vpp.git
3 years agovppinfra: add clib_array_mask_set_u32() 97/37097/1
Damjan Marion [Thu, 8 Sep 2022 17:00:06 +0000 (19:00 +0200)]
vppinfra: add clib_array_mask_set_u32()

Type: improvement
Change-Id: Idf1fb054d5ff495d772d01a79cbc6cd1b409d377
Signed-off-by: Damjan Marion <[email protected]>
3 years agonat: fix nat44-ed-in2out fast path next node 43/36643/4
Jing Peng [Fri, 8 Jul 2022 16:52:01 +0000 (12:52 -0400)]
nat: fix nat44-ed-in2out fast path next node

When a session is found expired, the next node of in2out fast path
should be in2out slow path instead of out2in slow path.

Type: fix
Signed-off-by: Jing Peng <[email protected]>
Change-Id: If1dd920502089c25b33bea5434823b0496a44499

3 years agofib: missing headers 87/37087/2
Damjan Marion [Wed, 7 Sep 2022 16:52:18 +0000 (18:52 +0200)]
fib: missing headers

Type: improvement
Change-Id: I7f52222706200c31a731fadfb84513549ccb532d
Signed-off-by: Damjan Marion <[email protected]>
3 years agowireguard: eliminate some calls to main thread 81/37081/2
Matthew Smith [Fri, 2 Sep 2022 14:34:38 +0000 (14:34 +0000)]
wireguard: eliminate some calls to main thread

Type: improvement

Roaming functionality allows the peer address to change. The main thread
was being called to update a peer's address if necessary after
processing a received packet. Check in the worker whether this is
necessary before incurring the overhead of the RPC to the main thread.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45

3 years agoavf: check for VLAN_TOGGLE capability 79/37079/2
Mohammed Hawari [Tue, 6 Sep 2022 16:08:12 +0000 (18:08 +0200)]
avf: check for VLAN_TOGGLE capability

The ability to modify the vlan setting must be checked prior to using
VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan
stripping

Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897
Type: fix
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agodpdk-cryptodev: reduce request to enable async 82/37082/2
Gabriel Oginski [Tue, 6 Sep 2022 08:59:16 +0000 (08:59 +0000)]
dpdk-cryptodev: reduce request to enable async

Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.

The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.

Type: fix

Signed-off-by: Gabriel Oginski <[email protected]>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3

3 years agobuild: Cleanup python2 from suse build and uplift opensuse version 67/37067/5
Laszlo Kiraly [Fri, 2 Sep 2022 12:08:36 +0000 (14:08 +0200)]
build: Cleanup python2 from suse build and uplift opensuse version

 - default to opensuse-leap 15.4, no python2 support in this version
 - deprecate version openSUSE 15.0, openSUSE 15.3 still supported

Type: make

Signed-off-by: Laszlo Kiraly <[email protected]>
Change-Id: Ic7178ff5238e2669bc45166c1f13d3f077f6069b
Signed-off-by: Laszlo Kiraly <[email protected]>
3 years agovrrp: fix cli functions according to short_help 69/37069/3
luoyaozu [Fri, 2 Sep 2022 12:32:13 +0000 (20:32 +0800)]
vrrp: fix cli functions according to short_help

test output before fix:
  DBGvpp# vrrp proto start sw_if_index 1 vr_id 1
  vrrp proto: unknown input `sw_if_index 1 vr_id 1'
  DBGvpp# vrrp vr track-if add sw_if_index 1 vr_id 1 track-index 1
priority 30
  vrrp vr track-if: Please specify an interface

Type: fix

Signed-off-by: luoyaozu <[email protected]>
Change-Id: Ib8ba67e920b23008d9246318ec8f8f17bf0bea95

3 years agoip: fix punt socket overflow 46/34046/6
Benoît Ganne [Tue, 12 Oct 2021 08:14:30 +0000 (10:14 +0200)]
ip: fix punt socket overflow

client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.

Type: fix

Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <[email protected]>
3 years agobuild: set OS_ID_LIKE only if unset 50/37050/2
Benoît Ganne [Wed, 31 Aug 2022 09:45:17 +0000 (11:45 +0200)]
build: set OS_ID_LIKE only if unset

cmake MATCHES directive with the empty regex "" always match, including
non-empty strings.

Type: fix
Fixes: 534dfc1f18db74f4a2c78d62fe6893daba56dc86

Change-Id: If085b29da15a6d7fc680cebb823183fd3c7eea68
Signed-off-by: Benoît Ganne <[email protected]>
3 years agoipsec: fix coverity 249212 56/37056/3
Andrew Yourtchenko [Wed, 31 Aug 2022 14:37:36 +0000 (14:37 +0000)]
ipsec: fix coverity 249212

zero-initialize the variables

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I51c3856865eab037f646a0d184e82ecb3b5b3216

3 years agobuild: remove lto flags in dpdk build 36/37036/3
Dave Wallace [Tue, 30 Aug 2022 02:45:03 +0000 (22:45 -0400)]
build: remove lto flags in dpdk build

- Ubuntu 22.04 enables LTO by default and dpdk
  adds lto flags to CFLAGS. This CI jobs to fail
  with OOM-Kill (especially on ARM64) due to lto
  consuming large amounts of memory.

Type: make

Signed-off-by: Dave Wallace <[email protected]>
Change-Id: I5a3d3a08e2caddb4790b281b80b16081567aed5b

3 years agoudp: store mss and sw_if_index to udp_connection_t 30/36730/4
Steven Luong [Mon, 25 Jul 2022 16:29:23 +0000 (09:29 -0700)]
udp: store mss and sw_if_index to udp_connection_t

Store mss and sw_if_index to udp_connection_t and display them via
show sessipn verbose 2

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I32928f3f4195b178873dc1bada702e035d99c464

3 years agonat: fix coverity 249194 53/37053/2
Andrew Yourtchenko [Wed, 31 Aug 2022 14:11:59 +0000 (14:11 +0000)]
nat: fix coverity 249194

Zero-initialize a variable.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Iccf2eb4bf26755d6cd93fc70df3c5481d69ce7eb

3 years agonat: fix coverity 249178 54/37054/2
Andrew Yourtchenko [Wed, 31 Aug 2022 14:16:10 +0000 (14:16 +0000)]
nat: fix coverity 249178

Zero-initialize the variable

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I4ee127ac3e2a3beffa11bbc96db1f3254b3f7c5d

3 years agopppoe: fix coverity 218437, 218401 55/37055/3
Andrew Yourtchenko [Wed, 31 Aug 2022 14:20:40 +0000 (14:20 +0000)]
pppoe: fix coverity 218437, 218401

Initialize the session index in case of error to ~0,
so is defined in case trace needs to copy it.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e

3 years agogso: zero-initialize gho struct 24/35724/4
Vladislav Grishenko [Sat, 20 Nov 2021 09:52:53 +0000 (14:52 +0500)]
gso: zero-initialize gho struct

It may contain garbage in debug builds resulting in wrong
gho detected flags and offsets.

