Klement Sekera [Fri, 14 Apr 2023 15:41:40 +0000 (17:41 +0200)]
 
tests: fix test-help formatting
Type: improvement
Change-Id: Ib7703359b998456bff88caee88c2734c7724bc09
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Fri, 14 Apr 2023 15:44:04 +0000 (17:44 +0200)]
 
tests: support multiple filter expressions
Support multiple comma-delimited filter expressions,
e.g. to run both bfd and ip4 tests, it's now possible to do:
make test TEST=bfd,ip4
Same goes for wildcards, e.g.:
make test TEST=bfd,..test_longest_prefix_match,..test_icmp_error
Type: improvement
Change-Id: I0cceaa443cb612dca955f301c7407959f9a71a6e
Signed-off-by: Klement Sekera <[email protected]>
Ondrej Fabry [Thu, 13 Apr 2023 06:33:38 +0000 (08:33 +0200)]
 
api: Mark old message versions as deprecated
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <[email protected]>
Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
Maxime Peim [Thu, 16 Mar 2023 16:10:00 +0000 (16:10 +0000)]
 
perfmon: fix perfmon start type argument
When trying to start perfmon with a bundle that has a unique type while
specifying that type as argument, the command fails
(e.g. perfmon start bundle branch-mispred type node).
This error occurs because the returned value of
unformat_perfmon_active_type is actually a perfmon_bundle_type_t, but
it was treated as a perfmon_bundle_type_flag_t by a test in the CLI
function.
However, this test is useless and thus can just be removed.
Type: fix
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I5d8b9815871621e8ee7b935586f4cedbc0e7a53d
Marvin Liu [Tue, 14 Mar 2023 17:01:38 +0000 (01:01 +0800)]
 
memif: support dma option
Introduce async model into memif by utilizing new DMA API. Original
process is broken down to submission stage and completion stage. As
multiple submissions may in flight simultaneously, per thread data is
no longer safe, now replace thread data into each dma data structure.
As slave side already support zero copy mode, DMA option is only added
in master side.
Type: feature
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: I084f253866f5127cdc73b9a08c8ce73b091488f3
Xinyao Cai [Wed, 12 Apr 2023 10:35:23 +0000 (18:35 +0800)]
 
dpdk: code preparation for bumping to DPDK 22.11
This patch prepares code for bumping DPDK version to 22.11, but the DPDK version of this patch keeps at 22.07 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <[email protected]>
Change-Id: I08787c6584bba66383fc0a784963f33171196910
Koki Kiriyama [Sat, 15 Apr 2023 04:50:23 +0000 (13:50 +0900)]
 
build: correct variable name
Type: fix
Signed-off-by: Koki Kiriyama <[email protected]>
Change-Id: I47c4c91aa6f973bd93dca352f470642e90aa70e0
Filip Tehlar [Mon, 24 Apr 2023 15:52:50 +0000 (17:52 +0200)]
 
hs-test: adjust performace testing parameters
Apache ab sometimes fails during extensive performace testing.
This patch makes sure hs-test perf tests always pass.
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I0921682f0f07df3af45b342b9a7ddfa1af037ceb
Filip Tehlar [Fri, 21 Apr 2023 06:57:35 +0000 (08:57 +0200)]
 
tcp: remove unused code
Type: improvement
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: Ib188f3331696dff6357a18f5bac5f1db3cefaeab
Jieqiang Wang [Wed, 22 Mar 2023 13:27:23 +0000 (21:27 +0800)]
 
rdma: fix rx CQ mask to calculate right next_cqe_index
Set the mask of calculating the next cqe index to the corresponding CQ
size instead of rxq size.
Type: fix
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: I67494f029967af64051f51452eba1fd699984cd9
Vratko Polak [Tue, 18 Apr 2023 13:18:51 +0000 (15:18 +0200)]
 
lb: improve formatting in lb_types.api
Type: style
Change-Id: I969bc72185d3675a35cf227c60bedca20e09fdf5
Signed-off-by: Vratko Polak <[email protected]>
Florin Coras [Thu, 20 Apr 2023 21:12:01 +0000 (14:12 -0700)]
 
session svm: fix mq cleanup
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I8519bcd76a0ade2f24b62bf69f6a103379639cb7
Matthew Smith [Wed, 19 Apr 2023 20:02:25 +0000 (20:02 +0000)]
 
