gerrit.fd Code Review

vppinfra: add format_hexdump_u{16,32,64}

Change-Id: I0eeccfc5739276d58a81a6552a043c6c105fe67a
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>

build: few more .gitignore entries

Change-Id: I833151c077bf054de6b09fff1180570e32a1ecaa
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>

linux-cp: Handle RTA_VIA routes.

RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.

This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.

Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <vifino@posteo.net>

nat: distribute nat44-ed in2out sessions by rx vrf

Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.

Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>

nat: fix the wrong unformat type

The unformat type for "%d" should be u32 or int.

Type: fix
Signed-off-by: Ted Chen <znscnchen@gmail.com>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e

nat: adding a new api nat44_ed_vrf_tables_v2_dump

Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
- fixing endianess

Type: improvement

Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978

vlib dhcp: default to logging without elogs

Some components, like dhcp, log constantly changing strings which in
turn forces elog string table to grow unbound.

To avoid this, as a workaround, only turn on elog logging if requested.
Actual fix that adds configuration for logging subclasses should come in
a later patch.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6

ip: punt socket - take the tags in Ethernet header into consideration

The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.

Also add the unittest that verifies the issue and the fix.

Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

misc: change of address

Type: style

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ie02d068122ab8f2c6049754f28722d851ae9b3f1

linux-cp: don't create tap for non-eth ifaces

Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.

Type: fix

Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>

rdma: disable compressed CQE mode for txq CQ

Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.

Type: fix
Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb

vlib:process node scheduling use timing_wheel have problem.

The time wheel should not be started in the loop while processing expired events.
can be set p->stop_timer_handle = ~0 to solve.

Type: fix

Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

vlib: reset stop_timer_handle on expired processes

Type: fix

The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.

Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.

Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.

If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().

After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.

Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

vppinfra: refactor uword bitmaps

Type: improvement
Change-Id: I4f05a0435825cd23b8ad8a6f8f1397e60c522319
Signed-off-by: Damjan Marion <damarion@cisco.com>

session: fix ct connect session flush assert

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I90eaeed07dc4864adfed3bc4cef1e3edacf4bf8f

vlib: add vlib_frame_bitmap_{set,clear}_bit_at_index

Type: improvement
Change-Id: I5703728f680f0c8431e4099b398827bd094b60df
Signed-off-by: Damjan Marion <damarion@cisco.com>

nat: fix nat44 vrf handlers

Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler

Type: fix

Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>

ip: support flow-hash gtpv1teid

support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature

Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>

session: async flush of pending connects to workers

Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548

vlib: fix segfault on panic in worker

Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit
field on initialization, so this jump corrupts registers and causes segfault.

There I add clib_warning and abort if longjmp context hasn't been set.

Type: fix
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202

dpdk-cryptodev: fix name formatting of session pools

Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.

The fix corrects the name formatting for each session pool.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb

hs-test: containerize ab and wrk

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I66af84257fa0692d9be3445d49b52fb7ca810d27

docs: Update info about GoVPP

Type: docs
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I1e28c6858a986d6ede1c7a6d06055400fdc0196b

vppinfra: small improvement and polishing of AES GCM code

Type: improvement
Change-Id: Ie9661792ec68d4ea3c62ee9eb31b455d3b2b0a42
Signed-off-by: Damjan Marion <damarion@cisco.com>

hs-test: remove colons from log files

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I56c57de180e44c888458e4f4020802ce9b4a6b8b

api: Remove deprecated message from API

Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf

udp: fix udp_local length errors accounting

In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.

Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>

dpdk-cryptodev: fix formatting name of pools

Originally the name for each session pool can be incorrect prepared.

The fix changes formatting for name for each session pool.

Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110

session: fix session node switching to interrupt mode failded if no user events

wrk->event_elts has 5 elements if no user events

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3

session: fix formatting of half open sessions

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I45a524bebd2dc1e318fa8d2a645bfc769e1da840

vppinfra: AES-CBC and AES-GCM refactor and optimizations

- crypto code moved to vppinfra for better testing and reuse
- added 256-bit VAES support (Intel Client CPUs)
- added AES_GMAC functions

Change-Id: I960c8e14ca0a0126703e8f1589d86f32e2a98361
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>

ipsec: make pre-shared keys harder to misuse

Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.

For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.

To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine

Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.

Type: improvement

Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>

ipsec: add per-SA error counters

Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.

Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>

vnet: throttling configuration improvement

To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.

Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036

session: add session stats

Type: feature

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I02d9bb5292b32ffb1b2f05daccd8a7d5dba05125

build: fix rpm build error with test_infra

RPM build errors:
error: Installed (but unpackaged) file(s) found:
/usr/bin/test_infra

Add NO_INSTALL tag in CMakeLists to avoid installing test binary.

Type: fix
Fixes: c3542e17b5df ("vppinfra: widen the scope of test_vector_funcs")

Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I359ba79af2e3cb32b47dda3bb8707a5d2fd8586b

linux-cp: fix get_default_ns api method

Type: fix

Change-Id: I141e5779aab7eee3068b702dd2f93765420fb920
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>

papi: vla list of fixed strings

Handle a variable length array of fixed strings.
Like:
fixed_string = VPPType("fixed_string", [["string", "data", 32]])
s = VPPType("string_vla", [["u32", "length"], ["fixed_string", "services", 0, "length"]])

Previously instead of packing and unpacking as strings, exception packed as u8 instead
of list.

Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I501a8a4755828042e1539fd5a54eacec21c5e364
Signed-off-by: Ole Troan <ot@cisco.com>

wireguard: fix sending peer events from worker threads

Type: fix

API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.

API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.

There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.

With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e

ipsec: set fast path 5tuple ip addresses based on sa traffic selector values

Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.

Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8

vppinfra: fix pool free bitmap allocation

Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.

Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>

vppinfra: fix corner-cases in bihash lookup

In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.

Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.

Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065

vppinfra: move sha2.h to crypto/

Type: refactor
Change-Id: I3d0c57b82e5bdb4575c1ca13e463685fd11b7f11
Signed-off-by: Damjan Marion <damarion@cisco.com>

vppinfra: auto-free test memory

Type: improvement
Change-Id: Ibc40a02c8c45fc8d9409c9a86fea7aaf70d9c048
Signed-off-by: Damjan Marion <damarion@cisco.com>

vppinfra: add FOREACH_ARRAY_ELT macro

Type: improvement
Change-Id: Iac1b3a66176c9a38a161246159140f30a1c168da
Signed-off-by: Damjan Marion <damarion@cisco.com>

vppinfra: add clib_crc32c testcase into infra tests

Type: test
Change-Id: Id96448ba3ab69a5b22dfc27812fc17194136b969
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

session: support active opens with same source port

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2b426e9e988c32d261f36367087f358d8cc25e2f

hs-test: check exit value of ab/wrk

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I967e91e4ea97edff427013c92376b388d6ce5d85

hs-test: use consistent naming convention

Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd

vppinfra: widen the scope of test_vector_funcs

Location changed and binary renamed to test_infra
Also it is built by default.

Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <damarion@cisco.com>

crypto-native: 256-bit AES CBC support

Used on intel client CPUs which suppport VAES instruction set without
AVX512

Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <damarion@cisco.com>

build: add support for intel alderlake and sapphirerapids, part 2

Type: improvement
Change-Id: I64ca5bd3a959190111f61c5311a908d242c10bad
Signed-off-by: Damjan Marion <damarion@cisco.com>

dma_intel: fix potential invalid batch status

DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.

Type: fix

Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18

hs-test: create temporary folder at init

Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I6444582ce83beddc5cb2fcb31942a4c2e9556bb6

dpdk: enable Google Virtual Ethernet

Recognize and drive google virtual ethernet (gve) in google cloud.

Type: feature

Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638

vlib: fix clib_crc32c on odd lengths and clib_crc32c_u8

Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.

Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e

session vcl: refactor builtin tx event for main tx

Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.

Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b

session: pre-alloc required dma batches

Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.

Type: improvement

Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59

vlib: pre-alloc dma backend batches

Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.

Type: improvement

Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce

session: format transport connection flags

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id87c41c472898d4f66b0771f18f822d1069bbfd0

session: cleanup lcl endpt freelist before all alloc

Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27

build: add support for intel alderlake and sapphirerapids

Disabled by default..

Type: improvement
Change-Id: I36176c009e0873c048874ae38a7ea0a91449235c
Signed-off-by: Damjan Marion <damarion@cisco.com>

crypto-native: avoid crash on 12th and 13th gen Intel client CPUs

Those CPUs are announcing VAES capability but they don't support AVX512.

Type: fix
Fixes: 73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <damarion@cisco.com>

memif: don't leak error strings in API handlers

Type: fix
Fixes: ab4d917
Change-Id: I226044f64e1577033798fd203a2e981c894830d6
Signed-off-by: Damjan Marion <damarion@cisco.com>

udp: Use udp_output_get_connection instead of udp_connection_get

udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26

avf: 512-bit SIMD version of avf_tx_prepare

Exploiting AVX-512 operations on avf_tx_prepare().

Type: improvement

Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I01e0b4a2e2d440659b4298668a868d983f5091c3

vcl: init ldp config before vcl init

This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0

vlib: 512-bit SIMD version of vlib_buffer_free

Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.

Type: improvement

Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda

af_packet: fix the broken functionality upon admin down

Type: fix

In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.

Errors will also be gracefully logged.

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968

vcl: fix select connected deq notification

Also make sure that only sessions with fifos try to set deq notification
flag on fifo

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f

vcl: fix epoll out evt on connect

Make sure session has a tx fifo.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibde40645b401ca0255da298ea4ba691ee924a2d2

session: Use session->thread_index to correctly retrieve the session

For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627

hs-test: fix install-deps

- Skip addition of docker apt source/key if
already installed.

Type: fix

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I747e4dd5e79e23b64e6eb11c6a9348e2ae1a157f

quic: use tx instead of builtin_tx event with timers

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic11069c912a5e59bb3ea0e0c6de6cfcc879c5f4e

hs-test: fix docker-ce install

Type: fix

Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I449cd4ad71e33a2dd41e53accc6b325803a32c70

hs-test: add vppctl wrapper script

Type: test

Add a helper wrapper script for vppctl called vppcli to vpp docker image
with proper cli socket path.