Type: fix
Signed-off-by: Vladislav Grishenko <[email protected]>
Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2

3 years agodevices: fix coverity warning 47/37047/1
Mohsin Kazmi [Wed, 31 Aug 2022 11:14:28 +0000 (11:14 +0000)]
devices: fix coverity warning

Type: fix

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I0a58c0f54d8be31a0a78bef00152fb2cc193840e

3 years agodevices: add support for polling mode 40/37040/2
Mohsin Kazmi [Tue, 30 Aug 2022 13:29:06 +0000 (13:29 +0000)]
devices: add support for polling mode

Type: improvement

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I8d84dc8b7f5c5e863c32838cfafc3d366e2a7e00

3 years agodpdk: fix arm iavf rx vector path on 22.03 64/36964/2
Tianyu Li [Fri, 19 Aug 2022 10:19:07 +0000 (10:19 +0000)]
dpdk: fix arm iavf rx vector path on 22.03

dpdk 22.03 introduces iavf driver but misses rx vector path on Arm.
This causes VF fail to receive packet when running VPP device test
with no-multi-seg configuration.

Add iavf basic Neon RX support to fix this.

Type: fix
Fixes: 2f132efc3caf ("dpdk: bump to DPDK v22.03")

Signed-off-by: Tianyu Li <[email protected]>
Change-Id: I75ae74c8060428cee0e1c235feab1246c014801e

3 years agol2: skip arp term for locally originated packets 17/36117/4
Stanislav Zaikin [Tue, 10 May 2022 18:50:36 +0000 (20:50 +0200)]
l2: skip arp term for locally originated packets

Mark arp packet as locally originated when probing/replying and don't apply any
arp-term logic against it.

Type: fix
Signed-off-by: Stanislav Zaikin <[email protected]>
Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079

3 years agotcp: do not overcount ooo bytes 34/37034/2
Florin Coras [Mon, 29 Aug 2022 18:35:53 +0000 (11:35 -0700)]
tcp: do not overcount ooo bytes

Type: fix

Signed-off-by: Florin Coras <[email protected]>
Change-Id: Ic81702bffb5b3189db48efe1ab3b237fa2bf75f2

3 years agodma_intel: fix the wrong unformat type 37/37037/2
Haiyue Wang [Tue, 30 Aug 2022 06:33:02 +0000 (14:33 +0800)]
dma_intel: fix the wrong unformat type

The unformat type for "%d" should be u32 or int, otherwise the 'did' in
high stack address will be overflow to zero by the 'qid' which is in the
low stack address.

Like input "dev wq3.2" will return "did=0, qid=2".

Type: fix
Signed-off-by: Haiyue Wang <[email protected]>
Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90

3 years agomemif: Process bad descriptors correctly in memif_process_desc 31/37031/3
Steven Luong [Mon, 29 Aug 2022 17:00:31 +0000 (10:00 -0700)]
memif: Process bad descriptors correctly in memif_process_desc

When there is a bad descriptor, it may in the beginning, in the middle,
or at the end of the batch if the batch has more than 3 descriptors.
When processing a bad descriptor is encountered in the batch, we need to
rollback n_buffers in memif_process_desc(), or the statement in the same
function
    memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy,
                               dst_off, n_buffers - 1);
is wrong because it picks up the wrong buffer_vec_index of the bad
descriptor while parsing a good descriptor immediately following the
bad descriptor. n_buffers was incremented in the beginning of
while (n_left) loop.

The other problem is we should count the number of bad packets and
reduce ptd->n_packets to get the correct number of packets for subsequent
processing in device_input.

The last fix is to check if n_buffers == 0 in device_input and skip
doing any descriptor copy. This case can happen when all the descriptors
are bad in the batch.

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I28ed1d87236b045657006755747b5750a9a733be

3 years agoethernet: fix coverity 214973 99/36999/3
Andrew Yourtchenko [Tue, 23 Aug 2022 15:48:59 +0000 (15:48 +0000)]
ethernet: fix coverity 214973

Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei,
is called only if ei is set.

Type: fix
Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovlib: fix coverity 274750, part 2 25/37025/2
Andrew Yourtchenko [Fri, 26 Aug 2022 13:46:44 +0000 (13:46 +0000)]
vlib: fix coverity 274750, part 2

Add another missing null check.

Type: fix
Change-Id: Iec4de548810efe369a6e61b8787131230506cff6
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovlib: fix coverity 277203 24/37024/2
Andrew Yourtchenko [Fri, 26 Aug 2022 13:13:20 +0000 (13:13 +0000)]
vlib: fix coverity 277203

Fix integer overflow.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I72de6f88be064f188204d0f6d3167a3a8d7de58d

3 years agodpdk: bump to 22.07 85/36785/3
Fan Zhang [Tue, 2 Aug 2022 10:17:08 +0000 (10:17 +0000)]
dpdk: bump to 22.07

Type: feature

This patch bumps DPDK version to 22.07.

Signed-off-by: Fan Zhang <[email protected]>
Change-Id: I72ecb31ca15774aed4453778042120610020a0c1

3 years agoethernet: refactor the redundant code 39/37039/2
Andrew Yourtchenko [Tue, 30 Aug 2022 11:22:09 +0000 (11:22 +0000)]
ethernet: refactor the redundant code

Following the discussion during the review
of  b46a4e69e5db18ef792415439d04a0ab22c59386,
remove the redundant ei0. This resulted in realization
that in order for this code to do anything useful,
the ei must be always non-zero, so rewrite the logical
condition for it. Also, make it a conjunction which seems simpler
to understand.

