gerrit.fd Code Review

ip6-nd: initialize radv_info->send_radv to 1

Otherwise, the newly configured interface will never send RADV's.

See below. In the typical case, suppress = 0 and is_no = 0, which
propagates the current value of radv->send_radv:

radv_info->send_radv =
(suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv;

No other bit of code will set send_radv, at least in straightforward
ways.

Type:fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d

hsa: echo client crash when it fails to connect to remote

When echo client fails to connect to remote, it should quit.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I787423bdc61a58eea48bab7bd8b73137626c02b4

classify: fix crash when update nonexistent classify table.

vpp crash when update nonexistent classify table.
Program received signal SIGABRT, Aborted.
0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
(gdb) bt
0  0x00007fbf3b49b337 in raise () from /lib64/libc.so.6
1  0x00007fbf3b49ca28 in abort () from /lib64/libc.so.6
2  0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3  0x00007fbf3bb611c7 in debugger () at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:84
4  0x00007fbf3bb61529 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fbf3d03af08 "%s:%d (%s) assertion `%s' fails")
   at /usr/src/debug/vpp-23.02/src/vppinfra/error.c:143
5  0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
   skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
   current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
6  0x00007fbf3c672bf4 in classify_table_command_fn (vm=0x7fbefb465740, input=0x7fbeed930ef0, cmd=0x7fbefc45ec18)
   at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:1622
7  0x00007fbf3d52b527 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
   parent_command_index=1064) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
8  0x00007fbf3d52b2c3 in vlib_cli_dispatch_sub_commands (vm=0x7fbefb465740, cm=0x4273f0 <vlib_global_main+48>, input=0x7fbeed930ef0,
   parent_command_index=0) at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
9  0x00007fbf3d52b9cb in vlib_cli_input (vm=0x7fbefb465740, input=0x7fbeed930ef0, function=0x7fbf3d597406 <unix_vlib_cli_output>, function_arg=0)
   at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
10 0x00007fbf3d59cb0c in unix_cli_process_input (cm=0x7fbf3d61fe00 <unix_cli_main>, cli_file_index=0)
   at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
11 0x00007fbf3d59d25a in unix_cli_process (vm=0x7fbefb465740, rt=0x7fbf00f7bfc0, f=0x0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
12 0x00007fbf3d555a25 in vlib_process_bootstrap (_a=140458063833296) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
13 0x00007fbf3bb74204 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
14 0x00007fbef10028a0 in ?? ()
15 0x00007fbf3d555b4e in vlib_process_startup (vm=0x7fbf3bb7d70f <clib_mem_size+24>, p=0x7fbef10028d0, f=0x7fbf00f06ae0)
   at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
16 0x00007fbf3d592be6 in vec_max_bytes (v=0x8) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
17 0x00007fbf00f06af8 in ?? ()
18 0x0000000000000004 in ?? ()
19 0x00000000000000ff in ?? ()
20 0x00007fbef1002980 in ?? ()
21 0x00007fbf3d592dcb in _vec_set_len (v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
   len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
   elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>) at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) f 5
   0x00007fbf3c67062c in vnet_classify_add_del_table (cm=0x7fbf3d438f00 <vnet_classify_main>, mask=0x7fbf00fdc088 "", nbuckets=2, memory_size=2097152,
   skip=4, match=1, next_table_index=4294967295, miss_next_index=4294967295, table_index=0x7fbeed930b98, current_data_flag=0 '\000',
   current_data_offset=0, is_add=1, del_chain=0) at /usr/src/debug/vpp-23.02/src/vnet/classify/vnet_classify.c:780
780   t = pool_elt_at_index (cm->tables, *table_index);
(gdb) p *table_index
$1 = 8
(gdb) p cm->tables
$2 = (vnet_classify_table_t *) 0x0
(gdb)

Type: fix

Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I1c5f6168f0a7e1d1989ce07ec6c30c6fd9f0aaa9

nat: cleanup of deprecated features

Type: refactor

1) Removed deprecated API.
  - These specific APIs do not have repleacement
    because features that they controled
    aren't part of current NAT44-ED
    implementation anymore.

