vpp.git
3 years agovirtio: fix the tx side hdr offset 49/37449/1
Mohsin Kazmi [Mon, 17 Oct 2022 18:16:57 +0000 (18:16 +0000)]
virtio: fix the tx side hdr offset

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ibb4b17b954c55bcb37ede57d398966f244735c3d

3 years agodevices: fix the header offsets in af_packet 48/37448/1
Mohsin Kazmi [Mon, 17 Oct 2022 18:27:21 +0000 (18:27 +0000)]
devices: fix the header offsets in af_packet

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I7fc645c46d285ceb13903f5835c99e9b6a9e5b07

3 years agogso: fix the metadata for gro packets 47/37447/1
Mohsin Kazmi [Mon, 17 Oct 2022 18:26:23 +0000 (18:26 +0000)]
gso: fix the metadata for gro packets

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I3a059b9dcbbcb597a7822f4f35fb275a7c197647

3 years agoip: fix the pseudo header checksum 46/37446/1
Mohsin Kazmi [Mon, 17 Oct 2022 18:21:44 +0000 (18:21 +0000)]
ip: fix the pseudo header checksum

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I5eb83cbd0f8534dc50ecb907b3582717e8709aa2

3 years agocnat: Add sctp support 59/37259/6
Nathan Skrzypczak [Wed, 2 Feb 2022 18:31:58 +0000 (19:31 +0100)]
cnat: Add sctp support

This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.

Type: feature

Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <[email protected]>
3 years agocrypto-ipsecmb: bump ipsecmb library to v1.3 58/37358/8
Marcel Cornu [Wed, 5 Oct 2022 11:08:05 +0000 (12:08 +0100)]
crypto-ipsecmb: bump ipsecmb library to v1.3

- Use the latest IPsec Multi-Buffer library release v1.3
- Use ipsec-mb burst API for HMAC-SHAx algorithms
- Use ipsec-mb burst API for AES-CBC and AES-CTR algorithms

The new burst API available in ipsecmb v1.3 brings significant
performance improvements for certain algorithms compared to the job API.

Type: feature
Signed-off-by: [email protected]
Change-Id: I3490b35a616a2ea77607f103426df62438c22b2b

3 years agovlib: Counter free needs to NULL the allocated counter vector 91/37391/2
Neale Ranns [Thu, 13 Oct 2022 05:39:11 +0000 (05:39 +0000)]
vlib: Counter free needs to NULL the allocated counter vector

otherwise the next time the counter is validated this is dangling.

Type: fix
Fixes: 58fd481d73

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e

3 years agoip-neighbor: delete redundant help information in cli. 24/37424/5
Huawei LI [Fri, 14 Oct 2022 13:37:23 +0000 (21:37 +0800)]
ip-neighbor: delete redundant help information in cli.

Delete redundant help information in ip neighbor's
cli. There is no code implementation about fib-id and
proxy in the cli's subsequent process.

Type: fix

Signed-off-by: Huawei LI <[email protected]>
Change-Id: I1e276aad030409e3f2f62fee489ea95d316e67b5

3 years agolinux-cp: fix infinite loop in CLI lcp default 26/37426/2
luoyaozu [Sat, 15 Oct 2022 11:31:05 +0000 (19:31 +0800)]
linux-cp: fix infinite loop in CLI lcp default

CLI lcp default clear or lcp default netns  hangs in an infinite while loop.

Type: fix

Signed-off-by: luoyaozu <[email protected]>
Change-Id: I699338abc045c84361707260adbb5b574a383170

3 years agol2: coverity complains dead codes 90/37390/3
Steven Luong [Thu, 13 Oct 2022 00:08:12 +0000 (17:08 -0700)]
l2: coverity complains dead codes

Coverity complains dead codes in 2 places due to a recent commit as
pointed out in Fixes. The dead codes are
      if (seed < L2_BD_ID_MAX % 2)
        is_seed_low = 1;
and
      if (is_seed_low)
        seed += (2 * (i % 2) - 1) * i;

seed can never be less than (L2_BD_ID_MAX % 2).
Consequently, is_seed_low is always 0.

There is also other problem. The inner loop is iterating only once.

The fix is to greatly simplify the code to generate a random bd_id.

Type: fix
Fixes: Ieb6919f958f437fc603d5e1f48cab01de780951d

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I318773b9a59950920e051548ef14e36054ebd5e6

3 years agosession: make session code compile with SESSION_DEBUG enable 80/37380/3
Steven Luong [Mon, 10 Oct 2022 18:37:57 +0000 (11:37 -0700)]
session: make session code compile with SESSION_DEBUG enable

Session debug code does not compile anymore due to vlib_mains global
variable disappearing over time. Replace it with vlib_get_main_by_index
call.

Add a cmake variable and pass it from make command line to enable
session debug. Notice transport debug is required for session debug.

make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON VPP_EXTRA_CMAKE_ARGS+=-DVPP_SESSION_DEBUG=ON

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ic2e887c6b10b77cbabd56934f4931fcfa04a6751

3 years agogomemif: migrate to govpp repository 93/37393/3
Matus Halaj [Thu, 13 Oct 2022 12:46:39 +0000 (14:46 +0200)]
gomemif: migrate to govpp repository

Type: make
Signed-off-by: Matus Halaj <[email protected]>
Change-Id: I1d48c7e44fdf23438132996fd3288b29da1fe36e

3 years agodocs: fix memory traces command 42/37342/2
Benoît Ganne [Mon, 3 Oct 2022 18:00:45 +0000 (20:00 +0200)]
docs: fix memory traces command

Type: fix

Change-Id: I8fc949da209a5067c702952fbd0e6ce77b921d02
Signed-off-by: Benoît Ganne <[email protected]>
3 years agomisc: avoid permission issue when running envoy 94/37394/2
Maros Ondrejicka [Thu, 13 Oct 2022 13:38:17 +0000 (15:38 +0200)]
misc: avoid permission issue when running envoy

Because envoy didn't have permission for `envoy.log` file it would stop.
This made tests involving envoy fail.
Adding `ENVOY_UID` environment variable makes envoy run as root,
which avoids the problem.

