gerrit.fd Code Review

tcp: allow syns in closed state

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9

vcl: do not stop listeners on vls epoll del

Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7

vcl: always drain libc epoll with eventfds in ldp

Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5

hs-test: nginx mirroring test improvements

- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.

Type: test

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea

vlib: fix vlib_log for elog

test output before fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      53.022586433: log-notice: test-log for-elog
      60.318329361: log-debug: test-log for-elog
DBGvpp#

test output after fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      18.362721151: log-warn: test-log for-elog
      25.124570555: log-info: test-log for-elog
DBGvpp#

Type: fix

Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Ie1122787f9efb611cdafc671b4ccf68b43984924

stats: fix tests with multiple workers

Type: fix

Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321
Signed-off-by: Benoît Ganne <bganne@cisco.com>

lb: keep AddressSanitizer happy

vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.

Type: fix

Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <bganne@cisco.com>

vppinfra: fix memory traces

- allocates the memory trace spinlock independently from the main heap
- disable tracing on a per thread basis
- make sure we hold the memory trace spinlock when changing tracing

Type: fix

Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <bganne@cisco.com>

af_packet: fix the first packet offset

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb

af_xdp: fix netns configuration

- clib_open_netns() expects a NULL-terminated C-string
- if no netns was given, we should not try to format it otherwise we'll
get "(nil)" as netns name.

Type: fix

Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <bganne@cisco.com>

build: add sanitizer option to configure script

Type: improvement

Change-Id: Ia679d6e5fb7eff6dbd7363465e5667119751e908
Signed-off-by: Benoît Ganne <bganne@cisco.com>

vlib: avoid non-mp-safe cli process node updates

Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.

Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:

    DBGvpp# sh cli-sessions
    PNI   FD    Name                     Flags
    708   14    unix-cli-local:10558     iSLpa
    710   15    unix-cli-127.0.0.1:33252 ISlpA

    DBGvpp# sh terminal
    Terminal name:   unix-cli-127.0.0.1:33252
    Terminal node:   unix-cli-process-1
    Terminal mode:   char-by-char
    Terminal width:  158
    Terminal height: 43
    ANSI capable:    yes
    Interactive:     yes
    History enabled: yes
    History limit:   50
    Pager enabled:   yes
    Pager limit:     100000
    CRLF mode:       CR+LF

Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b

interface: more cleaning after set flags is failed in vnet_create_sw_interface

There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called

Type: fix

Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>

interface: add the missing tag keyword in the cli helper

Type: style

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67

crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag

IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).

Type: improvement

Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>

memif: fix input vector rate of memif-input node

Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.

Type: fix

Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8

vlib: fix macro define command not work in startup config exec script

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Idb34490199a78d5b0c1fe2382b6483a6e3a6fd1f

vlib: fix ASAN fake stack size set error when switching to process

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I2add6cb8dba837e47596983ec8303883aba3a138

dpdk: plugin init should be protect by thread barrier

Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2

vppinfra: adding support for socket mounting paths

Type: improvement

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: If894b2b741d0d417a6fc458dda83ca1d8192385d

flow dpdk: introduce IP in IP support for flow

This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
MAC-IPv4-IPv4-TCP/UDP/None,
MAC-IPv4-IPv6-TCP/UDP/None,
MAC-IPv6-IPv4-TCP/UDP/None,
MAC-IPv6-IPv6-TCP/UDP/None,

IP in IP flow rules can be created by using the following new keywords in vppctl:
in-src-ip, in-dst-ip        : to provide information for inner IPv4 header
in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
in-proto                    : to specify inner transport layer protocol type (TCP or UDP)
in-src-port, in-dst-port    : to provide information for inner TCP/UDP header

An example to create flow rule for MAC-IPv6-IPv6-TCP:
test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default

Another example to create flow rule for MAC-IPv6-IPv6:
test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default

Type: feature

Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd

vppinfra: fix clib_bitmap_will_expand() result inversion

Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.

Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.

Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421

crypto: make it easier to diagnose keys use-after-free

Type: improvement

Change-Id: Ib98eba146e24e659acf3b9a228b81fcd641f4c67
Signed-off-by: Benoît Ganne <bganne@cisco.com>

build: replace phony target with .ok file

When VPP builds its external packages from source, it will download the
package, patch it, configure it, build and install it. For DPDK, it will
depend on rdma-core if mlx4/mlx5 PMD is enabled. So phony target
dpdk-config needs to have the prerequisites of rdma-core-install and
ipsec-mb-install(x86 only), which are both phony targets. This leads to
redundant behavior of recipes executing twice in dpdk-config.
Replace the phony target with hidden file *.install.ok to avoid that.