api: fix trace_plugin_msg_ids segv in trace dump
With 'api-trace { on }' in startup.conf, running 'api trace dump' in
vppctl was causing VPP to seg fault. vl_msg_print_trace() was calling
m->endian_handler() without checking whether its null.
Checking if its non-null prevents a crash, but the trace dump prints
the message IDs for trace_plugin_msg_ids in network byte order. There is
an auto-generated endian function for that message. Set it on the call
to vl_msg_api_config() for trace_plugin_msg_ids so the IDs will be
printed in host byte order in trace dump output.
Type: fix
Fixes: 
fe45f8f5
Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I0ab463985e9a983155feba13ac4eb99ab883ace6
Filip Tehlar [Mon, 17 Apr 2023 10:22:12 +0000 (12:22 +0200)]
 
tcp: fix tcp packet trace
Type: fix
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: Id4ca9a749a343c55b24f6eb4b5eb0909a57e0c23
Xiaoming Jiang [Wed, 19 Apr 2023 08:41:29 +0000 (08:41 +0000)]
 
session: fix app_listener memory leak if session listen failed
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Iaa3ad87d56163396476bcaaa34e52948b9032f4e
Vratko Polak [Tue, 18 Apr 2023 13:16:25 +0000 (15:16 +0200)]
 
lb: initialize lb_vip_add_args_t
Previously, .src_ip_sticky may have been left uninitialized.
Type: fix
Fixes: 
613e6dc0bf928def5d337312d522e1a15df87b00
Change-Id: Ifd866d6322fe9ff723f92b7ab3fd77e720a3cfa4
Signed-off-by: Vratko Polak <[email protected]>
Ole Troan [Tue, 18 Apr 2023 14:24:53 +0000 (16:24 +0200)]
 
vpp: install version.h
To make out of tree plugins require a particular version, they need
access to the version they are built with. Install version.h.
Type: fix
Change-Id: I5916d0a16aed7e054ede452af956fee56cd078f0
Signed-off-by: Ole Troan <[email protected]>
Filip Tehlar [Sat, 15 Apr 2023 18:41:18 +0000 (20:41 +0200)]
 
hs-test: filter relevant data from perf tests output
Type: test
Change-Id: I90faed91639ce1792646531cfc0cac649d737f16
Signed-off-by: Filip Tehlar <[email protected]>
Sivaprasad Tummala [Mon, 17 Apr 2023 12:05:15 +0000 (05:05 -0700)]
 
vppinfra: Multiarch support for AMD EPYC processors
Type: feature
- Added multiarch support for AMD Zen architectures
Change-Id: I65d3fe94b6cc622ebecbe1ac803efa674e87c87a
Signed-off-by: Sivaprasad Tummala <[email protected]>
Damjan Marion [Mon, 17 Apr 2023 14:09:04 +0000 (14:09 +0000)]
 
vppinfra: missing static_always_inline in crc32c.h
Change-Id: Ie7ee71af7dbbc23de3f413423070ea87fb36ed8c
Type: fix
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Mon, 17 Apr 2023 14:11:57 +0000 (14:11 +0000)]
 
vppinfra: SFENCE requires SSE2 to be enabled
Change-Id: I0469bb91107cf0acced3cd19820db8d3712701c0
Type: fix
Fixes: 
eaabe07
Signed-off-by: Damjan Marion <[email protected]>
Sivaprasad Tummala [Mon, 17 Apr 2023 12:16:11 +0000 (05:16 -0700)]
 
vppinfra: add AMD EPYC cpu family details
Type: feature
- Added support for AMD EPYC processor family
Change-Id: I60da87cca429117c209d240e5a5f3b4d9f4981d8
Signed-off-by: Sivaprasad Tummala <[email protected]>
Ole Troan [Thu, 23 Mar 2023 21:09:51 +0000 (22:09 +0100)]
 
stats: check if stats vector entry is empty
When a stats entry is removed it is marked empty.
The stats client did not check for that and returned an empty string.
This resulted in blank lines in vpp_get_stats. Fix by returning null instead
and checking value.
Type: fix
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I08a39ba3ef4421bf275747a6300f97fe36791b50
Damjan Marion [Wed, 12 Apr 2023 12:19:05 +0000 (12:19 +0000)]
 