2) Removed unused typedef of port allocation funciton.
  - Missed left over removed.

Change-Id: Ib3f763449065eda7cdcb2c6565a9cae51baf23d6
Signed-off-by: Filip Varga <filipvarga89@gmail.com>

tls: crash in mbedtls due to ctx is already free

_clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fffb3a7e1b5 "%s:%d (%s) assertion `%s' fails") at src/vppinfra/error.c:143
mbedtls_ctx_get (ctx_index=0) at src/plugins/tlsmbedtls/tls_mbedtls.c:114
tls_ctx_get (ctx_handle=536870912) at src/vnet/tls/tls.c:310
tls_app_session_cleanup (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/tls/tls.c:624
app_worker_cleanup_notify (app_wrk=0x7fffbef95f80, s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/application_worker.c:445
session_cleanup_notify (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/session.c:262
session_free_w_fifos (s=0x7fffbf102040) at src/vnet/session/session.c:268
session_delete (s=0x7fffbf102040) at src/vnet/session/session.c:287
session_transport_delete_notify (tc=0x7fffbdf63c40) at src/vnet/session/session.c:1159
tcp_handle_cleanups (wrk=0x7fffbef46d40, now=133.30033046694487) at src/vnet/tcp/tcp.c:1298
tcp_update_time (now=133.30033046694487, thread_index=2 '\002') at src/vnet/tcp/tcp.c:1309
session_update_time_subscribers (smm=0x7ffff7f75ce0 <session_main>, now=133.30033046694487, thread_index=2) at src/vnet/session/session_node.c:1817
session_queue_node_fn (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1934
dispatch_node (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4722227957546624) at src/vlib/main.c:960

Putting a breakpoint in gdb, I found out ctx was free in mbedtls_app_close.
Looking at app_close function in picotls and openssl, I don't see they
free ctx and they don't crash when processing cleanup. I am inclined to
think that mbedtls_ctx_free should not be called in mbedtls_app_close

    at src/plugins/tlsmbedtls/tls_mbedtls.c:92
    at src/plugins/tlsmbedtls/tls_mbedtls.c:559
    at src/vnet/tls/tls.c:360
    thread_index=2) at src/vnet/tls/tls.c:762
    conn_index=536870912, thread_index=2 '\002')
    at src/vnet/session/transport.c:332
    at src/vnet/session/session.c:1608
    elt=0x7fffbdfef3dc)
    at src/vnet/session/session_node.c:1672
    node=0x7fffbe0b1340, frame=0x0)
    at src/vnet/session/session_node.c:1966
    node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT,
    dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0,
    last_time_stamp=4721919444027682)
    at src/vlib/main.c:960

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic5c13e659aee618c8accee42af9f40931b62f467

misc: fix failing TestNs/TestHttpTps test in hstf

Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I03cbd05d6d887d2ce8e7b7d20522e04012c5fe7a

session: fix tx_fifo clear and incorrect bitmap invalidation

The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.

In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.

Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>

sr: SRv6 Path Tracing Midpoint behaviour

Type: feature

Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: I866a2d2e06013380309c98a54078c1b3f6ad76fc

vpp-swan: remove step to copy vpp_sswan source for docker image

Since vpp_sswan plugin already merged in /vpp/extras/strongswan,
no need to provide additional vpp_sswan source files for docker image.

