Type: fix
The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.
Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.
Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.
If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().
After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.
Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 9aa4ac55b0)
The time wheel should not be started in the loop while processing expired events.
can be set p->stop_timer_handle = ~0 to solve.
Type: fix
Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit b7756b26a9)
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
(cherry picked from commit 2c03879ce4)
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
(cherry picked from commit dc95634a23)
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
(cherry picked from commit 26d841870f)
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
(cherry picked from commit 11d9d02459)
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
(cherry picked from commit 25ab42e33b)
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
(cherry picked from commit 656a550f1f)
In the defination of mac node, the order of dst and src address is
reversed. Swap their order in this patch.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
(cherry picked from commit 02bdd3f5cb)
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
(cherry picked from commit 3684794336)
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
(cherry picked from commit 905ec87977)
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
Should drop execution time for all tests by about 80%.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 62f9cdd82c ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
Fool-proof assert_checksum_valid so that one does not verify checksum on
wrong layer (because of how scapy internally works).
Make assert_packet_checksums_valid start checksum checking at inner
layers and outwards to make it more obvious where the error is. With old
behaviour, if one received an ICMP packet carrying a truncated TCP
packet, an error would be raised for ICMP checksum, as that one would be
the first to be wrong after recalculating all packet checksums, while
the real issue is TCP header being truncated and thus unsuitable for use
with this function.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Since VPP binaries are being compiled on host system,
it makes sense to autodetect Ubuntu version when building test images
so that containers would be running version equal to host system.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
Move config files to resources and docker files to separate directory
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
Official nginx image is based on Debian with older libc version,
that causes a runtime fail when VPP libraries are compiled in Ubuntu
which has newer libc.
Using equal version of Ubuntu in VPP image and in nginx image
ensures that running nginx won't fail due to different libc versions.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I48f3b23be30a9d9d9144351437ce163d64a4bb6b
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
This fixes an issue on systems with http proxy set.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic84fcd0b8a7698ef101b369d46be858cbe85fc73
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
Copy necessary only plugins in docker image
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5f60a8a1ccbbe099ac60774562dc5901f3b4fbed
Volumes can be referenced with anchors to reduce text duplication
and to explicitly show which containers share a volume.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Id408a78262573b3faf2257c32bfa569eca2e2049
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
This patch adds a fix for an issue in the ipsecmb library resulting in
lower than expected performance in multi-threaded scenarios. This is
due to multiple threads writing the same global variable simultaneously.
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: Ibcac321aa40da4b1709198dec3e18226e3891138
When use update api delete a virtual address, no matter which IP want to delete, always delete the last one.
Type: fix
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Change-Id: Ia67c06dd53a442740794e1884d1a4aaa06965398
This will add a new target (fixstyle) to Makefile that runs gofmt tool.
Type: style
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Icba60633f82aa8bbc75749f080e00f0375b55a18
Type: improvement
Allow vapi to signal to an application's RX thread that it should wake
up and exit.
Before disconnecting from VPP's API, libvlibmemoryclient inserts an
rx_thread_exit message into the client's own input queue to cause its
RX thread to wake up from its blocking dequeue and exit cleanly. Add a
function to vapi's API which will allow libvapi client applications
which have an RX thread waiting for incoming messages using vapi_wait()
to do the same thing.
The existing libvlibmemoryclient code which does this was moved to a
separate function and made available for vapi_stop_rx_thread() to call.
Also fixed some inconsistencies in indentation of function prototypes in
vapi.h to make checkstyle.sh happy.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7bbb73470807123cc63ef313cfb91d1fd31b34e5
We were creating an additional worker not backed by any VPP threads,
leading off-by-1 access in the session main workers vector.
Also uses vec_elt_at_index() when accessing session main workers vector
elements to catch those errors more easily.
Type: fix
Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Previously it was linked and worker properly. While rdma build
was simplified, link was lost so all encrypted data won't pass
via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps
won't created the right way.
Errors:
mlx5_common: Verbs device not found: 21a5:00:02.0
mlx5_common: Failed to initialize device context.
EAL: Requested device 21a5:00:02.0 cannot be used
Tested on Azure. Same errors appears on physical machine with
Mellanox connect adapter
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47
- load openssl legacy providers during quic init
when building with openssl 3.0 or greater
- re-enable quic 'make test' testcases on
ubuntu-22.04
Type: fix
Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Options
"-p" to not remove topology elements after the test finishes
"-v" from now on extra output from tests is hidden by default,
this will show it again
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I626188561c883534e9004d5130ee2a972d12b4e2
While before the my_client_index variable was stored as global variable
in api_main_t, after commit 2ca88ff978
the my_client_index becomes part of vapi_ctx_t.
Each API client (internal/external) connected to VPP stores its
client index in vapi_ctx_t.
The issue is in the client disconnection. The vapi_disconnect is
untouched in patch 2ca88ff978,
so it keeps the behavior of using the my_client_index stored
in api_main_t.
Ticket: VPP-2069
Type: fix
Fixes: 2ca88ff978
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Idf8c1d1056cbd631cc3057cf7acc486216fa8303
Definition of shared volumes and containers has been moved
to yaml files to be together with network topology.
