11075 Commits

Author SHA1 Message Date
Ole Troan
5d280d5b51 ip6-nd: only respond to RS if sending RA is enabled
Even when periodic RAs are disabled VPP would respond to
router solicitations. Making it impossible to have an IPv6
enabled interface with hosts connected to it without VPP
acting as a default router.

This change drops RS messages if the radv_info->send_radv is
off.

Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I9a68f8e12c93c1c00125b54f8fd454f48fa22caa
Signed-off-by: Ole Troan <ot@cisco.com>
2021-08-09 18:40:23 +00:00
Florin Coras
1885f795ed tls: avoid picotls buffer allocs on rx
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I6cf0c141ab4a4f5a46feb6119fa142148366f0a6
2021-08-06 21:23:19 +00:00
Florin Coras
a85a1c352b tls: avoid ptls ctx free on transport close
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0537fa590b11abddf05550e42c7258549729f8a7
2021-08-06 20:22:17 +00:00
Benoît Ganne
4b9246ad20 classify: fix parsing for l4 match
l4 match parsing should not try to consume the whole input, otherwise
it breaks cli such as:
'classify session ... match l4 dst_port 22 action set-ip4-fib-id 2'

Type: fix

Change-Id: I81a1b5779811f7df8286a371f85fafe09c947b87
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-05 18:15:49 +00:00
Benoît Ganne
41a54f6a0b ip: fix ip punt redirect cli
- restore fib paths support for ip4
 - initialize payload_proto to the relevant default protocol so that
   'via <dev>' paths are supported
 - fix 'rx all'
 - fix temp path vector mem leak

Type: fix

Change-Id: I564d88dc4dce86884ff6791af69974e6d70ff7ca
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-05 14:01:23 +00:00
Filip Varga
2621acc510 nat: nat44-ed disable protection for api/cli
Return unsupported error if user calls one
of the configuration functions that can
run only after nat44-ed plugin is
enabled via appropriate api/cli
call.

Type: fix

Change-Id: I0d4ab0684ba5ae23fc2ecc668554a34537c2904a
Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-08-05 08:26:44 +00:00
Mohsin Kazmi
992d996ff5 vppinfra: fix the array mask function
Type: fix
Fixes: 0ec7dad7a00852663eb88554561347987f87bb53

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I7fab80b3c7e86ac712a34c24ea3e526b0b5bb7ad
2021-08-04 09:19:43 +00:00
Artem Glazychev
3edae35198 memif: fix offset
signs were changed here when calculating the offset:
d78ba5aa01ff1415bff0b06069ce21e0a78df89c

Type: fix

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I62b7a409caaf478e40efbdd6000922dcc7e92860
2021-08-04 06:59:49 +00:00
Aloys Augustin
7dbc8ebe54 quic: do not update crypto keys from workers
The vnet_crypto_key_add should only be called from the main thread.
This patch works around this limitation by allocating one key per worker
and updating it on the fly everytime we need to do a crypto operation.

This solution is far from ideal, but quicly has a strong assumption that
it can use a key immediately after determining it, so making the key
creation asynchronous is not a possibility.

Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7
Type: fix
2021-08-03 17:09:18 +00:00
Florin Coras
8f174ad5b6 tls: picotls handle accept failures
Should also fix coverity warning.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I068b837377b329a22ace5b2235c6dd9f067ead77
2021-08-03 14:45:01 +00:00
liuyacan
bc0c754116 vcl: fix sendto for dgrams
We need to set rmt address before sending connect, otherwise VPP
would connect to 0.0.0.0:0 and return invalid remote ip.

Type: fix

Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I85ae6931c2ba9f2f77c9ab19a2f801f50745449c
2021-08-02 20:17:43 +08:00
liuyacan
f71796e527 vcl: fix sleep time in ldp_pselect()
Type: fix

Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: Ic9c5b23be4bde88880972be35525f12fa2c6dc10
2021-08-02 10:06:10 +08:00
Sivaprasad Tummala
fdcbd38dc1 vcl: fix ldp for __recv_chk socket calls
add ldp support for handling __recv_chk socket calls.

