13367 Commits

Author SHA1 Message Date
Matthew Smith
ff71939c30 ipsec: check each packet for no algs in esp-encrypt
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).

The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.

This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.

Check whether each packet should be dropped instead of only checking
when a new SA is encountered.

Update unit tests:
- Add a test for no algs on tunnel interface which enables
  asynchronous crypto.
- Send more than one packet in the tests for no algs.

Type: fix
Fixes: dac9e566cd16fc375fff14280b37cb5135584fc6

Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
2024-02-19 15:35:54 +00:00
Florin Coras
37127f7bcc udp: use transport port refcnt on accept
Use udp transport refcnt instead of local port refcnt when accepting new
connections.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibc34677b1138682497f98e96b6fddb5b96094ff9
2024-02-18 18:54:55 +00:00
Tom Jones
9a97fb8ad7 svm: Only include sys/user on Linux
Type: improvement
Change-Id: Idb318eb386617013015c43153bf0bd92fa28b9b6
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:08:21 +00:00
Tom Jones
9447adc429 vnet: Add required header for pthread_np
Type: improvement
Change-Id: Ia9295b79340a18de6eb5fe80877dcf4ce97b35eb
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:08:04 +00:00
Tom Jones
67e7f016d2 vppinfra: Place hugepage MMAP call behind linux specific ifdef
Type: improvement
Change-Id: I3a48ec4fd4a4063b6e3792b87def7bb796fc947c
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:06:31 +00:00
Tom Jones
9bf4f8fb58 vnet: Use platform specific netlink headers on FreeBSD
Type: improvement
Change-Id: Ifbd84a45edc82c79ac2850dd70ecdd2f9f1289ae
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:05:33 +00:00
Tom Jones
0f7830023a vnet: Disable tuntap build on not Linux
tuntap requires porting on FreeBSD, only build on Linux for now.

Type: improvement
Change-Id: I448c462b31f3bc06f291a95d0ff5df9d6f8f24b8
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:03:01 +00:00
Tom Jones
aaa2a89a3d vlib: Only init vfio on Linux
Type: improvement
Change-Id: Id1c72928324b85bc67860e600722bf8baeff45b2
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:02:27 +00:00
Tom Jones
646e5d2ad4 vpp: Add required socket headers on FreeBSD
Type: improvement
Change-Id: I948e447082233187d9ca794ca56a62fad4592e13
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:01:57 +00:00
Tom Jones
e12f69f773 vppinfra: Provide FreeBSD implementation of clib_mem functions
Working from the implementation in linux/mem.c add FreeBSD specific
functionality. This duplicates parts of the Linux implementation and a
depuplication job could be run in the future.

Stub out some parts of the API for now, they are either use unavailable
features on FreeBSD or require further implementation than this initial
implementation.

Type: improvement
Change-Id: I1e443e32304d19776a9a4d5e34adfa16ec919427
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 16:00:09 +00:00
Tom Jones
2cbbbb6d15 build: Add FreeBSD as a supported platform for cmake
Allow FreeBSD as a platform in the main CMakeLists file. This requires a
correct target for the compiler and an explicit name in the system
check.

The included subdirs require further changes to build, but the compiler
needs to find them before it can complain.

Type: improvement
Change-Id: Ic56fe68290519ef5d3ed61082e7fb0ba0528a3fc
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 15:59:11 +00:00
Tom Jones
61b4efc4da vnet: Provide platform specific if_tap headers
Type: improvement
Change-Id: Ia5cec0afc7f929491e495bb337493e64f752d75f
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 15:58:01 +00:00
Tom Jones
6ce1e930e8 vnet: Only build tap on Linux
tap requires some porting on FreeBSD, while we wait for those changes
only build tap on Linux.

