Robert Shearman [Fri, 26 Feb 2021 11:24:59 +0000 (11:24 +0000)]
marvell: fix implicit declaration of function
Fix compile error due to implicit declaration of
vnet_hw_if_get_rxq_poll_vector by including the header file that
declares this.
Type: fix
Fixes:
b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
Damjan Marion [Thu, 4 Mar 2021 23:14:15 +0000 (00:14 +0100)]
crypto: revert "fix ops flags in crypto sw scheduler"
This reverts commit
30ad571cc35e4dc6d4d7e50b81b97f83f8770eea.
Type: fix
Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94
Signed-off-by: Damjan Marion <damarion@cisco.com>
Nathan Skrzypczak [Tue, 26 Jan 2021 10:49:03 +0000 (11:49 +0100)]
docs: Update macos doc to clang-format
Type: docs
Change-Id: Ibf825ac8b1591e8109be0b3b8d56ee85ae5145a4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Filip Tehlar [Sat, 20 Feb 2021 02:26:17 +0000 (02:26 +0000)]
misc: add ikev2 tests usecases
Type: test
Ticket: VPP-1893
Change-Id: Ib6ffd00e73f7110bf9e702f4a0fd5c68395d6786
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Filip Tehlar [Mon, 22 Feb 2021 20:46:49 +0000 (20:46 +0000)]
ikev2: fix incorrect api message
Type: fix
Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Nathan Skrzypczak [Thu, 25 Feb 2021 16:42:50 +0000 (17:42 +0100)]
cnat: Add calico/k8s src policy
This patch implements k8s-specific extensions
to the cnat plugin.
This could be done by exposing a richer semantic
on srcNAT policies, but this might be too complex
work at this point. Also k8s fits quite well as a
'cloud NAT' usecase.
Type: feature
Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Thu, 25 Feb 2021 16:39:03 +0000 (17:39 +0100)]
cnat: Prepare extended snat policies
Type: refactor
Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Fri, 26 Feb 2021 17:12:20 +0000 (18:12 +0100)]
cnat: Fix snat with dhcp
Type: fix
We didn't check that the srcEndpoint was resolved
when creating the session, we could end up sNATing
with 0.0.0.0 as src_addr
Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Benoît Ganne [Fri, 22 Jan 2021 17:11:37 +0000 (18:11 +0100)]
crypto: fix ops flags in crypto sw scheduler
The sw crypto scheduler converts crypto frames to individual crypto
operations. This is done by reusing per-thread vectors for crypto,
integrity and chained operations.
The crypto op flags must be reset to frame flags minus invalid values
depending of the operation.
The previous tentative also cleared the chained buffer flag, breaking
jumbo support.
Type: fix
Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Fri, 22 Jan 2021 17:09:40 +0000 (18:09 +0100)]
crypto: add support for aes-ctr+sha-1 chains
Type: feature
Change-Id: I9d4f90bc701d2b9b903a018f8d27cec5e129d7be
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Wed, 3 Mar 2021 20:58:57 +0000 (12:58 -0800)]
hsa: fix builtin echo apps with multiple workers
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
Steven Luong [Thu, 4 Mar 2021 03:03:38 +0000 (19:03 -0800)]
bonding: coverity woe in bond_dev_class fuction
Coverity complans the line
h = hashes;
uses uninitialized variable if the prior ASSERT statement is hit.
ASSERT is compiled out coverity as well as in release image. So the
complain is legitimate. Change the ASSERT to drop the frame and log
an error instead.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibf0c204fe3626afca69ea84484e606566cf3244c
Robert Shearman [Fri, 26 Feb 2021 11:16:33 +0000 (11:16 +0000)]
dpdk: fix include directories with system dpdk
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules
to the include directories to allow use of system DPDK where the
headers aren't under standard include directories.
Type: fix
Fixes:
f15a5791ba870a98a2ab7dec101bbbb9b6e266c1
Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Robert Shearman [Fri, 26 Feb 2021 11:24:48 +0000 (11:24 +0000)]
marvell: remove unused variable
Fix compile error in mrvl_pp2_delete_if caused by unused variable by
removing that variable.
