11795 Commits

Author SHA1 Message Date
Matthew Smith
92991e5c69 dpdk: add patch to support i226v
Type: improvement

Add a patch to the DPDK 21.11 build to enable the PCI device ID for the
I226-V.

Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I82ff4b70e6b6e0ba0803519943190a564e85d2ac
2022-03-14 20:04:40 +00:00
Govindarajan
ebfd2b6ac8 crypto: Enabling IOMMU DMA translation table update for QAT card
With DPDK plugin, VPP does the DMA page map in IOMMU, only when
DPDK supported ethernet devices are present. As a result, Mellanox NIC
and QAT combo doesn't work. As part of this fix, DPDK supported
crypto device check is added to do the DMA page map.

Type: fix
Signed-off-by: mgovind <govindarajan.mohandoss@arm.com>
Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
2022-03-14 19:58:03 +00:00
Damjan Marion
d1bd9af16e stats: support recursive locking
Type: improvement
Change-Id: I85dd3d34bcb175dd68dda34a58cd454848a0fc2b
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14 18:33:32 +00:00
Filip Tehlar
85a9c101bf hsa: fix error message
Fixes a minor issue that causes printing an error message when there is no error.

Type: fix

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
2022-03-14 18:04:21 +00:00
Damjan Marion
eb63caea2a vppinfra: don't account vec_header_t size twice in the pool header
Type: fix
Change-Id: I298d2a5067f7949002e6c010f892553f1eb9f477
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-14 17:55:19 +00:00
Fan Zhang
a9fe20f4b8 dpdk: improve rx burst count per loop
Type: improvement

This patch improves the per dpdk-input loop number of packets
received from the port. The change mimics how packets rx happened
before VPP 22.02/DPDK 21.11: instead of trying to rx huge number
of packets (256) in one go, rx more times with up to 32 packets
max each time.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
2022-03-14 16:58:16 +00:00
Benoît Ganne
e41fa7790f map: fix memory leak
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report.

Type: fix

Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-11 21:46:00 +00:00
Renato Botelho do Couto
dcd08b278f build: Restrict tag names when discovering version
Type: improvement

When `make install-ext-deps` is called, it creates a debian changelog
file and use `git describe` to fill project version.  On downstream
consumers it's possible to have different tags that makes it to end up
using an invalid version on changelog and breaking the installation
process.

Restrict tags to be considered by git-describe to match 'v[0-9]*'
pattern to get it fixed.

Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Ieabd7b42ac33735ec4d484bed9039ff20c9872f2
2022-03-11 19:13:04 +00:00
Florin Coras
91a46cb1ff tls: remove pkg dependencies on mbedtls
The tlsmbedtls plugin should only be built if mbedtls libraries are
present.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I24364177d24ea744f24f808f492be08adff3690b
2022-03-11 19:04:46 +00:00
Filip Tehlar
9c32f05751 session: fix crash during client detach
This fixes a crash caused by client closing socket before adding worker.
During detach vpp tries to delete worker based on invalid worker index.

Type: fix

Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
2022-03-11 16:30:23 +00:00
Damjan Marion
9652177bc1 vlib: remoove unused field
Type: refactor
Change-Id: Ieb7a595e40d801af5349c83b128fa92c7698a346
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-11 15:02:09 +01:00
Damjan Marion
62d656ace9 vlib: init logging eearlier
Type: improvement
Change-Id: I2eb5543aa470094d4c5ad420a2fcc9873b7808e1
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-10 23:10:58 +00:00
Dzmitry Sautsa
85b285b900 dpdk: fix program vlans on ixgbevf
Recent "dpdk: refactor device setup" have broken vlans programming for IXGBE_VF.

Type: fix

Signed-off-by: Dzmitry Sautsa <dzmitry.sautsa@nokia.com>
Change-Id: Idacda33a473f6b10dbe002d9926661a19d0f3f97
2022-03-10 22:34:26 +00:00
Mohsin Kazmi
2d194a02a6 devices: remove the unused code from af_packet
Type: refactor

Change-Id: If180816303909b92c9aa4ff9fd70dc7938a6cfbe
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-10 19:44:24 +00:00
Tianyu Li
ab5a124b1d build: fix centos 8 steam build install-dep
make install-dep sometimes failed at
downloading metadata for repository 'powertools-source':
disable unnecessary powertools-source repo.