vppinfra: native poly1305 implementation
Type: feature
Signed-off-by: Damjan Marion <[email protected]>
Change-Id: Ic170464d7c63f243e7e676567d41d800647ebec3
Damjan Marion [Mon, 17 Apr 2023 09:38:11 +0000 (09:38 +0000)]
 
build: add scalar (no-simd) march variant
for testing purposes, disabled by default
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
Change-Id: Id616e2b3b21ae0f0b44e2b55ecefd501afacc7f2
Damjan Marion [Mon, 17 Apr 2023 09:31:26 +0000 (09:31 +0000)]
 
vppinfra: table based crc32c for targets without crc32c instructions
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
Change-Id: I45cef390c72f2102c8c3d94f49bed7d0e0e0d7b2
Damjan Marion [Sun, 16 Apr 2023 11:12:22 +0000 (11:12 +0000)]
 
vppinfra: add format_hexdump_u{16,32,64}
Change-Id: I0eeccfc5739276d58a81a6552a043c6c105fe67a
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 12 Apr 2023 12:12:33 +0000 (12:12 +0000)]
 
build: few more .gitignore entries
Change-Id: I833151c077bf054de6b09fff1180570e32a1ecaa
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
Adrian Pistol [Wed, 12 Apr 2023 16:03:50 +0000 (18:03 +0200)]
 
linux-cp: Handle RTA_VIA routes.
RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.
This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.
Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <[email protected]>
Vladislav Grishenko [Wed, 14 Dec 2022 20:33:31 +0000 (01:33 +0500)]
 
nat: distribute nat44-ed in2out sessions by rx vrf
Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.
Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <[email protected]>
Ted Chen [Tue, 20 Sep 2022 02:21:08 +0000 (10:21 +0800)]
 
nat: fix the wrong unformat type
The unformat type for "%d" should be u32 or int.
Type: fix
Signed-off-by: Ted Chen <[email protected]>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
Daniel Béreš [Fri, 24 Mar 2023 09:33:49 +0000 (02:33 -0700)]
 
nat: adding a new api nat44_ed_vrf_tables_v2_dump
Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
 - fixing endianess
Type: improvement
Signed-off-by: Daniel Béreš <[email protected]>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
Florin Coras [Tue, 11 Apr 2023 03:44:26 +0000 (20:44 -0700)]
 
vlib dhcp: default to logging without elogs
Some components, like dhcp, log constantly changing strings which in
turn forces elog string table to grow unbound.
To avoid this, as a workaround, only turn on elog logging if requested.
Actual fix that adds configuration for logging subclasses should come in
a later patch.
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6
Andrew Yourtchenko [Fri, 17 Mar 2023 01:47:58 +0000 (01:47 +0000)]
 
ip: punt socket - take the tags in Ethernet header into consideration
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <[email protected]>
Mohsin Kazmi [Wed, 5 Apr 2023 10:47:28 +0000 (10:47 +0000)]
 
misc: change of address
Type: style
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1
Stanislav Zaikin [Tue, 4 Apr 2023 08:26:39 +0000 (10:26 +0200)]
 
linux-cp: don't create tap for non-eth ifaces
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.
Type: fix
Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <[email protected]>
Jieqiang Wang [Mon, 20 Mar 2023 08:58:14 +0000 (16:58 +0800)]
 
rdma: disable compressed CQE mode for txq CQ
Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 
844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.
Type: fix
Fixes: 
844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
jinsh [Tue, 7 Mar 2023 06:32:06 +0000 (14:32 +0800)]
 
vlib:process node scheduling use timing_wheel have problem.
The time wheel should not be started in the loop while processing expired events.
can be set  p->stop_timer_handle = ~0 to solve.
Type: fix
Signed-off-by: jinsh <[email protected]>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <[email protected]>
Matthew Smith [Tue, 4 Apr 2023 19:27:55 +0000 (19:27 +0000)]
 
vlib: reset stop_timer_handle on expired processes
Type: fix
The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.
Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.
Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.
If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().
After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.
Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <[email protected]>
Damjan Marion [Tue, 4 Apr 2023 17:06:26 +0000 (17:06 +0000)]
 
vppinfra: refactor uword bitmaps
Type: improvement
Change-Id: I4f05a0435825cd23b8ad8a6f8f1397e60c522319
Signed-off-by: Damjan Marion <[email protected]>
Florin Coras [Tue, 4 Apr 2023 18:51:37 +0000 (11:51 -0700)]
 
session: fix ct connect session flush assert
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f
Damjan Marion [Fri, 31 Mar 2023 12:14:41 +0000 (12:14 +0000)]
 
