Matus Fabian [Fri, 6 Jun 2025 22:09:10 +0000 (18:09 -0400)]
 
http: http2_conn_cleanup_callback fix
Type: fix
Change-Id: Id31705fee59d5202ea6924bbd707310d46a0bff8
Signed-off-by: Matus Fabian <[email protected]>
Florin Coras [Fri, 6 Jun 2025 20:46:34 +0000 (13:46 -0700)]
 
http: mark req/streams as no lookup sessions
Type: fix
Change-Id: If5572fa4a9ac1a5d61867228cbd2a7e6ef3546d3
Signed-off-by: Florin Coras <[email protected]>
Matus Fabian [Thu, 22 May 2025 17:45:08 +0000 (17:45 +0000)]
 
http: http/2 CONTINUATION frame support
We can now receive and send headers split into multiple frames.
Type: improvement
Change-Id: I3a2a21c67dbc7bbd0bc19b8c6a0ff1516bcfc6fd
Signed-off-by: Matus Fabian <[email protected]>
Mohsin Kazmi [Wed, 4 Jun 2025 11:14:05 +0000 (11:14 +0000)]
 
af_packet: conditionally set checksum offload based on TCP/UDP offload flags
Type: fix
Previously, the af_packet device node unconditionally set the checksum offload
flag and the checksum start offset, regardless of whether TCP/UDP checksum
offload flags were set.
This patch updates the logic to apply these settings only when the TCP/UDP
offload flags are explicitly set.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If0f98db5b654a22995e5c7a82b5f793aad83bb88
Mohsin Kazmi [Wed, 4 Jun 2025 10:34:16 +0000 (10:34 +0000)]
 
ipip: fix the offload flags
Type: fix
Packets with checksum offloading are not correctly handled
in the IPIP tunnel path under the new checksum offload support.
Only GSO packets were being processed correctly.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Iaca00a68708bd11cb81951768d7437dc63523d8d
Adrian Villin [Thu, 5 Jun 2025 09:06:42 +0000 (11:06 +0200)]
 
hs-test: simplify KinD deps installation
Type: test
Change-Id: Icc4eb31fc04dbc2675c4e93b4e99290afb862f36
Signed-off-by: Adrian Villin <[email protected]>
Adrian Villin [Thu, 5 Jun 2025 12:10:10 +0000 (14:10 +0200)]
 
hs-test: run redis in app containers
- set redis output to quiet mode
- 'vol' directory is no longer copied to CI archives
Type: fix
Change-Id: I307e60e0789af740f245e2c6729cd844fab47e21
Signed-off-by: Adrian Villin <[email protected]>
Damjan Marion [Wed, 21 May 2025 09:28:32 +0000 (11:28 +0200)]
 
vnet: add vnet_buffer_get_opaque() inline
gives back pointer to vnet opaque area...
Type: improvement
Change-Id: Iab15278ee85f1cfda89522c72cf6e012e0b21dc1
Signed-off-by: Damjan Marion <[email protected]>
Mohsin Kazmi [Thu, 22 May 2025 19:34:42 +0000 (19:34 +0000)]
 
ip: compute checksums before fragmentation if offloaded
Type: fix
When a packet with checksum offloading enabled is
fragmented into multiple IP fragments, due to the
egress interface's MTU being smaller than the original
packet size, it gets dropped after reassembly because
the reconstructed packet contains an invalid checksum.
This patch addresses the issue by computing the checksum
in the IP fragmentation logic before the packet is
fragmented, ensuring the resulting fragments carry a
valid checksum upon reassembly.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I202f169887ae9594f9580a4c7901d7b4483ef5f9
Mohsin Kazmi [Wed, 4 Jun 2025 10:32:20 +0000 (10:32 +0000)]
 
interface: clear flags after checksum computation
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I8f193f03176fa6c8a4f426c009d2978bb8f142fe
Semir Sionek [Mon, 2 Jun 2025 11:34:15 +0000 (11:34 +0000)]
 
hsa: introduce a configurable body limit for http client
Added a limit for returned body sizes, to make sure we're
not allocating too much memory. Configurable with the
max-body-size cli parameter.
Type: improvement
Change-Id: I732d2cfbc8c02ec85c052505b98177554960da88
Signed-off-by: Semir Sionek <[email protected]>
Adrian Villin [Wed, 28 May 2025 14:47:49 +0000 (16:47 +0200)]
 
hs-test: improvements and cleanup
- removed remaining 0.0.0.0 binds
- ip address files are now removed on suite teardown
 (parallel testing should now be more reliable)
- removed unused Iperf helper functions
Type: test
Change-Id: I3af630b11a2713b3d5d2828ba6efbabfad571e1e
Signed-off-by: Adrian Villin <[email protected]>
Adrian Villin [Mon, 2 Jun 2025 10:12:03 +0000 (12:12 +0200)]
 
hs-test: fix incorrect volume mounts
- shortened volume names to avoid hitting unix socket character limit
- volume paths are updated upon container creation
Type: fix
Change-Id: I601060a902cbba930c324653a600a98c603986c2
Signed-off-by: Adrian Villin <[email protected]>
Adrian Villin [Mon, 2 Jun 2025 14:53:41 +0000 (16:53 +0200)]
 