Type: improvement
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ibf3b766ab7a4ccfcbffe08f6cdb90da72ca1ce29

misc: define SElinux mapped file permissions

SElinux added support for defining what files can be mmap()'d a while back.
This change defines those files that VPP maps.

This is needed for EL9 support

Type: fix

Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: Iedd26914e29347169c4cc138628df7823ddd5691

build: add Rocky Linux 9 support

Currently only RHEL/CentOS 8 and Fedora are supported.
EL9 is a middle ground and thus require some different dependencies.

Type: feature

Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: I7be79e61994800bb796d4e9141f0ff6ad8bdead2

snort: fix descriptor offset may be truncated if buffers num too large

Type: fix
Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com>
Change-Id: I9694f7d8aad8868b11e08fabe179fd51c14dfcdb

interface: fix 4 or more interfaces equality comparison bug with xor operation using (a^a)^(b^b)

Type: fix
Signed-off-by: lijinhui <lijh_7@chinatelecom.cn>
Change-Id: I80783eed2b819a9e6fd4cee973821c9d97c285a6

vppinfra: display only the 1st 50 memory traces by default

When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.

Type: improvement

Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <bganne@cisco.com>

stats: fix node name compare error when updating stats segment

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib39aa345415720dd05a1b3e12e3e03eac43c5606

memif: autogenerate socket_ids

This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.

It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.

socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)

Type: feature

Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>

hs-test: add support for running vpp in gdb

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6e03b88ca013cafd73f424ea63f706f105bebe6b

vpp-swan: fix memory leaks

This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53

wireguard: add barrier to sync data

The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.

This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39

stats: expose symlink to stats client

For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.

The VPP symlink metric:
/interfaces/local0/rx_unicast

that points to
/if/rx_unicast

Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0

Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6

docs: fixed to use unified "pcap trace" command

Type: docs
Fixes: 33909777c637 ("misc: unify pcap rx / tx / drop trace")
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I049616cfad300658e62e5026c0655ee6f07a2421

vcl: accept bound notifications in epoll wait

Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.

App does not need to be notified of the event.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5

vcl: accept vcl spurious wakeup in epoll wait eventfd

Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9

vcl: close libc epfd on vls epfd close

Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb

vcl: only add sessions to lt list if needed

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I777979dbb89f9af774533cb280e77af58b81fb29

hs-test: update hs-test documentation

Type: docs
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I123898923afa382ff0d4410652f4a17a8740d711

hs-test: fix error check

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I445f5357817fceeb9b5ead01c3530edaae45189a

udp: fix optimistic assert for UDP RX

Change-Id: I431c4a6f409b129e4290dba2e1acadea460ac797
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: improvement

vpp-swan: improve Makefile

Type: improvement

Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.

In addition README is updated.

Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4

vcl: fix undeclared UDP_SEGMENT for centos 8

Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.

Type: fix
Fixes: eff5f7aea8c7 ("vcl: ldp support for ip_pktinfo")

Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc

hs-test: fix wait for app after ldp change

After gerrit 38370 (729b9c94), apps are registered via ldp using program
name. Update tests to support that.

Also add make file help for UNCONFIGURE.

Type: test

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d

session: consolidate port alloc logic

Move port allocation logic from transports into generic transport layer.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e

tcp: add dispatch errors to counters

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I27112947071a757065162f0e50f69983d258525d

hs-test: fill configuration files at runtime

Treat certain configuration files, which contain runtime-dependent
information, as templates. The information is filled at runtime and the
files are copied into containers.
This allows to avoid hard-coding IP addresses into configuration files.

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1dae8f15f4f76c0bf1779d7c68b7f3859bf5a861

vcl: use program invocation name in ldp app name

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2c97faa2cdca32d083aabc3344c8fe67c74ff2fd

hs-test: allow nginx suite to unconfigure topology

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I84209e6d2c914d1c7b9dec7efc3898b75552db1b

hs-test: test vpp+nginx mirroring with tap ifaces

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I05bbed8fd9d40929f040574044aed5292a475e91

vcl: handle lt events in epoll ctl

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e176e9ada32d5f61d10aeca1c68f72114dec9b8

hs-test: add option to unconfigure topology

Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace

vcl: improve vls handling of shared listeners

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1970408de52e53d24cea06b3ae0cc68a38cbc97a

hs-test: refactor netconfig

This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b

vpp-swan: fix segmentation fault in arp function

This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19

wireguard: fix potential leaks of async frame

The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.