Type: fix
Fixes:
b85b0df2a039b694fb2f3c09a01decfb89d7bce2
Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c
Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Jakub Grajciar [Mon, 1 Mar 2021 07:54:35 +0000 (08:54 +0100)]
libmemif: verify length of transmitted buffers
In memif_tx_burst verify that total buffer size
(data_offset + data_len) does not exceed buffer
size. If not valid returns MEMIF_ERR_INVAL_ARG.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ifae8f92344a401febbc1efd22c301356ccf83d44
Steven Luong [Sun, 28 Feb 2021 17:45:16 +0000 (09:45 -0800)]
memif: Validate descriptors within process boudary
We hit a crash when the client sends us a bogus deescriptor which causes us
to access memory beyong the mapping. While the client clearly should not do
that, it is rather cheap for VPP to validate the descriptor instead of crash
and burn.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Id09035810939f5f98530f212f0b23e606132251d
Ray Kinsella [Thu, 14 Jan 2021 16:37:37 +0000 (16:37 +0000)]
dpdk: enable AVX-512 on ICL
Enable DPDK AVX-512 Vector PMDs on Intel Icelake
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
Andrew Yourtchenko [Wed, 3 Mar 2021 13:52:55 +0000 (13:52 +0000)]
build: add libmemif as part of build-coverity target
Change-Id: I81a3b5d0845724da40b483832a8eaed081e6e4ed
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Fan Zhang [Thu, 25 Feb 2021 12:53:36 +0000 (12:53 +0000)]
dpdk: deprecate ipsec backend
Type: refactor
DPDK crypto devices are now accessible via the async infra, so
there is no need for the DPDK ipsec plugin.
In addition this patch fixes the problem that cryptodev backend
not working when master core and worker cores lies in different
numa nodes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
Jieqiang Wang [Wed, 10 Feb 2021 15:16:51 +0000 (15:16 +0000)]
vppinfra: fix compiling error due to incompatible udphdr field names
Compiling VPP on CentOS 7 will fail shown as below. The root cause is
that uh_sport/uh_dport field names for struct udphdr are chosen only if
macro __FAVOR_BSD in /usr/include/netinet/udp.h is defined for glibc
version less than 2.19. Fix this issue by using source and dest field
names in struct udphdr for compatibility reasons.
FAILED: vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o
ccache /opt/rh/devtoolset-9/root/bin/cc -Dvppinfra_EXPORTS -I/vpp/src -I. -Iinclude -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=corei7 -mtune=corei7-avx -O2 -fstack-protector -D_FORTIFY_SOURCE=2 -fno-common -flto -fno-fat-lto-objects -fPIC -fvisibility=hidden -ffunction-sections -fdata-sections -MD -MT vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -MF vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o.d -o vppinfra/CMakeFiles/vppinfra.dir/unix-formats.c.o -c /vpp/src/vppinfra/unix-formats.c
/vpp/src/vppinfra/unix-formats.c: In function 'format_udp4_packet':
/vpp/src/vppinfra/unix-formats.c:319:19: error: 'struct udphdr' has no member named 'uh_sport'
319 | u16 source = udp->uh_sport;
| ^~
/vpp/src/vppinfra/unix-formats.c:320:17: error: 'struct udphdr' has no member named 'uh_dport'
320 | u16 dest = udp->uh_dport;
Type: fix
Change-Id: Ifc99c7286ea3fac463096152267033ac0518c230
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Jakub Grajciar [Mon, 1 Mar 2021 07:45:17 +0000 (08:45 +0100)]
libmemif: socket filename length 108
Dynamic size array was causing trouble in
strlcpy. LINUX allows for max 108 filename length,
so we can use that to make the array constant size.
Type: fix
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: I76b1fc41f9d93cfbc9ad11bdca0c96a1fc261e84
Florin Coras [Wed, 3 Mar 2021 16:06:12 +0000 (08:06 -0800)]
udp: allocate rx lock only for non-connected
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib5395a51fbfb2123549f7c96534fa763b4669243
Neale Ranns [Wed, 3 Mar 2021 12:16:09 +0000 (12:16 +0000)]
misc: include debian/quilt packaging directory in .gitignore
Type: style
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I04e859bbba913acf32e14c4460bba45f5cb45ff6
wanghanlin [Tue, 2 Mar 2021 09:18:06 +0000 (17:18 +0800)]
api: fix crash when cf removed
cf may be removed when:
1. linux_epoll_input_inline process two EPOLLIN events, firstly a normal
message, secondly reading 0 bytes because of socket client crash, then
cf removed without clear message added to pending event data vectors
before
2. clib_file_write called
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I4523e9bb322e98357575925f3113f710d70dd679
Vengada Prasad Govindan [Sun, 28 Feb 2021 14:23:39 +0000 (06:23 -0800)]
nsh: Resolve SA errors in NSH plugin.