Type: fix
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I910416ad1c87137396e7da89c13de7739ce74c70

3 years agovpp-swan: fix linked library to plugin 88/37388/2
Gabriel Oginski [Wed, 12 Oct 2022 13:40:05 +0000 (13:40 +0000)]
vpp-swan: fix linked library to plugin

Due to refactor keeping api common code in vlibapi, changes order
linked library to this plugin.

Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23

3 years agoip: migrate ip4 full reassembly to use vlib_buffer_enqueue_to_next 27/37127/4
Damjan Marion [Wed, 14 Sep 2022 16:59:47 +0000 (18:59 +0200)]
ip: migrate ip4 full reassembly to use vlib_buffer_enqueue_to_next

Type: improvement

Change-Id: Ibf683c9ba8a2751e0b40920f6735cfe0a35a6e6d
Signed-off-by: Damjan Marion <[email protected]>
3 years agoip: simpler and faster ip4_full_reass_drop_all 25/37125/3
Damjan Marion [Wed, 14 Sep 2022 15:40:24 +0000 (17:40 +0200)]
ip: simpler and faster ip4_full_reass_drop_all

Type: improvement
Change-Id: I4a75583ce718ba6466cd09ca8373fd43988ef62a
Signed-off-by: Damjan Marion <[email protected]>
3 years agomisc: fix issues reported by clang-15 87/37387/1
Damjan Marion [Wed, 12 Oct 2022 14:02:18 +0000 (16:02 +0200)]
misc: fix issues reported by clang-15

Type: improvement

Change-Id: I3fbbda0378b72843ecd39a7e8592dedc9757793a
Signed-off-by: Damjan Marion <[email protected]>
3 years agol2: Add bridge_domain_add_del_v2 to l2 api 41/37141/11
Laszlo Kiraly [Fri, 16 Sep 2022 11:20:07 +0000 (13:20 +0200)]
l2: Add bridge_domain_add_del_v2 to l2 api

https://jira.fd.io/browse/VPP-2034

Type: fix
Signed-off-by: Laszlo Kiraly <[email protected]>
Change-Id: Ieb6919f958f437fc603d5e1f48cab01de780951d

3 years agotests: don't use tmp as the default log dir with run.py 97/37197/5
Naveen Joy [Tue, 20 Sep 2022 18:38:33 +0000 (11:38 -0700)]
tests: don't use tmp as the default log dir with run.py

The log file directory is configurable with run.py using the
--log-dir argument. This patch removes the use of /tmp as
the default dir for storing all test logs. The default
log dir is now set to show the year, month and day
of the test run. This provides a more meaningful aggregation
of test logs for effective troubleshooting. The default log
dir is set to <CWD>/test-run-YYYY-MM-DD.

Type: improvement
Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566
Signed-off-by: Naveen Joy <[email protected]>
3 years agovppinfra: fix AddressSanitizer 14/37314/3
Benoît Ganne [Fri, 30 Sep 2022 15:13:33 +0000 (17:13 +0200)]
vppinfra: fix AddressSanitizer

When checking for CLIB_SANITIZE_ADDR to enable specific behavior for
AddressSanitizer, we must have vppinfra/clib.h included as it is defined
there.

Type: fix

Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e
Signed-off-by: Benoît Ganne <[email protected]>
3 years agonat: report time between current vpp time and last_heard 67/37267/17
Dave Cornejo [Wed, 28 Sep 2022 01:47:45 +0000 (01:47 +0000)]
nat: report time between current vpp time and last_heard

existing details report the last_heard as the seconds since VPP
started, this is not very useful, so report additionaly
time_since_last_heard in seconds between VPP time and
last_heard.

Change-Id: Ifd34b1449e57919242b1f0e22156d3590af3c738
Type: improvement
Signed-off-by: Dave Cornejo <[email protected]>
Signed-off-by: Vladimir Ratnikov <[email protected]>
3 years agofib: fix crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel. 03/37303/4
Huawei LI [Thu, 29 Sep 2022 03:28:12 +0000 (11:28 +0800)]
fib: fix crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel.

Fix vpp crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel
with 0.0.0.0 dst ip in debug build. The ASSERT should be move
out of fib_prefix_from_ip46_addr, which may be called when
create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip.

How to reproduce:
1. build debug vpp and run vpp
2. create vxlan t src 192.168.0.2 dst 0.0.0.0 vni 1 instance 1
   create vxlan-gpe tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
   create geneve tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
   create gtpu tunnel src 192.168.0.2 dst 0.0.0.0 teid 1

Type: fix

Change-Id: I19972f6af588f4ff7fd17de1b16b9301e43d596f
Signed-off-by: Huawei LI <[email protected]>
3 years agotcp: cmake option VPP_TCP_DEBUG_ALWAYS=ON not taken by all files 72/37372/1
Steven Luong [Fri, 7 Oct 2022 20:53:20 +0000 (13:53 -0700)]
tcp: cmake option VPP_TCP_DEBUG_ALWAYS=ON not taken by all files

Some files include tcp_debug.h without including <vpp/vnet/config.h>
As a result, those files do not get VPP_TCP_DEBUG_ALWAYS option
set. The fix is to include <vpp/vnet/config.h> in tcp_debug.h

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I0c141147f1e8d1b49c5a1440fac1e97cbd96aaa7

3 years agotests: disable broken wireguard tests on vpp_debug image 47/37347/2
Dave Wallace [Wed, 5 Oct 2022 02:02:49 +0000 (22:02 -0400)]
tests: disable broken wireguard tests on vpp_debug image

Type: test

Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I3a53d57e42f4c1f5ba0de6d2b181c7f2ad083a3a

3 years agotcp: build image with TCP_DEBUG_ALWAYS via make 68/37368/2
Steven Luong [Thu, 6 Oct 2022 23:48:24 +0000 (16:48 -0700)]
tcp: build image with TCP_DEBUG_ALWAYS via make