vlib: add vlib_frame_bitmap_{set,clear}_bit_at_index
Type: improvement
Change-Id: I5703728f680f0c8431e4099b398827bd094b60df
Signed-off-by: Damjan Marion <[email protected]>
Daniel Béreš [Fri, 10 Mar 2023 10:35:24 +0000 (02:35 -0800)]
 
nat: fix nat44 vrf handlers
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <[email protected]>
Takeru Hayasaka [Mon, 16 Jan 2023 19:45:58 +0000 (04:45 +0900)]
 
ip: support flow-hash gtpv1teid
support with  GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <[email protected]>
Florin Coras [Mon, 20 Mar 2023 16:58:01 +0000 (09:58 -0700)]
 
session: async flush of pending connects to workers
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
Mikhail Sokolovskiy [Thu, 30 Mar 2023 10:27:33 +0000 (13:27 +0300)]
 
vlib: fix segfault on panic in worker
Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit
field on initialization, so this jump corrupts registers and causes segfault.
There I add clib_warning and abort if longjmp context hasn't been set.
Type: fix
Signed-off-by: Mikhail Sokolovskiy <[email protected]>
Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202
Gabriel Oginski [Mon, 27 Mar 2023 12:01:25 +0000 (12:01 +0000)]
 
dpdk-cryptodev: fix name formatting of session pools
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
Filip Tehlar [Mon, 20 Mar 2023 11:39:20 +0000 (12:39 +0100)]
 
hs-test: containerize ab and wrk
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I66af84257fa0692d9be3445d49b52fb7ca810d27
Ondrej Fabry [Wed, 15 Mar 2023 20:54:53 +0000 (21:54 +0100)]
 
docs: Update info about GoVPP
Type: docs
Signed-off-by: Ondrej Fabry <[email protected]>
Change-Id: I1e28c6858a986d6ede1c7a6d06055400fdc0196b
Damjan Marion [Thu, 23 Mar 2023 13:44:01 +0000 (13:44 +0000)]
 
vppinfra: small improvement and polishing of AES GCM code
Type: improvement
Change-Id: Ie9661792ec68d4ea3c62ee9eb31b455d3b2b0a42
Signed-off-by: Damjan Marion <[email protected]>
Filip Tehlar [Fri, 24 Mar 2023 12:47:45 +0000 (13:47 +0100)]
 
hs-test: remove colons from log files
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I56c57de180e44c888458e4f4020802ce9b4a6b8b
Ondrej Fabry [Wed, 22 Mar 2023 21:39:50 +0000 (22:39 +0100)]
 
api: Remove deprecated message from API
Type: refactor
Signed-off-by: Ondrej Fabry <[email protected]>
Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
Vladislav Grishenko [Sat, 18 Mar 2023 14:39:28 +0000 (19:39 +0500)]
 
udp: fix udp_local length errors accounting
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <[email protected]>
Gabriel Oginski [Wed, 22 Mar 2023 07:03:48 +0000 (04:03 -0300)]
 
dpdk-cryptodev: fix formatting name of pools
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
Xiaoming Jiang [Fri, 24 Mar 2023 02:33:00 +0000 (02:33 +0000)]
 
session: fix session node switching to interrupt mode failded if no user events
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
Florin Coras [Thu, 23 Mar 2023 02:07:35 +0000 (19:07 -0700)]
 
session: fix formatting of half open sessions
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840
Damjan Marion [Wed, 15 Mar 2023 11:42:06 +0000 (11:42 +0000)]
 
vppinfra: AES-CBC and AES-GCM refactor and optimizations
- crypto code moved to vppinfra for better testing and reuse
- added 256-bit VAES support (Intel Client CPUs)
- added AES_GMAC functions
Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361
Type: improvement
Signed-off-by: Damjan Marion <[email protected]>
Benoît Ganne [Tue, 18 Jan 2022 14:56:41 +0000 (15:56 +0100)]
 
ipsec: make pre-shared keys harder to misuse
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
 - we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
 - for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
 - for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <[email protected]>
Arthur de Kerhor [Wed, 16 Nov 2022 18:12:05 +0000 (19:12 +0100)]
 
ipsec: add per-SA error counters
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <[email protected]>
Maxime Peim [Mon, 6 Feb 2023 10:14:20 +0000 (10:14 +0000)]
 