Type: fix
Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a
Signed-off-by: Vengada Govindan <venggovi@cisco.com>
Steven Luong [Mon, 1 Mar 2021 23:42:00 +0000 (15:42 -0800)]
dhcp: calls to vnet_feature_enable_disable needs to be protected
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync
protection. This can cause data contention with the worker threads. Wrap
all calls to vnet_feature_enable_disable with barrier sync and barrier
release.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I74545b074599273429f47e3e726551156bc11bbc
Ole Troan [Tue, 2 Mar 2021 13:52:22 +0000 (14:52 +0100)]
misc: update john lo email address in maintainers
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ic880de0f895feb6eabaa2b4f9f19ccefc048d444
Filip Tehlar [Fri, 19 Feb 2021 05:09:31 +0000 (05:09 +0000)]
ikev2: fix auth
Old auth data is needed when generating new one.
Type: fix
Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Benoît Ganne [Fri, 26 Feb 2021 13:46:58 +0000 (14:46 +0100)]
classify: fix crash if no pcap filter has been configured
If no pcap filters have ever been configured and we try to enable pcap
capture with a filter, cm->classify_table_index_by_sw_if_index is not
initialized yet.
Type: fix
Change-Id: I2f509c58f9984951b1ad81c1c8ed912cb594fce1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Benoît Ganne [Fri, 19 Feb 2021 15:39:13 +0000 (16:39 +0100)]
classify: fix multiple filters support
This fix the classify filter if we attach several different filters.
This also fix some issues with l3 and l4 parsing.
Type: fix
Change-Id: I9dc6c55049a3bbc0110d1097b40d9da27633626b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Klement Sekera [Mon, 1 Mar 2021 19:26:00 +0000 (20:26 +0100)]
nat: avoid crash if plugin not enabled
Avoid crash if nat pool not allocated when issuing "show nat44 summary".
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
Klement Sekera [Thu, 25 Feb 2021 15:47:23 +0000 (16:47 +0100)]
nat: pick outside addr based on local addr
Use outside addresses more evenly by using local address to pick from
pool of addresses. This ensures stability from POV of remote host -
an internal host always gets translated using the same outside address,
so it doesn't appear to be "hopping". Also, this avoids all hosts
being translated using the first address, which helps avoid needless
recaptchas and the like.
Exact assignment depends on internal ordering of addresses - local address
is used to pick an offset into internal vector. If that address cannot be
used, a linear search is performed as a fallback mechanism to find a possible
translation.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
Florin Coras [Sat, 27 Feb 2021 03:19:11 +0000 (19:19 -0800)]
session svm: segment manager and fifo segment leaks
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e00dd7f8ce1e56092dde9a073decae62d5475de
Benoît Ganne [Fri, 26 Feb 2021 12:30:32 +0000 (13:30 +0100)]
vlib: fix clear trace buffer race condition
Type: fix
Change-Id: I2384e052bee91a275c3b97a00542819b1d646c88
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Florin Coras [Fri, 26 Feb 2021 21:24:47 +0000 (13:24 -0800)]
vppinfra: mem leak in show memory main-heap
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I23d1dda86c781ac077dbee7cb0e1ddeaa328c660
Florin Coras [Thu, 3 Dec 2020 05:14:56 +0000 (21:14 -0800)]
udp: avoid locking connected udp sessions on rx
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I52aa2322980b51cfc0b282fb37d7f63d30777dee
Nathan Skrzypczak [Fri, 26 Feb 2021 13:32:55 +0000 (14:32 +0100)]
cnat: coverity fix
Type: fix
Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Mohsin Kazmi [Tue, 23 Feb 2021 11:46:14 +0000 (12:46 +0100)]
virtio: place the event fds on worker threads for pci device
Type: improvement
Change-Id: I8322bca1a9aa75c97c0fe2ff24b2f65fc43242ce
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Florin Coras [Thu, 25 Feb 2021 17:57:04 +0000 (09:57 -0800)]
svm: fix shared hdr migration
Avoid changing the header on attach as it may be in use. Instead, as for
chunks, allocate header to be collected on detach.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib316ecb5d61ae161032869b6f6a1863f1105a1d9
Klement Sekera [Wed, 17 Feb 2021 17:48:35 +0000 (18:48 +0100)]
nat: optimize flow matching in ED NAT
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet)
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
Filip Varga [Fri, 26 Feb 2021 08:31:21 +0000 (09:31 +0100)]
nat: NAT44ED fail if using old plugin option
Fail if obsolete flag is used.
