Damjan Marion [Tue, 14 Mar 2023 12:15:58 +0000 (13:15 +0100)]
 
crypto-native: avoid crash on 12th and 13th gen Intel client CPUs
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 
73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 8 Mar 2023 13:28:51 +0000 (13:28 +0000)]
 
memif: don't leak error strings in API handlers
Type: fix
Fixes: 
ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <[email protected]>
Steven Luong [Mon, 13 Mar 2023 18:07:40 +0000 (11:07 -0700)]
 
udp: Use udp_output_get_connection instead of udp_connection_get
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
Leyi Rong [Wed, 8 Mar 2023 05:46:05 +0000 (13:46 +0800)]
 
avf: 512-bit SIMD version of avf_tx_prepare
Exploiting AVX-512 operations on avf_tx_prepare().
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
Florin Coras [Fri, 10 Mar 2023 02:23:05 +0000 (18:23 -0800)]
 
vcl: init ldp config before vcl init
This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0
Leyi Rong [Wed, 8 Mar 2023 05:34:56 +0000 (13:34 +0800)]
 
vlib: 512-bit SIMD version of vlib_buffer_free
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
Mohsin Kazmi [Tue, 7 Mar 2023 11:07:56 +0000 (11:07 +0000)]
 
af_packet: fix the broken functionality upon admin down
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
Florin Coras [Fri, 10 Mar 2023 00:43:02 +0000 (16:43 -0800)]
 
vcl: fix select connected deq notification
Also make sure that only sessions with fifos try to set deq notification
flag on fifo
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f
Florin Coras [Wed, 8 Mar 2023 22:14:38 +0000 (14:14 -0800)]
 
vcl: fix epoll out evt on connect
Make sure session has a tx fifo.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ibde40645b401ca0255da298ea4ba691ee924a2d2
Steven Luong [Thu, 9 Mar 2023 00:28:27 +0000 (16:28 -0800)]
 
session: Use session->thread_index to correctly retrieve the session
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
Dave Wallace [Wed, 8 Mar 2023 18:53:32 +0000 (13:53 -0500)]
 
hs-test: fix install-deps
- Skip addition of docker apt source/key if
  already installed.
Type: fix
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I747e4dd5e79e23b64e6eb11c6a9348e2ae1a157f
Florin Coras [Wed, 8 Mar 2023 06:15:24 +0000 (22:15 -0800)]
 
quic: use tx instead of builtin_tx event with timers
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e
Dave Wallace [Wed, 8 Mar 2023 03:09:20 +0000 (22:09 -0500)]
 
hs-test: fix docker-ce install
Type: fix
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I449cd4ad71e33a2dd41e53accc6b325803a32c70
Filip Tehlar [Wed, 8 Mar 2023 10:55:50 +0000 (11:55 +0100)]
 
hs-test: add vppctl wrapper script
Type: test
Add a helper wrapper script for vppctl called vppcli to vpp docker image
with proper cli socket path.
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I1a51aa54bc91c1c812698501a56401c525d498e8
Filip Tehlar [Tue, 7 Mar 2023 09:13:19 +0000 (10:13 +0100)]
 
hs-test: fix envoy test
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I776e0f1f7ea700439d1fe6a598772776ae6a1493
Xinyao Cai [Fri, 17 Feb 2023 08:17:13 +0000 (16:17 +0800)]
 
avf: enable rss action of flow
This patch enables RSS action of avf flow.
Type: feature
Signed-off-by: Xinyao Cai <[email protected]>
Change-Id: I65de18d0c2eaa415893959563ea917a6b1956550
Vladislav Grishenko [Thu, 30 Dec 2021 14:08:42 +0000 (19:08 +0500)]
 
vlib: stop worker threads on main loop exit
If not, worker threads may continue own loops after deinit and/or
thread0 exit with related crashes due no rpc capability, unmapped
shared memory, etc. Main loop exit handlers that uses barrier sync
will be happy too as long as recursive barrier sync is supported.
Type: feature
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: I255a796b06936d96715683e3f062128060233dc6
Tianyu Li [Tue, 31 Jan 2023 07:07:49 +0000 (07:07 +0000)]
 