Type: fix
Fixes: 1affb31ef528 ("build: fix centos-8 'make install-deps'")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I481d6106eea38190b3ddd79e8614b2ead7130807
2022-03-10 19:40:42 +00:00
Mohsin Kazmi
562cfa4075 ipsec: remove the redundant code
Type: refactor

Change-Id: I0a40e22e1439e13ffdbcbd6fd7cad40c8178418c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-10 17:48:44 +01:00
Tianyu Li
6d95f8c983 tests: fix test failure with parrallel test
Several test cases re-use the same test class name,
which leads to test error when do parrallel test with TEST_JOBS=16,
change the test class names to unique values.

Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Iefc01d40a25ebd60533baf3a2dc98a537437e8e9
2022-03-10 14:08:19 +08:00
Florin Coras
400d459bc1 vppinfra: fix pool_free_elts
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3425350f5e874df79716bd726900540629793beb
2022-03-09 14:03:48 -08:00
Neale Ranns
346c24723b ip: IPv4 Fragmentation fix for l2fragmetable size
Type: fix

The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
2022-03-09 19:15:05 +00:00
Artem Glazychev
23e5f0923b vxlan: add l2 mode test
The same test for v22.02 was already merged: https://gerrit.fd.io/r/c/vpp/+/35390

Type: improvement

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I214f6fb5b63d97ca4afe3b10fd2d3e3410b5a6e4
2022-03-09 15:04:26 +00:00
Damjan Marion
8973b07eec stats: refactor
Type: refactor
Change-Id: Ifd533a095d979dc55bfbe5fac7e0b7510a4d900c
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-09 13:51:31 +00:00
Damjan Marion
317cace618 vat: fix vat_suspend crash
Deadly combination is clib_{set,long}jmp + lazy linking + tail call compiler
optimization. On the first call to clib_setjmp, dynamic linker executes loader
code which then calls clib_setjmp, so stored stack position contains dynamic
loader data. Tail call optimization simply jumps back to the calling
code when clib_longjump is called and that results in wrong return
address used from the stack.

Change-Id: Ia7d8dbd5b2c425cdd0449374aa07ab6b684a330e
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-03-09 14:47:05 +01:00
Benoît Ganne
7fc0ee7f65 classify: add API to retrieve punt ACL tables
Type: feature

Change-Id: Ica3e60836c0f26518ba2c238a8c03ce3648ea69b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-08 18:16:03 +00:00
Zachary Leaf
26fec718f2 ipsec: input: drop by default for non-matching pkts
As per IPSec RFC4301 [1], any non-matching packets should be dropped by
default. This is handled correctly in ipsec_output.c, however in
ipsec_input.c non-matching packets are allowed to pass as per a matched
BYPASS rule.

For full details, see:
https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480

It appears the ipsec6_input_node only matches PROTECT policies. Until
this is extended to handle BYPASS + DISCARD, we may wish to not drop
by default here, since all IPv6 traffic not matching a PROTECT policy
will be dropped.

[1]: https://datatracker.ietf.org/doc/html/rfc4301

Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
2022-03-08 17:43:43 +00:00
Arthur de Kerhor
1031098b90 ip: set fib_index before exiting input ACL node
While setting an ACL, a user can specify the adjacency to follow after
the input ACL node. Thus, we may skip a lookup and enter directly a
local node (ex: ip4_local). To prevent the local source check from
failing, we need to specify the fib index. And, we have to do it just
before exiting the input ACL node because the l2_classify object
is overlapping with the fib_index in the vnet_buffer_opaque_t struct.
We could have added a padding to avoid this overlap but there is no
place for that in the structure.

Type: fix

Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
2022-03-08 15:38:14 +00:00
Marcel Cornu
c711bd08c8 crypto-ipsecmb: bump to ipsecmb v1.2
Type: feature

This patch bumps ipsecmb library version from 1.1 to 1.2

Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Change-Id: I181e43c711fe530296c037d59b53fe3c5f2719ea
2022-03-08 09:22:17 +00:00
Alexander Chernavin
7e647358af linux-cp: handle ipv4 routes when interface is disabled
Type: improvement

Currently, when an interface is brought down administratively, IPv4
routes that resolve through that interface remain in the FIB. However,
the kernel removes those routes but doesn't send any notifications about
that. Desynchronization between the kernel and VPP happens.