Type: fix
Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39
Signed-off-by: Filip Varga <fivarga@cisco.com>
Nathan Skrzypczak [Mon, 15 Feb 2021 13:57:45 +0000 (14:57 +0100)]
interface: Fix rxq deletion
Type: fix
Change-Id: Ie89663de42ec94823b32aa1edf94f2c03df06627
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Mon, 15 Feb 2021 13:48:33 +0000 (14:48 +0100)]
interface: fix sh int rx
Type: fix
Change-Id: Iebe2db66af1e769486a117d6284375ce5ffff0b4
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Neale Ranns [Thu, 25 Feb 2021 16:01:28 +0000 (16:01 +0000)]
ipsec: move the IPSec SA pool out of ipsec_main
Type: refactor
this allows the ipsec_sa_get funtion to be moved from ipsec.h to
ipsec_sa.h where it belongs.
Also use ipsec_sa_get throughout the code base.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
Nathan Skrzypczak [Thu, 25 Feb 2021 11:06:11 +0000 (12:06 +0100)]
cnat: add input feature node
This allows to configure nat on a per-interface basis. Special care must
be taken to ensure the configuration remains consistent.
Type: feature
Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Thu, 25 Feb 2021 10:14:53 +0000 (11:14 +0100)]
cnat: Add maglev support
* Backend choice in translations is controlled
by lb_type switch allowing to enable Maglev.
* Size of pool is set with cnat { maglev-len 1009 }
Type: feature
Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Nathan Skrzypczak [Thu, 25 Feb 2021 10:01:41 +0000 (11:01 +0100)]
cnat: fixes & prepare maglev
Notable changes:
- ip[46]-cnat-snat is renamed to cnat-snat-ip[46]
- indent fixes
- common trace primitives
- bihash is now 40_56 with alias
Type: refactor
Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Piotr Bronowski [Fri, 26 Feb 2021 00:26:42 +0000 (01:26 +0100)]
crypto: fix coverity issue 218445
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code
(DEADCODE) dead_error_line: Execution cannot reach this statement:
return 4294967295U;.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
Tetsuya Murakami [Thu, 25 Feb 2021 18:47:58 +0000 (10:47 -0800)]
sr: Fix the coverity issue on srv6-mobile plugin
Type: fix
Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
Neale Ranns [Thu, 25 Feb 2021 10:05:32 +0000 (10:05 +0000)]
tests: Add tests for IPSec async mode using the crypto SW scheduler
Type: test
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Iabc8f2b09ee10a82aacebd36acfe8648cf69b7d7
Neale Ranns [Thu, 25 Feb 2021 08:38:58 +0000 (08:38 +0000)]
ipsec: ipsec.h tidy up
Type: refactor
- remove the extern declaration of the nodes. keep the use of them to
the files that declare them
- remove duplicate declaration of ipsec_set_async_mode
- remove unsued ipsec_add_feature
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ce7bb4517b508a8f02b11f3bc819e1c5d539c02
Neale Ranns [Thu, 25 Feb 2021 08:53:15 +0000 (08:53 +0000)]
ikev2: Use the IPSec functions for UDP port management
Type: refactor
IKEv2 registers the IPSec node as the port handler, so it can use the
IPSec functions to do that.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
Benoît Ganne [Fri, 12 Feb 2021 15:25:07 +0000 (16:25 +0100)]
linux-cp: fix vector-used-a-C-string overflow
lip_host_name is a non-NULL terminated vector, not a NULL-terminated
C-string.