hs-test: improve teardown reliability
- added defer to some teardown functions
- framework now recovers when Vppctl() is used before vppinstance
  is created
Type: test
Change-Id: Ia37cca0ef24f8936cbf350636e249efbf78b13ec
Signed-off-by: Adrian Villin <[email protected]>
Adrian Villin [Wed, 4 Jun 2025 06:08:44 +0000 (08:08 +0200)]
 
hs-test: adjust timeouts when testing COV build
- TestTimeout is set to 30 minutes unless overridden with TIMEOUT arg
- AssertChannelClosed() timeout is set to TestTimeout-30s
Type: test
Change-Id: Ic321ad5baf3bf2c52ed872c58abc8ad577d82397
Signed-off-by: Adrian Villin <[email protected]>
Neil McKee [Sun, 23 Mar 2025 22:57:13 +0000 (15:57 -0700)]
 
sflow: add feature-arc at error-drop, drop-monitoring, egress-sampling
(First submitted as two separate commits, but is now one).
This turns the "error-drop" --> "drop" arc into a feature-arc
so that any plugin can insert a step and examine condemned packets
before they are freed. The immediate goal is for the sflow
plugin to be able export the headers of dropped packets to the sflow
collector, as per the sflow standard. However it seems clear that the
existing pcap-drop code could also be moved to a plugin, which
would help to simplify the core vnet/interface_output.c.
The sflow agent is rounded out to support egress-sampling and
packet-drop monitoring.  The egress-sampling is achieved by
inserting a node on the interface-output feature arc. Packet
samples taken here are forwarded on the same FIFO to the
main thread, but marked as egress samples so that the samples
are written to a separate netlink PSAMPLE group number, which
indicated to hsflowd that these are egress samples.
Note that when you random-sample both ingress and egress packets at
1:N it is statistically the same as if you were sampling ingress packets
at 1:N and egress packets at 1:N independently. The sflow standard
does not allow a different value of N for ingress and egress on
the same interface, so we are free to take advantage of this.
The new node on the newly introduced "error-drop" feature-arc is
responsible for passing the headers of dropped packets to the main
thread too.  These are not sampled.  Instead we use a deliberately
shallow FIFO to ensure that under chronic conditions of high
packet loss these discard events will have negligible impact if
the main thread is not servicing the FIFO. The sflow standard
sets a rate-limit for the export of discard events which will
almost certainly be much lower (typically around 100 per second)
so even if we can only sustain a peak of, say, 1000 per second being
written to netlink DROPMON that is more than enough. The hsflowd
mod_dropmon will apply the configured sflow rate-limit and throw
away the excess messages before they are actually sent to the sflow
collector. For this reason it is not considered necessary for the
vpp CLI to set an explicit rate-limit.
The netlink PSAMPLE, DROPMON and USERSOCK code has been factored
and corrected for style, but the new implementation behaves the
same way in that there is no heap allocation, and iovectors are
used to assemble the netlink messages from their headers and
attributes.
New tests are added to confirm that (1) a single dropped packet is
delivered to the sflow_drop node, send to the DROPMON
netlink channel, and counted correctly when sflow drop-monitoring
is enabled, and that (2) when bidirectional packet-sampling is
enabled samples are taken both at ingress and at egress.
The terms "rx" for ingress, "tx" for egress and "both" for
bidrectional were settled on for brevity and because they appear
elsewhere in VPP, however the code still uses terms like
"ingress", "egress" and "bidirectional" to be consistent with
sFlow standard documents.
The new CLI options are:
vpp> sflow drop-monitoring enable|disable
vpp> sflow direction rx|tx|both
And the "show sflow" output has been enhanced to reflect this.
The defaults are as follows:
vpp> show sflow
show sflow
sflow sampling-rate 10000
sflow direction rx
sflow polling-interval 20
sflow header-bytes 128
sflow drop-monitoring disable
Status
  interfaces enabled: 0
  packet samples sent: 0
  packet samples dropped: 0
  counter samples sent: 0
  counter samples dropped: 0
  drop samples sent: 0
  drop samples dropped: 0
(rebased on 5/12/2025)
Type: improvement
Change-Id: I831e803fa41874965bc9c32516f655b7ae837719
Signed-off-by: Neil McKee <[email protected]>
Florin Coras [Mon, 2 Jun 2025 17:58:46 +0000 (13:58 -0400)]
 
hs-test: use base image container for container builds
Avoid multiple updates/downloads of dependencies.
Type: improvement
Change-Id: Ic770dc00a42cb5aa8c780aebb72beef390200363
Signed-off-by: Florin Coras <[email protected]>
Signed-off-by: Matus Fabian <[email protected]>
Damjan Marion [Wed, 21 May 2025 09:23:41 +0000 (11:23 +0200)]
 
hash: add ipv4 and ipv6 only hash
Type: improvement
Change-Id: Ia210a7a128521d4d81dba0fe3f09c87e0bec7dd8
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Mon, 2 Jun 2025 04:31:22 +0000 (00:31 -0400)]
 
vcl: handle pthread cleanups in vls
For historic reasons vcl registers for atexit and pthread exit cleanup
callback functions. Since vls is the one handling thread detection, move
thread cleanup logic there as well.
This also avoids potential issues if main/first pthreads exists before
the subsequent spawned ones as it may lead to premature vcl worker
cleanup.
Type: improvement
Change-Id: Id7a5c186b48f1e4c60ced635d918b5d4b4143fa6
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Sat, 31 May 2025 21:42:38 +0000 (17:42 -0400)]
 