Type: improvement
Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovlib: use error description when dropping packets 23/37023/2
Arthur de Kerhor [Fri, 26 Aug 2022 08:57:35 +0000 (10:57 +0200)]
vlib: use error description when dropping packets

Using the error name makes it less explicit in the packet trace than
the error description when a packet is dropped. Example of the trace
when the TTL is <=1:

01:03:17:015278: drop
  ip4-input: time_expired

We should have "ip4 ttl <= 1" instead of "time_expired"

Type: fix
Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e
Signed-off-by: Arthur de Kerhor <[email protected]>
3 years agoethernet: fix mac address increment error 28/37028/2
Jieqiang Wang [Sun, 14 Aug 2022 09:49:44 +0000 (17:49 +0800)]
ethernet: fix mac address increment error

Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add
static ARP entries will output wrong mac addresses due to lack of
big/little endian conversion. Fix this error by converting mac address
from big endian to little endian before doing the self-increment.

Before patched:

vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
    Time                       IP                    Flags      Ethernet              Interface
      4.4400               198.18.1.5                  S    05:aa:bb:cc:dd:e0  rdma-0
      4.4399               198.18.1.4                  S    04:aa:bb:cc:dd:e0  rdma-0
      4.4399               198.18.1.3                  S    03:aa:bb:cc:dd:e0  rdma-0
      4.4399               198.18.1.2                  S    02:aa:bb:cc:dd:e0  rdma-0
      4.4399               198.18.1.1                  S    01:aa:bb:cc:dd:e0  rdma-0

After patched:

vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
    Time                       IP                    Flags      Ethernet              Interface
      4.4528               198.18.1.5                  S    01:aa:bb:cc:dd:e4  rdma-0
      4.4528               198.18.1.4                  S    01:aa:bb:cc:dd:e3  rdma-0
      4.4528               198.18.1.3                  S    01:aa:bb:cc:dd:e2  rdma-0
      4.4527               198.18.1.2                  S    01:aa:bb:cc:dd:e1  rdma-0
      4.4527               198.18.1.1                  S    01:aa:bb:cc:dd:e0  rdma-0

Type: fix
Signed-off-by: Jieqiang Wang <[email protected]>
Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278

3 years agofib: fix coverity 249175 05/37005/2
Andrew Yourtchenko [Tue, 23 Aug 2022 17:29:00 +0000 (17:29 +0000)]
fib: fix coverity 249175

Add an assert to express the constraint to coverity without
incurring the overhead in release builds.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f

3 years agofib: fix coverity 253539 04/37004/3
Andrew Yourtchenko [Tue, 23 Aug 2022 17:23:47 +0000 (17:23 +0000)]
fib: fix coverity 253539

Add an ASSERT so coverity is aware of the assumption taken,
without incurring any penalty in release build.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agoethernet: fix coverity 218549 98/36998/4
Andrew Yourtchenko [Tue, 23 Aug 2022 15:38:05 +0000 (15:38 +0000)]
ethernet: fix coverity 218549

Check that the pointer is non-null before dereferencing it.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240

3 years agonat: fix coverity 249202 30/37030/1
Benoît Ganne [Mon, 29 Aug 2022 09:56:08 +0000 (11:56 +0200)]
nat: fix coverity 249202

In case of a bad packet, the bihash kv is not initialized before being
copied in the trace. Make sure it is initialized to 0.

Type: fix

Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5
Signed-off-by: Benoît Ganne <[email protected]>
3 years agolibmemif: fix the buffer size 64/36764/2
Mohsin Kazmi [Wed, 27 Jul 2022 13:43:07 +0000 (13:43 +0000)]
libmemif: fix the buffer size

Type: fix

Previously, libmemif can only use buffer size which
have to be power of 2. memif protocol does not enforce
this. This patch fixes this issue.

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: Ic71e6a51685e2c2228c744920797064d4c7c65c9

3 years agolibmemif: add support for custom buffer-size and headroom in icmp example app 67/36767/2
Mohsin Kazmi [Wed, 27 Jul 2022 15:04:01 +0000 (15:04 +0000)]
libmemif: add support for custom buffer-size and headroom in icmp example app

Type: improvement

Signed-off-by: Mohsin Kazmi <[email protected]>
Change-Id: I2bdaee7938a3747e3217d6901ec3c66f1ee3da61

3 years agolinux-cp: fix coverity 216937 26/37026/3
Andrew Yourtchenko [Fri, 26 Aug 2022 13:59:35 +0000 (13:59 +0000)]
linux-cp: fix coverity 216937

Initialize the host_sw_if_index to ~0 so in the error cases
the variable is set to something predictable.

Type: fix
Change-Id: Ic55e4f0cbfa286e85dfb54b89b5321af18a439a1
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agonsh: fix coverity 249201 02/37002/3
Andrew Yourtchenko [Tue, 23 Aug 2022 16:54:53 +0000 (16:54 +0000)]
nsh: fix coverity 249201

Zero-initialize the temporary struct, else a->map.adj_index is being used unset.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ia02636ea1e911250d6aa5e413de48e1e09863880

3 years agobuild: disable gcc warning stringop-overflow for gcc-10 or greater 22/37022/2
Dave Wallace [Thu, 25 Aug 2022 21:42:24 +0000 (17:42 -0400)]
build: disable gcc warning stringop-overflow for gcc-10 or greater

- this warning causes build errors with gcc on ubuntu 22.04

Type: make

Change-Id: Id8f6ab44b2315ce8a4564ea924d799ecb6f57fdf
Signed-off-by: Dave Wallace <[email protected]>
3 years agovlib: introduce DMA infrastructure 14/36914/5
Marvin Liu [Wed, 17 Aug 2022 01:38:40 +0000 (09:38 +0800)]
vlib: introduce DMA infrastructure

This patch introduces DMA infrastructure into vlib. This is well known
that large amount of memory movements will drain core resource. Nowadays
more and more hardware accelerators were designed out for freeing core
from this burden. Meanwhile some restrictions still remained when
utilizing hardware accelerators, e.g. cross numa throughput will have a
significant drop compared to same node. Normally the number of hardware
accelerator instances will less than cores number, not to mention that
applications number will even beyond the number of cores. Some hardware
may support share virtual address with cores, while others are not.

Here we introduce new DMA infrastructure which can fulfill the
requirements of vpp applications like session and memif and in the
meantime dealing with hardware limitations.