Add cmake option to enable TCP_DEBUG_ALWAYS.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=OFF

Type: improvement

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I911a8d615f76516ae0a988bc6135c3b0d8fcb3df

3 years agobuild: retain dpdk_mlx_default setting for ci script 48/37348/2
Dave Wallace [Wed, 5 Oct 2022 03:48:44 +0000 (23:48 -0400)]
build: retain dpdk_mlx_default setting for ci script

- tell git to ignore all build/external generated files

Type: make

Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3

3 years agourpf: add mode for specific fib index lookup 31/37131/19
hedi bouattour [Wed, 14 Sep 2022 12:39:23 +0000 (12:39 +0000)]
urpf: add mode for specific fib index lookup

this patch adds a mode to urpf in order to perform the lookup in a specified vrf instead of the interface vrf
Type: feature
Change-Id: Ieb91de6ccdfbf32b6939364f3bebeecd2d57af19
Signed-off-by: hedi bouattour <[email protected]>
3 years agofib: add fib_entry_get_path_list_for_source 46/37346/2
Damjan Marion [Tue, 4 Oct 2022 16:08:51 +0000 (18:08 +0200)]
fib: add fib_entry_get_path_list_for_source

Type: improvement
Change-Id: Ie035bebf64226691cffc84484e4bf7310287d1b7
Signed-off-by: Damjan Marion <[email protected]>
3 years agoabf: return status of attachment add/del 67/37367/2
Matthew Smith [Thu, 6 Oct 2022 18:01:23 +0000 (18:01 +0000)]
abf: return status of attachment add/del

Type: fix

The handler for abf_itf_attach_add_del was always returning 0. Set rv to
the return value of call to abf_itf_attach() or abf_itf_detach().

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: Ibb888bb148e6e03fc2776e2384b3a6e26148a429

3 years agovcl: add api to check if vcl disconnected from vpp 66/37366/5
Maros Ondrejicka [Thu, 6 Oct 2022 16:17:05 +0000 (18:17 +0200)]
vcl: add api to check if vcl disconnected from vpp

Type: feature
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I98bc108360f9d04a33126865ce49d2702cbe9cdf

3 years agogso: set the header offsets in gro hdr fixup 65/37365/2
Mohsin Kazmi [Thu, 6 Oct 2022 15:46:24 +0000 (15:46 +0000)]
gso: set the header offsets in gro hdr fixup

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I9d5004f8764b1833e5ca825bc52345e23770c6bc

3 years agogso: fix the checksum for odd number of data bytes 64/37364/2
Mohsin Kazmi [Thu, 6 Oct 2022 15:43:36 +0000 (15:43 +0000)]
gso: fix the checksum for odd number of data bytes

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I07b694323e0f6745dec2b846785026b152d78af6

3 years agogomemif: update to libmemif version 4.0 65/36765/4
Daniel Béreš [Wed, 27 Jul 2022 12:22:39 +0000 (12:22 +0000)]
gomemif: update to libmemif version 4.0

Type: improvement

This patch provides:
1. interrupt mode support,
2. abstract socket support,
3. overriding responder example and divides it to two examples:
-icmp_responder_cb
-icmp_responder_poll

Signed-off-by: Daniel Béreš <[email protected]>
Change-Id: I99c86d053521760c457541fc596ed554f4077608

3 years agofib: only invoke adj delegate create callback on mcast adj create 56/37356/2
Peter Morrow [Wed, 5 Oct 2022 10:50:22 +0000 (11:50 +0100)]
fib: only invoke adj delegate create callback on mcast adj create

adj_delegate_adj_created() is incorrectly called when an existing
adj is found and returned. This can lead to crashes in some cases
in the pmtu delegate:

(gdb) bt
0  0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
1  0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6
2  0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437
3  0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188
4  <signal handler called>
5  0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156
6  0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197
7  0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166
8  0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95
9  0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217
10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108
11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593
12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810
13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208
14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429
15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235
16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123
17 0x00007f2a47cf5d60 in ?? ()
18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260
19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316
20 0x0000000000000000 in ?? ()
(gdb)

Type: fix

Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5
Signed-off-by: Peter Morrow <[email protected]>
3 years agoip: reassembly - custom context instead of VRF 27/36327/9
Mohammed Hawari [Thu, 2 Jun 2022 16:04:45 +0000 (18:04 +0200)]
ip: reassembly - custom context instead of VRF

Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agoip: reassembly - custom context of ipv6 54/36454/9
Mohammed Hawari [Mon, 20 Jun 2022 13:28:31 +0000 (15:28 +0200)]
ip: reassembly - custom context of ipv6

Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agobuild: change make verify gate os to ubuntu 22.04 99/37099/6
Dave Wallace [Fri, 9 Sep 2022 15:34:02 +0000 (11:34 -0400)]
build: change make verify gate os to ubuntu 22.04

- Also fix log output to remove hardcoded compiler version

Type: make

Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f
Signed-off-by: Dave Wallace <[email protected]>
3 years agordma: unhackish build of rdma-core 68/37168/9
Mohammed Hawari [Tue, 20 Sep 2022 16:44:36 +0000 (18:44 +0200)]
rdma: unhackish build of rdma-core

Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agobuild: mlx dpdk-rdma compatibility matrix 56/37156/8
Mohammed Hawari [Mon, 19 Sep 2022 14:26:25 +0000 (16:26 +0200)]
build: mlx dpdk-rdma compatibility matrix

- Verify mlx_rdma_dpdk_matrix.txt versions,
  build MLX drivers in dpdk if the versions match.
  Also output version comparison results to a file
  for CI job to send notification email when the
  versions do not match.

Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
Signed-off-by: Dave Wallace <[email protected]>
3 years agotcp: replace tcp_time_now with tcp_time_now_us 05/37305/4
Steven Luong [Thu, 29 Sep 2022 23:45:23 +0000 (16:45 -0700)]
tcp: replace tcp_time_now with tcp_time_now_us

It looks like tcp_time_now has been deprecated for a while and the
replacement is tcp_time_now_us

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64

3 years agosr: new messages created to return packet statistics in sr localsid details 58/37258/2
ChinmayaAgarwal [Tue, 27 Sep 2022 06:55:22 +0000 (12:25 +0530)]
sr: new messages created to return packet statistics in sr localsid details

Type: improvement
Signed-off-by: ChinmayaAgarwal <[email protected]>
Change-Id: I27d5981a77d4166a92db9ecf73d9b0eed962ec19

3 years agofib: fix dpo-receive address in ip6-ll fibs 42/37242/5
Vladislav Grishenko [Sun, 15 May 2022 20:44:43 +0000 (01:44 +0500)]
fib: fix dpo-receive address in ip6-ll fibs

Need to fill frp_addr for local path, it's used by dpo-receive.
If not, address output can be invalid:

$ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128
IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ]
fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2
  IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active,
    path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[]
      path:[82] pl-index:72 ip6 weight=1 pref=0 receive:  oper-flags:resolved, cfg-flags:local,glean,
        [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3

 forwarding:   unicast-ip6-chain
  [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]]
    [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3

Type: fix
Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404
Signed-off-by: Vladislav Grishenko <[email protected]>
3 years agoudp: add udp encap source port entropy support 65/37265/2
Vladislav Grishenko [Wed, 22 Jun 2022 19:45:16 +0000 (00:45 +0500)]
udp: add udp encap source port entropy support

Encode entropy value in UDP source port when requested per RFC 7510.
CLI already has "src-port-is-entropy", use zero UDP source port in API
to avoid breaking changes, since zero port is not something to be used
in wild.
Also, mark UDP encapsualtion API as mp-safe as already done for CLI.

Type: feature
Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52
Signed-off-by: Vladislav Grishenko <[email protected]>
3 years agogso: clear the offload flags from segmented buffers 04/37304/2
Mohsin Kazmi [Thu, 29 Sep 2022 13:56:24 +0000 (13:56 +0000)]
gso: clear the offload flags from segmented buffers

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I2901628d23f9b81edb32d0ced3877e5799a6cec7

3 years agoapi: deprecate vl_msg_api_set_handlers 88/36188/9
Damjan Marion [Fri, 20 May 2022 18:06:01 +0000 (20:06 +0200)]
api: deprecate vl_msg_api_set_handlers

Type: refactor

Change-Id: I7b7ca9ec62cb70243c5b7e87968eab1338d67ec8
Signed-off-by: Damjan Marion <[email protected]>
3 years agovpp-swan: Add scripts for testing 65/36665/8
Gabriel Oginski [Fri, 8 Jul 2022 07:46:32 +0000 (07:46 +0000)]
vpp-swan: Add scripts for testing

Added scripts to reparing setups for testing

To prepare and run containers:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers

To prepare setups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh config

To clean-up settups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean

To deleted all containers and images in Docker:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted

Type: feature
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12

3 years agovpp-swan: Add plugin for vpp-swan 52/36552/9
Gabriel Oginski [Wed, 29 Jun 2022 12:54:30 +0000 (12:54 +0000)]
vpp-swan: Add plugin for vpp-swan

Added plugin vpp-swan is a plugin that helps offloading
Strongswan IPsec ESP process from Linux Kernel to VPP.

Type: feature
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893

3 years agotests: stabilize wireguard ratelimiting test 47/37247/6
Alexander Chernavin [Fri, 23 Sep 2022 12:41:31 +0000 (12:41 +0000)]
tests: stabilize wireguard ratelimiting test

Type: test

"test_wg_handshake_ratelimiting_multi_peer" has been unstable recently
because the test strongly relies on execution speed. Currently, the test
triggers ratelimiting for peer 1 and sends handshake initiations from
peer 1 and 2 mixed up. After that, the test expects that all handshake
initiations for peer 1 are ratelimited and a handshake response for peer
2 is received.

Ratelimiting is based on the token bucket algorithm. The more time
passes between triggering ratelimiting for peer 1 and sending a mixture
of handshake initiations from peer 1 and 2, the more tokens will be
added into the bucket for peer 1. Depending on delays between these
steps, the number of tokens might be enough to process handshake
initiations from peer 1 while they are expected to be rejected due to
ratelimiting.

With this change, these two steps are combined into one and the logic
modified. The test triggers ratelimiting for both peer 1 and 2. Packets
that trigger ratelimiting and that are to be rejected are sent in one
batch that is going to reduce delays between packet processing. Also,
verify that number of rejected handshake messages is in expected range
instead of verifying the exact number as it still may slightly vary.

Also, this should finish making the wireguard tests stable on Ubuntu
22.04 and Debian 11.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802

3 years agoaf_xdp: change RLIMIT_MEMLOCK before load bpf program 38/37138/6
Chen Yahui [Fri, 16 Sep 2022 13:07:57 +0000 (21:07 +0800)]
af_xdp: change RLIMIT_MEMLOCK before load bpf program

default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or
load complex bpf program, libbpf will return permission error.

root cause is default 64 is not large enough. So we change it before
load bpf program.

Type: fix

Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105
Signed-off-by: Chen Yahui <[email protected]>
3 years agotests: enable ipsec-esp 'make test' testcases on ubuntu-22.04 66/37266/1
Dave Wallace [Tue, 27 Sep 2022 17:11:53 +0000 (13:11 -0400)]
tests: enable ipsec-esp 'make test' testcases on ubuntu-22.04

Type: test

Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I016fd169813e369208089df122477152aaf9ffc2

3 years agowireguard: stop sending handshakes when wg intf is down 61/37061/12
Alexander Chernavin [Thu, 1 Sep 2022 13:42:56 +0000 (13:42 +0000)]
wireguard: stop sending handshakes when wg intf is down

Type: fix

Currently, when a wg interface is administratively disabled initially or
during operation, handshake packets continue to be sent. Data packets
stop being sent because routes pointing to the wg interface will not be
used. But data keys remain.