hs-test: ldp test server logging improvements
- dump stderr and stdout to a file instead of asking iperf to dump to
  file
- handle vcl/ldp debug logs when parsing iperf json output
Type: improvement
Change-Id: I535915315416e83c569f668f984ea9204d744174
Signed-off-by: Florin Coras <[email protected]>
Matus Fabian [Mon, 2 Jun 2025 07:35:49 +0000 (03:35 -0400)]
 
hs-test: fix show error in ldp test
Type: test
Change-Id: I5c690c374d8089b231c0029d25bd352aba113893
Signed-off-by: Matus Fabian <[email protected]>
Benoît Ganne [Wed, 28 May 2025 12:09:45 +0000 (14:09 +0200)]
 
ipsec: fix debug assert with ipv6 checksum offload
Since adding ASSERT() for checksum offload flags we need to make sure
the relevant flags are set before calling vnet_buffer_offload_flags_set()
Type: fix
Fixes: 
7e00099480ab4d2c9353b8b5ed8d516e33abdd24
Change-Id: I521ae77f1d2e6a73deef5168473dd3e857257101
Signed-off-by: Benoît Ganne <[email protected]>
Florin Coras [Sat, 31 May 2025 21:13:44 +0000 (17:13 -0400)]
 
vcl: improve select handling of vpp detachment
Type: improvement
Change-Id: I85df1da32e3d9a06051175385a75818d8ec5b29d
Signed-off-by: Florin Coras <[email protected]>
Adrian Villin [Fri, 30 May 2025 09:07:29 +0000 (11:07 +0200)]
 
hs-test: run LDP iperf in app containers
Type: test
Change-Id: I24b0556a8d530dbd487370b7113660a6ed455846
Signed-off-by: Adrian Villin <[email protected]>
Florin Coras [Thu, 29 May 2025 18:18:40 +0000 (14:18 -0400)]
 
hs-test: add show error to failed ldp test logs
Type: test
Change-Id: I9bb2f0b574c2cdccaa68a69b2b2c5b89afc3f86f
Signed-off-by: Florin Coras <[email protected]>
Joel Godfrey-Smith [Thu, 3 Apr 2025 17:34:10 +0000 (13:34 -0400)]
 
build: updated to build on RHEL-8
Type: improvement
Makefile: updated ability to detect os version id for rhel distros and added section for rhel-8 packages names in rpm dependencies.
extras/depricated/vom/vom.mk: updated path for rhel8 toolset
Change-Id: If760e64a06ff9d8cbe354dc64f13f271a644263e
Signed-off-by: Joel Godfrey-Smith <[email protected]>
Change-Id: I8dae5fceb6b9f370f2c53066550afb608e95e087
Signed-off-by: Joel Godfrey-Smith <[email protected]>
Semir Sionek [Thu, 29 May 2025 12:31:10 +0000 (12:31 +0000)]
 
misc: include http_static and prom in cov reports
Type: make
Change-Id: Ibcc7306f29647a963bdbc6ed1b1990a9220d8e3c
Signed-off-by: Semir Sionek <[email protected]>
Matus Fabian [Wed, 28 May 2025 13:58:59 +0000 (09:58 -0400)]
 
hsa: https support in proxy app
Type: improvement
Change-Id: Id777b4e9b30c496d702ae31b5d628815f6f3b59d
Signed-off-by: Matus Fabian <[email protected]>
Alexander Chernavin [Wed, 28 May 2025 15:49:35 +0000 (18:49 +0300)]
 
api: fix inversion of barrier marker in elog
Currently, the barrier marker for an API message is shown inverted in
the event log. Unsafe API messages are marked as "mp-safe" while safe
ones are marked as "barrier":
  1.
332140489: api-msg: sw_interface_dump
  1.
332218564: api-msg-done(barrier): sw_interface_dump
  1.
332222732: api-msg: control_ping
  1.
332241081: api-msg-done(barrier): control_ping
  1.
334262103: api-msg: sw_interface_set_flags
  1.
334365558: api-msg-done(mp-safe): sw_interface_set_flags
With this fix:
  1.
369092258: api-msg: sw_interface_dump
  1.
369123551: api-msg-done(mp-safe): sw_interface_dump
  1.
369125154: api-msg: control_ping
  1.
369132839: api-msg-done(mp-safe): control_ping
  1.
370686609: api-msg: sw_interface_set_flags
  1.
370735169: api-msg-done(barrier): sw_interface_set_flags
Type: fix
Change-Id: Ib892a83cf801da5fea722eebffd220fabfaa1537
Signed-off-by: Alexander Chernavin <[email protected]>
Semir Sionek [Thu, 22 May 2025 13:14:59 +0000 (13:14 +0000)]
 
http: disable timer node if session disabled
Type: improvement
Change-Id: Ie6d343c7712edfd644b6d133007ae10b40359894
Signed-off-by: Semir Sionek <[email protected]>
Semir Sionek [Wed, 28 May 2025 13:20:08 +0000 (13:20 +0000)]
 
misc: remove unnecessary genhtml cmd_line for cov-merge
Type: make
Change-Id: Ie5165c38df176d9ec0c8b9ce27c3ecebd25547ec
Signed-off-by: Semir Sionek <[email protected]>
Adrian Villin [Mon, 26 May 2025 09:48:28 +0000 (11:48 +0200)]
 