Here is some design backgrounds:

  Backend is the abstract of resource which allocated from DMA device
  and can do some basic operations like configuration, DMA copy and
  result query.

  Config is the abstract of application DMA requirement. Application
  need to request an unique config index from DMA infrastructure. This
  unique config index is associated with backend resource. Two options
  cpu fallback and barrier before last can be specified in config.
  DMA transfer will be performed by CPU when backend is busy if cpu
  fallback option is enabled. DMA transfer callback will be in order
  if barrier before last option is enabled.

  We constructs all the stuffs that DMA transfer request needed into
  DMA batch. It contains the pattern of DMA descriptors and function
  pointers for submission and callback. One DMA transfer request need
  multiple times batch update and one time batch submission.

  DMA backends will assigned to config's workers threads equally. Lock
  will be used for thread-safety if same backends assigned to multiple
  threads. Backend node will check all the pending requests in worker
  thread and do callback with the pointer of DMA batch if transfer
  completed. Application can utilize cookie in DMA batch for selves
  usage.

DMA architecture:

   +----------+   +----------+           +----------+   +----------+
   | Config1  |   | Config2  |           | Config1  |   | Config2  |
   +----------+   +----------+           +----------+   +----------+
        ||             ||                     ||             ||
   +-------------------------+           +-------------------------+
   |  DMA polling thread A   |           |  DMA polling thread B   |
   +-------------------------+           +-------------------------+
               ||                                     ||
           +----------+                          +----------+
           | Backend1 |                          | Backend2 |
           +----------+                          +----------+

Type: feature

Signed-off-by: Marvin Liu <[email protected]>
Change-Id: I1725e0c26687985aac29618c9abe4f5e0de08ebf

3 years agowireguard: fix ipv6 payload_length computation 18/37018/1
Aloys Augustin [Thu, 25 Aug 2022 11:00:31 +0000 (13:00 +0200)]
wireguard: fix ipv6 payload_length computation

The ipv6 header length should not be counted in the ipv6 payload length.
This is similar to https://gerrit.fd.io/r/c/vpp/+/36945.

Type: fix
Change-Id: I22de0ff828175829102a85288513ee3f55709108
Signed-off-by: Aloys Augustin <[email protected]>
3 years agovlib: allow longer version string 06/37006/2
Matthew Smith [Tue, 23 Aug 2022 15:46:25 +0000 (15:46 +0000)]
vlib: allow longer version string

Type: improvement

When trying to use a version string in a downstream build that appends a
timestamp to the standard version string, compiling fails because the
version string is too long for the version and version_required fields
in vlib_plugin_registration_t. Increase the size of those arrays from 32
to 64 chars.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I3632139e5ae7110aa4769359f380ad29522ad4ed

3 years agoipsec: fix coverity 249204 03/37003/2
Andrew Yourtchenko [Tue, 23 Aug 2022 17:09:25 +0000 (17:09 +0000)]
ipsec: fix coverity 249204

Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I45dc42134f06917a7459d615804f978a175bec0f

3 years agolinux-cp: handle AF_BRIDGE neighbors 61/36961/2
Matthew Smith [Fri, 19 Aug 2022 19:54:40 +0000 (19:54 +0000)]
linux-cp: handle AF_BRIDGE neighbors

Type: improvement

VPP crashes when a linux-cp tap is added to a bridge on the host system
because rtnl_neigh_get_dst() returns NULL for the neighbor message that
is sent by the kernel.

Check for NULL before trying to use the address from a neighbor in a
netlink message.

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: I8a683d815a09620df9c0cc76e18df39828428e2c
Signed-off-by: Matthew Smith <[email protected]>
3 years agolisp: address the issues raised by coverity 249165 01/37001/2
Andrew Yourtchenko [Tue, 23 Aug 2022 16:51:12 +0000 (16:51 +0000)]
lisp: address the issues raised by coverity 249165

Add the error checks in parsing, aimed to avoid parser walking past the end of packet in case the data
is garbage.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I9541b555a18baf63cb8081bcd7a4c2750f2ed012

3 years agordma: fix coverity 249197 97/36997/2
Benoît Ganne [Tue, 23 Aug 2022 15:05:58 +0000 (17:05 +0200)]
rdma: fix coverity 249197

flags is u64, makes sure we do not overflow when shifting.

Type: fix

Change-Id: Ieea34187c0b568dc4d24c9415b9cff36907a5a87
Signed-off-by: Benoît Ganne <[email protected]>
3 years agovppinfra: fix coverity 249217 27/36927/2
Andrew Yourtchenko [Wed, 17 Aug 2022 13:48:11 +0000 (13:48 +0000)]
vppinfra: fix coverity 249217

Zero-initialize the temporary struct.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I8d73feae427a17470c47d1551ba7078213b589fc

3 years agoclassify: fix coverity 249223 42/36942/2
Andrew Yourtchenko [Thu, 18 Aug 2022 12:38:00 +0000 (12:38 +0000)]
classify: fix coverity 249223

Day1 latent integer overflow.

vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32
in split_and_rehash as well.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037

3 years agonat: simplify per-protocol code by using an array 46/36946/5
Jon Loeliger [Wed, 17 Aug 2022 17:08:31 +0000 (12:08 -0500)]
nat: simplify per-protocol code by using an array

rather than using obfuscated macro hacery, simplify
the per-protocol data management by directly using
an array of NAT protocol types.

Type: refactor

Signed-off-by: Jon Loeliger <[email protected]>
Change-Id: I6fe987556ac9f402f8d490da0740e2b91440304c

3 years agovlib: memory leak in vlib_register_errors on create and delete interface 47/36947/2
Steven Luong [Thu, 18 Aug 2022 20:20:30 +0000 (13:20 -0700)]
vlib: memory leak in vlib_register_errors on create and delete interface

format returns a vector which must be free or memory is leaked.