avf: fix cli memory leak with incorrect options
Remove extra line_input and unformat_user.
Type: fix
Fixes: 
b4ff07a2f843 ("Intel Adaptive Virtual Function native device driver plugin")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I9e502f3b254d0b1c7d8fd4b80925338a18da8269
Steven Luong [Tue, 7 Mar 2023 04:28:51 +0000 (20:28 -0800)]
 
udp: crash in format_udp_connection
format_udp_connection takes 2 arguments from the caller.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
Damjan Marion [Wed, 15 Feb 2023 21:10:05 +0000 (22:10 +0100)]
 
build: check for presence of python ply
Type: improvement
Change-Id: I4f190607bfce404fbe68ec968e6923509ea9519b
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Mon, 6 Mar 2023 18:29:26 +0000 (18:29 +0000)]
 
build: make Python3 mandatory
Type: refactor
Change-Id: Iac27ac4d11745b68c57a0394ced51942db8f0431
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Fri, 17 Feb 2023 02:59:38 +0000 (18:59 -0800)]
 
tcp: allow syns in closed state
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9
Florin Coras [Thu, 2 Mar 2023 06:22:30 +0000 (22:22 -0800)]
 
vcl: do not stop listeners on vls epoll del
Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7
Florin Coras [Sun, 5 Mar 2023 19:45:38 +0000 (11:45 -0800)]
 
vcl: always drain libc epoll with eventfds in ldp
Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5
Florin Coras [Mon, 6 Mar 2023 17:46:11 +0000 (09:46 -0800)]
 
hs-test: nginx mirroring test improvements
- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea
luoyaozu [Wed, 23 Nov 2022 07:59:17 +0000 (15:59 +0800)]
 
vlib: fix vlib_log for elog
test output before fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      53.
022586433: log-notice: test-log for-elog
      60.
318329361: log-debug: test-log for-elog
DBGvpp#
test output after fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      18.
362721151: log-warn: test-log for-elog
      25.
124570555: log-info: test-log for-elog
DBGvpp#
Type: fix
Signed-off-by: luoyaozu <[email protected]>
Change-Id: Ie1122787f9efb611cdafc671b4ccf68b43984924
Benoît Ganne [Fri, 24 Feb 2023 15:13:29 +0000 (16:13 +0100)]
 
stats: fix tests with multiple workers
Type: fix
Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Thu, 26 Jan 2023 15:04:43 +0000 (16:04 +0100)]
 
lb: keep AddressSanitizer happy
vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.
Type: fix
Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Wed, 16 Nov 2022 18:36:15 +0000 (19:36 +0100)]
 
vppinfra: fix memory traces
 - allocates the memory trace spinlock independently from the main heap
 - disable tracing on a per thread basis
 - make sure we hold the memory trace spinlock when changing tracing
Type: fix
Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <[email protected]>
Mohsin Kazmi [Fri, 3 Mar 2023 20:25:17 +0000 (20:25 +0000)]
 
af_packet: fix the first packet offset
Type: fix
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb
Benoît Ganne [Fri, 27 Jan 2023 10:37:59 +0000 (11:37 +0100)]
 
af_xdp: fix netns configuration
 - clib_open_netns() expects a NULL-terminated C-string
 - if no netns was given, we should not try to format it otherwise we'll
   get "(nil)" as netns name.
Type: fix
Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <[email protected]>
Benoît Ganne [Tue, 11 Oct 2022 08:09:55 +0000 (10:09 +0200)]
 
build: add sanitizer option to configure script
Type: improvement
Change-Id: Ia679d6e5fb7eff6dbd7363465e5667119751e908
Signed-off-by: Benoît Ganne <[email protected]>
Vladislav Grishenko [Fri, 9 Jul 2021 23:02:46 +0000 (04:02 +0500)]
 