Type: fix
Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Brian Russell [Mon, 22 Feb 2021 18:42:24 +0000 (18:42 +0000)]
ipsec: enable input features on tunnels
Make the ipsec[46]-tun-input nodes siblings of device-input so that
input features can be enabled on them. Register ipsec-tun for feature
updates. When a feature is enabled on the device-input arc and the
ifindex is an IPSec tunnel, change the end node of the arc for that
ifindex to be the appropriate ESP decrypt node. Set a flag on the
tunnel to indicate that the feature arc should be started for packets
input on the tunnel.
Test input policing on ESP IPSec tunnels.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I3b9f047e5e737f3ea4c58fc82cd3c15700b6f9f7
Filip Varga [Wed, 17 Feb 2021 13:34:54 +0000 (14:34 +0100)]
nat: Final NAT44 EI/ED split patch
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.
Type: refactor
Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
Mohsin Kazmi [Mon, 22 Feb 2021 18:27:57 +0000 (18:27 +0000)]
virtio: enable the interrupt support for uio_pci_generic
Type: improvement
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic25ffe9c8e37826733cfb9e62cefb491bb3322bc
Florin Coras [Tue, 23 Feb 2021 16:44:13 +0000 (08:44 -0800)]
session: init ctrl msg without mq lock
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
Július Milan [Tue, 16 Feb 2021 18:20:47 +0000 (19:20 +0100)]
fib: fix sa selection for fib routed destinations
The move from ip4(6)_src_address_for_packet to fib_sas4(6)_get changed
the behavior, so that the new looked only to adjacent gleans. This
caused a problem for destinations routed according to FIB table.
To reproduce:
vpp# create tap
vpp# set interface state tap0 up
vpp# set interface ip address tap0 192.168.11.1/24
vpp# ip route add 192.168.20.0/24 via 192.168.11.2
linux$ sudo ip addr add 192.168.20.1/24 dev lo
linux$ sudo ip link set tap0 up
linux$ sudo ip addr add 192.168.11.2/24 dev tap0
vpp# ping 192.168.20.1
Failed: no source address for egress interface
Type: fix
Signed-off-by: Július Milan <julius.milan@pantheon.tech>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I22899f4dbbf8c1c85ccce72f801b92c183195b5d
Artem Glazychev [Wed, 17 Feb 2021 06:24:17 +0000 (13:24 +0700)]
wireguard: coverity fix
explicit null dereferenced
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
Neale Ranns [Wed, 24 Feb 2021 09:18:53 +0000 (09:18 +0000)]
crypto: A more memory efficient layout of the frame element struct
Type: improvement
Also:
- state as enum so my GDB life is easier
- typo; s/indice/indices/;
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3320f5ef1ccd7d042071ef336488a41adfad7463
Dave Wallace [Tue, 23 Feb 2021 22:36:55 +0000 (17:36 -0500)]
docs: move pnat doc link into dev doc section
- "PNAT: 1:1 match and rewrite programmable NAT" link
was hanging out on the top level of the doc tree.
Move it to VPP->Developer Documentation.
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
Steven Luong [Mon, 15 Feb 2021 17:25:10 +0000 (09:25 -0800)]
l2: coverity woe in l2_api.c
Coverify complains deref_ptr before null check.
deref_ptr: Directly dereferencing pointer reg.
1214 vl_reg = vl_api_client_index_to_registration (reg->client_index);
1215 ALWAYS_ASSERT (vl_reg != NULL);
1216
CID 216104 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking reg suggests that it may be null, but it
has already been dereferenced on all paths leading to the check.