hs-test: fix parallel test runs
- every suite has its own generated ports
- registered every perf test as solo to avoid issues
- fixed teardown skipping when PERSIST or DRYRUN is enabled
Type: test
Change-Id: Ie4b85c8000a2158d45e906949d15ae1cefb27d1b
Signed-off-by: Adrian Villin <[email protected]>
Matus Fabian [Wed, 21 May 2025 16:49:20 +0000 (16:49 +0000)]
 
http_static: add http1-only option to cli
This option enable only HTTP/1.1 in TLS ALPN list
Type: improvement
Change-Id: If39e50b25b727533477a80182f96cd9876505762
Signed-off-by: Matus Fabian <[email protected]>
Semir Sionek [Tue, 27 May 2025 12:49:08 +0000 (08:49 -0400)]
 
hs-test: include http2 tests in gcov run reports
Type: make
Change-Id: I038aa549eb2a4757d880c75aa8eefd91ef154edb
Signed-off-by: Semir Sionek <[email protected]>
Mohsin Kazmi [Thu, 6 Feb 2025 19:29:02 +0000 (19:29 +0000)]
 
dpdk: fix the outer flags
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If2a02e8907c2e6b419893aa19f081d39e5f791ef
Mohsin Kazmi [Wed, 29 Jan 2025 11:26:25 +0000 (11:26 +0000)]
 
tap: enable IPv4 checksum offload on interface
Type: improvement
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I6e671afd3e7d09ea2158659c1c70726e7791fc28
Mohsin Kazmi [Mon, 27 Jan 2025 18:28:53 +0000 (18:28 +0000)]
 
vnet: add assert for offload flags in debug mode
Type: improvement
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I7ac5ba0e2dc1fe09a00124b661d6c853a010736a
Mohsin Kazmi [Mon, 27 Jan 2025 16:07:30 +0000 (16:07 +0000)]
 
interface: add a new cap for virtual interfaces
Type: improvement
The virtual interfaces can not process the headers at variable offsets from start of the packet. It requires some of the packet offload processing to be done in software i.e. checksums or GSO for packets with tunnel headers.
This patch introduces a new capability flag VNET_HW_IF_CAP_TX_FIXED_OFFSET to represent this behavior
in virtual interfaces.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I5ec58722b61e2ff52f58e38ff47d795f260bd1d5
Adrian Villin [Mon, 26 May 2025 15:03:21 +0000 (17:03 +0200)]
 
http: add missing brackets around ip6 host header
Type: fix
Change-Id: Ia4a175d30e20a3e1ceeee0290914b3cb51904071
Signed-off-by: Adrian Villin <[email protected]>
Matus Fabian [Mon, 26 May 2025 12:19:00 +0000 (08:19 -0400)]
 
hsa: http client init wrk->vlib_main in setup
Type: fix
Change-Id: I3f16900a05904d8896c8495531ac7ccbb44790ba
Signed-off-by: Matus Fabian <[email protected]>
Matus Fabian [Tue, 20 May 2025 14:42:39 +0000 (14:42 +0000)]
 
http: starting tls connection with alpn
this patch also enable http/2
Type: improvement
Change-Id: I20532ff6e3c4f7c4a45e889714a96ee874848fe4
Signed-off-by: Matus Fabian <[email protected]>
Mohsin Kazmi [Wed, 21 May 2025 19:20:23 +0000 (19:20 +0000)]
 
af_packet: use logging to unify the log at one place
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Iff5fe7e42ee10e2a0860dbd118083e9e64bb7398
Dave Wallace [Wed, 21 May 2025 01:45:46 +0000 (21:45 -0400)]
 
quic: move ctx_pool into quic_worker_ctx_t struct
- Also, update MAINTAINERS file to include quicly
  engine plugin
Type: refactor
Change-Id: I8181df05b08cbd6296599982256d050c63f53b9b
Signed-off-by: Dave Wallace <[email protected]>
Semir Sionek [Thu, 22 May 2025 12:27:13 +0000 (08:27 -0400)]
 
misc: ignore hs-test test errors in cov runs
Type: make
Change-Id: Ib5b73d1079f5585219b70c25c8c9dcfa1de7fdcd
Signed-off-by: Semir Sionek <[email protected]>
Jeff Shaw [Tue, 20 May 2025 19:45:20 +0000 (12:45 -0700)]
 
dma_intel: fix ats_disable attribute handling
Some DSA devices allow the Address Translation Service (ATS) to be
controlled at the workqueue level. For those devices, the ats_disable
attribute is exposed in sysfs. For devices that do not support ATS
control per workqueue, and are driven by an idxd kernel driver >= 6.6,
the ats_disable attribute is not visible in sysfs.
This change fixes the DSA workqueue initialization to handle the case
where the ats_disable sysfs attribute is not present.
Type: fix
Change-Id: Ia11a90686b9e1916ab50a4209b67f3270190c3f1
Signed-off-by: Jeff Shaw <[email protected]>
Matus Fabian [Wed, 21 May 2025 14:47:08 +0000 (14:47 +0000)]
 
tls: add half close support
http/2 use vnet_shutdown_session on connection error after it sends
GOAWAY frame, which need half_close in underlaying transport proto vft
be implemented.
Type: improvement
Change-Id: I93c2e2ccb9bffc31a8111206acd37703c1c28052
Signed-off-by: Matus Fabian <[email protected]>
Mohsin Kazmi [Tue, 20 May 2025 15:29:50 +0000 (15:29 +0000)]
 