vlib: avoid non-mp-safe cli process node updates
Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.
Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:
    DBGvpp# sh cli-sessions
    PNI   FD    Name                     Flags
    708   14    unix-cli-local:10558     iSLpa
    710   15    unix-cli-127.0.0.1:33252 ISlpA
    DBGvpp# sh terminal
    Terminal name:   unix-cli-127.0.0.1:33252
    Terminal node:   unix-cli-process-1
    Terminal mode:   char-by-char
    Terminal width:  158
    Terminal height: 43
    ANSI capable:    yes
    Interactive:     yes
    History enabled: yes
    History limit:   50
    Pager enabled:   yes
    Pager limit:     100000
    CRLF mode:       CR+LF
Type: improvement
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b
varasteh [Sun, 2 Jan 2022 10:50:32 +0000 (14:20 +0330)]
 
interface: more cleaning after set flags is failed in vnet_create_sw_interface
There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called
Type: fix
Signed-off-by: varasteh <[email protected]>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <[email protected]>
Mohsin Kazmi [Thu, 26 Jan 2023 15:14:17 +0000 (15:14 +0000)]
 
interface: add the missing tag keyword in the cli helper
Type: style
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67
Benoît Ganne [Wed, 19 Jan 2022 09:09:42 +0000 (10:09 +0100)]
 
crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <[email protected]>
Liangxing Wang [Fri, 13 Jan 2023 05:19:47 +0000 (05:19 +0000)]
 
memif: fix input vector rate of memif-input node
Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.
Type: fix
Signed-off-by: Liangxing Wang <[email protected]>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
Xiaoming Jiang [Thu, 8 Dec 2022 07:54:06 +0000 (07:54 +0000)]
 
vlib: fix macro define command not work in startup config exec script
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Idb34490199a78d5b0c1fe2382b6483a6e3a6fd1f
Xiaoming Jiang [Sat, 10 Dec 2022 03:44:16 +0000 (03:44 +0000)]
 
vlib: fix ASAN fake stack size set error when switching to process
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: I2add6cb8dba837e47596983ec8303883aba3a138
Xiaoming Jiang [Mon, 12 Dec 2022 02:56:43 +0000 (02:56 +0000)]
 
dpdk: plugin init should be protect by thread barrier
Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
Mohsin Kazmi [Wed, 15 Feb 2023 13:31:27 +0000 (13:31 +0000)]
 
vppinfra: adding support for socket mounting paths
Type: improvement
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: If894b2b741d0d417a6fc458dda83ca1d8192385d
Xinyao Cai [Tue, 28 Feb 2023 06:44:58 +0000 (14:44 +0800)]
 
flow dpdk: introduce IP in IP support for flow
This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
	MAC-IPv4-IPv4-TCP/UDP/None,
	MAC-IPv4-IPv6-TCP/UDP/None,
	MAC-IPv6-IPv4-TCP/UDP/None,
	MAC-IPv6-IPv6-TCP/UDP/None,
IP in IP flow rules can be created by using the following new keywords in vppctl:
	in-src-ip, in-dst-ip        : to provide information for inner IPv4 header
	in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
	in-proto                    : to specify inner transport layer protocol type (TCP or UDP)
	in-src-port, in-dst-port    : to provide information for inner TCP/UDP header
An example to create flow rule for MAC-IPv6-IPv6-TCP:
	test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default
Another example to create flow rule for MAC-IPv6-IPv6:
	test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default
Type: feature
Signed-off-by: Xinyao Cai <[email protected]>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
Vladislav Grishenko [Tue, 14 Feb 2023 07:34:29 +0000 (12:34 +0500)]
 
vppinfra: fix clib_bitmap_will_expand() result inversion
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
Benoît Ganne [Thu, 5 Jan 2023 09:56:26 +0000 (10:56 +0100)]
 
crypto: make it easier to diagnose keys use-after-free
Type: improvement
Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67
Signed-off-by: Benoît Ganne <[email protected]>
Jieqiang Wang [Fri, 24 Feb 2023 08:40:58 +0000 (16:40 +0800)]
 
build: replace phony target with .ok file
When VPP builds its external packages from source, it will download the
package, patch it, configure it, build and install it. For DPDK, it will
depend on rdma-core if mlx4/mlx5 PMD is enabled. So phony target
dpdk-config needs to have the prerequisites of rdma-core-install and
ipsec-mb-install(x86 only), which are both phony targets. This leads to
redundant behavior of recipes executing twice in dpdk-config.
Replace the phony target with hidden file *.install.ok to avoid that.
Type: improvement
Signed-off-by: Lijian Zhang <[email protected]>
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: Ibf3b766ab7a4ccfcbffe08f6cdb90da72ca1ce29
Christian Svensson [Mon, 6 Feb 2023 16:24:26 +0000 (17:24 +0100)]
 
