vpp.git
2 years agolinux-cp: set severity of noisy message to debug 86/37786/2
Matthew Smith [Fri, 2 Dec 2022 21:00:03 +0000 (21:00 +0000)]
linux-cp: set severity of noisy message to debug

Type: improvement

The log buffer and event buffer get lots of messages written like
"Processed 2 messages" by linux-nl when its enabled. This can crowd out
more important messages and should only actually be stored if debug
messages are desired. Change from logging with NL_INFO() to NL_DBG().

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f

2 years agopapi: fix VPP_API_DIR 92/37792/1
Pim van Pelt [Mon, 12 Dec 2022 00:00:16 +0000 (00:00 +0000)]
papi: fix VPP_API_DIR

Docstring in VPP Python API says that find_api_dir() will search for
environment variable VPP_API_DIR first and foremost, except it doesn't.
Prepend VPP_API_DIR if it exists, and allow dirs to be omitted in case
it will be the empty list []

Type: fix
Signed-off-by: [email protected]
Change-Id: Ic892e4bb7d8ff50f18e64ddfd2a61343883f07ea

2 years agomisc: VPP 22.10 Release Notes 36/37536/2
Andrew Yourtchenko [Wed, 19 Oct 2022 09:23:03 +0000 (09:23 +0000)]
misc: VPP 22.10 Release Notes

Type: docs

Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: If0f2ca0344640b064fde52b8f2c09a340ed9c71b
Signed-off-by: Dave Wallace <[email protected]>
(cherry picked from commit 07e0c05e698cf5ffd1e2d2de0296d1907519dc3d)

2 years agonat: fixed return values of enable/disable call 95/37695/5
Filip Varga [Wed, 23 Nov 2022 18:47:56 +0000 (10:47 -0800)]
nat: fixed return values of enable/disable call

NAT44 enable/disable return status was used
instead of appropriate VNET_API_ERROR_ code.

Type: fix
Signed-off-by: Filip Varga <[email protected]>
Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4

2 years agohttp_static: clean up http redirect generation 85/37785/1
Dave Barach [Fri, 9 Dec 2022 14:07:17 +0000 (09:07 -0500)]
http_static: clean up http redirect generation

Don't redirect to "favicon.ico/index.html" if you can't find
"favicon.ico".

If asked to serve up a nonexistent path, see if the path ends with a
known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request
on the spot: "Error 404 Not Found." Do not issue a redirect.

This change will not break the obvious corner case: if the browser
asks for "its_a_dir.mp3/index.html" - and the file exists - the server
will produce it.

Type: improvement

Signed-off-by: Dave Barach <[email protected]>
Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526

2 years agohttp_static: derive mime type from file extensions 68/37768/3
Dave Barach [Wed, 7 Dec 2022 19:19:15 +0000 (14:19 -0500)]
http_static: derive mime type from file extensions

Type: improvement

Signed-off-by: Dave Barach <[email protected]>
Change-Id: I0f087477e257f5119d7d6182d19f8796773a1f19

2 years agotcp: avoid retransmit head with no data 57/37757/3
Florin Coras [Tue, 6 Dec 2022 16:39:15 +0000 (08:39 -0800)]
tcp: avoid retransmit head with no data

Type: fix

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Iefabc7b9dd1109fd6dcf65e5d9794173421b7369

2 years agohs-test: use assert-like approach in test cases 54/37754/3
Maros Ondrejicka [Tue, 6 Dec 2022 14:38:05 +0000 (15:38 +0100)]
hs-test: use assert-like approach in test cases

Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I1653001461d4dfc52f1fb3a9e0cf458a506b8324

2 years agovat2: add plugin-path parameter 52/37752/4
Ole Troan [Tue, 6 Dec 2022 13:41:41 +0000 (14:41 +0100)]
vat2: add plugin-path parameter

Add plugin-path parameter to aid external plugin development.
Multiple directories are supported as a colon separated list.

Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Ida35dedceccd0019ea68e56f7a3672c530258447

2 years agopapi: export packed message structures 59/37759/4
Ole Troan [Tue, 6 Dec 2022 16:42:24 +0000 (17:42 +0100)]
papi: export packed message structures

Use the Python API binding to generate a set of API messages
in binary format, that can later be replayed independently
of the Python API.

Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Iaab6ca31fd2809193e461ab53f7cc7332a231eb5
Signed-off-by: Ole Troan <[email protected]>
2 years agotests: multiple apidir locations 36/37736/7
Ole Troan [Thu, 1 Dec 2022 10:22:06 +0000 (11:22 +0100)]
tests: multiple apidir locations

To support testing of external plugins, add support to the test framework and PAPI
for specifying a list of locations to look for api.json files.

Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d
Signed-off-by: Ole Troan <[email protected]>
2 years agoapi: avoid sigpipe for unruly api client 56/37756/4
Ole Troan [Tue, 6 Dec 2022 16:07:39 +0000 (17:07 +0100)]
api: avoid sigpipe for unruly api client

if the api client didn't wait for the last message, we'd get a SIGPIPE
from Unix and VPP would crash.

Type: fix
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Iac7705ec09ccd67cc249cc9a9525a7cb379e2f6f
Signed-off-by: Ole Troan <[email protected]>
2 years agopapi: fix async support for socket transport 58/37758/3
Ole Troan [Tue, 6 Dec 2022 16:30:49 +0000 (17:30 +0100)]
papi: fix async support for socket transport

Async use of the API is much faster than blocking calls.
Seemed like it only worked over shared memory transport.
This patches re-enables support for async calls over socket
transport.

Type: fix
Signed-off-by: Ole Troan <[email protected]>
Change-Id: I05f3b362035ce0a1c16788ba9003a35601ddb04e
Signed-off-by: Ole Troan <[email protected]>
2 years agohttp_static: misc bug fixes 61/37761/2
Dave Barach [Wed, 7 Dec 2022 00:53:15 +0000 (19:53 -0500)]
http_static: misc bug fixes

The request vector generated by hss_ts_rx_callback() must be NULL
terminated.

The hss_main_t use_ptr_thresh member must be a u64 since
unformat_memory_size() expects it. Otherwise, the adjacent u8
enable_url_handlers may have an accident.