From show memory
  3716528    66716 0x7fffbfeb0db0 _vec_resize_internal + 0xe6
                                  _vec_add + 0x164
                                  do_percent + 0xb82
                                  va_format + 0xb9
                                  format + 0x156
                                  vlib_register_errors + 0x76c
                                  setup_tx_node + 0x5c
                                  vnet_register_interface + 0xca6
                                  vnet_eth_register_interface + 0xdd
                                  memif_create_if + 0x975
                                  memif_create_command_fn + 0x461
                                  vlib_cli_dispatch_sub_commands + 0xec8

(gdb) list *(vlib_register_errors + 0x76c)
0x7ffff6e8280c is in vlib_register_errors (/home/sluong/vpp/vpp/src/vlib/error.c:224).
219
220   vec_validate (nm->node_by_error, n->error_heap_index + n_errors - 1);
221
222   for (u32 i = 0; i < n_errors; i++)
223     {
224       t.format = (char *) format (0, "%v %s: %%d", n->name, cd[i].name);
225       vm->error_elog_event_types[n->error_heap_index + i] = t;
226       nm->node_by_error[n->error_heap_index + i] = n->index;
227     }

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I2983f081b7e2c1b2d18d66afe45282933efbe127

3 years agoipsec: enable UDP encap for IPv6 ESP tun protect 75/36875/3
Matthew Smith [Tue, 9 Aug 2022 22:19:38 +0000 (22:19 +0000)]
ipsec: enable UDP encap for IPv6 ESP tun protect

Type: improvement

If an SA protecting an IPv6 tunnel interface has UDP encapsulation
enabled, the code in esp_encrypt_inline() inserts a UDP header but does
not set the next protocol or the UDP payload length, so the peer that
receives the packet drops it. Set the next protocol field and the UDP
payload length correctly.

The port(s) for UDP encapsulation of IPsec was not registered for IPv6.
Add this registration for IPv6 SAs when UDP encapsulation is enabled.

Add punt handling for IPv6 IKE on NAT-T port.
Add registration of linux-cp for the new punt reason.
Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect

Signed-off-by: Matthew Smith <[email protected]>
Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268

3 years agounittest: fix coverity 274736 40/36940/2
Andrew Yourtchenko [Thu, 18 Aug 2022 12:30:20 +0000 (12:30 +0000)]
unittest: fix coverity 274736

Free up the vapi context in case of failure.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I4f64e8718014d714f1b82877e69d2354b5fa44fb

3 years agowireguard: fix error type for crypto backend 43/36943/2
Benoît Ganne [Thu, 18 Aug 2022 13:03:45 +0000 (15:03 +0200)]
wireguard: fix error type for crypto backend

Crypto backend errors should not be using the same error as missing
keypair.

Type: fix

Change-Id: I78c2b3df3f08a354463b7824349b08627f2b023c
Signed-off-by: Benoît Ganne <[email protected]>
3 years agowireguard: fix ipv6 handshake packet 45/36945/2
Benoît Ganne [Thu, 18 Aug 2022 14:49:17 +0000 (16:49 +0200)]
wireguard: fix ipv6 handshake packet

IPv6 payload length should not include the size of the IPv6 header.

Type: fix

Change-Id: Iedcd17d0af8d72d9b5f8f9b605da7c99e151bc9d
Signed-off-by: Benoît Ganne <[email protected]>
3 years agovppinfra: correct clib_bitmap_set() return comment 44/36944/2
Jon Loeliger [Thu, 18 Aug 2022 14:19:43 +0000 (09:19 -0500)]
vppinfra: correct clib_bitmap_set() return comment

Fix a copy-n-paste issue that left clib_bitmap_set()'s return
type documentation incorrect.  Chnage it to indicate that
the function returns a new pointer for the bitmap that could
be different due to a possible reallocation.

Type: docs

Signed-off-by: Jon Loeliger <[email protected]>
Change-Id: Ia193c4673c0e4d1760e91cd7f80ebe1868a3c9b5

3 years agonat: Replace port refcounts with simple bitvectors 31/36931/3
Jon Loeliger [Tue, 16 Aug 2022 19:05:18 +0000 (14:05 -0500)]
nat: Replace port refcounts with simple bitvectors

Previously, each address maintained an array of 32-bit
reference counts for each of 65K possible ports for each
of 4 NAT protocols.  Totalling 1MB per address.  Wow.

A close read of the code shows that an "is used" check
precedes each attempted reference count increment.
That means the refcount never actually gets above 1.
That in turn means algorithmically, a bit vector is
sufficient.  And one need not be allocated for more
than the highest validated port referenced.

These changes introduce a dynamically sized bit vector
replacing the reference counts, for a maximum of 32K
if all 4 protocols use port 65535.  In fact, protocol
OTHER is never used, so at most 24K will be used, and
none of it will be "statically" allocated per address.

Type: fix
Fixes: 85bee7548bc5a360851d92807dae6d4159b68314

Change-Id: I7fd70050e7bf4871692a862231f8f38cf0158132
Signed-off-by: Jon Loeliger <[email protected]>
3 years agodns: fix coverity 249189, 249198 39/36939/2
Andrew Yourtchenko [Thu, 18 Aug 2022 12:17:05 +0000 (12:17 +0000)]
dns: fix coverity 249189, 249198

Zero-initialize the temporary struct on stack.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: I89ced4cca8e832827fe054e2e60986de5910360c

3 years agonsh: fix coverity 249169 38/36938/1
Andrew Yourtchenko [Thu, 18 Aug 2022 12:02:53 +0000 (12:02 +0000)]
nsh: fix coverity 249169

Zero-initialize the temporary struct on stack.

Type: fix
Change-Id: I651f87deeb79c6c073d5c510435fa268893a3b0e
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agoip-neighbor: Declarative .api counters. 95/36895/2
Neale Ranns [Sat, 13 Aug 2022 10:58:11 +0000 (10:58 +0000)]
ip-neighbor: Declarative .api counters.

Type: improvement

plus the addition of the 'thorttle' counter of IP6.

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09

3 years agoip: Use .api declarative counters for ICMP. 77/36877/2
Neale Ranns [Fri, 12 Aug 2022 01:50:24 +0000 (01:50 +0000)]
ip: Use .api declarative counters for ICMP.

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: I3d36faa60075658fd59eb5bbe16efcb48664691b

3 years agoikev2: accept key exchange on CREATE_CHILD_SA 79/36879/4
Atzm Watanabe [Fri, 12 Aug 2022 05:29:31 +0000 (14:29 +0900)]
ikev2: accept key exchange on CREATE_CHILD_SA

In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload
to enable stronger guarantees of forward secrecy.
When the KEi payload is included in the CREATE_CHILD_SA request,
responder should reply with the KEr payload and complete the key
exchange, in accordance with the RFC.