1217 if (reg && vl_api_can_send_msg (vl_reg))
I believe the check is for vl_reg instead of reg because vl_reg may be NULL
after the call vl_api_client_index_to_registration.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic4eb2284e65c48396f20d5024a4241c80c70c886
Florin Coras [Sat, 20 Feb 2021 19:22:07 +0000 (11:22 -0800)]
hsa: fifo detach cleanup
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I907b2e560d6ecd748aa7c6d775c4f7122a39b4cb
Florin Coras [Tue, 23 Feb 2021 16:07:57 +0000 (08:07 -0800)]
vcl: segment index leak on attach
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If8840d455f8841264136adb19cc9a2046ba37b11
Florin Coras [Tue, 23 Feb 2021 20:03:03 +0000 (12:03 -0800)]
vcl: fix coverity warning
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id9f922eafe4a68661d2858d72fc548a372e9596a
Andrew Yourtchenko [Tue, 23 Feb 2021 12:04:46 +0000 (12:04 +0000)]
misc: run make test-refresh-deps to update the python dependencies
Also, remove the flake8 from requirements.txt as it looks
like upstream package is not installable...
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I1a2132f30f7f9431d892e962a29c7d859e6a43db
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Andrew Yourtchenko [Tue, 23 Feb 2021 14:25:25 +0000 (14:25 +0000)]
tests: delete test/requirements-2.txt
Python2 has not been supported for a while now, time to spring clean...
Change-Id: Iafb18bd730c69b5aeefa6ccbfadbaaf30c92c2c8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
Benoît Ganne [Thu, 18 Feb 2021 09:34:33 +0000 (10:34 +0100)]
vlib: fix offload flags value reset
When a buffer is freed and re-allocated for a new packet, opaque2 is
not reset, so the offload flags can be set to a stale value.
Make sure the offload flags are reset to the current value on 1st set.
Type: fix
Fixes:
6809538e646bf86c000dc1faba60b0a4157ad898
Change-Id: I4048febedf25b9995dbd080a11495ee7dbe59153
Signed-off-by: Benoît Ganne <bganne@cisco.com>
nandfan [Mon, 22 Feb 2021 09:17:17 +0000 (17:17 +0800)]
vcl: fix vls_intercept_sigchld_handler be called recursively
The old_sa is rewrite with vls_intercept_sigchld_handler when parent
process fork child second time, parent process will call
vls_intercept_sigchld_handler recursively when received child signal.
Type: fix
Signed-off-by: nandfan <fanyufei521@outlook.com>
Change-Id: Ia58a254d58058489aa2d91b76a3b3cab1e38f802
Andrew Yourtchenko [Mon, 22 Feb 2021 01:01:43 +0000 (01:01 +0000)]
api: fix memory leak in vl_api_cli_inband_t_handler
I noticed the memory leak while sending a lot of cli_inband APIs:
DBGvpp# memory-trace on main-heap
... send a lot of API cli_inband ...
DBGvpp# show memory main-heap
Thread 0 vpp_main
base 0x7f85c8302000, size 1g, locked, unmap-on-destroy, name 'main heap'
page stats: page-size 4K, total 262144, mapped 33129, not-mapped 229015
numa 0: 33129 pages, 129.41m bytes
total: 1023.99M, used: 125.78M, free: 898.22M, trimmable: 897.59M
Bytes Count Sample Traceback
9751632 145034 0x7f85d01696e8 clib_mem_alloc_aligned_at_offset + 0x80
vec_resize_allocate_memory + 0xa8
_vec_resize_inline + 0x240
va_unformat + 0xe4
unformat + 0x159
vlib_cli_dispatch_sub_commands + 0x11e
vlib_cli_input + 0x8f
vl_api_cli_inband_t_handler + 0xd9
vl_msg_api_handler_with_vm_node + 0x488
void_mem_api_handle_msg_i + 0x6f
vl_mem_api_handle_msg_main + 0x38
vl_api_clnt_process + 0x28d
9723904 145034 0x7f85cd677238 clib_mem_alloc_aligned_at_offset + 0x80
vec_resize_allocate_memory + 0xa8
_vec_resize_inline + 0x240
unformat_init_string + 0x10d
vl_api_cli_inband_t_handler + 0xc1
vl_msg_api_handler_with_vm_node + 0x488
void_mem_api_handle_msg_i + 0x6f
vl_mem_api_handle_msg_main + 0x38
vl_api_clnt_process + 0x28d
vlib_process_bootstrap + 0x5d
0x7f8608b0e038
290077 total traced objects
Solution: free the input data structure.