Type: fix

Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I33221c465ac607bc665fcba500dd399a56b32df6
2021-07-31 21:55:11 +05:30
Florin Coras
7f347c13df tls: picotls rx fixes and improvements
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9ea41b8b271e9123e676acdc581ef429072fe843
2021-07-30 01:15:20 +00:00
Florin Coras
2e2f9df2f1 vcl: move vls pool lock to process local state
We only support one vls worker per process and therefore should not
share lock between processes.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I57bb536cf3bf04e8de031b07cb885f80b4fa03c9
2021-07-29 18:19:18 +00:00
Florin Coras
5e6184317a vcl: vls cleanup and more docs
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If32dd21842b99e176db1d4eb9f6c6a51fbff1bfe
2021-07-29 18:19:08 +00:00
Filip Tehlar
abfe365ef6 ip: add api test file
Type: improvement

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I49c4183a443b7b39924328900e6a6ac2e09be426
2021-07-29 09:13:35 +00:00
Klement Sekera
254c803612 nat: fix ICMP checksum validation
Handle case where extra data is present in buffer which is not part of
IP/ICMP headers.

Type: fix
Fixes: 05b5a5b3b4b04823776feed6403b5a99b2e06d76
Change-Id: Icfef811470056d38c60fc45cc302139ed7594385
Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-29 08:23:23 +00:00
Zachary Leaf
b2d36784ac ipsec: move startup config to common file
The ipsec startup.conf config currently exists in ipsec_tun.c. This is
because currently the only ipsec{...} options are tunnel related.

This patch moves the ipsec config to a common file (ipsec.c) for future
extensibility/addition of non-tunnel related config options.

Type: refactor
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: I1569dd7948334fd2cc28523ccc6791a22dea8d32
2021-07-29 07:30:33 +00:00
Stanislav Zaikin
328b5dadb3 gre: set proper fib index for unnumbered interfaces, unset fib index before forwarding gre payload
This commit introduces 2 fixes:
1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel.
But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it.
In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid.
2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one.

Also, fix for the pipe test include setting the right unnumbered interface for the pipes

Type: fix

Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
2021-07-28 08:25:38 +00:00
Fan Zhang
a44a0c038f dpdk: fix cryptodev raw data path dequeue
This patch fixes the dpdk cryptodev raw data path dequeue problem.
The fix involves DPDK QAT PMD changes and is to be upstreamed
as a patch. The patch is also sent to DPDK mailing list.

Type: fix

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I1a9253c8a7fbc2aa43f19f90da45e64e2840356a
2021-07-28 07:54:04 +00:00
Damjan Marion
24d65a1c5a vppinfra: introduce CLIB_CACHE_PREFETCH_BYTES
Type: improvement
Change-Id: Ic07010f11ef303f5213a33b0faf24aaedb62f110
Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-27 23:40:28 +00:00
Dave Barach
37579c3bcd vlib: don't ASSERT(vm) in worker thread bootstrap
Otherwise, threads declared with .no_data_structure_clone=1 crash on
startup.

Type: fix

Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I5dcb25d1b61330fc9eee5427b815fcfcb9bf2153
2021-07-27 21:15:16 +00:00
Sivaprasad Tummala
39d25e5255 vcl: configure the cert-key pair from app
add the cert/key pair as selected by app.

Type: fix

Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I3cef5bebadd8b192a65857d5f4aa6883c2a8d372
2021-07-27 19:48:11 +00:00
Nathan Skrzypczak
9218c60c2b vppinfra: fix sock init netns
Type: fix

Change-Id: I0ce8183ded601bdab031c9689ca361414fed165f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-27 19:27:09 +00:00
Florin Coras
7743d6bde8 udp: add option to disable icmp unreachables
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I90c2a191ab34a2a7df3fb0a951e5fc78f40ccfe2
2021-07-27 15:43:29 +00:00
liuyacan
603e1a415e vcl: fix some risk after fork()
1.Not only the session in state VCL_STATE_LISTEN_NO_MQ
has no queue. Session in CLOSED also didn't.
2.Refresh vls->wrk_index in child process, or this value will
become invalid if parent exit.
3.Set vlsh->vls_wrk_index once vls_worker_alloc() is called, then
vls_get_worker_index() can be simplified.