Type: fix

Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239
Signed-off-by: Yulong Pei <yulong.pei@intel.com>

quic: use safe pool realloc

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia03c3fe0ca669b319dec8decd503254d0a95e58b

tls: use safe pool reallocs

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350

tests: session in interrupt mode

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I2deba97a8dfff907f0e2452e9347d6a68474ce92

build: add extra rpm build dependencies

make install-ext-dep failed with,
sudo rpm -Uih vpp-ext-deps-23.02-4.aarch64.rpm
error: Failed dependencies:
perl(IBswcountlimits) is needed by vpp-ext-deps-23.02-4.aarch64

vpp-ext-deps have dependencies on infiniband-diags and libibumad

Type: fix

Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2aea453f53d6507285b4f87f04c6dfc4845098cd

cnat: Fix unformat_cnat_snat_interface_map_type

Fix initialization of the table u32 var which is leading to the incorrect
unformat of interface map type

Type: fix

Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b

vcl: register workers when reattaching to vpp

Type: improvement
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I82a286e2872338974c1930138c30db78103ae499

session: add session event log for session state

To aid sesipon debug, add session event log in SM debug to track
the session state.

Type: improvement

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686

virtio: use current_data as l2_hdr_offset

Type: fix

virtio transmit node uses header offsets to set the
appropriate metadata for packet with offloads. But
l2_hdr_offset is not correctly set by previous node(s).
This patch makes use of curren_data field as l2_hdr_offset.

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218

devices: fix the l2 hdr offset in af_packet transmit side

Type: fix

af_packet transmit node uses header offsets to set the
appropriate metadata for packet with offload. But
l2_hdr_offset is not correctly set by previous node.
This patch makes use of curren_data field as l2_hdr_offset.

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0

udp: use new wrk context for connections

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9c4050f96c310f1e6eb2cae8d908c44968526c3c

udp: postpone cleanup of udp connections

Avoid deleting connections in session layer io event handler.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I87b3e53f9039161688467d9716875583ad797c07

rdma: set correct CQE flags

CQE flags located in bits 16-31 at offset 0x1c should be defined as
actual numbers instead of indexes. Besides, L3 header type for IPv4 is
10(2 in decimal) and for IPv6 is 01(1 in decimal) according to CQE entry
fields description of page 120 in Mellanox Programmer Reference Manual.
(https://network.nvidia.com/files/doc-2020/ethernet-adapters-programming-manual.pdf)

Fixing this issue will lead to correct CQE flags printing for rdma-input
node when buffer trace is enabled.

Type: fix

Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9b578ca5cbd8cd93a577aa83131e31c79f60430e

rdma: fix ipv4 checksum check in rdma-input node

- cqe_flags pointer should be incremented accordingly otherwise only the
first element in cqe_flags will be updated
- flag l3_ok should be set for match variable when verifying if packets
are IPv4 packets with flag l3_ok set
- mask/match variables should be converted to network byte order to
match the endianness of cqe_flags
- vector processing of checking cqe flags will set return value to
0xFFFF by mistake if packet numbers are not multiple of 16(VEC256) or
8(VEC128)

Type: fix

Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9fec09e449fdffbb0ace8e5a6ccfeb6869b5cac1

hash: add local variable

The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP handling a lot of tunnels for
Wireguard, where one thread modify the hash table and other threads
starting to lookup at the same time.

The fix add a local variable to store how many bits are used by a user
object.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iecf6b3ef9f308b61015c66277cc459a6d019c9c1

packetforge: fix GTP-Extension header field data

Fix the incorrect fields data of GTP-Extension header.

Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Iafc5e852910649afcf0e583a5513b1ab33f5b5e8

docs: update cnat docs to current vpp version

The documentation for the cnat plugin is highly outdated specially on
the snat section.

Type: docs

Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53

dpdk: add Intel QAT 200xx series support

Type: feature

Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I2fd1e321983ac5caa03aac8705dfc596985c35f7

vppinfra: fix incorrect sizeof() argument due to typo

fixes coverity 282527

Type: fix
Fixes: fecb2524ab
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9ac72c3802e66369a8f24c92451e33f22c058f24

crypto: fix dead nn foreach

Pass vec_foreach args in the right order

Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I90d3dfb70ee2dbd9a48ae9ecfd2c1526a74d0786

gso: remove vxlan header include file dependency

vxlan will be moved to a plugin. Remove vnet files from including
vxlan header include files.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I4268110b4ed54f7ae3ffecd6db0e3025122fa59c

devices: add support for af-packet v2

Type: feature

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I2ccaf1d512dcb72e414be8c69cbb538ebbe0e933

crypto-sw-scheduler: fix queue iterator

When there are several workers, iterator can and will skip
head iterator and it will last until BARRIER_SYNC_TIMEOUT won't
expire and will cause SIGABRT with `worker thread deadlock`