Type: fix

Signed-off-by: Dave Barach <[email protected]>
Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf

2 years agoclassify: increase metadata from 16- to 32-bits 38/37738/3
Benoît Ganne [Thu, 1 Dec 2022 14:58:36 +0000 (15:58 +0100)]
classify: increase metadata from 16- to 32-bits

The metadata in classifier entries is used to index a fib or a dpo in
the acl nodes which can exceeds UINT16_MAX in large configurations.
To maintain entries size and alignment, decrease next_index from 32- to
16-bits: next_index should not exceed 16-bits in VPP, as it is already
shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node.

Type: fix

Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a
Signed-off-by: Benoît Ganne <[email protected]>
2 years agohs-test: manage containers and volumes within test suite 60/37760/3
Maros Ondrejicka [Tue, 6 Dec 2022 18:46:24 +0000 (19:46 +0100)]
hs-test: manage containers and volumes within test suite

Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I614111814af5a99dcaa22c8581ea2d339572ae1c

2 years agohs-test: test tcp with loss 69/37669/12
Maros Ondrejicka [Wed, 16 Nov 2022 11:51:11 +0000 (12:51 +0100)]
hs-test: test tcp with loss

This adds basic, functional-only, test of TCP connection with delay and
packet loss introduced by Network Delay Simulator.

Type: test
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: Ibedf4c680c152921b733cf39d99b178412748d3c

2 years agohttp_static: fix http(s) redirects 53/37753/2
Dave Barach [Tue, 6 Dec 2022 13:39:29 +0000 (08:39 -0500)]
http_static: fix http(s) redirects

Add an http redirect template to generate correct-looking "301 Moved
Permanently" replies.

Supply a default value of 1<<31 for the use_ptr_thresh config parameter.

Expose hss_session_get() so friend plugins which register GET / POST
handlers with the http_static server can add data to the session fifos.

Type: fix

Signed-off-by: Dave Barach <[email protected]>
Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f

2 years agostats: return empty vector rather than NULL if stat_segment_dump_r() is run on an... 44/37744/2
Andrew Yourtchenko [Fri, 2 Dec 2022 21:22:37 +0000 (21:22 +0000)]
stats: return empty vector rather than NULL if stat_segment_dump_r() is run on an empty vector from ls

The return value in this function is initialized with 0, so if a vector of length 0 is passed
to stat_segment_dump_r, then this return value is never populated, resulting in inability
to distinguish between a successful dump of an empty vector and an error.

Solution: call vec_alloc(). As a side effect might get some trivial speed-up.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I33fefd801df457152e9ec257742305182e91f339

2 years agosession: move connects to first worker 13/35713/69
Florin Coras [Fri, 18 Mar 2022 15:33:08 +0000 (08:33 -0700)]
session: move connects to first worker

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I035e3fdbb52eca010ad7b2c20ca2930cb1645978

2 years agoquic: update to quicly v0.1.4 39/37739/7
Dave Wallace [Thu, 1 Dec 2022 03:29:07 +0000 (22:29 -0500)]
quic: update to quicly v0.1.4

Type: improvement

Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694
Signed-off-by: Dave Wallace <[email protected]>
2 years agohs-test: add test suite features 35/37735/5
Maros Ondrejicka [Thu, 1 Dec 2022 08:56:37 +0000 (09:56 +0100)]
hs-test: add test suite features

Test suite now supports assertions which on fail stop test case run,
also it allows to create docker containers which are going to be
stopped automatically after the test run is finished.

Type: improvement
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I2834709b1efd17b8182d36cc0404b986b4ed595d
Signed-off-by: Filip Tehlar <[email protected]>
2 years agobuffers: revert protect against bad thread indices 41/37741/1
Benoît Ganne [Fri, 2 Dec 2022 14:30:56 +0000 (15:30 +0100)]
buffers: revert protect against bad thread indices

This change was introduced to workaround a bug in the NAT code, but
we should not woraround plugin bugs in infra.

Type: fix
Fixes: f8631ce7e8886136b4543a7926ffdf1bc760fb11

Change-Id: Id6ee281cf1fe8466b6522905fc2a176716e3d52f
Signed-off-by: Benoît Ganne <[email protected]>
2 years agovlib: clib_panic if sysconf() can't determine page size on startup 29/37129/4
Andrew Yourtchenko [Thu, 15 Sep 2022 11:56:50 +0000 (11:56 +0000)]
vlib: clib_panic if sysconf() can't determine page size on startup

Account for the potential of sysconf() returning -1 if it can not
get the page size and make it a fatal error.

Coverity: 277313
Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628

2 years agovnet: fix trace flag copying in icmp4 55/37655/2
Klement Sekera [Mon, 14 Nov 2022 10:29:17 +0000 (11:29 +0100)]
vnet: fix trace flag copying in icmp4

Type: fix
Signed-off-by: Klement Sekera <[email protected]>
Change-Id: I0a947b74e40499327910c1ed10923f7a869039d6

2 years agovhost: convert vhost device driver to a plugin 88/37488/8
Steven Luong [Wed, 19 Oct 2022 19:46:29 +0000 (12:46 -0700)]
vhost: convert vhost device driver to a plugin

convert vhost device driver to a plugin as described in
https://jira.fd.io/browse/VPP-2065

Type: improvement

Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5

2 years agoavf: support generic flow 63/37563/8
Ting Xu [Fri, 21 Oct 2022 08:48:44 +0000 (16:48 +0800)]
avf: support generic flow

Support generic flow in native avf.

Enable necessary RSS hash function for generic flow. Extend some
structures and functions from for FDIR only to for both RSS and FDIR
flows. Modify virtual channel message to align with ice kernel driver.

Add functions to parse generic flow patterns. The parsing results will
be delivered to the kernel driver and create corresponding flow rules.

Type: feature
Signed-off-by: Ting Xu <[email protected]>
Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61

2 years agowireguard: add atomic mutex 61/37361/5
Gabriel Oginski [Thu, 6 Oct 2022 06:58:45 +0000 (06:58 +0000)]
wireguard: add atomic mutex

The initiate handshake process can be called a numbers times for each
peers, then the main VPP thread called by Wireguard starting to
allocate memory. This behaviour can lead to out of memory when VPP has
a lot of Wireguard tunnels concurrently.

This fix add mutex to send only once handshake initiate at time for
each peers.

Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79

2 years agohsa: session rpc for echo client cli notifications 60/37660/10
Florin Coras [Mon, 14 Nov 2022 20:57:30 +0000 (12:57 -0800)]
hsa: session rpc for echo client cli notifications

Also, use connected udp for builtin echo apps

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ie24d7e97f4f27b67df9ceff3c268954485255c2d

2 years agostats: add boot time in stats segment 28/37728/4
Ole Troan [Mon, 28 Nov 2022 12:13:24 +0000 (13:13 +0100)]
stats: add boot time in stats segment

Write time into /sys/boottime on VPP start.
This allows a stateless control plane agent to validate if it's reconnecting to the same
VPP instance.

Type: improvement
Signed-off-by: Ole Troan <[email protected]>
Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0
Signed-off-by: Ole Troan <[email protected]>
2 years agoudp: refactor port allocation and sharing 49/37649/16
Florin Coras [Fri, 11 Nov 2022 19:37:36 +0000 (11:37 -0800)]
udp: refactor port allocation and sharing

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I4f7314ddf95d26f1939bd3772d29d011fb4cea47

2 years agosession: transport endpt cleanup on owner thread 40/37640/15
Florin Coras [Wed, 9 Nov 2022 23:54:39 +0000 (15:54 -0800)]
session: transport endpt cleanup on owner thread

Maintain a single writer multiple readers usage model for transport
endpoints pool.

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I8555700ed725971341f145ea97f031042a298e83

2 years agowireguard: compute checksum for outer ipv6 header 18/37518/5
Artem Glazychev [Tue, 25 Oct 2022 11:48:40 +0000 (18:48 +0700)]
wireguard: compute checksum for outer ipv6 header

Type: fix

Signed-off-by: Artem Glazychev <[email protected]>
Change-Id: I477e92712e441c91789afdf9be389d967acfa799

2 years agostats: fix the memory leak in stat_client.c 30/37730/3
Andrew Yourtchenko [Mon, 28 Nov 2022 17:56:16 +0000 (17:56 +0000)]
stats: fix the memory leak in stat_client.c

The issue can be reproduced by running "vpp_get_stats tightpoll"

The root cause is that the control flow discards the "result" struct
being prepared, along with pointer its allocated name.
This results in a memory leak.

Type: fix
Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443
Signed-off-by: Andrew Yourtchenko <[email protected]>
2 years agordma: fix for-loop initialization in scalar path 20/37720/7
Jieqiang Wang [Fri, 25 Nov 2022 07:26:55 +0000 (15:26 +0800)]
rdma: fix for-loop initialization in scalar path

When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution
will fall into scalar path of processing packets. But with a wrong
initialization value for n_left set to zero, i in the for-loop will
equal to n_rx_packets. This leads to the bypass of required ip4 checksum
validation and byte count endianness conversion in scalar path.
Besides, refactor the code using while instead of for-loop to keep
consistency with VPP code style.

Type: fix
Fixes: bf93670c515d ("rdma: fix ipv4 checksum check in rdma-input node")

Signed-off-by: Lijian Zhang <[email protected]>
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1

2 years agoipsec: use correct reply message 25/37725/2
Vratko Polak [Fri, 25 Nov 2022 16:10:10 +0000 (17:10 +0100)]
ipsec: use correct reply message

Type: fix
Fixes: 815c6a4fbcbb636ce3b4dc98446ad205a30670a6
Ticket: VPP-2068

Change-Id: I42d678b0e28ac4d0b524dfc2dbd01bbad020cf24
Signed-off-by: Vratko Polak <[email protected]>
2 years agovapi: write enumflag types to vapi headers 08/37608/2
Matthew Smith [Wed, 9 Nov 2022 17:45:19 +0000 (17:45 +0000)]
vapi: write enumflag types to vapi headers

Type: fix
Fixes: a51f9b3747

Some IPsec message type definitions were not being written to
ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and
ipsec_sad_entry_add.

The cause appears to be that tunnel_flags, which is defined in
tunnel_types.api is a special case of enum called an enumflag. These do
not appear to have been handled in the code that generates the vapi
header files.

This patch adds processing of enumflag objects for vapi.

Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9
Signed-off-by: Matthew Smith <[email protected]>
2 years agoipsec: remove redundant policy array in fast path spd 16/37516/3
Piotr Bronowski [Sun, 9 Oct 2022 23:05:00 +0000 (23:05 +0000)]
ipsec: remove redundant policy array in fast path spd

Fast path spd was explicitely storing array of policy id vectors.
This information was redundand, as this inofrmation is already stored
in bihash table. This additional array was affecting performance
when adding and removing fast path policies.
The other place that needed refactoring after removing this array  was
cli command showing fast path policies.

Type: feature

Signed-off-by: Piotr Bronowski <[email protected]>
Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be

2 years agoudp: preallocate ports sparse vec map 80/37680/6
Florin Coras [Sat, 19 Nov 2022 02:29:23 +0000 (18:29 -0800)]
udp: preallocate ports sparse vec map

Not ideal. The sparse vector used to map ports to next nodes assumes
only a few ports are ever used. When udp transport is enabled this does
not hold and, to make matters worse, ports are consumed in a random
order.

This can lead to a lot of slow updates to internal data structures
which in turn can slow udp connection allocations until all ports are
eventually consumed.

Consequently, reallocate sparse vector, preallocate all ports and have
them point to UDP_NO_NODE_SET. We could consider switching the sparse
vector to a preallocated vector but that would increase memory
consumption for vpp deployments that do not rely on host stack.

For reference, populating one of the v4 or v6 sparse vectors in reverse
order takes about 9.8s on a skylake cpu.

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc

2 years agohs-test: document host stack test framework 91/37591/12
Maros Ondrejicka [Tue, 8 Nov 2022 07:00:51 +0000 (08:00 +0100)]
hs-test: document host stack test framework

Type: docs
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I47d2794283a85a644448e60538f543644a0edfdc

2 years agointerface: remove the pending interrupt from deleting interface 74/37674/3
Mohsin Kazmi [Thu, 17 Nov 2022 14:04:49 +0000 (14:04 +0000)]
interface: remove the pending interrupt from deleting interface

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I3138f97519d216b89a9c46865271db1f9ddd53cd

2 years agohs-test: auto register test actions 87/37687/4
Filip Tehlar [Tue, 22 Nov 2022 11:49:22 +0000 (12:49 +0100)]
hs-test: auto register test actions

Type: improvement

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: Icb5db6f69eda93181aba69b1f8676a73c0a4561b

2 years agosr: srv6 path tracing api 93/37593/4
Julian Klaiber [Tue, 8 Nov 2022 07:44:06 +0000 (08:44 +0100)]
sr: srv6 path tracing api

Implements the API for SRv6 Path Tracing

Type: feature

Signed-off-by: Julian Klaiber <[email protected]>
Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28

2 years agogso: add gso documentation 05/37505/3
Mohsin Kazmi [Fri, 21 Oct 2022 17:49:12 +0000 (17:49 +0000)]
gso: add gso documentation

Type: docs

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I8a96e6cc73b5f7ab3049fef37aafba43f3ef4d84

2 years agovpp-swan: Fix segfault for multiple addresses 92/37692/3
Timur Celik [Tue, 22 Nov 2022 16:03:14 +0000 (17:03 +0100)]
vpp-swan: Fix segfault for multiple addresses

In order to loop over the list of `vl_api_ip_address_details_t`,
increment the pointer by one instead of `i`.