af_packet: show host interface offload flags
Type: improvement
This patch implements support to show host interface offload
flags at the time of creation. It also shows host interface
offload flags at the time of calling given function through
'show hardware'.
Before:
  Host Interface Offload:
    creation time:
     rx checksum
     tx checksum
     tcp segmentation offload
     generic segemanttaion offload
    now:
     rx checksum
     tx checksum
     tcp segmentation offload
     generic segemanttaion offload
After changing the offloads on the veth using ethtool command ('ethtool -K veth1 rx off tx off'):
  Host Interface Offload:
    creation time:
     rx checksum
     tx checksum
     tcp segmentation offload
     generic segemanttaion offload
    now:
     generic segemanttaion offload
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ia38d35e7a70206781afad42f0333e47bac8fedc9
Mohsin Kazmi [Thu, 15 May 2025 17:31:16 +0000 (17:31 +0000)]
 
af_packet: fix the error handling on transmit
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If9fe1bf36b2fb18ade876df1dd9f157ccbb694d1
Semir Sionek [Wed, 21 May 2025 10:46:29 +0000 (10:46 +0000)]
 
misc: ignore return codes from make test and revert 42957
Type: make
Change-Id: I31b16440fef27a54988572d4883a34ca336b5d87
Signed-off-by: Semir Sionek <[email protected]>
Damjan Marion [Wed, 21 May 2025 09:26:17 +0000 (11:26 +0200)]
 
vlib: fix missing null-termination
Type: fix
Change-Id: I65c26518bad89a107510af1c7796edb9eaf56057
Signed-off-by: Damjan Marion <[email protected]>
Andrew Yourtchenko [Wed, 21 May 2025 10:23:57 +0000 (12:23 +0200)]
 
misc: Initial 25.10-rc0 commit
Type: docs
Change-Id: I8d35efda2722c19ce62c609f5b099d5baa28202a
Signed-off-by: Andrew Yourtchenko <[email protected]>
Monendra Singh Kushwaha [Thu, 15 May 2025 10:47:02 +0000 (16:17 +0530)]
 
dev: fix default number of rx queues
Type: fix
Change-Id: I54b79b4a639ac07f901c98641ff2857813347d65
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Adrian Villin [Mon, 12 May 2025 13:16:18 +0000 (15:16 +0200)]
 
hs-test: further separated KinD from HST suites
- KinD suite was also improved and cleaned up a bit
Type: test
Change-Id: Iee1adb69f935b69b79d70a541fa40f5f5d73298d
Signed-off-by: Adrian Villin <[email protected]>
Matus Fabian [Tue, 20 May 2025 13:12:11 +0000 (13:12 +0000)]
 
hs-test: NewHttpClient add param to disable http2
Type: test
Change-Id: Ieed925c0902bc58d916cf3d3c4d709d330e72c89
Signed-off-by: Matus Fabian <[email protected]>
Matus Fabian [Wed, 14 May 2025 16:33:43 +0000 (12:33 -0400)]
 
tls: add ALPN support
App can pass ALPN protocols list via alpn_protos member of
transport_endpt_crypto_cfg_t. For server it should be ordered by
preference. If all set to zeros ALPN negotiation is disabled.
App can get selected protocol via tls_get_alpn_selected, it returns
TLS_ALPN_PROTO_NONE if no protocol has been selected (peer do not used
ALPN). In case that server supports no protocols that client
advertised, then server respond with fatal "no_application_protocol"
alert (TLS handshake fail).
Type: feature
Change-Id: If030672bfb7a6a9cc9a8d7b1fdd30e2776ae2c3f
Signed-off-by: Matus Fabian <[email protected]>
Jeff Shaw [Fri, 16 May 2025 18:28:09 +0000 (11:28 -0700)]
 
dpdk: set lcores parameter for high lcore id
DPDK is most often compiled with RTE_MAX_LCORE=128. On systems which
have more than 128 cores, its necessary to remap the active cores onto
the available 128 cores, using the --lcores parameter. Since VPP does
not use RTE threads, there's no reason DPDK needs to know anything
about VPPs threads. However, DPDK does attempt to pin the thread calling
rte_eal_init() to the current cpu, which can fail if the lcore ID
exceeds RTE_MAX_LCORE.
This commit implements a simple workaround, which is to map VPP's main
lcore to DPDK lcore 0 whenever VPP's main_lcore exceeds RTE_MAX_LCORE.
Type: fix
Change-Id: I3cba5f5f26aed7ec62c70a50bac4c80d78d9d944
Signed-off-by: Jeff Shaw <[email protected]>
Semir Sionek [Tue, 20 May 2025 12:20:37 +0000 (12:20 +0000)]
 
misc: for test-cov-both ensure raport generation
Type: make
Change-Id: I233b6c7410446afff9ad9aa408137a09c6e1df4f
Signed-off-by: Semir Sionek <[email protected]>
Monendra Singh Kushwaha [Wed, 9 Oct 2024 06:20:13 +0000 (11:50 +0530)]
 
octeon: configure max npa pools using driver arg
This patch register callback to set max npa pools and use driver
argument to get user specific value for max npa pools.
Type: feature
Change-Id: I5d8f4f88e4d42323e63f12d4dd6bfa12bf06aef2
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Monendra Singh Kushwaha [Wed, 14 May 2025 11:56:16 +0000 (17:26 +0530)]
 