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1a51aa54bc91c1c812698501a56401c525d498e8

hs-test: fix envoy test

Type: test

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I776e0f1f7ea700439d1fe6a598772776ae6a1493

avf: enable rss action of flow

This patch enables RSS action of avf flow.

Type: feature

Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I65de18d0c2eaa415893959563ea917a6b1956550

vlib: stop worker threads on main loop exit

If not, worker threads may continue own loops after deinit and/or
thread0 exit with related crashes due no rpc capability, unmapped
shared memory, etc. Main loop exit handlers that uses barrier sync
will be happy too as long as recursive barrier sync is supported.

Type: feature
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I255a796b06936d96715683e3f062128060233dc6

avf: fix cli memory leak with incorrect options

Remove extra line_input and unformat_user.

Type: fix
Fixes: b4ff07a2f843 ("Intel Adaptive Virtual Function native device driver plugin")

Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I9e502f3b254d0b1c7d8fd4b80925338a18da8269

udp: crash in format_udp_connection

format_udp_connection takes 2 arguments from the caller.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087

build: check for presence of python ply

Type: improvement
Change-Id: I4f190607bfce404fbe68ec968e6923509ea9519b
Signed-off-by: Damjan Marion <dmarion@me.com>

build: make Python3 mandatory

Type: refactor
Change-Id: Iac27ac4d11745b68c57a0394ced51942db8f0431
Signed-off-by: Damjan Marion <dmarion@0xa5.net>

tcp: allow syns in closed state

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If223096cf912c1748ae417b40585a9bea5d9d9a9

vcl: do not stop listeners on vls epoll del

Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7

vcl: always drain libc epoll with eventfds in ldp

Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5

hs-test: nginx mirroring test improvements

- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.

Type: test

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea

vlib: fix vlib_log for elog

test output before fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      53.022586433: log-notice: test-log for-elog
      60.318329361: log-debug: test-log for-elog
DBGvpp#

test output after fix:
DBGvpp# event-logger clear
DBGvpp# test log warn cli log test-log for-elog
cli/log            [warn  ]: test-log for-elog
DBGvpp# test log info cli log test-log for-elog
cli/log            [info  ]: test-log for-elog
DBGvpp# show event-logger
2 of 131072 events in buffer, logger running
      18.362721151: log-warn: test-log for-elog
      25.124570555: log-info: test-log for-elog
DBGvpp#

Type: fix

Signed-off-by: luoyaozu <luoyaozu@foxmail.com>
Change-Id: Ie1122787f9efb611cdafc671b4ccf68b43984924

stats: fix tests with multiple workers

Type: fix

Change-Id: Ic4b8478d390c7373bfb43a39ae6a70e978ae9321
Signed-off-by: Benoît Ganne <bganne@cisco.com>

lb: keep AddressSanitizer happy

vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.

Type: fix

Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <bganne@cisco.com>

vppinfra: fix memory traces

- allocates the memory trace spinlock independently from the main heap
- disable tracing on a per thread basis
- make sure we hold the memory trace spinlock when changing tracing

Type: fix

Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <bganne@cisco.com>

af_packet: fix the first packet offset

Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I927ba4e6f10ae4527f339a890c3a0de33a84b7eb

af_xdp: fix netns configuration

- clib_open_netns() expects a NULL-terminated C-string
- if no netns was given, we should not try to format it otherwise we'll
get "(nil)" as netns name.

Type: fix

Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <bganne@cisco.com>

build: add sanitizer option to configure script

Type: improvement

Change-Id: Ia679d6e5fb7eff6dbd7363465e5667119751e908
Signed-off-by: Benoît Ganne <bganne@cisco.com>

vlib: avoid non-mp-safe cli process node updates

Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.

Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:

    DBGvpp# sh cli-sessions
    PNI   FD    Name                     Flags
    708   14    unix-cli-local:10558     iSLpa
    710   15    unix-cli-127.0.0.1:33252 ISlpA

    DBGvpp# sh terminal
    Terminal name:   unix-cli-127.0.0.1:33252
    Terminal node:   unix-cli-process-1
    Terminal mode:   char-by-char
    Terminal width:  158
    Terminal height: 43
    ANSI capable:    yes
    Interactive:     yes
    History enabled: yes
    History limit:   50
    Pager enabled:   yes
    Pager limit:     100000
    CRLF mode:       CR+LF

Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b

interface: more cleaning after set flags is failed in vnet_create_sw_interface

There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called

Type: fix

Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>

interface: add the missing tag keyword in the cli helper

Type: style

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6399ad2b0b30f94c6c51db1afc39f5e875dfaa67

crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag

IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).

Type: improvement

Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>

memif: fix input vector rate of memif-input node

Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.

Type: fix

Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8

vlib: fix macro define command not work in startup config exec script

Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Idb34490199a78d5b0c1fe2382b6483a6e3a6fd1f