Type: fix
Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7
Signed-off-by: Timur Celik <[email protected]>
2 years agolinux-cp: fix FIB_ENTRY_FLAG_ATTACHED 57/37657/3
Alexander Skorichenko [Mon, 14 Nov 2022 11:59:56 +0000 (11:59 +0000)]
linux-cp: fix FIB_ENTRY_FLAG_ATTACHED

Type: fix
   
Fib entries for attached routes when sourced from
FIB_SOURCE_API or FIB_SOURCE_CLI
get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source.
Such a route added from linux-cp doesn't get this flag.
   
Fix this flag for linux-cp sources by passing it to the
fib entry's update/create function in lcp_router_route_add().

Signed-off-by: Alexander Skorichenko <[email protected]>
Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c

2 years agopolicer: adding documentation 75/37675/6
Maxime Peim [Thu, 17 Nov 2022 15:29:10 +0000 (15:29 +0000)]
policer: adding documentation

Type: docs

Several kinds of policers are implemented in VPP.
However, they could differ from the RFCs it is
said they are from.

Additionally, the CLI command's help has been
updated with the current list of acceptable
parameters.

Signed-off-by: Maxime Peim <[email protected]>
Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041

2 years agoacl: fix set acl-plugin cli unformat free. 63/37663/2
Huawei LI [Tue, 15 Nov 2022 11:38:54 +0000 (19:38 +0800)]
acl: fix set acl-plugin cli unformat free.

Type: fix

Signed-off-by: Huawei LI <[email protected]>
Change-Id: Icb5450f4bd0eaef7684eb7e3816d1d6051e889d7

2 years agotests: add VCL Thru Host Stack TLS in interrupt mode 46/37646/3
Filip Tehlar [Fri, 11 Nov 2022 10:56:54 +0000 (11:56 +0100)]
tests: add VCL Thru Host Stack TLS in interrupt mode

Type: test

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I7d5a9e9fedfc85bd7fad88f8eae1e46476ec0b7b

2 years agoipsec: improve ipsec policy adding performance 17/34817/3
Xiaoming Jiang [Sat, 8 Oct 2022 02:40:45 +0000 (02:40 +0000)]
ipsec: improve ipsec policy adding performance

Type: improvement
Signed-off-by: jiangxiaoming <[email protected]>
Change-Id: I91ba1ff4c1085f4aca60ca111cbbaf14a3b4d761

2 years agotls: memory leak due to missing call to vnet_crypto_key_del 79/37679/1
Steven Luong [Fri, 18 Nov 2022 22:17:42 +0000 (14:17 -0800)]
tls: memory leak due to missing call to vnet_crypto_key_del

We add the crypto key to the vnet crypto library via vnet_crypto_key_add.
However, when the session is disconnected, we don't call
vnet_crypto_key_del and the memory is leaked in vnet_crypto library
as well as in pico tls key store.

It seems dispose crypto is the appropriate place to add
vnet_crypto_key_del.

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e

2 years agoipsec: Failure at the start of the batch should not invalidate the rest of the batch 77/37677/2
Neale Ranns [Fri, 18 Nov 2022 04:24:09 +0000 (04:24 +0000)]
ipsec: Failure at the start of the batch should not invalidate the rest of the batch

Type: fix

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Icd1e43a5764496784c355c93066273435f16dd35

2 years agosession: add transport main structure 70/37570/5
Florin Coras [Thu, 3 Nov 2022 19:50:13 +0000 (12:50 -0700)]
session: add transport main structure

Leave tp_vfts vector out for now.

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ic20a1671be9424280d0645f48ef2131a694cd16f

2 years agocrypto-ipsecmb: fix plugin crash in VirtualBox 14/37614/3
Maros Ondrejicka [Thu, 10 Nov 2022 13:11:40 +0000 (14:11 +0100)]
crypto-ipsecmb: fix plugin crash in VirtualBox

Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec
Multi-Buffer library checks for both AVX2 and BMI2 sets during init.
VirtualBox VM doesn't provide BMI2 by default to guest operating system.

Result is that VPP plugin decides to use AVX2 initialization and library
then doesn't do it. Since flush_job remains empty, the self-check fails
and with that the whole VPP crashes on start-up.

Type: fix
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a

2 years agohs-test: skip vcl reattach test 43/37643/2
Filip Tehlar [Fri, 11 Nov 2022 09:37:33 +0000 (10:37 +0100)]
hs-test: skip vcl reattach test

Type: test

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I594ecc347f367887890a3182e7c24028bf9a7f50

2 years agobuild: fix lib install dir and add vat2 lib install when build rpm. 42/37642/2
Huawei LI [Fri, 11 Nov 2022 05:50:26 +0000 (13:50 +0800)]
build: fix lib install dir and add vat2 lib install when build rpm.

Type: fix

Signed-off-by: Huawei LI <[email protected]>
Change-Id: I5ac557756ff2b3de13ce328a27ffdd289ab3173e

2 years agohttp: use safe pool realloc 99/35899/13
Florin Coras [Tue, 5 Apr 2022 23:35:39 +0000 (16:35 -0700)]
http: use safe pool realloc

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I572017433a1ba0f8576522f02138928e303e10ab

2 years agosrtp: use safe pool reallocs 98/35898/13
Florin Coras [Tue, 5 Apr 2022 22:53:31 +0000 (15:53 -0700)]
srtp: use safe pool reallocs

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I15fea1f90640ea54cafe3ea929e871ec6e86fc67

2 years agosession: safe pools for cut-through sessions 15/35915/9
Florin Coras [Thu, 7 Apr 2022 19:58:13 +0000 (12:58 -0700)]
session: safe pools for cut-through sessions

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I6dd400285ae475974c416f9b94e8a5b4b6257ca1

2 years agosession: reduce safe pool expand rate 09/37609/3
Florin Coras [Wed, 9 Nov 2022 23:13:16 +0000 (15:13 -0800)]
session: reduce safe pool expand rate

Make sure they only double in size.