dev: add support to configure driver arguments
This patch adds support to configure driver specific global
arguments/options which are global for driver or not specific
to interface/port.
Driver specific arguments can be configures via startup config
devices {
    driver <driver name> {
	args 'ARG1=<V1> ARG2=<V2>
    }
    ..
}
Type: feature
Change-Id: I6186531abda386aa02e4dc8784b4a5a02665aa20
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Monendra Singh Kushwaha [Tue, 13 May 2025 07:32:16 +0000 (13:02 +0530)]
 
octeon: add port argument for ethernet pause frame
Type: refactor
Change-Id: I64dd556f6252d8f8dff7cb41748baebf89ceb159
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Florin Coras [Fri, 16 May 2025 04:08:42 +0000 (00:08 -0400)]
 
vcl: fix detach of sessions without fifos
Make sure we only try to cleanup segments for sessions that have not yet
been disconnected.
Type: fix
Change-Id: If8a8afcc9fdc1843918df376fcc442fc8c4fdbad
Signed-off-by: Florin Coras <[email protected]>
Bence Romsics [Thu, 8 Aug 2024 11:47:31 +0000 (13:47 +0200)]
 
docs: vpp_papi example script
Document vpp_papi usage by a sample script.
Type: docs
Change-Id: Ife687c45a81b58a807b87f86c622690984f74a75
Signed-off-by: Bence Romsics <[email protected]>
Semir Sionek [Wed, 14 May 2025 14:12:44 +0000 (14:12 +0000)]
 
misc: ignore hs-test cov failures in test-cov-both target
Type: make
Change-Id: I983e052a18e1d02c9f1d77b667f4983695c2cf71
Signed-off-by: Semir Sionek <[email protected]>
Ivan Ivanets [Thu, 1 May 2025 14:32:21 +0000 (17:32 +0300)]
 
crypto: add new handlers for cbc/ctr+hmac
Type: feature
Support combined enc/dec/chain + auth algorithms with aes-cbc/ctr for
openssl, native and ipsecmb crypto engines
Change-Id: I4c970c57c3fce1e78fe25ea3d4a9c1de3b4de0c0
Signed-off-by: Ivan Ivanets <[email protected]>
Dave Wallace [Wed, 29 Jan 2025 04:44:06 +0000 (23:44 -0500)]
 
quic: quic engine api
- Add an api to the quic plugin to separate the quic engine
  implementation from the vpp quic transport.
- Move quicly library based engine implementation to a
  separate plugin utilizing the quic engine api.
Type: feature
Change-Id: If522f18150ef7d92dbdd5ff1a96a65703dea730c
Signed-off-by: Dave Wallace <[email protected]>
Florin Coras [Wed, 14 May 2025 04:13:59 +0000 (00:13 -0400)]
 
tcp: avoid spurious asserts while discarding bytes
Found by hst in ci, probably because of af_packet interfaces with
gso/gro on. Only applies to chained buffers.
Type: fix
Change-Id: I8d223a526bbdf88a2a7b60a0028e79ce14015a37
Signed-off-by: Florin Coras <[email protected]>
Varun Rapelly [Wed, 30 Apr 2025 02:26:07 +0000 (02:26 +0000)]
 
tls:fix connection failures with pipeline config
This patch fixes connection failures and incomplete reads with async
mode and pipeline configuration.
Issue: https://github.com/FDio/vpp/issues/3606
Type: fix
Change-Id: I159861a047882ce41becc9f2e2807bf0a80c8167
Signed-off-by: Varun Rapelly <[email protected]>
Florin Coras [Fri, 9 May 2025 18:37:14 +0000 (14:37 -0400)]
 
af_packet: log fatal error on send
Type: improvement
Change-Id: I6f5801a5e01fd066d4a5d07c4bd5f2ecf45796ff
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Tue, 13 May 2025 19:20:51 +0000 (15:20 -0400)]
 
session: force cleanup of cts without app wrk
Also some improvements to unit tests.
Type: fix
Change-Id: Ib16f320e4404748fee8e3c6994b8df8dd890b9ea
Signed-off-by: Florin Coras <[email protected]>
Matus Fabian [Mon, 5 May 2025 17:28:04 +0000 (13:28 -0400)]
 
http: http/2 multiplexing
schedule tx of streams, within one http connection, using
round-robin like algorithm with two queues, first is used for
new responses to send headers frame and second for data frames,
stream can send one frame each round
Type: feature
Change-Id: Id89ed08e845418151498c9afed0f88824ce6dacf
Signed-off-by: Matus Fabian <[email protected]>
Adrian Villin [Tue, 13 May 2025 08:34:34 +0000 (10:34 +0200)]
 
hs-test: add test timeout override
Type: test
Change-Id: If472c1539b0d4b864a9d004a02bbb6f54c43a565
Signed-off-by: Adrian Villin <[email protected]>
Adrian Villin [Fri, 9 May 2025 12:55:04 +0000 (14:55 +0200)]
 
hs-test: nginx perf test and improvements
- added Nginx RPS test (Ab)
- moved KinD suite related files to a new folder
- sorted functions into different files
- new helper makefile target: cleanup-perf
Type: test
Change-Id: I9c3e00d1e7ad74e211cd16279d96371bdef29e26
Signed-off-by: Adrian Villin <[email protected]>
Monendra Singh Kushwaha [Tue, 18 Mar 2025 08:10:33 +0000 (13:40 +0530)]
 