With this fix, when a wg interface is administratively disabled during
peer creation, avoid connection initialization to the peer. Data keys
and timers should be empty at this point. When a wg interface is
disabled during operation, disable all peers (i.e. stop all timers,
clear data keys, etc.). Thus, state should be identical in both cases.
When a wg interface is administratively enabled, enable all peers (i.e.
get ready to exchange data packets and initiate a connection). Also,
cover these scenarios with tests.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3

3 years agocrypto-openssl: use no padding for encrypt/decrypt 15/37215/5
Vladimir Ratnikov [Thu, 22 Sep 2022 08:19:18 +0000 (08:19 +0000)]
crypto-openssl: use no padding for encrypt/decrypt

 Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c

 Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
 Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
 with it

PS. openSSL 3.x.x

Type: fix

Signed-off-by: Vladimir Ratnikov <[email protected]>
Change-Id: If715a80228548b4e588cee222968d9da9024c438

3 years agoaf_xdp: compile error undeclared identifier 'SOL_XDP' 37/37137/4
Chen Yahui [Fri, 16 Sep 2022 10:31:43 +0000 (18:31 +0800)]
af_xdp: compile error undeclared identifier 'SOL_XDP'

Type: fix

Signed-off-by: Chen Yahui <[email protected]>
Change-Id: Ia447420f692f1487d343886845d648d766e43c27
Signed-off-by: Chen Yahui <[email protected]>
3 years agovnet: fix ip4 version and IHL check 35/37135/6
Dmitry Valter [Fri, 16 Sep 2022 12:33:25 +0000 (12:33 +0000)]
vnet: fix ip4 version and IHL check

Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.

Type: fix
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574

3 years agowireguard: fix re-handshake timer when response sent 57/37257/3
Alexander Chernavin [Mon, 26 Sep 2022 15:11:27 +0000 (15:11 +0000)]
wireguard: fix re-handshake timer when response sent

Type: fix

As per the protocol:

  A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms,
  if a response has not been received...

Currently, if retransmit handshake timer is started, it will trigger
after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake
initiation via wg_send_handshake() given that no responses have been
received. wg_send_handshake() will verify that time stored in
REKEY_TIMEOUT has passed since last handshake initiation sending and if
has, will send a handshake initiation. Time when a handshake initiation
was last sent is stored in last_sent_handshake.

The problem is that last_sent_handshake is not only updated in
wg_send_handshake() when sending handshake initiations but also in
wg_send_handshake_response() when sending handshake responses. When
retransmit handshake timer triggers and a handshake response has been
sent recently, a handshake initiation will not be sent because for
wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT
has not passed yet. Also, the timer will not be restarted.

wg_send_handshake_response() must not update last_sent_handshake,
because this time is used only when sending handshake intitiations. And
the protocol does not say that handshake initiation retransmission and
handshake response sending (i.e. replying to authenticated handshake
initiations) must coordinate.

With this fix, stop updating last_sent_handshake in
wg_send_handshake_response().

Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds
and did not receive any handshake initiations. Then they fail.

Also, long-running tests that send wrong packets and do not expect
anything in reply may now receive handshake intiations, consider them as
replies to the wrond packets, and fail. Those are updated to filter out
handshake initiations in such verifications. Moreover, after sending
wrong packets, error counters are already inspected there to confirm
packet processing was unsuccessful.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6

3 years agovcl: repatch "align the RST behaviour with kernel" 52/37252/3
Yacan Liu [Mon, 26 Sep 2022 08:41:32 +0000 (16:41 +0800)]
vcl: repatch "align the RST behaviour with kernel"

The previous patch[37164] was a bit flawed.

Type: fix
Signed-off-by: Yacan Liu <[email protected]>
Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667

3 years agotests: disable failing tests on ubuntu-22.04 debian-11 98/37198/11
Dave Wallace [Wed, 21 Sep 2022 01:52:18 +0000 (21:52 -0400)]
tests: disable failing tests on ubuntu-22.04 debian-11

Type: test

Change-Id: I7b2314a731c83b3dcd69c999edb8ebed53839724
Signed-off-by: Dave Wallace <[email protected]>
3 years agoapi: replace print functions wth format 87/36187/10
Damjan Marion [Fri, 20 May 2022 14:01:22 +0000 (16:01 +0200)]
api: replace print functions wth format

Type: improvement
Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144
Signed-off-by: Damjan Marion <[email protected]>
3 years agoapi: keep api common code in vlibapi 83/36183/10
Damjan Marion [Fri, 20 May 2022 11:05:38 +0000 (13:05 +0200)]
api: keep api common code in vlibapi

Type: refactor
Change-Id: I6edbff9a02fcb3c592ccfe8f47ddb3f848be1b6d
Signed-off-by: Damjan Marion <[email protected]>
3 years agobfd: add tracing support to bfd-process 67/37167/4
Klement Sekera [Tue, 20 Sep 2022 13:10:10 +0000 (15:10 +0200)]
bfd: add tracing support to bfd-process

Outgoing packets can be now traced via:

trace add bfd-process <count>

Type: improvement
Change-Id: Ia19af6054289b18f55e518dbea251a2bee9b9457
Signed-off-by: Klement Sekera <[email protected]>
3 years agoipsec: introduce fast path ipv6 inbound matching 96/37196/4
Piotr Bronowski [Tue, 20 Sep 2022 14:44:36 +0000 (14:44 +0000)]
ipsec: introduce fast path ipv6 inbound matching

This patch introduces fast path matching for inbound traffic ipv6.
Fast path uses bihash tables in order to find matching policy.
Adding and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve the perfromance.