Type: improvement
Signed-off-by: Atzm Watanabe <[email protected]>
Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638

3 years agoikev2: fix possible SEGV 04/36804/2
Atzm Watanabe [Fri, 5 Aug 2022 09:48:25 +0000 (18:48 +0900)]
ikev2: fix possible SEGV

Type: fix
Signed-off-by: Atzm Watanabe <[email protected]>
Change-Id: Icbd452b43ecaafe46def1276c98f7e8cbf761e51

3 years agosvm: fix coverity 249207,249209 26/36926/3
Andrew Yourtchenko [Wed, 17 Aug 2022 13:44:16 +0000 (13:44 +0000)]
svm: fix coverity 249207,249209

Zero-initialize the temporary struct.

Type: fix
Change-Id: I6f7a35ace6002aa75dc986c7c7eca614c9c5c3ed
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovlib: fix coverity 274744 25/36925/2
Andrew Yourtchenko [Wed, 17 Aug 2022 13:26:54 +0000 (13:26 +0000)]
vlib: fix coverity 274744

Add a missing null check

Type: fix
Change-Id: Id1b27341480c9d62185496ae1d832360119ec198
Signed-off-by: Andrew Yourtchenko <[email protected]>
3 years agovlib: fix coverity 274750 24/36924/2
Andrew Yourtchenko [Wed, 17 Aug 2022 13:24:11 +0000 (13:24 +0000)]
vlib: fix coverity 274750

Add a missing null check.

Type: fix
Signed-off-by: Andrew Yourtchenko <[email protected]>
Change-Id: Ie6234804e2b89adc918ef9075f9defbb1fd35e44

3 years agomemif: crash on recceiving a bad descriptor 04/36904/2
Steven Luong [Mon, 15 Aug 2022 19:45:43 +0000 (12:45 -0700)]
memif: crash on recceiving a bad descriptor

We validate each descriptor via memif_validate_desc_data and set
desc_status to non-zero for the corresponding descriptor when
the descriptor is bad. However, desc_status is not propagated back to
xor_status in memif_validate_desc_data which eventually sets
ptd->xor_status.

Not setting ptd->xor_status causes us to treat all descriptors as
"simple". In that case, when we try to copy also the bad descriptors to
the buffers, it results a crash since desc_data is not set to point
to the correct memory in the descriptor.

The fix is to set xor_status in memif_validate_desc_data such that if
there is a bad descriptor in the frame, "is_simple" is set to false and
we have to selectively copy only the good descriptors to the buffers.

Type: fix

Signed-off-by: Steven Luong <[email protected]>
Change-Id: I780f51a42aa0f8745edcddebbe02b2961c183598

3 years agowireguard: fix fib entry tracking 16/36916/1
Alexander Chernavin [Wed, 17 Aug 2022 08:30:43 +0000 (08:30 +0000)]
wireguard: fix fib entry tracking

Type: fix

After peers roaming support addition, FIB entry tracking stopped
working. For example, it can be observed when an adjacency is stacked on
a FIB entry by the plugin and the FIB entry hasn't got ARP resolution
yet. Once the FIB entry gets ARP resolution, the adjacency is not
re-stacked as it used to. This results in endless ARP requests when a
traffic is sent via the adjacency.

This is broken because the plugin stopped using "midchain delegate" with
peers roaming support addition. The reason is that "midchain delegate"
didn't support stacking on a different FIB entry which is needed when
peer's endpoint changes. Now it is supported there (added in 36892).

With this fix, start using "midchane delegate" again and thus, fix FIB
entry tracking. Also, cover this in tests.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Iea91f38739ab129e601fd6567b52565dbd649371

3 years agofib: support "midchain delegate" removal 92/36892/2
Alexander Chernavin [Fri, 12 Aug 2022 13:19:49 +0000 (13:19 +0000)]
fib: support "midchain delegate" removal

Type: improvement

Currently, once an adjacency is stacked on a FIB entry via
adj_midchain_delegate_stack(), "midchain delegate" is created for the
adjacency and the FIB index is stored there. And all further calls to
adj_midchain_delegate_stack() even passing another FIB index will cause
the function to still use the stored one. In other words, there is
currently no way to stack an adjacency on another FIB index if "midchain
delegate" already exists for it.

Being able to stack on another FIB index is needed for the wireguard
plugin. As per the protocol, peers can roam between different external
endpoints. When an authenticated packet is received and it was sent from
a different endpoint than currently stored, the endpoint needs to be
updated and all futher communication needs to happen with that endpoint.
Thus, the corresponding to that peer adjacencies need to be stacked on
the FIB entry that corresponds to the new endpoint.

With this change, add adj_midchain_delegate_remove() that removes
"midchain delegate". When stacking on another FIB entry is needed,
existing "midchain delegate" can be removed and then, a new one created
with a new FIB index via adj_midchain_delegate_stack().

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741

3 years agotests: move "venv" to "build-root" directory from "test" directory 93/36893/3
Saima Yunus [Wed, 10 Aug 2022 07:25:31 +0000 (03:25 -0400)]
tests: move "venv" to "build-root" directory from "test" directory

Type: refactor

- refactored VPP test code to remove "ignore_path" variable
  from "discover_tests" function and "run_test" code
- configured VPP test makefile, config file, and 'run.sh' shell script
  to move "venv" directory from "test" dir to "build-root" dir

Signed-off-by: Saima Yunus <[email protected]>
Change-Id: Id2beecbb99f24ce13ed118a1869c5adbef247e50

3 years agonat: fix potential out-of-bound worker array index 05/36305/8
Jing Peng [Tue, 31 May 2022 15:20:31 +0000 (11:20 -0400)]
nat: fix potential out-of-bound worker array index

In several NAT submodules, the number of available ports (0xffff - 1024)
may not be divisible by the number of workers, so port_per_thread is
determined by integer division, which is the floor of the quotient.
Later when a worker index is needed, dividing the port with port_per_thread
may yield an out-of-bound array index into the workers array.

As an example, assume 2 workers are configured, then port_per_thread
will be (0xffff - 1024) / 2, which is 32255. When we compute a worker
index with port 0xffff, we get (0xffff - 1024) / 32255, which is 2,
but since we only have 2 workers, only 0 and 1 are valid indices.

This patch fixes the problem by adding a modulo at the end of the division.