dev: enable flow on primary interface
Type: fix
Change-Id: Ic5d9390240c00aa706c4f6902c774360263455f2
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Monendra Singh Kushwaha [Tue, 6 May 2025 11:58:46 +0000 (17:28 +0530)]
 
octeon: update roc version
This patch updated roc version and enables the interrupt mechanism to
support VFIO MSI-X by fixing the PCI bus master enable in the OCTEON
plugin. Additionally, it introduces an MSI-X message handler to
support all vectors.
Type: feature
Change-Id: Ic3cea28afffab400923fe5afa729be21dd54cca8
Signed-off-by: Satha Rao <[email protected]>
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Satha Rao [Mon, 10 Mar 2025 17:20:00 +0000 (22:50 +0530)]
 
octeon: flush CQ buffers on stop
This patch ensures that any pending buffers received are flushed while
closing the Completion Queue (CQ).
Type: feature
Change-Id: I0bddc3d697827c1c5f09591aebef42a9f1c50d7f
Signed-off-by: Satha Rao <[email protected]>
Signed-off-by: Monendra Singh Kushwaha <[email protected]>
Semir Sionek [Fri, 9 May 2025 12:16:54 +0000 (08:16 -0400)]
 
hsa: scale the data chunk threshold for echo client tput based on fifo size
Type: improvement
Change-Id: I37636f4d4c3949c36ead71e602754ccdb07b9c7a
Signed-off-by: Semir Sionek <[email protected]>
Varun Rapelly [Thu, 17 Apr 2025 05:51:02 +0000 (05:51 +0000)]
 
tls:updated management of async events handling
This patch updates the creation of async events for handshake, read
write events. Now it allocates a new event for each async event init
function call and uses a llist to store the event indexes.
During the tls context free, it iterates over the list and frees all
the events. In async handshake event handler, added code to read
early data.
During async handshake or read/write event handlers execution, if
the app session or tls session state indicates app closed state, it
initiates SSL shutdown.
Type: improvement
Signed-off-by: Varun Rapelly <[email protected]>
Change-Id: I97f4c4f3e1b0cd19f1101137bf7ae02ccda545ee
Florin Coras [Thu, 8 May 2025 04:03:59 +0000 (00:03 -0400)]
 
tcp: fix coverity discard bytes warning
Type: fix
Change-Id: Id832d1e240e42b8ce76f243c14ca67e724a4ef34
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Wed, 7 May 2025 05:56:15 +0000 (22:56 -0700)]
 
session: avoid clearing fifos while closing
Allow apps to scrape amount of undelivered data before cleanup.
Type: improvement
Change-Id: Ia925bfdd9ee168f5b9da0ddd3048cf4ed2fd440e
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Tue, 6 May 2025 21:10:28 +0000 (17:10 -0400)]
 
session: update state on unexpected delete ntf
Type: improvement
Change-Id: I3b180ccdcd6073688bb220a35cd97f2411cee28a
Signed-off-by: Florin Coras <[email protected]>
Semir Sionek [Mon, 28 Apr 2025 14:45:10 +0000 (10:45 -0400)]
 
hs-test: increase vppinstance connect interval
... to make sure hs-test on slower systems has a chance of catching vpp
 before timing out.
Type: fix
Change-Id: I8b006c9caddbab6e63e3d7f1bee5ad2f342551cb
Signed-off-by: Semir Sionek <[email protected]>
Vratko Polak [Fri, 2 May 2025 15:04:58 +0000 (17:04 +0200)]
 
bonding: activate also on port-rx-eth arc
CSIT tests bonding with AVF, but no longer with plugins/avf.
And plugins/dev_iavf is sensitive only to port-rx-eth arc,
not to device-input arc.
Not sure changing bonding is the correct fix,
but it is easier than making vnet/dev work on device-input arc.
- The indentation is a compromise with "make fixstyle".
Ticket: vpp-3602
Type: fix
Change-Id: I9744d9560661cae208a273155aee7e1b3decdd15
Signed-off-by: Vratko Polak <[email protected]>
Adrian Villin [Wed, 7 May 2025 09:52:21 +0000 (11:52 +0200)]
 
hs-test: don't assert iperf results on GCOV builds
Type: test
Change-Id: Idd332b5ad13de33b155906876f177941c01cd4bd
Signed-off-by: Adrian Villin <[email protected]>
Benoît Ganne [Tue, 29 Apr 2025 13:09:27 +0000 (15:09 +0200)]
 
fib: fix adj_get_rewrite()
It looks like this bug has been around forever: initially the rewrite
string was at the end of rw->data, so the correct thing to do would have
been to return rw->data + max_size - rw->data_size.
Then we moved the rewrite string at the beginning of the buffer, so we
should always return rw->data.
In any case, rw->data - rw->data_size is clearly wrong and will access
memory in the rewrite header or before it.
Type: fix
Fixes: 
b80c536e34b610ca77cd84448754e4bd9c46cf68
Change-Id: Ib6d1124776a3c20e718fc46d61190dec7cba31c3
Signed-off-by: Benoît Ganne <[email protected]>
Hadi Rayan Al-Sandid [Wed, 23 Apr 2025 10:19:13 +0000 (12:19 +0200)]
 
ip_session_redirect: add dump api for session redirects
Type: improvement
Change-Id: Icd6e94535d388e4c2c08c8ab383fea8cac324d66
Signed-off-by: Hadi Rayan Al-Sandid <[email protected]>
Adrian Villin [Tue, 29 Apr 2025 13:25:26 +0000 (15:25 +0200)]
 