Type: improvement
Change-Id: I4361bf43764fdb046c2138d4a2ee5d7efa31bd5a
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 15:57:17 +00:00
Tom Jones
393bfa786c vpp: Add platform specific headers for socket and inet
Type: improvement
Change-Id: Idcedc14089a49483d83c28a82ecb79d1b856f225
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-18 15:53:09 +00:00
Florin Coras
d1e17a8738 tcp: retransmit fins in last-ack
Fix instances where timers are reset after programming fin.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib80e3a401d585f388a97c7f2bb62e68ee774d50d
2024-02-17 02:25:07 +00:00
Florin Coras
81a6ffced1 udp: unregister ports on all cleanups
UDP transport port refcount is incremented even if port is shared. So
decrement it, by unregistering, whener udp connections are cleaned up.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id0a2c60c5faf4dea8b2cd9ded0334934ad9e918c
2024-02-16 18:18:56 +00:00
Denys Haryachyy
d5d510f795 vppapitrace: Fixed trace dump API result issue.
Set last thread id and last packet position in TRACE_DUMP_REPLY.
To enable collection of traces from multiple workers using iterator.

Type: fix

Change-Id: I69872af4f6981d50cd050fa3d16de2a3c0d6b496
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-16 15:29:07 +00:00
adrianvillin
fbf5f2b030 hs-test: shortened interface names to avoid character limit
Type: test

Change-Id: I09df597ccb8a3c4af47b8a36010afb81df533236
Signed-off-by: adrianvillin <avillin@cisco.com>
2024-02-15 18:35:34 +00:00
Florin Coras
0ded4890be tls: mark ho done atomically after ctx init
Make sure ctx is initialized before ho is marked as done.

Type: fix

Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-15 17:52:51 +00:00
Florin Coras
e439b1e70e session: postpone ct cleanup if rx evt pending
Type: fix

Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-15 17:20:41 +00:00
Benoît Ganne
a421d564cd build: add fib configuring option
Allow to select 8-8-8-8 or 16-8-8 mtrie FIB implementation.

Type: improvement

Change-Id: I2f4aec8bfec987d3f3d9f9cc5a16fabf4b6cc2ac
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-15 08:34:58 +00:00
adrianvillin
7c675471e8 hs-test: improved logging
- improved readability of some error messages
- printing container logs to stdout on test failure (last 20 lines)

Type: test

Change-Id: Idbb358bdd89aa7b1a6bdc9d96bf029d4c299ce64
Signed-off-by: adrianvillin <avillin@cisco.com>
2024-02-15 02:38:10 +00:00
Naveen Joy
0215ef1010 tests: refactor virtual interface tests
Split virtual interface tests in VPP into smaller and modular
tests for testing various interface types and features.

Type: test

Change-Id: Ic38af88379f75eee3090679d411edbdc8fd5d2e5
Signed-off-by: Naveen Joy <najoy@cisco.com>
2024-02-14 22:08:20 +00:00
Niyaz Murshed
28aef29e01 tls: fix compilation error
After changes done in https://gerrit.fd.io/r/c/vpp/+/40281 ,
mbedtls plugin is failing to build if enabled.

Discussion https://lists.fd.io/g/vpp-dev/topic/104344802#24060

Type: fix
Signed-off-by: Niyaz Murshed <niyaz.murshed@arm.com>
Change-Id: Iee58b69301ac64f058bca0a7f7a0dedd2def4b35
2024-02-14 18:46:56 +00:00
Denys Haryachyy
f40a354dab ikev2: dump state and profile name in CLI and API
Type: improvement

Change-Id: Ide4b45da99e3a67376281f6438997f3148be08e5
Signed-off-by: Denys Haryachyy <garyachy@gmail.com>
2024-02-14 18:47:23 +02:00
Florin Coras
e81f27ffb2 vcl: fix epollet test for unhandled evts
Argument to vcl_epoll_ctl_add_unhandled_event is often the result of an
and between events and EPOLLET which is larger than u8

Type: fix

Change-Id: I8c98f557fa1db9f3eb79c90ecdd60ac9366d4d40
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-13 17:19:20 +00:00
Tom Jones
775002358f svm: Add FreeBSD specific signal handling path
FreeBSD's siginfo_t doesn't have the ptr value used on linux to encode a
token. Fow now recover the code from siginfo_t and leave the opaque
value as 0.