Type: fix

Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: If4f5e134915eafd74ce38f585d65ce8836b2e553
2021-07-27 00:58:59 +00:00
liuyacan
6fc07b4326 vcl: fix shutdown deadlock issue
Type: fix

Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I4974815ecb0e3bff01af983f086ca15d77fd6fb4
2021-07-25 01:58:40 +00:00
liuyacan
9609e26f87 session: avoid vpp deadlock due to app crash
In high traffic scenarios, if app crashed or hang on somewhere, app_mq
will quickly accumulate to full, after which vpp worker will try 100
times before giving up allocating slot for every msg. This will cause
vpp main thread barrier sync to fail.

Type: fix

Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
2021-07-24 14:50:07 +08:00
Florin Coras
7cb471a027 session vcl: support abstract sockets for app ns
App namespaces can now be associated to a linux ip netns, e.g.:

app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns>

If session layer's app sock api is enabled, this triggers the creation
of an abstract listening socket in the netns that has been configured.
For the example above that would be @vpp/session/<ns_id>.

Consequently, vcl, or other apps attaching to vpp, can connect to said
abstract socket from an ip netns without the need to share unix domain
socket files. In particular, for vcl it's enough to set app-socket-api
to @vpp/session/<ns_id> in the conf file.

Type: feature

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-07-23 17:42:48 +00:00
Florin Coras
f6e284b20c session vcl: explit mq indices in ctrl messages
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8e80252b85dda9a8f5699109264dc1b913581442
2021-07-22 16:50:46 +00:00
Nathan Skrzypczak
4cef6de591 vppinfra: add abstract socket & netns fns
* Add clib_socket_init support for abstract sockets
if name starts with an '@'
* Add clib_socket_init_netns to open socket in netns
* Add clib_netns_open

Type: feature

Change-Id: I89637ad657c702ec38ddecb5c03a1673d0dfb104
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-22 15:22:22 +00:00
Filip Varga
2cf583e3d6 nat: nat44-ed configuration refactor & cleanup
Refactoring static mapping configuration
functions based on feature type.

Type: refactor

Signed-off-by: Filip Varga <fivarga@cisco.com>
Change-Id: I007d9b0e9717ced613fbcef2b11b6853f479be1e
2021-07-22 11:27:07 +00:00
Ole Troan
976a0ed6ac api: enable trace / replay flag on messages
For an unknown reason the trace/replay flags where missed
when moving API message registration code from manually
cut and pasted to aut-generated.

Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ib7625a57d3a263aac154682007459648953b1803
2021-07-22 08:59:24 +00:00
Neale Ranns
8561e73e55 interface: Byte swap the duplex value in interface details
Type: fix

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6d9473a7b5ab0fbd460e80df36368dd43c5e4fee
2021-07-22 07:50:03 +00:00
Florin Coras
c941fcbc78 session: fix unlisten rpc barrier release
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9301fbbcd611033b4b6ad5313edbc66840f5bb3a
2021-07-21 23:41:16 +00:00
Florin Coras
e71aeab392 hsa: separate ctrl and test session accept vcl server
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bcf6511c904c8625c0845cd9758539f35e6b50
2021-07-21 21:17:00 +00:00
Florin Coras
bbc8faebf1 session: option to use memfd segs for builtin apps
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Iecb171c9451c0fa9a7c6ae4b3e9ab7774a4fe585
2021-07-19 22:22:12 +00:00
Klement Sekera
05b5a5b3b4 nat: harden ICMP handling
Verify that headers are not truncated and that checksums are valid.
Correct checksum computation in translation code.