Type: fix
Signed-off-by: Jing Peng <[email protected]>
Change-Id: Ieae3d5faf716410422610484a68222f1c957f3f8

3 years agovrrp: fix SIGABRT crash by ASSERT() when deleting vrrp vr(MASTER state) 96/36896/2
luoyaozu [Sun, 14 Aug 2022 04:55:48 +0000 (12:55 +0800)]
vrrp: fix SIGABRT crash by ASSERT() when deleting vrrp vr(MASTER state)

we need cancel vrrp_vr_timer when deleting vrrp vr

Type: fix

Signed-off-by: luoyaozu <[email protected]>
Change-Id: I8ea01f1943d6e3e60c4990c5be945de613bc8b53

3 years agodocs: fix spellcheck error for Ubuntu 22.04 14/36514/4
Saima Yunus [Thu, 16 Jun 2022 22:26:21 +0000 (15:26 -0700)]
docs: fix spellcheck error for Ubuntu 22.04

Type: fix

Signed-off-by: Saima Yunus <[email protected]>
Change-Id: I975990aeead6d34f0317a37e917bd92c0c89276e

3 years agohttp_static: validate session before sending 78/36878/2
Florin Coras [Fri, 12 Aug 2022 02:28:58 +0000 (19:28 -0700)]
http_static: validate session before sending

Type: fix

Signed-off-by: Florin Coras <[email protected]>
Change-Id: I18b9d0d67f5fe4c1714427259df29026153d8dd1

3 years agobuild: remove cnxk support from dpdk external deps 74/36874/3
Dave Wallace [Thu, 11 Aug 2022 19:29:54 +0000 (15:29 -0400)]
build: remove cnxk support from dpdk external deps

- the cnxk code fails to link using the gcc-11 toolchain
  included in the ARM64 Ubuntu-22.04 distro. This is required
  for Ubuntu-22.04 CI jobs (both docker image building & CI
  job execution on ARM64)
- Currently unable to replicate this failure on the dpdk repo.

Type: fix

Change-Id: Ice44aef9f0f721b4c88ac78f92a14bda87dc80a6
Signed-off-by: Dave Wallace <[email protected]>
3 years agoip: only set rx_sw_if_index when connection found to avoid following crash like tcp... 68/36868/2
Xiaoming Jiang [Thu, 11 Aug 2022 15:04:48 +0000 (15:04 +0000)]
ip: only set rx_sw_if_index when connection found to avoid following crash like tcp punt

Type: fix
Signed-off-by: Xiaoming Jiang <[email protected]>
Change-Id: I894a881cec1888b392d26fdfb385f97c31113ef1

3 years agompls: Use the .api for the definition of error/info counters 18/36818/2
Neale Ranns [Tue, 9 Aug 2022 01:24:41 +0000 (01:24 +0000)]
mpls: Use the .api for the definition of error/info counters

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: I9d25f5459ab70d9cf8556e44cfddfd7029e5b540

3 years agoip: Use .api declared error counters 19/36819/3
Neale Ranns [Tue, 9 Aug 2022 03:03:29 +0000 (03:03 +0000)]
ip: Use .api declared error counters

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: I822ead1495edb96ee62e53dc5920aa6c565e3621

3 years agoipsec: Use .api declared error counters 20/36820/3
Neale Ranns [Tue, 9 Aug 2022 03:34:51 +0000 (03:34 +0000)]
ipsec: Use .api declared error counters

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9

3 years agoarp: Use the new style error count declaration 17/36817/3
Neale Ranns [Tue, 9 Aug 2022 00:59:37 +0000 (00:59 +0000)]
arp: Use the new style error count declaration

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Ifda8ca8d26912c750a77d2ca889e1638ca83d85a

3 years agolinux-cp: FIB lookup for P2MP tunnel interfaces 14/36814/2
Matthew Smith [Fri, 22 Apr 2022 18:02:32 +0000 (18:02 +0000)]
linux-cp: FIB lookup for P2MP tunnel interfaces

Type: improvement

If a tun/L3 interface is paired with a multipoint tunnel interface,
pass packets arriving from the host to ip[46]-lookup instead of
cross-connecting them to the tunnel interface. Adjacencies are used
to drive the rewrite for Multipoint tunnel interfaces, so the generic
adjacency used with a P2P tunnel will not work correctly.

Change-Id: I2d8be56dc5029760978c05bc4953f84c8924a412
Signed-off-by: Matthew Smith <[email protected]>
3 years agotunnel: Fix API encoding of tunnel flags 83/36083/6
Neale Ranns [Thu, 5 May 2022 06:07:20 +0000 (06:07 +0000)]
tunnel: Fix API encoding of tunnel flags

Type: fix

API and internal flags do not match 1:1.

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032

3 years agoikev2: do not accept rekey until old SA is deleted 22/36822/3
Atzm Watanabe [Tue, 9 Aug 2022 05:00:03 +0000 (14:00 +0900)]
ikev2: do not accept rekey until old SA is deleted

Type: fix
Signed-off-by: Atzm Watanabe <[email protected]>
Change-Id: I11b6107492004a45104857dc2dae01b9a5a01e3b

3 years agobfd: Express node stats using the .api file 16/36816/2
Neale Ranns [Tue, 9 Aug 2022 00:03:17 +0000 (00:03 +0000)]
bfd: Express node stats using the .api file

Type: improvement

This method allows the assignment of a severity to the error.

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a

3 years agobfd: More descriptive error codes during packet receive handling 15/36815/3
Neale Ranns [Fri, 5 Aug 2022 03:40:43 +0000 (03:40 +0000)]
bfd: More descriptive error codes during packet receive handling

Type: improvement

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: I8907fecde6d48f5362f0f91372d5a9a1bba6f931

3 years agowireguard: add peers roaming support 97/36797/4
Alexander Chernavin [Thu, 4 Aug 2022 08:11:57 +0000 (08:11 +0000)]
wireguard: add peers roaming support

Type: feature

With this change, peers are able to roam between different external
endpoints. Successfully authenticated handshake or data packet that is
received from a new endpoint will cause the peer's endpoint to be
updated accordingly.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c

3 years agowireguard: add handshake rate limiting support 15/36715/5
Alexander Chernavin [Wed, 20 Jul 2022 13:01:42 +0000 (13:01 +0000)]
wireguard: add handshake rate limiting support

Type: feature

With this change, if being under load a handshake message with both
valid mac1 and mac2 is received, the peer will be rate limited. Cover
this with tests.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: Id8d58bb293a7975c3d922c48b4948fd25e20af4b

3 years agoip-neighbor: ARP and ND stats per-interface. 67/33167/8
Neale Ranns [Fri, 16 Jul 2021 14:00:16 +0000 (14:00 +0000)]
ip-neighbor: ARP and ND stats per-interface.