Type: fix
Change-Id: I42de5572e8760237e793a53c1a94bce65a4ac5fa
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Florin Coras [Sat, 20 Feb 2021 18:42:22 +0000 (10:42 -0800)]
vcl: cleanup fifos detached from segments
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I412024731c1f561680736ad7bfabb99b595e3dff
Florin Coras [Sun, 21 Feb 2021 01:36:19 +0000 (17:36 -0800)]
svm: free shared fifo on detach
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I639560ee3dd0a1d605ec2866dce5cdd13fda8201
wanghanlin [Mon, 22 Feb 2021 02:38:36 +0000 (10:38 +0800)]
vcl: support sockopt of SO_REUSEPORT and SO_DOMAIN
Type: fix
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
Change-Id: I800cfffb07bf7d4c4d1454b73febdba03f7d6b75
Ivan Shvedunov [Fri, 19 Feb 2021 20:32:18 +0000 (23:32 +0300)]
ip-neighbor: add set ip neighbor-config CLI command
Type: improvement
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Change-Id: I77ade50425e88d2da979f732d2248bed383f4ba4
Florin Coras [Fri, 19 Feb 2021 05:35:23 +0000 (21:35 -0800)]
svm: return chunks to slice on fifo detach
Ensure chunk alloc distribution is maintained on fifo detach.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5aa5524e06a703dc50e90da6d177663d2d997aa4
Fan Zhang [Fri, 19 Feb 2021 12:23:08 +0000 (12:23 +0000)]
dpdk: fix cryptodev offset update
Type: fix
This patch fixes the missed crypto and integ offset update for
every packet. Previously the offset is updated only when the
key is changed. This is ok for encryption but not always true
for decryption.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: Iccd0011f4ae488746ce487a14b94ddd24fb0c07c
Brian Russell [Thu, 18 Feb 2021 11:02:29 +0000 (11:02 +0000)]
tests: add input policer thread handoff tests
Test worker thread handoff on an interface input policer.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I1deddcc9711bccfde377290bc66a00f2cd4163e1
Brian Russell [Thu, 18 Feb 2021 11:00:38 +0000 (11:00 +0000)]
policer: add thread handoff for device input
Add worker thread handoff for policers on the device input feature arc
on an interface.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ib795457a09a5b3be3c4e6422c91e33100192b8e2
Brian Russell [Thu, 18 Feb 2021 10:25:23 +0000 (10:25 +0000)]
policer: move handoff checks into policer code
The IP punt policer currently checks if it needs to do worker thread
handoff based on the thread index stored in the policer. Move this
functionality into the policer code so it can be common for all users
of the policer.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ia8d11e62898a58b19d7b27b296f8369baa3e5aa1
Brian Russell [Wed, 17 Feb 2021 15:54:52 +0000 (15:54 +0000)]
tests: test input policer
Apply a policer to an interface, check it's policing packets.
Remove it and check it no longer polices packets.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I6f694c8a9804cadf010b5831770aaae81f42e027
Brian Russell [Wed, 17 Feb 2021 15:51:45 +0000 (15:51 +0000)]
policer: add api to configure input policing
Add a new API to apply a policer to an input interface.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Ie8aff9120149b63d85363a9a5afdcaed60a93700
Brian Russell [Wed, 17 Feb 2021 15:45:56 +0000 (15:45 +0000)]
policer: add policing as device-input feature
Add input per-interface policing as an input feature, repurposing
vnet_policer_inline which formermly allowed input policing to be
configured via a CLI.
Type: improvement
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I2fd00e964ae358a05e507c844f5476372124fae1
Filip Tehlar [Mon, 15 Feb 2021 14:06:45 +0000 (14:06 +0000)]
ikev2: start counting msgid from 0
This fixes an issue when initiator is expecting request with intitial
msgid being 0 but 1 is received instead which results in retransmission
(instead of normally processing the new request).