Type: improvement
Change-Id: Ic6ef96f018b326b99d68534a4488cfc49fdf16e1
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:33:06 +00:00
Tom Jones
7ec62fb0cd vppinfra: Put clib_perf* behind Linux checks and provide stubs for FreeBSD
As a placeholder stub out clib_perf functions on FreeBSD, the interface
for performance counters on FreeBSD is different and will require its
own implementation.

Type: improvement
Change-Id: I61511ebe5ee1fd6fe93d3179c7843c811f47a846
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:28:51 +00:00
Tom Jones
a0b8538837 vppinfra: Add netlink header on FreeBSD
FreeBSD has support netlink since 13.2, but keeps its header in a
slightly different place. Correctly include netlink/netlink.h for
FreeBSD.

Type: improvement
Change-Id: Iec78ca72db74ea7f9c874e7039c7d17b6321f9dc
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:28:21 +00:00
Tom Jones
93fc6920fb vppinfra: Protect Linux specific features behind CLIB_LINUX
Place Linux specific features behind CLIB_LINUX. The previous #ifdef
calls would still pass even if CLIB_LINUX is set to 0 in clib.h, instead
use #if.

Type: improvement
Change-Id: Ibe4424eee4bc0065f54764b017b9a56a3e854380
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:27:26 +00:00
Tom Jones
b077d6678c build: Limit external libraries on FreeBSD
Limit the libraries we build on FreeBSD. This change intends to get us
closer to building on FreeBSD, DPDK will require a larger set of changes
so remove it until those changes are ready to integrate.

Type: improvement
Change-Id: I0f672a2b5bc30f2228020049fa71a81a2569ef54
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:26:41 +00:00
Tom Jones
caf9d4f4f8 svm: Include stdint on FreeBSD
On FreeBSD we need to include stdint.h to get __WORDSIZE.

Type: improvement
Change-Id: I784aa0856fd8298f33016b7ccedecfa3672d5429
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:25:18 +00:00
Tom Jones
7d2978dab9 vppinfra: Make program counter printing more portable
Finding the program counter in the ucontext struct is platform and
architecture specific, place the Linux checks inside an #ifdef and add a
look up for the FreeBSD amd64 specific naming.

Type: improvement
Change-Id: I42fcef5f20227c23d84acee336e37c4870146bb4
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:24:45 +00:00
Tom Jones
249f0dcdf6 vnet: Don't use __unused for struct padding
__unused is a clang keyword, this struct member will trip the build when
using clang. Instead call the unused padding 'pad' which should be clear
to the purpose if not the usage.

Type: improvement
Change-Id: I0abae34841651be1ef6b7d94864f0dc8185f0733
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:20:18 +00:00
Tom Jones
7c0415450b vppinfra: Add a stubbed out test_perf function for FreeBSD
Type: improvement
Change-Id: If136e0854dbaecfa62fc009ca2b0b94e8d9a56f2
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:18:41 +00:00
Tom Jones
77ce67f70b vppinfra: MAP_HUGETLB isn't available on FreeBSD
Don't use the MAP_HUGETLB mmap flag on FreeBSD as it isn't available on
the platform.

Type: improvement
Change-Id: Ie2046601c693f9ef12cf8113d6dbd87c322f1cf0
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:17:02 +00:00
Tom Jones
cb3372ddc8 vppinfra: Only prealloc hugepages on Linux
FreeBSD doesn't support sysfs or preallocating hugepages directly.  In
lieu of refactoring clib_sysfs calls place this one behind an #ifdef
linux.

Type: improvement
Change-Id: I4079ca70175e4cec44d913db2b0407a3ca6306c9
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:16:43 +00:00
Tom Jones
000b5e1b71 vppinfra: Don't build perfmon on FreeBSD
FreeBSD has platform specific APIs for interfacing with performance
counters. Until we bring in FreeBSD support, don't build perfmon on
platforms which aren't linux.