Type: fix

Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

tests: enable extended test runs in run.py

Change-Id: I5f712614910dc69f04c43efd8958ef8e87906b9e
Type: test
Signed-off-by: Naveen Joy <najoy@cisco.com>

udp: support for disabling tx csum

Type: feature

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I84843eb3a0a66c64cd46536624633e0dae1c4681

session: add session debug cli

- add session debug cli to enable fine control of which event logs
are enable/disable with below syntax
  session debug {show | group <list> level <n>}
  list may be entered with a dash, "0-4"
  or it may be entered with a comma, "0,1,4"
- fix compilation errors when SESSION_EVT is enable
- change SESSION_EVT_FREE_HANDLER to use DEC_SESSION_ED instead of
DEC_SESSION_ETD because the transport may already be free when the
handler is called

Type: improvement

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iab2989e0a847bb59002ef16494eebcc1d112b2ae

virtio: fix the missing unlock

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I7003162ee72c39c44be1e7ff0d27f4416b3eca5a

crypto-ipsecmb: support previous ipsecmb versions

Backward compatibility was broken when updating ipsecmb version to 1.3.

Type: improvement
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I87a76859ec5e2ef6be0bc2af0960fa2494ce4297

udp: explicit udp output node

This allows for custom next node selection on output.

Type: feature

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib0fee71a01847184e95c18097bbbfdadfbd9d030

session: pass sep.opaque to listen session

Change-Id: I34ce2cc4585bfbd679d7d66d5bef69ddb268bb57
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>

vppinfra: send minimal needed mask to the set_mempolicy syscall

Type: fix
fixes: 561ae5d

Change-Id: I0d98f5b43bc9ab5d31463b285177a11a10b864d2
Signed-off-by: Damjan Marion <dmarion@me.com>

virtio: fix the tx side hdr offset

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ibb4b17b954c55bcb37ede57d398966f244735c3d

devices: fix the header offsets in af_packet

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I7fc645c46d285ceb13903f5835c99e9b6a9e5b07

gso: fix the metadata for gro packets

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I3a059b9dcbbcb597a7822f4f35fb275a7c197647

ip: fix the pseudo header checksum

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I5eb83cbd0f8534dc50ecb907b3582717e8709aa2

cnat: Add sctp support

This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.

Type: feature

Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>

crypto-ipsecmb: bump ipsecmb library to v1.3

- Use the latest IPsec Multi-Buffer library release v1.3
- Use ipsec-mb burst API for HMAC-SHAx algorithms
- Use ipsec-mb burst API for AES-CBC and AES-CTR algorithms

The new burst API available in ipsecmb v1.3 brings significant
performance improvements for certain algorithms compared to the job API.

Type: feature
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I3490b35a616a2ea77607f103426df62438c22b2b

vlib: Counter free needs to NULL the allocated counter vector

otherwise the next time the counter is validated this is dangling.

Type: fix
Fixes: 58fd481d73

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e

ip-neighbor: delete redundant help information in cli.

Delete redundant help information in ip neighbor's
cli. There is no code implementation about fib-id and
proxy in the cli's subsequent process.

Type: fix

Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I1e276aad030409e3f2f62fee489ea95d316e67b5

linux-cp: fix infinite loop in CLI lcp default

CLI lcp default clear or lcp default netns hangs in an infinite while loop.

Type: fix

Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: I699338abc045c84361707260adbb5b574a383170

l2: coverity complains dead codes

Coverity complains dead codes in 2 places due to a recent commit as
pointed out in Fixes. The dead codes are
      if (seed < L2_BD_ID_MAX % 2)
        is_seed_low = 1;
and
      if (is_seed_low)
        seed += (2 * (i % 2) - 1) * i;

seed can never be less than (L2_BD_ID_MAX % 2).
Consequently, is_seed_low is always 0.