Type: fix
Change-Id: I60062276bd93de78128847c5b15f5d6cecf1df65
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Florin Coras [Thu, 11 Feb 2021 16:44:23 +0000 (08:44 -0800)]
session vppinfra: asan fixes
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie709d76438542783cbc8c6174b5e712ef18a6276
Florin Coras [Thu, 18 Feb 2021 22:43:32 +0000 (14:43 -0800)]
svm: fix active fifo ll on attach
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idf44f8d54c97fc43da5d5760e5ce477af07e5fbf
Brian Russell [Wed, 17 Feb 2021 10:02:47 +0000 (10:02 +0000)]
tests: remove unnecessary setup in policer test
The policer test class overrides setup and teardown methods from
VppTestCase but doesn't do anything other than call the parent's
method.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: I76bac084c4cb5cb5195e34afe95b38affd585942
Dave Barach [Wed, 17 Feb 2021 15:25:18 +0000 (10:25 -0500)]
vlib: add a "vpplog" debug CLI
To add arbitrary text to the vlib log. Combines nicely with
comment/uncomment and the macro expander:
define MY_FEATURE uncomment # or comment
...
$(MY_FEATURE) { vpplog { My feature was enabled } }
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ia019f0a8fa670d8593ae01595f5ef410796e5b1c
Florin Coras [Thu, 18 Feb 2021 01:35:32 +0000 (17:35 -0800)]
vcl: epoll out deq notifications only if fifo exists
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia37d8474224f6074826c9ffb82feb919b2ef52f7
Andrew Yourtchenko [Wed, 17 Feb 2021 17:39:11 +0000 (17:39 +0000)]
tests: re-enable NAT44ED tests for multiworker
Re-enable the test for 2-worker config test
Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Brian Russell [Mon, 15 Feb 2021 13:39:42 +0000 (13:39 +0000)]
tests: policer test check unformat return values
Keep coverity happy by checking the return value of unformat calls.
Type: test
Signed-off-by: Brian Russell <brian@graphiant.com>
Change-Id: Iccd0296da527d079f79cc7bd8b57af1b524299bd
Ole Troan [Wed, 17 Feb 2021 13:10:04 +0000 (14:10 +0100)]
vat2: jsonconvert return checking - coverity
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I8348645927519800d2390d27e01fae612602a6eb
Andrew Yourtchenko [Wed, 17 Feb 2021 21:26:49 +0000 (21:26 +0000)]
misc: fix the linux-cp entry for Neale
Change-Id: I0f51ddfa10ed38d23617a715f8db5a970960d126
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Ole Troan [Wed, 17 Feb 2021 12:26:53 +0000 (13:26 +0100)]
vat2: add sanity checking - coverity errors
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I3cd56690fe52402d4cfa9ea67f1de53d8d919dee
Ole Troan [Wed, 17 Feb 2021 12:46:54 +0000 (13:46 +0100)]
vppapigen: resource leakage in fromjson array - coverity
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I43283c59fd121dcb2486b26151108c90b027748b
Matthew Smith [Tue, 16 Feb 2021 16:02:46 +0000 (10:02 -0600)]
linux-cp: fix coverity defect
Type: fix
If no host interface name is passed to the CLI command which creates
an interface pair, NULL gets passed to lcp_itf_pair_create() and a
seg fault occurs. Check whether a host interface name was provided
and fail gracefully if none was given.
Change-Id: I82886f4c2ee710e206c751c34a74399112e9062c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Ole Troan [Tue, 16 Feb 2021 17:09:51 +0000 (18:09 +0100)]
vppapigen: more _fromjson autogeneration coverity fixes
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9a7bb617a3fa87d6ef49c75277e53425310cdcf9
Signed-off-by: Ole Troan <ot@cisco.com>
Florin Coras [Tue, 16 Feb 2021 15:32:22 +0000 (07:32 -0800)]
hsa: coverity fix
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30fde452fdeeb9877f3e3fecb0dd723f10f61019
Filip Tehlar [Tue, 16 Feb 2021 08:14:31 +0000 (08:14 +0000)]
ikev2: fix coverity warnings
Type: fix
Change-Id: Ia22b1189b82e885eb380f638ea6d05923a858f01
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Ole Troan [Tue, 16 Feb 2021 00:06:22 +0000 (01:06 +0100)]
stats: coverity errors leaking fd
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I21368e37d70c5a64babd904bcf5f79339a5ab064
Signed-off-by: Ole Troan <ot@cisco.com>
Ole Troan [Mon, 15 Feb 2021 23:42:21 +0000 (00:42 +0100)]
vppapigen: coveriy missing check of return values
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I424c2f283dab99c1856eb8d9a1444486d09e8e29