: send msg: { type: ATTACH_QPAIR, attach_qpair: { input_index: 0, qpair_index: 1 }
daq_vpp: daq_vpp_request: recv msg: { err: 0, attach_qpair: { qpair_id: { thread_id: 1, queue_id: 0 }, log
daq_vpp: daq_vpp_find_or_add_input: input vpp0 qpair 1.0: size 1024, hdr 0x7f01543c3080, enq 0x7f01543c910
daq_vpp: daq_vpp_add_qpair_to_instance: qpair 0.0 added to instance 1
daq_vpp: daq_vpp_instantiate: creating instance 2 out of 2 with input vpp0
daq_vpp: daq_vpp_add_qpair_to_instance: qpair 1.0 added to instance 2
daq_vpp: daq_vpp_get_msg_pool_info: getting msg pool info
daq_vpp: daq_vpp_get_msg_pool_info: getting msg pool info
daq_vpp: daq_vpp_ioctl: ioctl cmd DIOCTL_GET_PRIV_DATA_LEN

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I33bfbf50999bdf7658a5710da239bb0d1c4ca787

5 weeks agodev: initialize devices earlier, before main loop running 06/43706/2
Damjan Marion [Tue, 16 Sep 2025 10:27:06 +0000 (12:27 +0200)]
dev: initialize devices earlier, before main loop running

Type: improvement
Change-Id: I073f78b29ab32d0d9f4447813acc684b6576f264
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agohttp: http2_format_req print more info 09/43709/1
Matus Fabian [Tue, 16 Sep 2025 15:55:00 +0000 (11:55 -0400)]
http: http2_format_req print more info

print flags and h2 request variables like window size on hi vebosity

Type: improvement

Change-Id: Ibfa73fe9d04745078c0ae0efa79cd4cb521433b9
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agohs-test: move hs-test to vpp/test-c 00/43600/13
Adrian Villin [Mon, 8 Sep 2025 14:29:39 +0000 (16:29 +0200)]
hs-test: move hs-test to vpp/test-c

- separated cluster tests from hs-test and moved them into
  test-c/kube-test
- cleaned up kube-test and hs-test
- kube-test setup-cluster.sh improvements
- Makefile in extras/hs-test is temporary
- kube-test stability improvements

Type: test

Change-Id: Iee9fc732ccd303d4b4635d329f673c03f95a4dd4
Signed-off-by: Adrian Villin <[email protected]>
5 weeks agohttp: notify app on app_worker_init_connected err 03/43703/2
Matus Fabian [Mon, 15 Sep 2025 20:06:17 +0000 (16:06 -0400)]
http: notify app on app_worker_init_connected err

Type: fix

Change-Id: I5096d3869134af4f696b2ee9be605a9d049202d4
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agobuild: bump cmake to 3.19 04/43704/2
Damjan Marion [Mon, 15 Sep 2025 20:30:41 +0000 (22:30 +0200)]
build: bump cmake to 3.19

Type: improvement
Change-Id: I8b509b3eb03b4df2972e73aeec4771190652171b
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agoocteon: add support for changing RSS key 02/43702/2
Damjan Marion [Mon, 15 Sep 2025 17:36:24 +0000 (19:36 +0200)]
octeon: add support for changing RSS key

Change-Id: I855c394262b275d1f98d9bce1a3cd4a2411d88f7
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agodev: add support for changing RSS key 01/43701/2
Damjan Marion [Mon, 15 Sep 2025 17:35:48 +0000 (19:35 +0200)]
dev: add support for changing RSS key

Type: improvement
Change-Id: I40350be4c362d20f60b94c82faf564f06d8e86f6
Signed-off-by: Damjan Marion <[email protected]>
5 weeks agohsa: proxy don't send tx event when fifo is empty 76/43676/4
Matus Fabian [Mon, 8 Sep 2025 23:07:33 +0000 (19:07 -0400)]
hsa: proxy don't send tx event when fifo is empty

Type: improvement

Change-Id: Ic0a37de2c9f9e0b4e60cdd0740eb4ffcede23629
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agohsa: proxy http can be closed on ao connected err 74/43674/7
Matus Fabian [Mon, 8 Sep 2025 17:14:40 +0000 (13:14 -0400)]
hsa: proxy http can be closed on ao connected err

Type: fix

Change-Id: I0e42a40a33056c00ca7b7a01acd4c73072734eb2
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agohttp: add half-close support for h2 tcp tunnels 73/43673/5
Matus Fabian [Mon, 8 Sep 2025 17:08:51 +0000 (13:08 -0400)]
http: add half-close support for h2 tcp tunnels

Proxy app can now handle TCP connection close better.