There is also other problem. The inner loop is iterating only once.

The fix is to greatly simplify the code to generate a random bd_id.

Type: fix
Fixes: Ieb6919f958f437fc603d5e1f48cab01de780951d

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I318773b9a59950920e051548ef14e36054ebd5e6

session: make session code compile with SESSION_DEBUG enable

Session debug code does not compile anymore due to vlib_mains global
variable disappearing over time. Replace it with vlib_get_main_by_index
call.

Add a cmake variable and pass it from make command line to enable
session debug. Notice transport debug is required for session debug.

make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON VPP_EXTRA_CMAKE_ARGS+=-DVPP_SESSION_DEBUG=ON

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic2e887c6b10b77cbabd56934f4931fcfa04a6751

gomemif: migrate to govpp repository

Type: make
Signed-off-by: Matus Halaj <mhalaj@cisco.com>
Change-Id: I1d48c7e44fdf23438132996fd3288b29da1fe36e

docs: fix memory traces command

Type: fix

Change-Id: I8fc949da209a5067c702952fbd0e6ce77b921d02
Signed-off-by: Benoît Ganne <bganne@cisco.com>

misc: avoid permission issue when running envoy

Because envoy didn't have permission for `envoy.log` file it would stop.
This made tests involving envoy fail.
Adding `ENVOY_UID` environment variable makes envoy run as root,
which avoids the problem.

Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I910416ad1c87137396e7da89c13de7739ce74c70

vpp-swan: fix linked library to plugin

Due to refactor keeping api common code in vlibapi, changes order
linked library to this plugin.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23

ip: migrate ip4 full reassembly to use vlib_buffer_enqueue_to_next

Type: improvement

Change-Id: Ibf683c9ba8a2751e0b40920f6735cfe0a35a6e6d
Signed-off-by: Damjan Marion <dmarion@me.com>

ip: simpler and faster ip4_full_reass_drop_all

Type: improvement
Change-Id: I4a75583ce718ba6466cd09ca8373fd43988ef62a
Signed-off-by: Damjan Marion <dmarion@me.com>

misc: fix issues reported by clang-15

Type: improvement

Change-Id: I3fbbda0378b72843ecd39a7e8592dedc9757793a
Signed-off-by: Damjan Marion <dmarion@me.com>

l2: Add bridge_domain_add_del_v2 to l2 api

https://jira.fd.io/browse/VPP-2034

Type: fix
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
Change-Id: Ieb6919f958f437fc603d5e1f48cab01de780951d

tests: don't use tmp as the default log dir with run.py

The log file directory is configurable with run.py using the
--log-dir argument. This patch removes the use of /tmp as
the default dir for storing all test logs. The default
log dir is now set to show the year, month and day
of the test run. This provides a more meaningful aggregation
of test logs for effective troubleshooting. The default log
dir is set to <CWD>/test-run-YYYY-MM-DD.

Type: improvement
Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566
Signed-off-by: Naveen Joy <najoy@cisco.com>

vppinfra: fix AddressSanitizer

When checking for CLIB_SANITIZE_ADDR to enable specific behavior for
AddressSanitizer, we must have vppinfra/clib.h included as it is defined
there.

Type: fix

Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e
Signed-off-by: Benoît Ganne <bganne@cisco.com>

nat: report time between current vpp time and last_heard

existing details report the last_heard as the seconds since VPP
started, this is not very useful, so report additionaly
time_since_last_heard in seconds between VPP time and
last_heard.

Change-Id: Ifd34b1449e57919242b1f0e22156d3590af3c738
Type: improvement
Signed-off-by: Dave Cornejo <dcornejo@netgate.com>
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>

fib: fix crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel.

Fix vpp crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel
with 0.0.0.0 dst ip in debug build. The ASSERT should be move
out of fib_prefix_from_ip46_addr, which may be called when
create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip.