vnet: throttling configuration improvement
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <[email protected]>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
Filip Tehlar [Tue, 14 Mar 2023 07:50:28 +0000 (08:50 +0100)]
 
session: add session stats
Type: feature
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125
Tianyu Li [Tue, 21 Mar 2023 06:49:38 +0000 (06:49 +0000)]
 
build: fix rpm build error with test_infra
RPM build errors:
error: Installed (but unpackaged) file(s) found:
   /usr/bin/test_infra
Add NO_INSTALL tag in CMakeLists to avoid installing test binary.
Type: fix
Fixes: 
c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs")
Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b
Stanislav Zaikin [Wed, 13 Jul 2022 18:29:15 +0000 (20:29 +0200)]
 
linux-cp: fix get_default_ns api method
Type: fix
Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920
Signed-off-by: Stanislav Zaikin <[email protected]>
Ole Troan [Wed, 7 Dec 2022 14:30:58 +0000 (15:30 +0100)]
 
papi: vla list of fixed strings
Handle a variable length array of fixed strings.
Like:
fixed_string = VPPType("fixed_string", [["string", "data", 32]])
s = VPPType("string_vla", [["u32", "length"], ["fixed_string", "services", 0, "length"]])
Previously instead of packing and unpacking as strings, exception packed as u8 instead
of list.
Type: fix
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I501a8a4755828042e1539fd5a54eacec21c5e364
Signed-off-by: Ole Troan <[email protected]>
Alexander Chernavin [Thu, 16 Mar 2023 09:48:45 +0000 (09:48 +0000)]
 
wireguard: fix sending peer events from worker threads
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
Piotr Bronowski [Mon, 13 Feb 2023 18:18:59 +0000 (18:18 +0000)]
 
ipsec: set fast path 5tuple ip addresses based on sa traffic selector values
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <[email protected]>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
Vladislav Grishenko [Wed, 28 Sep 2022 08:37:02 +0000 (13:37 +0500)]
 
vppinfra: fix pool free bitmap allocation
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <[email protected]>
Dave Barach [Thu, 16 Mar 2023 17:03:47 +0000 (13:03 -0400)]
 
vppinfra: fix corner-cases in bihash lookup
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <[email protected]>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
Damjan Marion [Thu, 16 Mar 2023 16:37:56 +0000 (16:37 +0000)]
 
vppinfra: move sha2.h to crypto/
Type: refactor
Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Mar 2023 16:55:38 +0000 (16:55 +0000)]
 
vppinfra: auto-free test memory
Type: improvement
Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Mar 2023 16:34:30 +0000 (16:34 +0000)]
 
vppinfra: add FOREACH_ARRAY_ELT macro
Type: improvement
Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da
Signed-off-by: Damjan Marion <[email protected]>
Andrew Yourtchenko [Tue, 14 Mar 2023 09:28:35 +0000 (09:28 +0000)]
 
vppinfra: add clib_crc32c testcase into infra tests
Type: test
Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969
Signed-off-by: Andrew Yourtchenko <[email protected]>
Florin Coras [Tue, 14 Mar 2023 16:59:02 +0000 (09:59 -0700)]
 
session: support active opens with same source port
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f
Filip Tehlar [Thu, 16 Mar 2023 12:52:54 +0000 (13:52 +0100)]
 
hs-test: check exit value of ab/wrk
Type: test
Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I967e91e4ea97edff427013c92376b388d6ce5d85
Maros Ondrejicka [Tue, 28 Feb 2023 15:55:01 +0000 (16:55 +0100)]
 
hs-test: use consistent naming convention
Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd
Damjan Marion [Wed, 15 Mar 2023 11:42:06 +0000 (11:42 +0000)]
 
vppinfra: widen the scope of test_vector_funcs
Location changed and binary renamed to test_infra
Also it is built by default.
Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 14 Mar 2023 18:04:45 +0000 (18:04 +0000)]
 
crypto-native: 256-bit AES CBC support
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 15 Mar 2023 11:08:53 +0000 (11:08 +0000)]
 
build: add support for intel alderlake and sapphirerapids, part 2
Type: improvement
Change-Id: I64ca5bd3a959190111f61c5311a908d242c10bad
Signed-off-by: Damjan Marion <[email protected]>
Marvin Liu [Wed, 15 Mar 2023 15:00:52 +0000 (23:00 +0800)]
 