Type: improvement

Change-Id: I8d0cbf0c8dbc97aac4b8d860e67c4a325f316213
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agohttp: add worker counters 67/43667/4
Matus Fabian [Sun, 7 Sep 2025 20:25:40 +0000 (16:25 -0400)]
http: add worker counters

Type: improvement

Change-Id: I38c12f53568d41f7eb417d6c08d0c8fef5767597
Signed-off-by: Matus Fabian <[email protected]>
5 weeks agovppinfra: zero-terminate self netns path 02/43602/2
Alexander Maltsev [Wed, 10 Sep 2025 13:57:03 +0000 (18:57 +0500)]
vppinfra: zero-terminate self netns path

Fix tap_create_if sometimes failing to get current netns.

Type: fix
Change-Id: I30f7cd623028da52240d8d29077a01a59cb96f77
Signed-off-by: Alexander Maltsev <[email protected]>
5 weeks agoocteon: add option to specify RSS flowkey bitmap 00/43700/3
Damjan Marion [Mon, 15 Sep 2025 13:24:08 +0000 (15:24 +0200)]
octeon: add option to specify RSS flowkey bitmap

Type: improvement

Change-Id: I0fa660c96a44ede0fcb435af560544bbc0f8da04
Signed-off-by: Damjan Marion <[email protected]>
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
5 weeks agoocteon: fix issue with RSS and promisc mode 99/43699/3
Damjan Marion [Mon, 15 Sep 2025 12:03:02 +0000 (14:03 +0200)]
octeon: fix issue with RSS and promisc mode

Type: fix

Change-Id: I64c4cb8655ff957940a6d7ec38a82a8bf0dd4053
Signed-off-by: Damjan Marion <[email protected]>
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
5 weeks agosnort: refactor to better align the code 04/43604/3
Mohsin Kazmi [Mon, 15 Sep 2025 12:54:47 +0000 (12:54 +0000)]
snort: refactor to better align the code

Type: refactor

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If6c71b96843f082842e1f290885ee0e12384e5d0

5 weeks agosession tls: add support for configurable trusted cas 81/43681/13
Florin Coras [Wed, 10 Sep 2025 03:04:00 +0000 (23:04 -0400)]
session tls: add support for configurable trusted cas

Type: feature

Change-Id: Ic6727d03a369cf09d4397da6bff998d1811a6a61
Signed-off-by: Florin Coras <[email protected]>
6 weeks agohsa: various echo client fixes 80/43680/7
Semir Sionek [Tue, 9 Sep 2025 12:47:44 +0000 (12:47 +0000)]
hsa: various echo client fixes

Now last_total variables for datagrams are properly initialized.
Batch size for UDP runs when using throughput limiting now caps at 1460
to avoid splitting datagrams.
Final throughput avg printout is now rounded to the nearest integer.

Type: fix
Change-Id: Ia52687b73bd22ec682a971f9ee902572c9212436
Signed-off-by: Semir Sionek <[email protected]>
6 weeks agotls: fix memory leak when using test cert 97/43697/2
Dave Wallace [Fri, 12 Sep 2025 14:39:26 +0000 (10:39 -0400)]
tls: fix memory leak when using test cert

Type: fix

Change-Id: I4bf4c6c37f9ee6e262730c372f16fbc086a2d13c
Signed-off-by: Dave Wallace <[email protected]>
6 weeks agohsa: test cl udp vcl events 92/43692/3
Florin Coras [Thu, 11 Sep 2025 20:42:49 +0000 (16:42 -0400)]
hsa: test cl udp vcl events

Validate that rx events are properly propagated for cl udp sessions.