With this change, when a notification received from the kernel
indicating that an interface was brought down, in addition to bringing
the VPP interface down, walk the IPv4 FIB bound to that interface and
remove any entries that resolve through that interface and were added
with one of the linux-cp FIB sources.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
2022-03-07 19:45:39 +00:00
Neale Ranns
ec5371e3e3 ip: Fixes for IPv6 and MPLS fragmentation
Type: fix

- IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer
- IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places
- IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local
- IPv6oMPLS should send back TooBig ICMP6 for non locally generated

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
2022-03-07 09:02:01 +00:00
Alexander Chernavin
7e721954d4 linux-cp: fix issue of possibly closing negative fd
Type: fix

Primarily fix an issue reported by Coverity in
lcp_nl_open_sync_socket() that close() could possibly be run with
negative fd. Also, add more checks and error logging there.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
2022-03-04 22:30:21 +00:00
Alexander Chernavin
2286f937d9 linux-cp: stop signaling read event on every notif
Type: improvement

Currently, read event signal is sent on every notification message
received and added in the queue.

With this change, signal read event only when all currently available
notification messages are received.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
2022-03-04 21:02:37 +00:00
Alexander Chernavin
f4795a9bd8 linux-cp: stop ignoring ENOBUFS while reading notif
Type: improvement

Currently, while reading notifications, ENOBUFS error is ignored and
reading continues. This was done to minimize the number of notifications
that are lost due to reopening the socket.

Now that synchronization is implemented to recover from socket errors,
ignoring ENOBUFS and reading as much notifications as possible is not
actual. Before synchronization, all currently enqueued notification are
discarded in any case.

With this change, stop reading notifications if any error occurs.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
2022-03-04 18:24:09 +00:00
Benoît Ganne
7e0442aaab api: harden api trace parsing
- make sure we do not overflow
 - skip unknown messages if we can

Type: fix

Change-Id: I0efbe7376d9d78f6b0ec8018c0813400e6653698
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-04 18:17:45 +00:00
Neale Ranns
f478f758b9 ping: correct the fib-index used for the reply
Type: fix

if original packet was to the link local, then the
fib index in the buffer is that of the LL table, we can't use that
to foward the response if the new destination
is global, so reset to the fib index of the link.
In other case, the fib index we need has been written
to the buffer already.

Add a test for IPv6 ping in an MPLS-VPN where int inout interface is
not the the same VRF as the response should be sent.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
2022-03-04 16:25:00 +00:00
Neale Ranns
5c6dd17a37 ip: rate-limit the sending of ICMP error messages
Type: improvement

For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages.
The rate limiting is done based on src,dst IP address of the received packet.
the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
2022-03-04 16:14:11 +00:00
Alexander Chernavin
bc91e86674 linux-cp: ignore neighbors if ip addr is multicast
Type: improvement

When dump of neighbors is requested, the replies will also include
neighbor entries for IPv6 multicast addresses:

  GigabitEthernet0/8/0  S           ff02::16  33:33:00:00:00:16
  GigabitEthernet0/8/0  S  ff02::1:ff76:7135  33:33:ff:76:71:35
  GigabitEthernet0/8/0  S            ff02::2  33:33:00:00:00:02

Such entries are not reported in netlink notification messages and
VPP is unlikely to use these.

With this change, ignore neighbor entries when the IP address is a
multicast address.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
2022-03-04 15:58:42 +00:00
Benoît Ganne
81e74d8e22 ip: fix overflow in ip6_ext_header_walk
ip6_ext_hdr_chain_t->eh is IP6_EXT_HDR_MAX elements.

Type: fix

Change-Id: I28b8d610d8f5c0c520c8391c37b86e837655ab12
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-04 15:57:12 +00:00
Mohsin Kazmi
82b7991fc2 pg: fixing the cli
Type: fix
This patch removes the assert and it is unnecessary.
Because given variable is used for branch testing.