How to reproduce:
1. build debug vpp and run vpp
2. create vxlan t src 192.168.0.2 dst 0.0.0.0 vni 1 instance 1
   create vxlan-gpe tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
   create geneve tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
   create gtpu tunnel src 192.168.0.2 dst 0.0.0.0 teid 1

Type: fix

Change-Id: I19972f6af588f4ff7fd17de1b16b9301e43d596f
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>

tcp: cmake option VPP_TCP_DEBUG_ALWAYS=ON not taken by all files

Some files include tcp_debug.h without including <vpp/vnet/config.h>
As a result, those files do not get VPP_TCP_DEBUG_ALWAYS option
set. The fix is to include <vpp/vnet/config.h> in tcp_debug.h

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0c141147f1e8d1b49c5a1440fac1e97cbd96aaa7

tests: disable broken wireguard tests on vpp_debug image

Type: test

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I3a53d57e42f4c1f5ba0de6d2b181c7f2ad083a3a

tcp: build image with TCP_DEBUG_ALWAYS via make

Add cmake option to enable TCP_DEBUG_ALWAYS.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=OFF

Type: improvement

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I911a8d615f76516ae0a988bc6135c3b0d8fcb3df

build: retain dpdk_mlx_default setting for ci script

- tell git to ignore all build/external generated files

Type: make

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3

urpf: add mode for specific fib index lookup

this patch adds a mode to urpf in order to perform the lookup in a specified vrf instead of the interface vrf
Type: feature
Change-Id: Ieb91de6ccdfbf32b6939364f3bebeecd2d57af19
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>

fib: add fib_entry_get_path_list_for_source

Type: improvement
Change-Id: Ie035bebf64226691cffc84484e4bf7310287d1b7
Signed-off-by: Damjan Marion <dmarion@me.com>

abf: return status of attachment add/del

Type: fix

The handler for abf_itf_attach_add_del was always returning 0. Set rv to
the return value of call to abf_itf_attach() or abf_itf_detach().

Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb888bb148e6e03fc2776e2384b3a6e26148a429

vcl: add api to check if vcl disconnected from vpp

Type: feature
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I98bc108360f9d04a33126865ce49d2702cbe9cdf

gso: set the header offsets in gro hdr fixup

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I9d5004f8764b1833e5ca825bc52345e23770c6bc

gso: fix the checksum for odd number of data bytes

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I07b694323e0f6745dec2b846785026b152d78af6

gomemif: update to libmemif version 4.0

Type: improvement

This patch provides:
1. interrupt mode support,
2. abstract socket support,
3. overriding responder example and divides it to two examples:
-icmp_responder_cb
-icmp_responder_poll

Signed-off-by: Daniel Béreš <dberes@cisco.com>
Change-Id: I99c86d053521760c457541fc596ed554f4077608

fib: only invoke adj delegate create callback on mcast adj create

adj_delegate_adj_created() is incorrectly called when an existing
adj is found and returned. This can lead to crashes in some cases
in the pmtu delegate:

(gdb) bt
0  0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
1  0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6
2  0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437
3  0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188
4  <signal handler called>
5  0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156
6  0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197
7  0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166
8  0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95
9  0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217
10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108
11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593
12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810
13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208
14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429
15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235
16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123
17 0x00007f2a47cf5d60 in ?? ()
18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260
19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316
20 0x0000000000000000 in ?? ()
(gdb)

Type: fix

Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>

ip: reassembly - custom context instead of VRF

Change-Id: Id8d6ab96a710cdd207068cf19a6363bbcd584de4
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>

ip: reassembly - custom context of ipv6

Change-Id: Ia5ec7fc0c71e6a0ad1b43df24bb6b88e616d260d
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>

build: change make verify gate os to ubuntu 22.04

- Also fix log output to remove hardcoded compiler version

Type: make

Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

rdma: unhackish build of rdma-core

Change-Id: I2040b560b2a00f8bd176ae6ad46035678a2b249e
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>

build: mlx dpdk-rdma compatibility matrix

- Verify mlx_rdma_dpdk_matrix.txt versions,
  build MLX drivers in dpdk if the versions match.
  Also output version comparison results to a file
  for CI job to send notification email when the
  versions do not match.

Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

tcp: replace tcp_time_now with tcp_time_now_us

It looks like tcp_time_now has been deprecated for a while and the
replacement is tcp_time_now_us

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64

sr: new messages created to return packet statistics in sr localsid details

Type: improvement
Signed-off-by: ChinmayaAgarwal <chinmaya.agarwal@hsc.com>
Change-Id: I27d5981a77d4166a92db9ecf73d9b0eed962ec19

fib: fix dpo-receive address in ip6-ll fibs

Need to fill frp_addr for local path, it's used by dpo-receive.
If not, address output can be invalid:

$ sudo vppctl sh ip6-ll fe80::dcad:ff:fe00:3/128
IP6-link-local:loop3, fib_index:2, locks:[IPv6-nd:1, ]
fe80::dcad:ff:fe00:3/128 fib:2 index:55 locks:2
  IPv6-nd refs:1 entry-flags:connected,import,local, src-flags:added,contributing,active,
    path-list:[72] locks:2 flags:shared,local, uPRF-list:58 len:0 itfs:[]
      path:[82] pl-index:72 ip6 weight=1 pref=0 receive:  oper-flags:resolved, cfg-flags:local,glean,
        [@0]: dpo-receive: 8000:100:fe80::dcad:ff on loop3

forwarding:   unicast-ip6-chain
  [@0]: dpo-load-balance: [proto:ip6 index:57 buckets:1 uRPF:58 to:[0:0]]
    [0] [@2]: dpo-receive: 8000:100:fe80::dcad:ff on loop3

Type: fix
Change-Id: Ib9874c5eac74af789e721098d512a1058cb8e404
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>

udp: add udp encap source port entropy support

Encode entropy value in UDP source port when requested per RFC 7510.
CLI already has "src-port-is-entropy", use zero UDP source port in API
to avoid breaking changes, since zero port is not something to be used
in wild.
Also, mark UDP encapsualtion API as mp-safe as already done for CLI.

Type: feature
Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>

gso: clear the offload flags from segmented buffers

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I2901628d23f9b81edb32d0ced3877e5799a6cec7

api: deprecate vl_msg_api_set_handlers

Type: refactor

Change-Id: I7b7ca9ec62cb70243c5b7e87968eab1338d67ec8
Signed-off-by: Damjan Marion <damarion@cisco.com>

vpp-swan: Add scripts for testing

Added scripts to reparing setups for testing

To prepare and run containers:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers

To prepare setups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh config

To clean-up settups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean

To deleted all containers and images in Docker:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted

Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12

vpp-swan: Add plugin for vpp-swan

Added plugin vpp-swan is a plugin that helps offloading
Strongswan IPsec ESP process from Linux Kernel to VPP.

Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893

tests: stabilize wireguard ratelimiting test

Type: test

"test_wg_handshake_ratelimiting_multi_peer" has been unstable recently
because the test strongly relies on execution speed. Currently, the test
triggers ratelimiting for peer 1 and sends handshake initiations from
peer 1 and 2 mixed up. After that, the test expects that all handshake
initiations for peer 1 are ratelimited and a handshake response for peer
2 is received.

Ratelimiting is based on the token bucket algorithm. The more time
passes between triggering ratelimiting for peer 1 and sending a mixture
of handshake initiations from peer 1 and 2, the more tokens will be
added into the bucket for peer 1. Depending on delays between these
steps, the number of tokens might be enough to process handshake
initiations from peer 1 while they are expected to be rejected due to
ratelimiting.

With this change, these two steps are combined into one and the logic
modified. The test triggers ratelimiting for both peer 1 and 2. Packets
that trigger ratelimiting and that are to be rejected are sent in one
batch that is going to reduce delays between packet processing. Also,
verify that number of rejected handshake messages is in expected range
instead of verifying the exact number as it still may slightly vary.