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33

2 years agomisc: ignore clangd cache folder 11/37611/2
Maros Ondrejicka [Thu, 10 Nov 2022 07:47:08 +0000 (08:47 +0100)]
misc: ignore clangd cache folder

Type: make
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: Id6ee2cbf3bf14083a470ef45ef1b6ff3ff8d03aa

2 years agolinux-cp: fix lcp_itf_pair_create()'s memory leak 62/37562/2
luoyaozu [Mon, 31 Oct 2022 13:46:38 +0000 (21:46 +0800)]
linux-cp: fix lcp_itf_pair_create()'s memory leak

need free args.error if args.rv < 0

Type: fix

Signed-off-by: luoyaozu <[email protected]>
Change-Id: I8ceebfc36f51798d8d1a8e4c41bec33d74344396

2 years agohs-test: add http client connect test 12/37612/2
Filip Tehlar [Thu, 10 Nov 2022 11:34:17 +0000 (12:34 +0100)]
hs-test: add http client connect test

Type: test

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: If705d311065e128b4b6df7d8d80910e4be72d3e6

2 years agohttp: support client connect 95/37595/5
Filip Tehlar [Wed, 14 Sep 2022 09:07:12 +0000 (09:07 +0000)]
http: support client connect

Type: feature

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I0738c0aefb41ab6c0ff717cfccd1df75ddb481fa

2 years agonat: updating my maintainer email address 81/37581/3
Filip Varga [Sat, 5 Nov 2022 05:59:26 +0000 (06:59 +0100)]
nat: updating my maintainer email address

Type: fix

Signed-off-by: Filip Varga <[email protected]>
Change-Id: I1f5069df2dc743ecd1269e947dd375cb1b84970f

2 years agotests: initial asf framework refactoring for 'make test' 15/37015/11
Pratikshya Prasai [Thu, 18 Aug 2022 15:09:38 +0000 (11:09 -0400)]
tests: initial asf framework refactoring for 'make test'

Type: refactor

Change-Id: I41455b759a5d302ad5c4247c13634c471e7d49a8
Signed-off-by: Pratikshya Prasai <[email protected]>
Signed-off-by: Saima Yunus <[email protected]>
Signed-off-by: Dave Wallace <[email protected]>
2 years agosr: fix added for configuring vlan sub interface as iif interface in End.AD.Flow... 98/37298/2
ChinmayaAgarwal [Thu, 29 Sep 2022 06:47:05 +0000 (12:17 +0530)]
sr: fix added for configuring vlan sub interface as iif interface in End.AD.Flow localsid

Type: fix
Signed-off-by: ChinmayaAgarwal <[email protected]>
Change-Id: Ifad23978b98c5e05d86f6254bfb65baa0b380436

2 years agoacl: verify that src and dst have sane and same address family 70/31770/4
Andrew Yourtchenko [Thu, 25 Mar 2021 15:34:33 +0000 (15:34 +0000)]
acl: verify that src and dst have sane and same address family

API refactoring moved the address-family tag from rule
level down to prefix level.

This necessarily warrants the check that they are the same.

Also, add a check that the address family is sane.

Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7
Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
2 years agoip: fix unformat_ip_address forcing version to IP4 for some IP6 addresses 02/37602/4
Andrew Yourtchenko [Wed, 9 Nov 2022 01:18:56 +0000 (01:18 +0000)]
ip: fix unformat_ip_address forcing version to IP4 for some IP6 addresses

dd2f12ba made use of ip46_address_is_ip4() in order to determine whether
the address is ipv4 or ipv6 within unformat_ip_address - however, its
logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified)
will result in "true" result. This is probably not an issue for most
of the cases (the unspecified address is quite rare),
however if the unformat_ip_address is used as part of the
prefix parsing, the ::/0 is a fairly often utilized construct,
which gets parsed as 0.0.0.0

Solution: return the old logic, but use a temporary
variable to avoid overwriting the target memory on failure.

Type: fix
Fixes: dd2f12ba6ab952d9d66f4d9ba89ffde6309b1ff2.
Change-Id: I272f740dfdf07036cec68516e153f0701a53233d
Signed-off-by: Andrew Yourtchenko <[email protected]>
2 years agopolicer: improvement show policer cli. 79/37579/3
Huawei LI [Fri, 4 Nov 2022 18:50:53 +0000 (02:50 +0800)]
policer:  improvement show policer cli.

cli show policer's help info is not consistent
with it's arguments.

Type: improvement

Signed-off-by: Huawei LI <[email protected]>
Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd

2 years agoprom: fix stats vector leak 86/37586/3
Florin Coras [Sun, 6 Nov 2022 23:27:01 +0000 (15:27 -0800)]
prom: fix stats vector leak

Type: fix

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I620447c9aa8606a125063cdd724bfe74f8a870f6

2 years agonat: fix per-vrf session bookkeeping 70/36670/6
Jing Peng [Fri, 15 Jul 2022 19:12:29 +0000 (15:12 -0400)]
nat: fix per-vrf session bookkeeping

Each NAT44 ED session has a per_vrf_sessions_index referencing
an element in the thread-local vector per_vrf_sessions_vec.
However this index can be possibly invalidated by vec_del1() in
per_vrf_sessions_cleanup(), before a session is registered.
Such a stale index can cause an assertion failure in function
per_vrf_sessions_is_expired() when we use it to locate the
per_vrf_sessions object.

A possible sequence to reproduce is:

1. Create two NAT44 ED sessions s1, s2 so that two per_vrf_sessions are created:
     index 0: between VRF pair 10 and 11 (expired=0, ses_count=1)
     index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
   For the sessions we have:
     s1->per_vrf_sessions_index == 0
     s2->per_vrf_sessions_index == 1

2. Delete the first session via CLI, now the two per_vrf_sessions become:
     index 0: between VRF pair 10 and 11 (expired=0, ses_count=0)
     index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
   For the sessions we have:
     s2->per_vrf_sessions_index == 1

3. Delete the VRF 11:
     index 0: between VRF pair 10 and 11 (expired=1, ses_count=0)
     index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
   For the sessions we have:
     s2->per_vrf_sessions_index == 1

4. Create a new session s3 between VRF pair 20 and 21 so that the first
   per_vrf_sessions will be deleted:
     index 0: between VRF pair 20 and 21 (expired=0, ses_count=2)
   For the sessions we have:
     s2->per_vrf_sessions_index == 1
     s3->per_vrf_sessions_index == 0
   Here, note that the actual index of per_vrf_session is changed due
   to vec_del1(). The new session is added after the cleanup so it gets
   the correct index. But the index held by the existing session is not
   updated.