dma_intel: fix potential invalid batch status
DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.
Type: fix
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
Maros Ondrejicka [Wed, 8 Mar 2023 15:01:43 +0000 (16:01 +0100)]
 
hs-test: create temporary folder at init
Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I6444582ce83beddc5cb2fcb31942a4c2e9556bb6
Marvin Liu [Tue, 14 Mar 2023 19:41:26 +0000 (03:41 +0800)]
 
dpdk: enable Google Virtual Ethernet
Recognize and drive google virtual ethernet (gve) in google cloud.
Type: feature
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
Andrew Yourtchenko [Tue, 14 Mar 2023 14:38:01 +0000 (14:38 +0000)]
 
vlib: fix clib_crc32c on odd lengths and clib_crc32c_u8
Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e
Florin Coras [Fri, 10 Mar 2023 18:22:21 +0000 (10:22 -0800)]
 
session vcl: refactor builtin tx event for main tx
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.
Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
Marvin Liu [Tue, 14 Mar 2023 15:56:31 +0000 (23:56 +0800)]
 
session: pre-alloc required dma batches
Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
Marvin Liu [Tue, 14 Mar 2023 15:43:28 +0000 (23:43 +0800)]
 
vlib: pre-alloc dma backend batches
Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <[email protected]>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
Florin Coras [Mon, 13 Mar 2023 21:33:37 +0000 (14:33 -0700)]
 
session: format transport connection flags
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Id87c41c472898d4f66b0771f18f822d1069bbfd0
Florin Coras [Mon, 13 Mar 2023 23:31:52 +0000 (16:31 -0700)]
 
session: cleanup lcl endpt freelist before all alloc
Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27
Damjan Marion [Tue, 14 Mar 2023 12:34:59 +0000 (13:34 +0100)]
 
build: add support for intel alderlake and sapphirerapids
Disabled by default..
Type: improvement
Change-Id: I36176c009e0873c048874ae38a7ea0a91449235c
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 14 Mar 2023 12:15:58 +0000 (13:15 +0100)]
 
crypto-native: avoid crash on 12th and 13th gen Intel client CPUs
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 
73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 8 Mar 2023 13:28:51 +0000 (13:28 +0000)]
 
memif: don't leak error strings in API handlers
Type: fix
Fixes: 
ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <[email protected]>
Steven Luong [Mon, 13 Mar 2023 18:07:40 +0000 (11:07 -0700)]
 
udp: Use udp_output_get_connection instead of udp_connection_get
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
Leyi Rong [Wed, 8 Mar 2023 05:46:05 +0000 (13:46 +0800)]
 
avf: 512-bit SIMD version of avf_tx_prepare
Exploiting AVX-512 operations on avf_tx_prepare().
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3
Florin Coras [Fri, 10 Mar 2023 02:23:05 +0000 (18:23 -0800)]
 
vcl: init ldp config before vcl init
This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0
Leyi Rong [Wed, 8 Mar 2023 05:34:56 +0000 (13:34 +0800)]
 
vlib: 512-bit SIMD version of vlib_buffer_free
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <[email protected]>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
Mohsin Kazmi [Tue, 7 Mar 2023 11:07:56 +0000 (11:07 +0000)]
 
af_packet: fix the broken functionality upon admin down
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
Florin Coras [Fri, 10 Mar 2023 00:43:02 +0000 (16:43 -0800)]
 
vcl: fix select connected deq notification
Also make sure that only sessions with fifos try to set deq notification
flag on fifo
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f
Florin Coras [Wed, 8 Mar 2023 22:14:38 +0000 (14:14 -0800)]
 
vcl: fix epoll out evt on connect
Make sure session has a tx fifo.
Type: fix
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ibde40645b401ca0255da298ea4ba691ee924a2d2
Steven Luong [Thu, 9 Mar 2023 00:28:27 +0000 (16:28 -0800)]
 
session: Use session->thread_index to correctly retrieve the session
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <[email protected]>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
Dave Wallace [Wed, 8 Mar 2023 18:53:32 +0000 (13:53 -0500)]
 
hs-test: fix install-deps
- Skip addition of docker apt source/key if
  already installed.
Type: fix
Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I747e4dd5e79e23b64e6eb11c6a9348e2ae1a157f
Florin Coras [Wed, 8 Mar 2023 06:15:24 +0000 (22:15 -0800)]
 
quic: use tx instead of builtin_tx event with timers
Type: improvement
Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e