Type: test

Change-Id: Idd5430915d7ba9921d0f5327b1e3f7d3f9ffd333
Signed-off-by: Florin Coras <[email protected]>
6 weeks agosession: track app session index for cl sessions 90/43690/2
Florin Coras [Thu, 11 Sep 2025 16:04:43 +0000 (12:04 -0400)]
session: track app session index for cl sessions

Type: fix

Change-Id: I961d00f40a0facd6db4d4f39177bd22b36ed29f3
Signed-off-by: Florin Coras <[email protected]>
6 weeks agobuild: add option to disable building of Python API 68/43668/2
Damjan Marion [Mon, 8 Sep 2025 10:57:56 +0000 (12:57 +0200)]
build: add option to disable building of Python API

Type: improvement
Change-Id: I7fc2946e136373c4deabfd2c4655ed84c94f8c26
Signed-off-by: Damjan Marion <[email protected]>
6 weeks agohs-test: lower TcpWithLoss perf threshold 01/43601/2
Adrian Villin [Tue, 9 Sep 2025 07:13:16 +0000 (03:13 -0400)]
hs-test: lower TcpWithLoss perf threshold

Type: test

Change-Id: Icecb4fce52cb8df8a0b252efcbd67df188bee8d1
Signed-off-by: Adrian Villin <[email protected]>
6 weeks agohsa: proxy session reset improvement 66/43666/2
Matus Fabian [Sun, 7 Sep 2025 13:15:44 +0000 (09:15 -0400)]
hsa: proxy session reset improvement

Handle session_reset_callback as session reset to properly propagate
session state between active and passive open sides.

Type: improvement

Change-Id: I34eb80f5a4d7874e6cb0fdc072c6ee5894793b03
Signed-off-by: Matus Fabian <[email protected]>
6 weeks agohttp: http/2 tunnel closing improvement 65/43665/2
Matus Fabian [Sun, 7 Sep 2025 13:14:30 +0000 (09:14 -0400)]
http: http/2 tunnel closing improvement

Type: improvement

Change-Id: I8f9520a8a72ff42fb239852fc28b6c1b63ca268b
Signed-off-by: Matus Fabian <[email protected]>
6 weeks agohs-test: fix KinD cluster setup 99/43599/4
Adrian Villin [Fri, 5 Sep 2025 07:01:45 +0000 (09:01 +0200)]
hs-test: fix KinD cluster setup

Type: test

Change-Id: I00dfe98e2bed81a5db6d50f3244c0b8ab546c356
Signed-off-by: Adrian Villin <[email protected]>
6 weeks agovlib: add va_list version of vlib_log() 75/43675/1
Damjan Marion [Mon, 8 Sep 2025 21:53:27 +0000 (23:53 +0200)]
vlib: add va_list version of vlib_log()

Type: improvement
Change-Id: I94693563aef5dad4fb8a9cb59be63a4cabf8d147
Signed-off-by: Damjan Marion <[email protected]>
7 weeks agosnort: plugin rework 33/42933/27
Damjan Marion [Tue, 6 May 2025 15:45:16 +0000 (17:45 +0200)]
snort: plugin rework

Changes:
  - support for multiple qpairs per thread
  - ability for daq to connect to multiple instances
  - ability for daq to connect to specific qpairs
  - added ownership to each qpair to avoid multiple clients using same one
  - enabled packet rewrite
  - enqueue and dequeue nodes are decoupled from feature arcs so they
    can be used in different datapaths
  - feature arc doesn't support multiple-instances anymore, use multiple
    qpairs for load-balancing
  - per-instance drop decisions based on drop bitmap

sample snort invocation:

snort \
  <standard args> \
  --max-packet-threads 3 \  # number of threads snort will launch
  --daq-dir <daq dir> \     # path to dir with libdaq_bpp.so
  --daq vpp \               # enable VPP daq
  --daq-var <path> \        # optional, path to snort.sock
  --daq-var debug \         # optional, turn on debug prints
  -i vpp0:1 \               # attach instance to vpp0 instance qpair 1.0
  -i vpp0:1.1 \             # attach instance to vpp0 instance qpair 1.1
  -i vpp0:2.0,2.1,0 \       # attach instance to vpp0 instance qpairs 2.0, 2.1 and 0.0

qpair is identified as x.y where x is thread_id and y is queue_id, .y
part can be ommited if queue_id is 0.

Type: feature

Change-Id: I4f65b9a12ec71b115b9cb2da814c7918ddf6191d
Signed-off-by: Damjan Marion <[email protected]>
Signed-off-by: Mohsin Kazmi <[email protected]>
7 weeks agohs-test: KinD LargeMTU suite 97/43597/14
Adrian Villin [Fri, 22 Aug 2025 12:20:17 +0000 (14:20 +0200)]
hs-test: KinD LargeMTU suite

- added large mtu iperf test
- improvements to setup-cluster script

Type: test

Change-Id: I4e2eb455b944d6b539e8627cf0f161cf182b960c
Signed-off-by: Adrian Villin <[email protected]>
7 weeks agotls: cert validation config 44/43644/5
Florin Coras [Thu, 28 Aug 2025 16:42:43 +0000 (12:42 -0400)]
tls: cert validation config