5. Trigger the fast path of the session s2. To achieve this, session
   s2 could be created in step 1 by
     ping -i20 -Iiface_in_vrf_10 1.1.1.1
   and steps 2-4 should then be performed within the 20-second interval.

This patch fixes this by changing per_vrf_sessions_vec to a pool so
that indicies are kept intact.

Type: fix
Signed-off-by: Jing Peng <[email protected]>
Change-Id: I4c08f9bfd50134bcb5f08e50ad61af2bddbcb645

2 years agonat: fix byte order error. 59/37559/6
Huawei LI [Sat, 29 Oct 2022 13:20:07 +0000 (21:20 +0800)]
nat: fix byte order error.

fix byte order error about the struct snat_address_t's member net.
for example configurations:
  set interface ip table loop1 1
  set interface ip addr loop1 10.10.10.2/24
  nat44 add address 10.10.10.2 tenant-vrf 1
the snat address's net should be "as_u8 = {0xa, 0xa, 0xa, 0x0}",
but now it's "as_u8 = {0x0, 0xa, 0xa, 0x2}" because of missing
transition of byte order about the member net of snat_address_t.
(gdb) p/x *snat_main->addresses
$3 = {addr = {data = {0xa, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a0a,
      as_u8 = {0xa, 0xa, 0xa, 0x2}, as_u16 = {0xa0a, 0x20a},
      as_u32 = 0x20a0a0a}, net = {data = {0x0, 0xa, 0xa, 0x2},
      data_u32 = 0x20a0a00, as_u8 = {0x0, 0xa, 0xa, 0x2},
      as_u16 = {0xa00, 0x20a}, as_u32 = 0x20a0a00},
      sw_if_index = 0x3, fib_index = 0x1,addr_len = 0x18}
(gdb)

Type: fix

Signed-off-by: Huawei LI <[email protected]>
Change-Id: I4f25f0639ae90a7f2e8715b44f825571283d994d

2 years agoip6-nd: set router flag on NA if appropriate 82/37582/2
Matthew Smith [Sat, 5 Nov 2022 18:33:08 +0000 (18:33 +0000)]
ip6-nd: set router flag on NA if appropriate

Type: fix

The router flag on a neighbor advertisement can be used by neighbors to
detect that a router has changed to a host (RFC 4861 section 4.4).

If a neighbor adds routes after receiving a router advertisement sent
by VPP and subsequently receives a neighbor advertisement sent by VPP,
it may remove any routes it added based on the RA if the NA does not
have the router flag set. It appears that this is how windows behaves.

When sending a neighbor advertisement, set the router flag if sending
RAs is enabled on the interface.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d

2 years agoip6-nd: initialize radv_info->send_radv to 1 60/37560/3
Dave Barach [Sun, 30 Oct 2022 20:45:24 +0000 (16:45 -0400)]
ip6-nd: initialize radv_info->send_radv to 1

Otherwise, the newly configured interface will never send RADV's.

See below. In the typical case, suppress = 0 and is_no = 0, which
propagates the current value of radv->send_radv:

  radv_info->send_radv =
    (suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv;

No other bit of code will set send_radv, at least in straightforward
ways.

Type:fix

Signed-off-by: Dave Barach <[email protected]>
Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d

2 years agohsa: echo client crash when it fails to connect to remote 80/37580/2
Steven Luong [Fri, 4 Nov 2022 19:19:42 +0000 (12:19 -0700)]
hsa: echo client crash when it fails to connect to remote

When echo client fails to connect to remote, it should quit.

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I787423bdc61a58eea48bab7bd8b73137626c02b4

2 years agoclassify: fix crash when update nonexistent classify table. 78/37578/3
Huawei LI [Fri, 4 Nov 2022 16:35:19 +0000 (00:35 +0800)]
classify: fix crash when update nonexistent classify table.

vpp crash when update nonexistent classify table.
Program received signal SIGABRT, Aborted.
0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
(gdb) bt
0  0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
1  0x00007fbf3b49ca28 in abort () from /lib64/libc.so.6
2  0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3  0x00007fbf3bb611c7 in debugger () at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:84
4  0x00007fbf3bb61529 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fbf3d03af08 "%s:%d (%s) assertion `%s' fails")
   at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:143
5  0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
   skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
   current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
6  0x00007fbf3c672bf4 in classify_table_command_fn (vm=0x7fbefb465740, input=0x7fbeed930ef0, cmd=0x7fbefc45ec18)
   at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:1622
7  0x00007fbf3d52b527 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
   parent_command_index=1064) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
8  0x00007fbf3d52b2c3 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
   parent_command_index=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
9  0x00007fbf3d52b9cb in vlib_cli_input (vm=0x7fbefb465740, input=0x7fbeed930ef0, function=0x7fbf3d597406 <unix_vlib_cli_output>, function_arg=0)
   at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
10 0x00007fbf3d59cb0c in unix_cli_process_input (cm=0x7fbf3d61fe00 <unix_cli_main>, cli_file_index=0)
   at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
11 0x00007fbf3d59d25a in unix_cli_process (vm=0x7fbefb465740, rt=0x7fbf00f7bfc0, f=0x0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
12 0x00007fbf3d555a25 in vlib_process_bootstrap (_a=140458063833296) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
13 0x00007fbf3bb74204 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
14 0x00007fbef10028a0 in ?? ()
15 0x00007fbf3d555b4e in vlib_process_startup (vm=0x7fbf3bb7d70f <clib_mem_size+24>, p=0x7fbef10028d0, f=0x7fbf00f06ae0)
   at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
16 0x00007fbf3d592be6 in vec_max_bytes (v=0x8) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
17 0x00007fbf00f06af8 in ?? ()
18 0x0000000000000004 in ?? ()
19 0x00000000000000ff in ?? ()
20 0x00007fbef1002980 in ?? ()
21 0x00007fbf3d592dcb in _vec_set_len (v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
   len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
   elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) f 5
   0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
   skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
   current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
780   t = pool_elt_at_index (cm->tables, *table_index);
(gdb) p *table_index
$1 = 8
(gdb) p cm->tables
$2 = (vnet_classify_table_t *) 0x0
(gdb)

Type: fix

Signed-off-by: Huawei LI <[email protected]>
Change-Id: I1c5f6168f0a7e1d1989ce07ec6c30c6fd9f0aaa9

2 years agonat: cleanup of deprecated features 61/37561/3
Filip Varga [Mon, 31 Oct 2022 10:07:14 +0000 (11:07 +0100)]
nat: cleanup of deprecated features

Type: refactor

1) Removed deprecated API.
  - These specific APIs do not have repleacement
    because features that they controled
    aren't part of current NAT44-ED
    implementation anymore.