misc: define SElinux mapped file permissions
SElinux added support for defining what files can be mmap()'d a while back.
This change defines those files that VPP maps.
This is needed for EL9 support
Type: fix
Signed-off-by: Christian Svensson <[email protected]>
Change-Id: Iedd26914e29347169c4cc138628df7823ddd5691
Christian Svensson [Mon, 6 Feb 2023 16:25:16 +0000 (17:25 +0100)]
 
build: add Rocky Linux 9 support
Currently only RHEL/CentOS 8 and Fedora are supported.
EL9 is a middle ground and thus require some different dependencies.
Type: feature
Signed-off-by: Christian Svensson <[email protected]>
Change-Id: I7be79e61994800bb796d4e9141f0ff6ad8bdead2
jiangxiaoming [Wed, 30 Mar 2022 06:12:26 +0000 (06:12 +0000)]
 
snort: fix descriptor offset may be truncated if buffers num too large
Type: fix
Signed-off-by: jiangxiaoming <[email protected]>
Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb
lijinhui [Mon, 15 Aug 2022 09:41:39 +0000 (17:41 +0800)]
 
interface: fix 4 or more interfaces equality comparison bug with xor operation using (a^a)^(b^b)
Type: fix
Signed-off-by: lijinhui <[email protected]>
Change-Id: I80783eed2b819a9e6fd4cee973821c9d97c285a6
Benoît Ganne [Wed, 8 Feb 2023 17:54:30 +0000 (18:54 +0100)]
 
vppinfra: display only the 1st 50 memory traces by default
When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.
Type: improvement
Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <[email protected]>
Xiaoming Jiang [Thu, 8 Dec 2022 08:08:41 +0000 (08:08 +0000)]
 
stats: fix node name compare error when updating stats segment
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Ib39aa345415720dd05a1b3e12e3e03eac43c5606
Nathan Skrzypczak [Wed, 15 Dec 2021 18:15:32 +0000 (19:15 +0100)]
 
memif: autogenerate socket_ids
This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.
It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.
socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)
Type: feature
Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <[email protected]>
Filip Tehlar [Tue, 28 Feb 2023 17:59:15 +0000 (18:59 +0100)]
 
hs-test: add support for running vpp in gdb
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I6e03b88ca013cafd73f424ea63f706f105bebe6b
Gabriel Oginski [Tue, 14 Feb 2023 08:46:36 +0000 (08:46 +0000)]
 
vpp-swan: fix memory leaks
This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
Gabriel Oginski [Tue, 21 Feb 2023 08:42:06 +0000 (08:42 +0000)]
 
wireguard: add barrier to sync data
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
Ole Troan [Fri, 17 Feb 2023 13:23:48 +0000 (14:23 +0100)]
 
stats: expose symlink to stats client
For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.
The VPP symlink metric:
/interfaces/local0/rx_unicast
that points to
/if/rx_unicast
Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0
Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
Nobuhiro MIKI [Tue, 28 Feb 2023 09:30:09 +0000 (18:30 +0900)]
 
docs: fixed to use unified "pcap trace" command
Type: docs
Fixes: 
33909777c637 ("misc: unify pcap rx / tx / drop trace")
Signed-off-by: Nobuhiro MIKI <[email protected]>
Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421
Florin Coras [Wed, 1 Mar 2023 08:49:25 +0000 (00:49 -0800)]
 
vcl: accept bound notifications in epoll wait
Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.
App does not need to be notified of the event.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
Florin Coras [Wed, 1 Mar 2023 08:45:31 +0000 (00:45 -0800)]
 
vcl: accept vcl spurious wakeup in epoll wait eventfd
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
Florin Coras [Wed, 1 Mar 2023 06:32:31 +0000 (22:32 -0800)]
 
vcl: close libc epfd on vls epfd close
Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
Florin Coras [Wed, 1 Mar 2023 05:13:50 +0000 (21:13 -0800)]
 