Type: feature

Change-Id: Iaef6638033666ad6eb028ffe0c8a4f4374451753
Signed-off-by: Piotr Bronowski <[email protected]>
3 years agomisc: Initial 23.02-rc0 commit 04/37204/1 v23.02-rc0
Andrew Yourtchenko [Wed, 21 Sep 2022 12:03:02 +0000 (12:03 +0000)]
misc: Initial 23.02-rc0 commit

Type: docs
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ie89d68ea4e462dfd7276a75f420268f15394258d

3 years agodocs: enhance install vpp docs 44/36344/4
fatelei [Wed, 8 Jun 2022 04:28:23 +0000 (12:28 +0800)]
docs: enhance install vpp docs

Type: docs

Change-Id: Ic1439ce658d9d53208b29d85440a6cc225ed5b74
Signed-off-by: fatelei <[email protected]>
Signed-off-by: Dave Wallace <[email protected]>
3 years agonat: adding docs for nat44-ed sub plugin 41/36241/6
Filip Varga [Thu, 26 May 2022 11:49:22 +0000 (13:49 +0200)]
nat: adding docs for nat44-ed sub plugin

Type: docs

Change-Id: Icfa2bdc9367f8438b53da7c89caec263ed6ab056
Signed-off-by: Filip Varga <[email protected]>
Signed-off-by: Dave Wallace <[email protected]>
3 years agofib: add cli support for explicit link type 96/37096/3
Benoît Ganne [Fri, 9 Sep 2022 15:02:31 +0000 (17:02 +0200)]
fib: add cli support for explicit link type

This adds the ability to specify we want an IPv4 route via an IPv6 adj
and vice-versa.

Type: improvement

Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c
Signed-off-by: Benoît Ganne <[email protected]>
3 years agoarp: check for manually added proxy-arp entries 02/37102/5
Benoît Ganne [Mon, 12 Sep 2022 13:06:22 +0000 (15:06 +0200)]
arp: check for manually added proxy-arp entries

When manually adding neighbor entries for proxy-arp, those will be
fib-adj entries. Check for proxy-arp instead of dropping immediately.

Type: improvement

Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029
Signed-off-by: Benoît Ganne <[email protected]>
3 years agomisc: experimental script to get the list of the reviewers for a commit 39/33139/4
Andrew Yourtchenko [Wed, 14 Jul 2021 20:44:05 +0000 (22:44 +0200)]
misc: experimental script to get the list of the reviewers for a commit

The script accepts zero or one argument (the commit hash), and outputs
the detected components, the component maintainers,
and the final suggested reviewer list. See the script
for the example output.

Change-Id: Ief671fe837c6201bb11fd05d02af881822b0bb33
Type: docs
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agopacketforge: add packetforge for generic flow to extras 49/36149/21
Ting Xu [Sun, 24 Apr 2022 06:14:25 +0000 (06:14 +0000)]
packetforge: add packetforge for generic flow to extras

Add a new tool packetforge to extras. This tool is to support generic flow.
Packetforge is a library to translate naming or json profile format flow
pattern to the required input of generic flow, i.e. spec and mask. Using
python script flow_create.py, it can add and enable a new flow rule for
an interface via flow VAPI, and can delete an existed flow rule as well.
Command examples are shown below. Json profile examples can be found in
./parsegraph/samples.

Naming format input:
python flow_create.py --add -p "mac()/ipv4(src=1.1.1.1,dst=2.2.2.2)/udp()"
-a "redirect-to-queue 3" -i 1
python flow_create.py --del -i 1 -I 0

Json profile format input:
python flow_create.py -f "./flow_rule_examples/mac_ipv4.json" -i 1

With this command, flow rule can be added or deleted, and the flow
entry can be listed with "show flow entry" command in VPP CLI.

Packetforge is based on a parsegraph. The parsegraph can be built by
users. A Spec can be found in ./parsegraph as guidance. More details
about packetforge are in README file.

Type: feature

Signed-off-by: Ting Xu <[email protected]>
Change-Id: Ia9f539741c5dca27ff236f2bcc493c5dd48c0df1

3 years agovcl: align the RST behaviour with kernel 64/37164/3
Yacan Liu [Tue, 20 Sep 2022 06:19:19 +0000 (14:19 +0800)]
vcl: align the RST behaviour with kernel

When ESTABLISHED TCP connection is terminated by an RST packet,
EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using
VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) +
EPOLLRDHUP(if requested).

libevent will interpret the two cases as different EV combinations.

Below is the code snippet for libevent v2.12:

  if (what & EPOLLERR) {
    ev = EV_READ | EV_WRITE;
  } else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) {
    ev = EV_READ | EV_WRITE;
  } else {
    if (what & EPOLLIN)
      ev |= EV_READ;
    if (what & EPOLLOUT)
      ev |= EV_WRITE;
    if (what & EPOLLRDHUP)
      ev |= EV_CLOSED;
 }

Type: fix
Signed-off-by: Yacan Liu <[email protected]>
Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05

3 years agotests: run tests against a running VPP 64/37064/5
Naveen Joy [Tue, 30 Aug 2022 20:59:03 +0000 (13:59 -0700)]
tests: run tests against a running VPP

Usage:
test/run.py -r  -t {test_filter}
Instead of starting a new instance of VPP, when the -r argument
is provided, test is run against a running VPP instance. Optionally,
one can also set the VPP socket directory using the -d
argument. The default location for socket files is
/var/run/user/${uid}/vpp and /var/run/vpp if VPP is started
as root.

Type: improvement

Change-Id: I05e57a067fcb90fb49973f8159fc17925b741f1a
Signed-off-by: Naveen Joy <[email protected]>
3 years agomisc: add test framework for host stack 29/36829/7
Filip Tehlar [Tue, 9 Aug 2022 14:44:47 +0000 (14:44 +0000)]
misc: add test framework for host stack

Type: feature

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I5a64a2c095cae3a4d5f8fdc73e624b010339ec8e

3 years agocnat: coverity fix 34/37134/2
Nathan Skrzypczak [Fri, 16 Sep 2022 12:12:08 +0000 (14:12 +0200)]
cnat: coverity fix

Type: fix

Change-Id: Ib127331507724f853071e66ca1ddfc773a8ed200
Signed-off-by: Nathan Skrzypczak <[email protected]>
3 years agotests: skip tests failing on ubuntu 22.04 44/37144/2
Dave Wallace [Mon, 19 Sep 2022 02:28:44 +0000 (22:28 -0400)]
tests: skip tests failing on ubuntu 22.04

Type: test

Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I218059de5d05680d661f302293475b6c2a7bf81d

3 years agoigmp: validate ip router alert option length 36/37136/5
Vladislav Grishenko [Fri, 16 Sep 2022 17:01:00 +0000 (17:01 +0000)]
igmp: validate ip router alert option length

It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.