2) Removed unused typedef of port allocation funciton.
  - Missed left over removed.

Change-Id: Ib3f763449065eda7cdcb2c6565a9cae51baf23d6
Signed-off-by: Filip Varga <[email protected]>
2 years agotls: crash in mbedtls due to ctx is already free 71/37571/2
Steven Luong [Thu, 3 Nov 2022 21:34:07 +0000 (14:34 -0700)]
tls: crash in mbedtls due to ctx is already free

_clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fffb3a7e1b5 "%s:%d (%s) assertion `%s' fails") at src/vppinfra/error.c:143
mbedtls_ctx_get (ctx_index=0) at src/plugins/tlsmbedtls/tls_mbedtls.c:114
tls_ctx_get (ctx_handle=536870912) at src/vnet/tls/tls.c:310
tls_app_session_cleanup (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/tls/tls.c:624
app_worker_cleanup_notify (app_wrk=0x7fffbef95f80, s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/application_worker.c:445
session_cleanup_notify (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/session.c:262
session_free_w_fifos (s=0x7fffbf102040) at src/vnet/session/session.c:268
session_delete (s=0x7fffbf102040) at src/vnet/session/session.c:287
session_transport_delete_notify (tc=0x7fffbdf63c40) at src/vnet/session/session.c:1159
tcp_handle_cleanups (wrk=0x7fffbef46d40, now=133.30033046694487) at src/vnet/tcp/tcp.c:1298
tcp_update_time (now=133.30033046694487, thread_index=2 '\002') at src/vnet/tcp/tcp.c:1309
session_update_time_subscribers (smm=0x7ffff7f75ce0 <session_main>, now=133.30033046694487, thread_index=2) at src/vnet/session/session_node.c:1817
session_queue_node_fn (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1934
dispatch_node (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4722227957546624) at src/vlib/main.c:960

Putting a breakpoint in gdb, I found out ctx was free in mbedtls_app_close.
Looking at app_close function in picotls and openssl, I don't see they
free ctx and they don't crash when processing cleanup. I am inclined to
think that mbedtls_ctx_free should not be called in mbedtls_app_close

    at src/plugins/tlsmbedtls/tls_mbedtls.c:92
    at src/plugins/tlsmbedtls/tls_mbedtls.c:559
    at src/vnet/tls/tls.c:360
    thread_index=2) at src/vnet/tls/tls.c:762
    conn_index=536870912, thread_index=2 '\002')
    at src/vnet/session/transport.c:332
    at src/vnet/session/session.c:1608
    elt=0x7fffbdfef3dc)
    at src/vnet/session/session_node.c:1672
    node=0x7fffbe0b1340, frame=0x0)
    at src/vnet/session/session_node.c:1966
    node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT,
    dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0,
    last_time_stamp=4721919444027682)
    at src/vlib/main.c:960

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: Ic5c13e659aee618c8accee42af9f40931b62f467

2 years agomisc: fix failing TestNs/TestHttpTps test in hstf 69/37569/2
Maros Ondrejicka [Thu, 3 Nov 2022 12:30:08 +0000 (13:30 +0100)]
misc: fix failing TestNs/TestHttpTps test in hstf

Type: fix
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I03cbd05d6d887d2ce8e7b7d20522e04012c5fe7a

2 years agosession: fix tx_fifo clear and incorrect bitmap invalidation 67/37567/6
Dongya Zhang [Thu, 3 Nov 2022 07:22:34 +0000 (15:22 +0800)]
session: fix tx_fifo clear and incorrect bitmap invalidation

The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.

In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.

Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <[email protected]>
2 years agosr: SRv6 Path Tracing Midpoint behaviour 54/37454/4
Julian Klaiber [Tue, 18 Oct 2022 08:37:14 +0000 (10:37 +0200)]
sr: SRv6 Path Tracing Midpoint behaviour

Type: feature

Signed-off-by: Julian Klaiber <[email protected]>
Change-Id: I866a2d2e06013380309c98a54078c1b3f6ad76fc

2 years agovpp-swan: remove step to copy vpp_sswan source for docker image 23/37523/3
Yulong Pei [Wed, 26 Oct 2022 09:14:42 +0000 (09:14 +0000)]
vpp-swan: remove step to copy vpp_sswan source for docker image

Since vpp_sswan plugin already merged in /vpp/extras/strongswan,
no need to provide additional vpp_sswan source files for docker image.

Type: fix

Signed-off-by: Yulong Pei <[email protected]>
Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239
Signed-off-by: Yulong Pei <[email protected]>
2 years agoquic: use safe pool realloc 31/35831/18
Florin Coras [Wed, 30 Mar 2022 17:11:55 +0000 (10:11 -0700)]
quic: use safe pool realloc

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ia03c3fe0ca669b319dec8decd503254d0a95e58b

2 years agotls: use safe pool reallocs 18/35818/23
Florin Coras [Wed, 30 Mar 2022 00:49:37 +0000 (17:49 -0700)]
tls: use safe pool reallocs

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350

2 years agotests: session in interrupt mode 22/35322/6
Filip Tehlar [Mon, 14 Feb 2022 15:39:26 +0000 (15:39 +0000)]
tests: session in interrupt mode

Type: test

Signed-off-by: Filip Tehlar <[email protected]>
Change-Id: I2deba97a8dfff907f0e2452e9347d6a68474ce92