Type: improvement

Change-Id: I7d626ed57bbdcb7810c99a1fe0f617fde0ac014f
Signed-off-by: Florin Coras <[email protected]>
7 weeks agolinux-cp: don't drain nl-messages during processing 39/43639/2
Артем Глазычев [Tue, 26 Aug 2025 12:04:58 +0000 (15:04 +0300)]
linux-cp: don't drain nl-messages during processing

When we process the incoming netlink message queue and have NEW_LINK for a VLAN interface, we call lcp_itf_pair_add.
Internally, drain is called, which corrupts the original vector (probably due to reallocation)

Type: fix

Change-Id: I0487bfb2939a04d8d3c156725086fedd6e9c72c7
Signed-off-by: Artem Glazychev <[email protected]>
7 weeks agodev: add option to assign one rx and one tx queue per thread 37/43637/5
Damjan Marion [Wed, 23 Jul 2025 12:42:33 +0000 (12:42 +0000)]
dev: add option to assign one rx and one tx queue per thread

queue 0 -> main
queue 1 -> thread 1 (worker 0)
queue 2 -> thread 2 (worker 1)

etc...

example startup.conf entry:

devices {
  dev pci/0002:04:00.0 {
    port 0 {
      name eth2
      flags queue-per-thread
    }
  }
}

Type: improvement
Change-Id: Ia1c216905c5e4368a0e2e47688fd87348be20106
Signed-off-by: Damjan Marion <[email protected]>
7 weeks agohsa: add periodic reports to builtin echo client 94/43594/17
Semir Sionek [Wed, 20 Aug 2025 14:16:29 +0000 (14:16 +0000)]
hsa: add periodic reports to builtin echo client

report-interval now enables periodic reports, which display TX/RX stats,
as well as throughput and sent/recv datagrams if running over UDP.
It also features a -total variant, which displays same data, but as
totals counted from test start time.

Type: improvement
Change-Id: I28dd1a0c8bfbcaf2882a102433ce4acf28b3d6ef
Signed-off-by: Semir Sionek <[email protected]>
7 weeks agosession: fix app_send_dgram_segs enqueueing n-1 segments 45/43645/1
Semir Sionek [Mon, 1 Sep 2025 13:45:08 +0000 (13:45 +0000)]
session: fix app_send_dgram_segs enqueueing n-1 segments

Type: fix
Change-Id: Iad1c4d967a10e2b5a2e951b119ff4b89716c3d50
Signed-off-by: Semir Sionek <[email protected]>
8 weeks agohttp: http2_conn_connect_stream_callback fix 42/43642/3
Matus Fabian [Wed, 27 Aug 2025 20:38:39 +0000 (16:38 -0400)]
http: http2_conn_connect_stream_callback fix

pass correct opaque to app_worker_connect_notify on max streams hit

Type: fix

Change-Id: Ib320eddc90eb30a60914c7769faef779f6911a3f
Signed-off-by: Matus Fabian <[email protected]>
8 weeks agohsi: support to intercept all proto traffic 17/43617/16
Florin Coras [Wed, 20 Aug 2025 17:33:24 +0000 (13:33 -0400)]
hsi: support to intercept all proto traffic

Type: improvement

Change-Id: Ieebc0a8383f8c86756e4bd36501c2faa9df87a98
Signed-off-by: Florin Coras <[email protected]>
8 weeks agoudp: add input nolookup node 25/43625/6
Florin Coras [Fri, 22 Aug 2025 14:49:05 +0000 (10:49 -0400)]
udp: add input nolookup node

Feature parity with tcp. Useful when other nodes like hsi do the udp
session lookup before sending to udp.

Type: feature

Change-Id: Ib5f39a86cb316d326f0e19f7426b3b97c1bdecf7
Signed-off-by: Florin Coras <[email protected]>
8 weeks agoip: 'format_ip6_header' - re-enable recurse into next proto layer 51/43551/2
Hadi Rayan Al-Sandid [Thu, 14 Aug 2025 19:13:09 +0000 (21:13 +0200)]
ip: 'format_ip6_header' - re-enable recurse into next proto layer

Type: improvement
Change-Id: I4d04466a9a6e94b460fb3c29543435dd9bceab99
Signed-off-by: Hadi Rayan Al-Sandid <[email protected]>