Type: improvement
Change-Id: Iabc418922c0d2e851c6098508761135f53433ae8
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:16:23 +00:00
Tom Jones
b2e0ce96ea vppinfra: Place SIGPWR behind a linux define
The SIGPWR signal is specific to Linux, place it behind a Linux flag to
help the build on FreeBSD.

Type: improvement
Change-Id: Ie36c2ceb201afff98e92bbe64595c3953b11c457
Signed-off-by: Tom Jones <thj@freebsd.org>
2024-02-13 16:13:19 +00:00
Steven Luong
58f37b21ea fib: contention with DP on deleting a route
Add vlib_worker_wait_one_loop prior to invoking dpo_reset
upon uninstalling a fib entry to avoid contention with DP.

Type: fix

Change-Id: If2a6c4cb9b5629dd61e506ab9f9c3e6aef121b45
Signed-off-by: Steven Luong <sluong@cisco.com>
2024-02-12 16:55:11 -08:00
hsandid
d1fa7ae03e af_packet : fix crash on interface creation
Type: fix

Attempting to create a host-interface with an invalid af_packet name
causes a crash, as we attempt to read the contents of a null ptr.

Change-Id: Ia31ae21684c2b66baa1ceaadf29e19fae33c4ed4
Signed-off-by: hsandid <halsandi@cisco.com>
2024-02-12 16:29:22 +00:00
Vratko Polak
04fd51c03c buffers: bring back cache occupancy improvement
The improvement was removed in 40129,
causing 5-40% regressions in AVF tests.

There is a memory-speed trade-off,
this change prefers speed over memory efficiency.

Ideally, the choice should be configurable,
but that is not easy to achieve, considering
how early is vlib_buffer_main_init called.

Type: fix
Fixes: 038dad7ef29b0b724071edb5f8cc7a9845584454

Change-Id: I4746f3634abe6d233c9d092a372de05b3d1ae4b6
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2024-02-12 16:20:31 +00:00
Benoît Ganne
7286065911 ip_session_redirect: export symbols
Add/del functions can be used from external modules.

Type: improvement

Change-Id: I267bcfacd58970bcacae13744d8acc690b87d2fc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
2024-02-12 09:59:57 +00:00
Atzm Watanabe
d4f405a70f ikev2: accept rekey request for IKE SA
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA,
establish a new equivalent IKE SA with the peer to whom the old
IKE SA is shared using a CREATE_CHILD_SA within the existing IKE
SA.  An IKE SA so created inherits all of the original IKE SA's
Child SAs, and the new IKE SA is used for all control messages
needed to maintain those Child SAs.

Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
2024-02-09 14:19:31 +00:00
Florin Coras
d9b4d9fb1f udp: add cli to dump transport ports
show udp transport ports

Dumps list of ports registered by udp transport, as opposed to udp
local, and their refcount.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If3cbe51a7176cb89fa38b524defffbbd76af8f58
2024-02-07 00:17:36 +00:00
Florin Coras
f9bdc03c1c session: guard session lookup table allocs
Session lookup tables could be allocated from workers, e.g., connects
are done from first worker. Make sure consumers are not affected by
stopping workers.

Type: fix

Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-02 13:22:31 -08:00
Florin Coras
e060b0a079 vlib: flush rpcs on worker sync
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I89624254649089e497d119eb6cee2cecf3dc11f3
2024-02-02 17:46:44 +00:00
Florin Coras
4cadd3b15b vlib api: move wrkr rpc flushing to vlib
Move vlib worker rpc flushing to main worker from memclnt api into vlib.
RPCs are no longer delivered via binary api queues

Type: refactor

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5b8761a57d1f4a1f2220e860cfb2e6b980f46f6d
2024-02-02 14:44:26 +00:00
Florin Coras
d7f17a2393 tls: set app closed flag in framework
Set the flag in tls framework as opposed to tls engines. This is similar
to passive close.

Type: improvement

Change-Id: I0c2a774b1ef9d7ec6ba74daf1678ea449815184f
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31 17:08:18 -08:00
Florin Coras
4a98b9360e tls: convert ctx fields to connection flags
Type: refactor

Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40
Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31 22:01:57 +00:00