Type: fix
Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5
Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-07-19 17:46:33 +00:00
Damjan Marion
04572bea34 vppinfra: remove pool_foreach_old, pool_foreach_index_old, clib_bitmap_foreach_old
Type: refactor
Change-Id: Ifacdd001bdeb5d609d495406f53546090b86476d
Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-16 12:59:24 +00:00
Damjan Marion
f2912e02ce build: fix formatting of CMake config output
Type: make
Change-Id: I6e40817609d022cb70887f70aa3608dc759fcd76
Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-07-16 12:25:46 +00:00
Mohsin Kazmi
537e955545 vlib: add tunnel offload flags for vlib_buffer_t
Type: improvement

Change-Id: Iaad50b2044702c46eff287708dfcb24e61022104
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16 12:02:53 +00:00
Mohsin Kazmi
9a554eea0e dpdk: improve tx offload formatting
Type: improvement

Change-Id: I06eaf39b1e441045c3402cbf40339054ad26ade9
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16 12:02:06 +00:00
Damjan Marion
839b1473e9 snort: snort3 plugin and DAQ
Zero copy interface which exposes VPP buffers to snort instance(s).
Includes VPP DAQ which is compiled only if libdaq 3 API headers are
available.

Type: feature
Change-Id: I96611b43f94fbae091e7391589e0454ae66de88b
Signed-off-by: Damjan Marion <damarion@cisco.com>
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-07-16 11:36:32 +00:00
Mohsin Kazmi
0ec7dad7a0 vppinfra: add array mask func
Type: feature

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I6869221917f30f7e59709e20571b4615bc68dc8c
2021-07-16 11:31:27 +02:00
Mohsin Kazmi
b31ddb5bb1 ip6-nd: refactor neighbour advertisement code
Type: refactor

Refactor neighbour advertisement code into inline function
to be used solely in feature nodes.

Change-Id: I1e84c54f9807b4e3d90c37526c78a7afcb0ba087
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-07-16 07:03:30 +00:00
Robert Shearman
9f2d8bbfa2 dpdk: enable RX interrupts for the virtio driver
Type: improvement

Request use of RX interrupts for virtio if the system will support it,
which is done by applying the same check as in the virtio driver,
namely whether multiple interrupts are supported. This allows the use
of RX adaptive/interrupt mode instead of just polling, which is useful
in virtualised environments where functionality may be more important
than performance and so using polling mode is wasteful.

Signed-off-by: Robert Shearman <robertshearman@gmail.com>
Change-Id: I29527b6f04b0b1d0c9f9424751b2bd252ed10505
2021-07-15 19:51:58 +00:00
Steven Luong
18991be8d3 ip-neighbor: GARP sent to bogus ip address
The function ip4_neighbor_advertise may be called with NULL addr. In
that case, it looks up addr from fib by calling fib_sas4_get which
returns true or false to indicate whether there is an ip address
associated with the interface or not. But the caller to fib_sas4_get
does not check the return code and blindly assumes there is always an
ip address associated with the interface. As a result, it ends up
sending GARP to the bogus ip address if there is no ip address
associated with the interface.

Type: fix

Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I7aa0270766c3943ed8ca8f8a092cae34567fd30e
2021-07-15 18:14:44 +00:00
Mohsin Kazmi
850106058f vppinfra: fix the vector funcs test for march variants
Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4208c2622817eb51a4b192cf420f9f1b5f193eef
2021-07-15 16:28:30 +00:00
Neale Ranns
5be3d4cc59 acl: Fix the CLI to accept IPv6 prefixes
Type: fix

DBGvpp# set acl-plugin acl src 1::1/128 dst 2::/64
DBGvpp# sh acl-plugin acl
acl-index 0 count 1 tag {cli}
          0: ipv4 permit src 1.1.1.1/32 dst 1.1.1.2/32 proto 0 sport 0-65535 dport 0-65535
acl-index 1 count 1 tag {cli}
          0: ipv6 permit src 1::1/128 dst 2::/64 proto 0 sport 0-65535 dport 0-65535

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ibb8e20dd4ec2792f423a61eefe7398175e45a577
2021-07-15 14:50:50 +00:00