This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e

tcp: fix error counters

Type: fix

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I9f4944f77ecf94f16f809392f28466e33f7f779d

hs-test: store logs

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I50ad5d8c2e5066d8d24f7959aeb534a2f0a6fae0

hs-test: modify nginx tests

This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93

hs-test: improve test infra

- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52

srtp: fix build on ubuntu-22.04

- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.

Type: fix

Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

hs-test: fix install/build on new ubuntu instance

Type: test

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I9c59d98d16e387925057626ba9080210f4334c53

hs-test: clean-up ip address generation

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I74c505920d1363d0ff2b3213fd831c181b70a173

session: track app session closes

Make sure applications, especially builtin ones, cannot close a session
multiple times.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1

vcl: ldp support for ip_pktinfo

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3c15f38a4a3f5e92506059277948e7fca9cd8b55

vcl: fix incorrect ldp worker in ldp_epoll_pwait()

For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.

Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().

Type: fix

Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274

hs-test: check for missing output in nginx tests

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I08cd492fff4b9d50a1761a29c2b231cc8544313b

wireguard: move buffer when insufficient pre_data left

Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).

In such a case move buffer's content.

Type: fix

Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>

session: ignore zero length dgrams

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70596ffcf90fa4cd57092584cb7a454f44208943

hs-test: clean-up obsolete code

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I52cd825f903e41c35f6c4a9db71f00dbedbb8680

build: add missing dependences for centos 8

VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.

Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405

tests: support tmp-dir on different filesystem

Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.

Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356

vpp-swan: removed adding the same rule in SPD

The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.

This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9

rdma: always use 64 byte CQEs for MLX5

When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.

Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc

misc: VPP 22.10.1 Release Notes

Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I70374ea376c895d92d5789debf4b437113e3d884
(cherry picked from commit 57302fe52f141c19b5448997774271d2eedf5cb1)

misc: VPP 22.06.1 Release Notes

Type: docs
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I8770a35c801126ffd2de8f58d79e6616642709a9
(cherry picked from commit 1513b381d8879d9d437bbbc9a270b4ff5f4b19ba)

sr: support define src ipv6 per encap policy

Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.

Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>

hs-test: refactor test cases from no-topo suite

This converts remaining tests to configation of VPP from test context.

Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>

hs-test: refactor test cases from ns suite

This converts more tests to configure VPP from test context.

Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6

tests: use existing pip compiled req file for building the run.py venv

pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again

Type: improvement

Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <najoy@cisco.com>

tests: use iperf3 for running interface tests on the host

Type: improvement

Change-Id: I7123591932d51ce0c5b372893454945bbd3913b2
Signed-off-by: Naveen Joy <najoy@cisco.com>

hs-test: configure VPP from test context

Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.

This converts just some of the test cases, rest is to follow.

Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f

session: accept lcl ip updates on cl sessions

Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0

build: allow skipping external-deps

Change-Id: I0e5090ec6978af0dc4baecc7654918cf40663f42
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature

avf dpdk: fix incorrect handling of IPv6 src address in flow

In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.

Type: fix

Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c

avf: fix incorrect flag for flow director

When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.

Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1

avf: fix checksum offload configuration

Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.

Type: fix

Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d

avf: fix bit calculation function fls_u32

In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.

Type: fix

Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74

ip6-nd: support dump/details for IPv6 RA

Type: improvement

With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4

ipsec: fix AES CBC IV generation (CVE-2022-46397)

For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.

Fixes: VPP-2037
Type: fix

Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>

vcl: drop lock on segment attach failure

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3bc2c7986f492b7b7dfbc84e4893202354223790

vcl: add ldp implementation for recvmmsg

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7322abc3d3b0aa81399667bf02b03786fc62c958

vcl: better handlig of ldp apis that rely on gnu source

Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.

Also fixes sendmmsg and recvmmsg which were not probably wrapped.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d

packetforge: fix lack of edge for ipv6 after gtppsc

Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.

Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c

hs-test: add nginx perf tests

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic609cf70c1d381afa78f393700359434c8bd0452

vppinfra: refactor clib_socket_init, add linux netns support

Type: improvement
Change-Id: Ida2d044bccf0bc8914b4fe7d383f827400fa6a52
Signed-off-by: Damjan Marion <dmarion@me.com>

ipsec: fix SA names consistency in tests

In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.

Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.

This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.

Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a

ipsec: fix async crypto linked keys memory leak

Type: fix

Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>