Type: fix
Signed-off-by: Vladislav Grishenko <[email protected]>
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3

3 years agoabf: add API parameter n_paths range checks 07/37107/2
Jon Loeliger [Mon, 12 Sep 2022 17:41:06 +0000 (12:41 -0500)]
abf: add API parameter n_paths range checks

Also check for non-zero rpath length in CLI cmd.
While there, no need to use "else" after a return.
Also while there, notice and fix numerous input_line
buffer leaks and fix them.

Type: fix
Fixes: 669d07dc016757b856e1014a415996cf9f0ebc58

Signed-off-by: Jon Loeliger <[email protected]>
Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8

3 years agobuild: install missing headers 49/37049/2
Benoît Ganne [Wed, 31 Aug 2022 10:05:43 +0000 (12:05 +0200)]
build: install missing headers

Type: fix

Change-Id: I4eb2a7190de90553c91133f940e068ed649120cb
Signed-off-by: Benoît Ganne <[email protected]>
3 years agoteib: fix segv during failed deletion of entry 94/37094/2
Matthew Smith [Thu, 8 Sep 2022 21:03:10 +0000 (21:03 +0000)]
teib: fix segv during failed deletion of entry

Type: fix

If an attempt is made to delete a teib entry and the entry does not
exist, a message is logged. The format string contained an extra "%U",
which results in a segv.

Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a
Signed-off-by: Matthew Smith <[email protected]>
3 years agoarp: update error reason when checking for proxy-arp 06/37106/2
Benoît Ganne [Mon, 12 Sep 2022 15:56:16 +0000 (17:56 +0200)]
arp: update error reason when checking for proxy-arp

When we follow arp feature arc for proxy-arp, we should still update
the error reason in case proxy-arp cannot handle the arp request and
drops it.

Type: improvement

Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d
Signed-off-by: Benoît Ganne <[email protected]>
3 years agolinux-cp: fix some CLI error messages 09/37109/2
Matthew Smith [Mon, 12 Sep 2022 19:54:43 +0000 (19:54 +0000)]
linux-cp: fix some CLI error messages

Type: fix

If unrecognized input was provided to the commands which add or delete a
pair, the error message was being created incorrectly and only displayed
something like "unknown input `'". Provide the correct argument to
format_unformat_error so that the actual unrecognized input is printed.

There also was no error or useful information printed if only the base
command were provided without any additional arguments. This should
print a warning about what required data was missing. Reorganize code to
handle this and to make sure that memory gets freed appropriately.

Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4
Signed-off-by: Matthew Smith <[email protected]>
3 years agolisp: fix coverity 277315 30/37130/4
Andrew Yourtchenko [Thu, 15 Sep 2022 12:11:06 +0000 (12:11 +0000)]
lisp: fix coverity 277315

Handle the case of the mapping not being found by GID.

Type: fix
Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovirtio: add support for per queue packet counter 23/37123/3
Mohsin Kazmi [Wed, 14 Sep 2022 11:25:54 +0000 (11:25 +0000)]
virtio: add support for per queue packet counter

Type: improvement

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I21a701a556b88a9d81f0e074a59fa34b3746b1d9

3 years agovcl: add hugepage for vcl configure and svm 48/36948/14
Junfeng Wang [Fri, 12 Aug 2022 08:24:46 +0000 (16:24 +0800)]
vcl: add hugepage for vcl configure and svm

add hugepage for vcl configure and svm

Type: feature

Signed-off-by: Junfeng Wang <[email protected]>
Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef

3 years agosession: support dma option 49/36949/24
Marvin Liu [Tue, 16 Aug 2022 06:49:09 +0000 (06:49 +0000)]
session: support dma option

add dma support to session, acclerate host-stack with dma

Type: feature

Signed-off-by: Marvin Liu <[email protected]>
Signed-off-by: Junfeng Wang <[email protected]>
Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc

3 years agoprom: fix coverity 277312, 277317 28/37128/1
Andrew Yourtchenko [Thu, 15 Sep 2022 11:46:30 +0000 (11:46 +0000)]
prom: fix coverity 277312, 277317

If one attempts to add a pattern with zero length, first time
it will succeed, and the second time it will cause an invalid memcmp call.

Solution: do not allow to add zero-length patterns.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2

3 years agonat: fix nat44-ed port range with multiple workers 62/36962/2
Vladislav Grishenko [Fri, 19 Aug 2022 15:42:22 +0000 (20:42 +0500)]
nat: fix nat44-ed port range with multiple workers

The number of available dynamic ports is set to (0xffff - 1024) =
64511, which is not divisable by the pow2 number of workers - the
only integer divisors are 31 and 2081.
So, total dynamic port range of all workers will be less than it:
    1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536
    2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535
    4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533
    8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529
    ...
As seen, with multiple workers there are unused trailing ports for every
nat pool address and that is the reason of out-of-bound index in the
worker array on out2in path due (port - 1024) / port_per_thread math.
This was fixed in 5c9f9968de63fa627b4a72b344df36cdc686d18a, so packets
to unused ports will go to existing worker and dropped there.

Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6:
6.  Port Number Ranges
   o  the System Ports, also known as the Well Known Ports, from 0-1023
      (assigned by IANA)
   o  the User Ports, also known as the Registered Ports, from 1024-
      49151 (assigned by IANA)
   o  the Dynamic Ports, also known as the Private or Ephemeral Ports,
      from 49152-65535 (never assigned)

According that let's allocate dynamic ports from 1024 and have full port
range with a wide range of the workers number - 64 integer divisors in
total, including pow2 ones:
    1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536
    2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536
    3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536
    4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536
    5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534
    6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536
    7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536
    8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536
    ...
Modulo from 5c9f9968de63fa627b4a72b344df36cdc686d18a is still required
when the numbers of workers is not the integer divisor of 64512.