hs-test: added ipv6 support and tests
- tests: http client get http/https, nginx perf rps,
  tcp with loss
Type: test
Change-Id: Ibd07067df6c7c27e420e67e91f6ce7206546fa25
Signed-off-by: Adrian Villin <[email protected]>
Matus Fabian [Mon, 28 Apr 2025 11:38:32 +0000 (07:38 -0400)]
 
hs-test: add h2load container to infra
Type: test
Change-Id: I4b1dc2dc9eeefac095823180181b8ce6971c0b65
Signed-off-by: Matus Fabian <[email protected]>
Matus Fabian [Mon, 28 Apr 2025 11:28:40 +0000 (07:28 -0400)]
 
http: http2_transport_conn_reschedule_callback
Type: improvement
Change-Id: I96f9bf3587ccf9ed5b779d2d387785e91e9d303a
Signed-off-by: Matus Fabian <[email protected]>
Matus Fabian [Thu, 17 Apr 2025 13:47:08 +0000 (09:47 -0400)]
 
http: http/2 flow control
Type: feature
Change-Id: Id8e2c51d19a9aef9a74c000dad490ede5eebf2b6
Signed-off-by: Matus Fabian <[email protected]>
Florin Coras [Wed, 23 Apr 2025 04:49:14 +0000 (00:49 -0400)]
 
session: add session eventing infra for apps
Basic framework/supporting infrastructure for now.
Start evt app with default collector with:
 app evt-collector enable [uri <uri>]
Add/del collectors (only one supported for now) with:
 app evt-collector add <uri>
External applications can request eventing to default collector. Builtin
applications can also provide custom eventing functions.
Type: feature
Change-Id: I3547bfc9b258b33a4e8c60c161de75c21533b7f1
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Sat, 3 May 2025 23:36:55 +0000 (19:36 -0400)]
 
udp: fix byte counts to not include headers
Type: fix
Change-Id: Ia3a8bbafedf2ee99a1a78c8fcc08e2b9420f938a
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Fri, 2 May 2025 07:20:53 +0000 (03:20 -0400)]
 
session: add support for postponing transport cleanups
Add new session layer api that allows transports to request postponed
cleanups in session_input. Eventually this should become default
especially if transport connections are to be scrapable before cleanup.
Update tcp and udp for now.
Type: improvement
Change-Id: I74beef41d5deed68efa664b78c1cf95e980b3bde
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Sat, 3 May 2025 21:25:21 +0000 (17:25 -0400)]
 
tcp: reuse and refactor use of del function
Rename tcp_connection_del to tcp_connection_cleanup_and_notify and use
where needed.
Type: refactor
Change-Id: I6007205a63620f1bbf20b59999e833b6d6f631d4
Signed-off-by: Florin Coras <[email protected]>
Adrian Villin [Fri, 2 May 2025 11:24:00 +0000 (13:24 +0200)]
 
hsa: http client - show latency when verbose
Type: improvement
Change-Id: I448818dcc4959989f89ed412e0bb87899150a8ea
Signed-off-by: Adrian Villin <[email protected]>
Damjan Marion [Fri, 2 May 2025 08:49:22 +0000 (10:49 +0200)]
 
build: add install_manifest.txt to .gitignore
Type: make
Change-Id: I62c0a0a48c2c91496eed4f413b4ea34fcb7d9e8d
Signed-off-by: Damjan Marion <[email protected]>
Stanislav Zaikin [Fri, 1 Nov 2024 11:57:27 +0000 (12:57 +0100)]
 
vapi: connect/disconnect error handling uds transport
A sudden vpp restart can put vapi into weird state when it tries to read
from closed socket. Fix that by checking for EOF and add some more error
handling to connect and disconnect.
Type: fix
Change-Id: Ida4e69f839e6bfcc470a8a74899975263735d0c0
Signed-off-by: Stanislav Zaikin <[email protected]>
Kirill A. Khalitov [Mon, 3 Feb 2025 17:03:37 +0000 (18:03 +0100)]
 
sr: fixed return msg id in policy update v2 handler
Type: fix
Change-Id: Id6cd8030235f097a41ada8f9a3d7450a71a2c34e
Signed-off-by: Kirill A. Khalitov <[email protected]>
Kirill A. Khalitov [Thu, 27 Mar 2025 10:59:58 +0000 (11:59 +0100)]
 
vnet: add vapi interface feature enablement check function
Type: improvement
Change-Id: I813c832cf6673eae91bd38ab60e7f19a609a5025
Signed-off-by: Kirill A. Khalitov <[email protected]>
Stanislav Zaikin [Fri, 4 Oct 2024 15:43:37 +0000 (17:43 +0200)]
 
linux-cp: do ip6-ll cleanup on interface removal
run a cleanup of ip6 mfib w/o depending on receiving a corresponding
netlink message
Type: fix
Change-Id: I98d5dbbbbb7a56d3ee6f5882b5d6465148049309
Signed-off-by: Stanislav Zaikin <[email protected]>
Matus Fabian [Thu, 1 May 2025 09:04:35 +0000 (05:04 -0400)]
 
prom: return error when http_static not loaded
return error if vlib_get_plugin_symbol return 0 when
http_static_plugin.so is not loaded instead of crashing
Type: fix
Change-Id: Ic281c559c72d3c9f34bc9daae3aa55f0bb711a8a
Signed-off-by: Matus Fabian <[email protected]>