vcl: only add sessions to lt list if needed
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I777979dbb89f9af774533cb280e77af58b81fb29
Maros Ondrejicka [Tue, 21 Feb 2023 12:42:35 +0000 (13:42 +0100)]
 
hs-test: update hs-test documentation
Type: docs
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I123898923afa382ff0d4410652f4a17a8740d711
Maros Ondrejicka [Wed, 1 Mar 2023 08:43:24 +0000 (09:43 +0100)]
 
hs-test: fix error check
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I445f5357817fceeb9b5ead01c3530edaae45189a
Mohammed Hawari [Mon, 27 Feb 2023 14:33:30 +0000 (15:33 +0100)]
 
udp: fix optimistic assert for UDP RX
Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797
Signed-off-by: Mohammed Hawari <[email protected]>
Type: improvement
Fan Zhang [Wed, 1 Mar 2023 14:45:46 +0000 (14:45 +0000)]
 
vpp-swan: improve Makefile
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <[email protected]>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
Tianyu Li [Mon, 27 Feb 2023 09:14:34 +0000 (09:14 +0000)]
 
vcl: fix undeclared UDP_SEGMENT for centos 8
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: 
eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
Florin Coras [Tue, 28 Feb 2023 22:51:03 +0000 (14:51 -0800)]
 
hs-test: fix wait for app after ldp change
After gerrit 38370 (
729b9c94), apps are registered via ldp using program
name. Update tests to support that.
Also add make file help for UNCONFIGURE.
Type: test
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d
Florin Coras [Mon, 30 Jan 2023 19:18:36 +0000 (11:18 -0800)]
 
session: consolidate port alloc logic
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
Florin Coras [Tue, 28 Feb 2023 20:43:39 +0000 (12:43 -0800)]
 
tcp: add dispatch errors to counters
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I27112947071a757065162f0e50f69983d258525d
Maros Ondrejicka [Tue, 28 Feb 2023 11:49:43 +0000 (12:49 +0100)]
 
hs-test: fill configuration files at runtime
Treat certain configuration files, which contain runtime-dependent
information, as templates. The information is filled at runtime and the
files are copied into containers.
This allows to avoid hard-coding IP addresses into configuration files.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I1dae8f15f4f76c0bf1779d7c68b7f3859bf5a861
Florin Coras [Tue, 28 Feb 2023 18:58:08 +0000 (10:58 -0800)]
 
vcl: use program invocation name in ldp app name
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2c97faa2cdca32d083aabc3344c8fe67c74ff2fd
Maros Ondrejicka [Tue, 28 Feb 2023 18:40:09 +0000 (19:40 +0100)]
 
hs-test: allow nginx suite to unconfigure topology
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I84209e6d2c914d1c7b9dec7efc3898b75552db1b
Maros Ondrejicka [Mon, 27 Feb 2023 12:22:45 +0000 (13:22 +0100)]
 
hs-test: test vpp+nginx mirroring with tap ifaces
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I05bbed8fd9d40929f040574044aed5292a475e91
Florin Coras [Tue, 7 Feb 2023 17:11:47 +0000 (09:11 -0800)]
 
vcl: handle lt events in epoll ctl
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8
Maros Ondrejicka [Mon, 27 Feb 2023 15:52:57 +0000 (16:52 +0100)]
 
hs-test: add option to unconfigure topology
Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace
Florin Coras [Mon, 6 Feb 2023 21:30:13 +0000 (13:30 -0800)]
 
vcl: improve vls handling of shared listeners
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a
Maros Ondrejicka [Thu, 23 Feb 2023 12:19:15 +0000 (13:19 +0100)]
 
hs-test: refactor netconfig
This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b
Gabriel Oginski [Tue, 14 Feb 2023 08:41:07 +0000 (08:41 +0000)]
 
vpp-swan: fix segmentation fault in arp function
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
Gabriel Oginski [Fri, 24 Feb 2023 10:22:32 +0000 (10:22 +0000)]
 
wireguard: fix potential leaks of async frame
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
Filip Tehlar [Mon, 20 Feb 2023 12:46:32 +0000 (13:46 +0100)]
 