Type: fix
Fixes: 5c9f9968de63fa627b4a72b344df36cdc686d18a
Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e
Signed-off-by: Vladislav Grishenko <[email protected]>
3 years agoip-neighbor: fix debug log format output 74/37074/3
luoyaozu [Mon, 5 Sep 2022 14:16:01 +0000 (22:16 +0800)]
ip-neighbor: fix debug log format output

Type: fix

Signed-off-by: luoyaozu <[email protected]>
Change-Id: Ibfebe4da0197d1f60bf9edd3873fe1f776b680a4

3 years agoip: show fib index in ip4 reassembly trace 22/37122/2
Damjan Marion [Wed, 14 Sep 2022 14:00:09 +0000 (16:00 +0200)]
ip: show fib index in ip4 reassembly trace

Type: improvement
Change-Id: I371237803e2c3cb0e1b42b94f422867465e2bff6
Signed-off-by: Damjan Marion <[email protected]>
3 years agoipsec: make chacha20-poly1305 available via API 16/37116/6
Vladimir Ratnikov [Tue, 13 Sep 2022 13:09:53 +0000 (13:09 +0000)]
ipsec: make chacha20-poly1305 available via API

Type: feature

Signed-off-by: Vladimir Ratnikov <[email protected]>
Change-Id: I4e03f60f34acd7809ddc5a743650bedbb95b2e98

3 years agovlib: add vlib_frame_bitmap_is_bit_set 98/37098/2
Damjan Marion [Thu, 8 Sep 2022 16:59:03 +0000 (18:59 +0200)]
vlib: add vlib_frame_bitmap_is_bit_set

Type: improvement
Change-Id: I2f3fab893a10b060f91b07ee17b8727d241830ea
Signed-off-by: Damjan Marion <[email protected]>
3 years agoipsec: introduce fast path ipv4 inbound matching 52/37052/3
Piotr Bronowski [Wed, 31 Aug 2022 13:48:14 +0000 (13:48 +0000)]
ipsec: introduce fast path ipv4 inbound matching

This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.

Type: feature

Signed-off-by: Piotr Bronowski <[email protected]>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675

3 years agofib: fix path copy function to deal with provided DPO in exclusive path 86/37086/2
Damjan Marion [Wed, 7 Sep 2022 15:54:39 +0000 (17:54 +0200)]
fib: fix path copy function to deal with provided DPO in exclusive path

DPO in the new copy was not locked ...

Type: fix
Fixes: 0bfe5d8

Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6
Signed-off-by: Damjan Marion <[email protected]>
3 years agovlib: don't leak node frames on refork 75/37075/5
Dmitry Valter [Mon, 5 Sep 2022 15:30:18 +0000 (15:30 +0000)]
vlib: don't leak node frames on refork

Free node frames in worker mains on refork. Otherwise these frames are
never returned to free pool and it causes massive memory leaks if
performed under traffic load

Type: fix
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363

3 years agovppinfra: add clib_array_mask_set_u32() 97/37097/1
Damjan Marion [Thu, 8 Sep 2022 17:00:06 +0000 (19:00 +0200)]
vppinfra: add clib_array_mask_set_u32()

Type: improvement
Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377
Signed-off-by: Damjan Marion <[email protected]>
3 years agonat: fix nat44-ed-in2out fast path next node 43/36643/4
Jing Peng [Fri, 8 Jul 2022 16:52:01 +0000 (12:52 -0400)]
nat: fix nat44-ed-in2out fast path next node

When a session is found expired, the next node of in2out fast path
should be in2out slow path instead of out2in slow path.

Type: fix
Signed-off-by: Jing Peng <[email protected]>
Change-Id: If1dd920502089c25b33bea5434823b0496a44499

3 years agofib: missing headers 87/37087/2
Damjan Marion [Wed, 7 Sep 2022 16:52:18 +0000 (18:52 +0200)]
fib: missing headers

Type: improvement
Change-Id: I7f52222706200c31a731fadfb84513549ccb532d
Signed-off-by: Damjan Marion <[email protected]>
3 years agowireguard: eliminate some calls to main thread 81/37081/2
Matthew Smith [Fri, 2 Sep 2022 14:34:38 +0000 (14:34 +0000)]
wireguard: eliminate some calls to main thread

Type: improvement

Roaming functionality allows the peer address to change. The main thread
was being called to update a peer's address if necessary after
processing a received packet. Check in the worker whether this is
necessary before incurring the overhead of the RPC to the main thread.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45

3 years agoavf: check for VLAN_TOGGLE capability 79/37079/2
Mohammed Hawari [Tue, 6 Sep 2022 16:08:12 +0000 (18:08 +0200)]
avf: check for VLAN_TOGGLE capability

The ability to modify the vlan setting must be checked prior to using
VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan
stripping

Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897
Type: fix
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agodpdk-cryptodev: reduce request to enable async 82/37082/2
Gabriel Oginski [Tue, 6 Sep 2022 08:59:16 +0000 (08:59 +0000)]
dpdk-cryptodev: reduce request to enable async

Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.

The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.

Type: fix

Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3

3 years agobuild: Cleanup python2 from suse build and uplift opensuse version 67/37067/5
Laszlo Kiraly [Fri, 2 Sep 2022 12:08:36 +0000 (14:08 +0200)]
build: Cleanup python2 from suse build and uplift opensuse version

 - default to opensuse-leap 15.4, no python2 support in this version
 - deprecate version openSUSE 15.0, openSUSE 15.3 still supported

Type: make

Signed-off-by: Laszlo Kiraly <[email protected]>
Change-Id: Ic7178ff5238e2669bc45166c1f13d3f077f6069b
Signed-off-by: Laszlo Kiraly <[email protected]>