Also, this should finish making the wireguard tests stable on Ubuntu
22.04 and Debian 11.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802

af_xdp: change RLIMIT_MEMLOCK before load bpf program

default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or
load complex bpf program, libbpf will return permission error.

root cause is default 64 is not large enough. So we change it before
load bpf program.

Type: fix

Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>

tests: enable ipsec-esp 'make test' testcases on ubuntu-22.04

Type: test

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I016fd169813e369208089df122477152aaf9ffc2

wireguard: stop sending handshakes when wg intf is down

Type: fix

Currently, when a wg interface is administratively disabled initially or
during operation, handshake packets continue to be sent. Data packets
stop being sent because routes pointing to the wg interface will not be
used. But data keys remain.

With this fix, when a wg interface is administratively disabled during
peer creation, avoid connection initialization to the peer. Data keys
and timers should be empty at this point. When a wg interface is
disabled during operation, disable all peers (i.e. stop all timers,
clear data keys, etc.). Thus, state should be identical in both cases.
When a wg interface is administratively enabled, enable all peers (i.e.
get ready to exchange data packets and initiate a connection). Also,
cover these scenarios with tests.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3

crypto-openssl: use no padding for encrypt/decrypt

Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c

Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
with it

PS. openSSL 3.x.x

Type: fix

Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If715a80228548b4e588cee222968d9da9024c438

af_xdp: compile error undeclared identifier 'SOL_XDP'

Type: fix

Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Change-Id: Ia447420f692f1487d343886845d648d766e43c27
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>

vnet: fix ip4 version and IHL check

Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.

Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574

wireguard: fix re-handshake timer when response sent

Type: fix

As per the protocol:

A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms,
if a response has not been received...

Currently, if retransmit handshake timer is started, it will trigger
after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake
initiation via wg_send_handshake() given that no responses have been
received. wg_send_handshake() will verify that time stored in
REKEY_TIMEOUT has passed since last handshake initiation sending and if
has, will send a handshake initiation. Time when a handshake initiation
was last sent is stored in last_sent_handshake.

The problem is that last_sent_handshake is not only updated in
wg_send_handshake() when sending handshake initiations but also in
wg_send_handshake_response() when sending handshake responses. When
retransmit handshake timer triggers and a handshake response has been
sent recently, a handshake initiation will not be sent because for
wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT
has not passed yet. Also, the timer will not be restarted.

wg_send_handshake_response() must not update last_sent_handshake,
because this time is used only when sending handshake intitiations. And
the protocol does not say that handshake initiation retransmission and
handshake response sending (i.e. replying to authenticated handshake
initiations) must coordinate.

With this fix, stop updating last_sent_handshake in
wg_send_handshake_response().

Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds
and did not receive any handshake initiations. Then they fail.

Also, long-running tests that send wrong packets and do not expect
anything in reply may now receive handshake intiations, consider them as
replies to the wrond packets, and fail. Those are updated to filter out
handshake initiations in such verifications. Moreover, after sending
wrong packets, error counters are already inspected there to confirm
packet processing was unsuccessful.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6

vcl: repatch "align the RST behaviour with kernel"

The previous patch[37164] was a bit flawed.

Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667

tests: disable failing tests on ubuntu-22.04 debian-11

Type: test

Change-Id: I7b2314a731c83b3dcd69c999edb8ebed53839724
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>

api: replace print functions wth format

Type: improvement
Change-Id: I7f7050c19453a69a7fb6c5e62f8f57db847d9144
Signed-off-by: Damjan Marion <damarion@cisco.com>

api: keep api common code in vlibapi

Type: refactor
Change-Id: I6edbff9a02fcb3c592ccfe8f47ddb3f848be1b6d
Signed-off-by: Damjan Marion <damarion@cisco.com>

bfd: add tracing support to bfd-process

Outgoing packets can be now traced via:

trace add bfd-process <count>

Type: improvement
Change-Id: Ia19af6054289b18f55e518dbea251a2bee9b9457
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>