2 years agobuild: add extra rpm build dependencies 29/37529/2
Tianyu Li [Wed, 26 Oct 2022 09:15:12 +0000 (09:15 +0000)]
build: add extra rpm build dependencies

make install-ext-dep failed with,
sudo rpm -Uih vpp-ext-deps-23.02-4.aarch64.rpm
error: Failed dependencies:
        perl(IBswcountlimits) is needed by vpp-ext-deps-23.02-4.aarch64

vpp-ext-deps have dependencies on infiniband-diags and libibumad

Type: fix

Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I2aea453f53d6507285b4f87f04c6dfc4845098cd

2 years agocnat: Fix unformat_cnat_snat_interface_map_type 89/37489/7
Miguel Borges de Freitas [Wed, 19 Oct 2022 21:33:56 +0000 (22:33 +0100)]
cnat: Fix unformat_cnat_snat_interface_map_type

Fix initialization of the table u32 var which is leading to the incorrect
unformat of interface map type

Type: fix

Signed-off-by: Miguel Borges de Freitas <[email protected]>
Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b

3 years agovcl: register workers when reattaching to vpp 89/37389/7
Maros Ondrejicka [Wed, 12 Oct 2022 20:58:01 +0000 (22:58 +0200)]
vcl: register workers when reattaching to vpp

Type: improvement
Signed-off-by: Maros Ondrejicka <[email protected]>
Change-Id: I82a286e2872338974c1930138c30db78103ae499

3 years agosession: add session event log for session state 21/37521/5
Steven Luong [Tue, 25 Oct 2022 20:09:11 +0000 (13:09 -0700)]
session: add session event log for session state

To aid sesipon debug, add session event log in SM debug to track
the session state.

Type: improvement

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686

3 years agovirtio: use current_data as l2_hdr_offset 20/37520/1
Mohsin Kazmi [Tue, 25 Oct 2022 19:27:08 +0000 (19:27 +0000)]
virtio: use current_data as l2_hdr_offset

Type: fix

virtio transmit node uses header offsets to set the
appropriate metadata for packet with offloads. But
l2_hdr_offset is not correctly set by previous node(s).
This patch makes use of curren_data field as l2_hdr_offset.

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218

3 years agodevices: fix the l2 hdr offset in af_packet transmit side 19/37519/1
Mohsin Kazmi [Tue, 25 Oct 2022 19:23:51 +0000 (19:23 +0000)]
devices: fix the l2 hdr offset in af_packet transmit side

Type: fix

af_packet transmit node uses header offsets to set the
appropriate metadata for packet with offload. But
l2_hdr_offset is not correctly set by previous node.
This patch makes use of curren_data field as l2_hdr_offset.

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0

3 years agoudp: use new wrk context for connections 13/37513/3
Florin Coras [Tue, 25 Oct 2022 01:59:06 +0000 (18:59 -0700)]
udp: use new wrk context for connections

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I9c4050f96c310f1e6eb2cae8d908c44968526c3c

3 years agoudp: postpone cleanup of udp connections 12/37512/3
Florin Coras [Tue, 25 Oct 2022 01:46:20 +0000 (18:46 -0700)]
udp: postpone cleanup of udp connections

Avoid deleting connections in session layer io event handler.

Type: improvement

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I87b3e53f9039161688467d9716875583ad797c07

3 years agordma: set correct CQE flags 28/37428/2
Jieqiang Wang [Mon, 19 Sep 2022 15:33:21 +0000 (23:33 +0800)]
rdma: set correct CQE flags

CQE flags located in bits 16-31 at offset 0x1c should be defined as
actual numbers instead of indexes. Besides, L3 header type for IPv4 is
10(2 in decimal) and for IPv6 is 01(1 in decimal) according to CQE entry
fields description of page 120 in Mellanox Programmer Reference Manual.
(https://network.nvidia.com/files/doc-2020/ethernet-adapters-programming-manual.pdf)

Fixing this issue will lead to correct CQE flags printing for rdma-input
node when buffer trace is enabled.

Type: fix

Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: I9b578ca5cbd8cd93a577aa83131e31c79f60430e

3 years agordma: fix ipv4 checksum check in rdma-input node 29/37429/2
Jieqiang Wang [Wed, 21 Sep 2022 09:17:22 +0000 (17:17 +0800)]
rdma: fix ipv4 checksum check in rdma-input node

- cqe_flags pointer should be incremented accordingly otherwise only the
first element in cqe_flags will be updated
- flag l3_ok should be set for match variable when verifying if packets
are IPv4 packets with flag l3_ok set
- mask/match variables should be converted to network byte order to
match the endianness of cqe_flags
- vector processing of checking cqe flags will set return value to
0xFFFF by mistake if packet numbers are not multiple of 16(VEC256) or
8(VEC128)

Type: fix

Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: I9fec09e449fdffbb0ace8e5a6ccfeb6869b5cac1

3 years agohash: add local variable 01/37501/2
Gabriel Oginski [Fri, 21 Oct 2022 07:05:56 +0000 (07:05 +0000)]
hash: add local variable

The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP handling a lot of tunnels for
Wireguard, where one thread modify the hash table and other threads
starting to lookup at the same time.

The fix add a local variable to store how many bits are used by a user
object.

Type: fix
Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: Iecf6b3ef9f308b61015c66277cc459a6d019c9c1

3 years agopacketforge: fix GTP-Extension header field data 71/37271/3
Ting Xu [Thu, 29 Sep 2022 05:50:55 +0000 (13:50 +0800)]
packetforge: fix GTP-Extension header field data

Fix the incorrect fields data of GTP-Extension header.

Type: fix
Signed-off-by: Ting Xu <[email protected]>
Change-Id: Iafc5e852910649afcf0e583a5513b1ab33f5b5e8

3 years agodocs: update cnat docs to current vpp version 90/37490/4
Miguel Borges de Freitas [Wed, 19 Oct 2022 22:21:20 +0000 (23:21 +0100)]
docs: update cnat docs to current vpp version

The documentation for the cnat plugin is highly outdated specially on
the snat section.

Type: docs

Signed-off-by: Miguel Borges de Freitas <[email protected]>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53

3 years agodpdk: add Intel QAT 200xx series support 07/37507/2
Vladimir Ratnikov [Mon, 24 Oct 2022 11:11:56 +0000 (11:11 +0000)]
dpdk: add Intel QAT 200xx series support

Type: feature

Signed-off-by: Vladimir Ratnikov <[email protected]>
Change-Id: I2fd1e321983ac5caa03aac8705dfc596985c35f7