Change-Id: I64f57f909fcba205216296e86c1cde2a5dadbb45
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-04 15:56:39 +00:00
Mohsin Kazmi
59183e9e10 pg: add support for ip mode through cli
Type: improvement

Change-Id: I5dda196ab8f1b634fcac46acd5c57a6dd726759c
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2022-03-04 15:43:43 +00:00
Mohsin Kazmi
3626a7cf82 ipfix-export: fix the warning message for uninitialized variable
Type: fix

Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I2b8b6a3b5a6df71e84ce2f15ef7117f390121c2f
2022-03-04 15:10:18 +00:00
Arthur de Kerhor
9a63b6e147 classify: skip l2 header in CLI
Add the possibility to create masks and matches without l2 header in the
CLI when creating tables and entries. This is useful for tables working
on l3 and l4 only.

Type: improvement
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I7da9e47d810c0b4a0938e2cb3bc31aa69ace3649
2022-03-04 14:49:15 +00:00
Neale Ranns
c396d2395a mpls: Fix the fragmentation in mpls-output.
Type: fix

the MTU needs to be adjusted to account for the label stack, since the size of fragments produced is stack+mtu.
these changes are to the use of the stack variable 'mtu'

most of the patch results from appeasing checkstyle.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8d0e10cf52ca4dd8ecdc224ed6c54a13e4768fdd
2022-03-04 14:38:27 +00:00
Neale Ranns
0a3160b698 tunnel: Fix the format of tunnel flags
Type: fix

it only display the first flag set

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I45cddbac0d4eed8bda10bf5e0f7c9db0faf183c5
2022-03-04 14:29:09 +00:00
Benoît Ganne
c8f7fd1367 vnet: use system time for pcap trace
Use system wall-clock time for packets timestamps instead of the time
since VPP started for pcap traces.

Type: improvement

Change-Id: I716165912efe8db3a8861d5c10597dc7629d2293
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-03-03 20:43:54 +00:00
Florin Coras
54223ee257 vcl: validate vls_epoll_ctl inputs
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I315ef0122ccb21ccfef117a58b1dc998127618ce
2022-03-03 19:15:43 +00:00
Florin Coras
bb5e2fc2c4 session: improve tx tracing
Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4fd7ae435514eb986543302c7e3e69e04acba8cf
2022-03-03 19:15:32 +00:00
Alexander Chernavin
aebfc285a8 linux-cp: detect and delete stale entries after sync
Type: improvement

During synchronization, only the current actual set of entries is
loaded. If some entries are no longer present in the set being loaded
but present in VPP, they should be removed to fully syncronize.

With this change, add handlers for sync begin and end events. Begin
handlers will mark the entries as stale. End handlers will remove the
entries that are still marked as stale.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
2022-03-03 19:07:18 +00:00
Ray Kinsella
6db19a9f48 ipsec: remove ipsec vnet script
An updated ipsec script was identical to the existing ipsec_tun_protect script.
Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the
default ipsec vnet script.

Type: fix

Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
2022-03-03 17:32:23 +00:00
Alexander Chernavin
3819205bdb linux-cp: resync with kernel after nl socket error
Type: improvement

Currently, if an error happens on the netlink notification socket, the
socket gets reopened. A portion of notification messages have been lost
because of this and will never arrive on the socket. VPP will be out of
sync with the kernel networking state.

With this change, synchronize VPP state and the kernel networking state
if there was an error polling or reading the notification socket.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
2022-03-03 17:04:59 +00:00
Neale Ranns
758ec13718 ip: Path MTU DPO allocation function is public
Type: refactor

check for pool expansion in the DPO allocation, just in case.

Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
2022-03-03 16:49:20 +00:00
Alexander Chernavin
87e92c6586 linux-cp: make check of message ts null-tolerant
Type: improvement

For some message types, timestamps are checked on netlink message to
decide whether the message should be applied. For notification messages
timestamps are expected to be always available.

With this change, before accessing the timestamp, make sure the message
info object that carries it is not null. If it is null, pass the check.
This is to be ready to process dump replies that will not need the
timestamp check and will have the message info object set to null.

Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
2022-03-03 14:26:48 +00:00