tcp: fix error counters
Type: fix
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d
Maros Ondrejicka [Fri, 24 Feb 2023 10:26:39 +0000 (11:26 +0100)]
 
hs-test: store logs
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I50ad5d8c2e5066d8d24f7959aeb534a2f0a6fae0
Maros Ondrejicka [Fri, 24 Feb 2023 13:16:25 +0000 (14:16 +0100)]
 
hs-test: modify nginx tests
This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93
Filip Tehlar [Tue, 31 Jan 2023 09:34:18 +0000 (10:34 +0100)]
 
hs-test: improve test infra
- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52
Dave Wallace [Thu, 23 Feb 2023 19:26:46 +0000 (14:26 -0500)]
 
srtp: fix build on ubuntu-22.04
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
  the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <[email protected]>
Dave Wallace [Wed, 22 Feb 2023 18:56:06 +0000 (13:56 -0500)]
 
hs-test: fix install/build on new ubuntu instance
Type: test
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I9c59d98d16e387925057626ba9080210f4334c53
Maros Ondrejicka [Tue, 21 Feb 2023 09:53:20 +0000 (10:53 +0100)]
 
hs-test: clean-up ip address generation
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I74c505920d1363d0ff2b3213fd831c181b70a173
Florin Coras [Mon, 20 Feb 2023 23:14:04 +0000 (15:14 -0800)]
 
session: track app session closes
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
Florin Coras [Wed, 8 Feb 2023 01:36:17 +0000 (17:36 -0800)]
 
vcl: ldp support for ip_pktinfo
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55
Liangxing Wang [Thu, 16 Feb 2023 09:31:01 +0000 (09:31 +0000)]
 
vcl: fix incorrect ldp worker in ldp_epoll_pwait()
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <[email protected]>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
Maros Ondrejicka [Wed, 15 Feb 2023 16:44:46 +0000 (17:44 +0100)]
 
hs-test: check for missing output in nginx tests
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I08cd492fff4b9d50a1761a29c2b231cc8544313b
Alexander Skorichenko [Thu, 19 Jan 2023 13:26:47 +0000 (14:26 +0100)]
 
wireguard: move buffer when insufficient pre_data left
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <[email protected]>
Florin Coras [Wed, 15 Feb 2023 03:12:30 +0000 (19:12 -0800)]
 
session: ignore zero length dgrams
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943
Maros Ondrejicka [Tue, 14 Feb 2023 11:56:49 +0000 (12:56 +0100)]
 
hs-test: clean-up obsolete code
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I52cd825f903e41c35f6c4a9db71f00dbedbb8680
Tianyu Li [Sat, 28 Jan 2023 07:58:45 +0000 (07:58 +0000)]
 
build: add missing dependences for centos 8
VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.
Type: fix
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405
Dmitry Valter [Fri, 27 Jan 2023 12:49:55 +0000 (12:49 +0000)]
 
tests: support tmp-dir on different filesystem
Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.
Type: improvement
Signed-off-by: Dmitry Valter <[email protected]>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
Gabriel Oginski [Fri, 3 Feb 2023 08:12:36 +0000 (08:12 +0000)]
 
vpp-swan: removed adding the same rule in SPD
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
Nathan Brown [Fri, 30 Dec 2022 20:04:39 +0000 (20:04 +0000)]
 
rdma: always use 64 byte CQEs for MLX5
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <[email protected]>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
Dave Wallace [Sat, 11 Feb 2023 00:20:28 +0000 (19:20 -0500)]
 
misc: VPP 22.10.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I70374ea376c895d92d5789debf4b437113e3d884
(cherry picked from commit 
57302fe52f141c19b5448997774271d2eedf5cb1)
Dave Wallace [Fri, 10 Feb 2023 18:28:46 +0000 (13:28 -0500)]
 
misc: VPP 22.06.1 Release Notes
Type: docs
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9
(cherry picked from commit 
1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)
Takeru Hayasaka [Fri, 30 Dec 2022 07:41:44 +0000 (16:41 +0900)]
 
sr: support define src ipv6 per encap policy
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <[email protected]>