Type: feature

stats of the like from:
  https://datatracker.ietf.org/doc/html/draft-ietf-rtgwg-arp-yang-model-03#section-4

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Icb1bf4f6f7e6ccc2f44b0008d4774b61cae96184

3 years agovnet: install reass headers 32/36432/4
Mohammed Hawari [Tue, 14 Jun 2022 09:44:45 +0000 (11:44 +0200)]
vnet: install reass headers

Change-Id: I42a138628b06a412b8fce7fb4fc500caf9057169
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agovlib: vlib_validate_buffer_enqueue_with_aux_x1 26/36326/4
Mohammed Hawari [Thu, 2 Jun 2022 11:55:36 +0000 (13:55 +0200)]
vlib: vlib_validate_buffer_enqueue_with_aux_x1

This change implement a flavour of vlib_validate_buffer_enqueue_x1 with
aux data support

Change-Id: I2ecf7af49cf15ecd23b12d8acd57fe90546c1af7
Type: improvement
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agointerface: fix show_or_clear_hw_interfaces 10/36810/2
Mohammed Hawari [Mon, 8 Aug 2022 08:31:11 +0000 (10:31 +0200)]
interface: fix show_or_clear_hw_interfaces

Change-Id: I2f3163a7a158afa8e2debc6f545c3d1a2a12ac1d
Type: fix
Fixes: 3414977152ae6362277158dc732e6b9958a6e618
Signed-off-by: Mohammed Hawari <[email protected]>
3 years agodevices: af_packet, fix tx stall by retrying failed sendto 38/35438/5
Mohammed Hawari [Thu, 24 Feb 2022 14:19:01 +0000 (15:19 +0100)]
devices: af_packet, fix tx stall by retrying failed sendto

Change-Id: I6bed66f740b34673a4883eda1c7f7310c57e131b
Type: fix
Signed-off-by: Mohammed Hawari <[email protected]>
Signed-off-by: Benoît Ganne <[email protected]>
3 years agowireguard: add dos mitigation support 14/36714/4
Alexander Chernavin [Wed, 20 Jul 2022 12:43:42 +0000 (12:43 +0000)]
wireguard: add dos mitigation support

Type: feature

With this change:
 - if the number of received handshake messages exceeds the limit
   calculated based on the peers number, under load state will activate;
 - if being under load a handshake message with a valid mac1 is
   received, but mac2 is invalid, a cookie reply will be sent.

Also, cover these with tests.

Signed-off-by: Alexander Chernavin <[email protected]>
Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717

3 years agoikev2: fix rekeying with multiple notify payloads 09/36809/2
Atzm Watanabe [Mon, 8 Aug 2022 06:45:36 +0000 (15:45 +0900)]
ikev2: fix rekeying with multiple notify payloads

Type: fix
Signed-off-by: Atzm Watanabe <[email protected]>
Change-Id: I065bd5c26055d863d786023970e7deeed261b31c

3 years agovnet: On rx-mode set, return error for an actual error. 07/36807/1
Wayne Morrison [Fri, 5 Aug 2022 13:47:24 +0000 (09:47 -0400)]
vnet: On rx-mode set, return error for an actual error.

In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode()
returns an error it actually returns success.  This has been changed to
return a clib_error_return() value.

Type: fix
Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522
Signed-off-by: Wayne Morrison <[email protected]>
3 years agotests: fix node variant selection 77/36777/2
Benoît Ganne [Fri, 29 Jul 2022 08:52:34 +0000 (10:52 +0200)]
tests: fix node variant selection

Type: fix
Fixes: 4830e4f78fb8e46b23a1a0711cd06969a77d8d95

Change-Id: Iddc73dbda633acd72bd82e52f8ae83c17e3940f6
Signed-off-by: Benoît Ganne <[email protected]>
3 years agovppapigen: make json in parallel 48/36448/5
Nathan Skrzypczak [Thu, 16 Jun 2022 15:00:02 +0000 (17:00 +0200)]
vppapigen: make json in parallel

Type: improvement

This patches makes the make json-api-files
run in parallel in the same python runtime.

Default number of workers is 8, and run time
goes from ~20s to ~2s on average.

Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81
Signed-off-by: Nathan Skrzypczak <[email protected]>
3 years agotests: run a test inside a QEMU VM 37/32637/23
Naveen Joy [Tue, 11 May 2021 17:31:18 +0000 (10:31 -0700)]
tests: run a test inside a QEMU VM

Use the script test/run.py to run a test named test_vm_tap
inside a QEMU VM. The run script builds out a virtual env,
launches a light weight QEMU VM, mounts host directories,
starts VPP inside the VM and runs the test. The test named
test_vm_tap, creates two tap v2 interfaces in separate Linux
namespaces and using iPerf, streams traffic between the VM
and VPP. All data files are stored in the directory named
/tmp/vpp-vm-tests. To clean up, use the make test-wipe
command.
Usage:
test/run.py --vm --debug --test test_vm_tap

Type: improvement

Change-Id: I4425dbef52acee1e5b8af5acaa169b89a2c0f171
Signed-off-by: Naveen Joy <[email protected]>
3 years agodpdk: enable interrupt support for vmxnet3 66/36766/2
Benoît Ganne [Wed, 27 Jul 2022 15:50:46 +0000 (17:50 +0200)]
dpdk: enable interrupt support for vmxnet3

Type: feature

Change-Id: I0abbe925d6b9d3dd7196cd8beaf4f471beb45bd6
Signed-off-by: Benoît Ganne <[email protected]>
3 years agoarping: validate am->interfaces before check address 96/36796/5
GaoChX [Thu, 4 Aug 2022 02:04:33 +0000 (10:04 +0800)]
arping: validate am->interfaces before check address

May cause pointers point to unexpected non-zero addresses if not
validate vec

Type: fix

Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829
Signed-off-by: GaoChX <[email protected]>