Containers are automatically run at the beginning of each test case
and stopped afterward.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I264cbb4f1355f8bd7aade221e9609fb5b9bd693e
fix memory leak and refactor nat44-ed db init/free through.
how to reproduce memory leak: input "set nat44 session limit
50000 vrf 1" repeatedly.
Program received signal SIGABRT, Aborted.
0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
(gdb) bt
0 0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
1 0x00007ff4b3cc6a28 in abort () from /lib64/libc.so.6
2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3 0x00007ff4b43e784f in os_out_of_memory ()
at /usr/src/debug/vpp-23.02/src/vppinfra/unix-misc.c:221
4 0x00007ff4b43a71aa in clib_mem_heap_alloc_inline (heap=0x0, size=27263040, align=64,
os_out_of_memory_on_failure=1) at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:613
5 0x00007ff4b43a7256 in clib_mem_alloc_aligned (size=27263040, align=64)
at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:635
6 0x00007ff4b522fafa in alloc_aligned_16_8 (h=0x7ff46a7815b8 <snat_main+408>, nbytes=27262976)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:59
7 0x00007ff4b522fd12 in clib_bihash_instantiate_16_8 (h=0x7ff46a7815b8 <snat_main+408>)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:163
8 0x00007ff4b5230037 in clib_bihash_init2_16_8 (a=0x7ff465f36870)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:245
9 0x00007ff4b52300ac in clib_bihash_init_16_8 (h=0x7ff46a7815b8 <snat_main+408>,
name=0x7ff46a754871 "ed-flow-hash", nbuckets=262144, memory_size=0)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:260
10 0x00007ff46a7013e8 in reinit_ed_flow_hash ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3264
11 0x00007ff46a7014fd in nat44_ed_sessions_clear ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3299
12 0x00007ff46a701044 in nat44_update_session_limit (session_limit=70000, vrf_id=1)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3225
13 0x00007ff46a73d3d1 in nat44_set_session_limit_command_fn (vm=0x7ff473c8f740,
input=0x7ff465f36ef0, cmd=0x7ff474c5ce48)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed_cli.c:1638
14 0x00007ff4b5d56527 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=97)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
15 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=98)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
16 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=21)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
17 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=0)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
18 0x00007ff4b5d569cb in vlib_cli_input (vm=0x7ff473c8f740, input=0x7ff465f36ef0,
function=0x7ff4b5dc2406 <unix_vlib_cli_output>, function_arg=0)
---Type <return> to continue, or q <return> to quit---
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
19 0x00007ff4b5dc7b0c in unix_cli_process_input (cm=0x7ff4b5e4ae00 <unix_cli_main>,
cli_file_index=0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
20 0x00007ff4b5dc825a in unix_cli_process (vm=0x7ff473c8f740, rt=0x7ff4797a5280, f=0x0)
at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
21 0x00007ff4b5d80a25 in vlib_process_bootstrap (_a=140687718901968)
at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
22 0x00007ff4b439e298 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
23 0x00007ff4698268a0 in ?? ()
24 0x00007ff4b5d80b4e in vlib_process_startup (vm=0x7ff4b43a77a3 <clib_mem_size+24>,
p=0x7ff4698268d0, f=0x7ff474b1e580) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
25 0x00007ff4b5dbdbe6 in vec_max_bytes (v=0x8)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
26 0x00007ff474b1e598 in ?? ()
27 0x0000000000000004 in ?? ()
28 0x00000000000000ff in ?? ()
29 0x00007ff469826980 in ?? ()
30 0x00007ff4b5dbddcb in _vec_set_len (
v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I52a7d229c95e4ab30f7f2cfe574440aa37bed6a2
New BFD UDP errors were no longer compatible with BFD errors. This was causing
out-of-bound reads and ASAN test crashes.
Fix this issue by statically checking if these enums are compatible.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.
Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
After deleting a sw interface with nat44 features, the next created
sw interface will get the same sw_index reused and therefore will
erroneously have the same nat features enabled.
Type: fix
Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg
which is a combination of gso_buffer and gso_size.
but if HostStack regardless the gso_size to the buffer and split the buffer with default mss,
that cause peer client failed on parsing the package.
Type: improvement
Signed-off-by: Dou Chao <chao.dou@intel.com>
Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459
Signed-off-by: Dou Chao <chao.dou@intel.com>
Type: improvement
The function vapi_wait() is intended to allow a caller to block while
waiting until the API queue can be read/written. It was a stub that
returned VAPI_ENOTSUP. Add code which implements the wait on being able
to read an incoming message.
Had to touch a few other things in vapi.h to make checkstyle.sh happy
after changing the prototype of vapi_wait().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ida80c1a1d34fe297ab23268087be65ea53ad7040
- append make output to quicly build & install logs
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I4cfe7afdaa633295968c25902b12f58100f8ca69
Tests gso/gro-coalesce features on tapv2, tunv2 and af_packet
interfaces to ensure that packet transmission is enabled correctly
for various MTU sizes and interface combinations in bridged and
routed topologies for IPv4 and IPv6. Interface tests are
dynamically generated at run time from the config file
vm_test_config.py.
Type: test
Change-Id: I5f9d8cc80d20b4e34011fc8a87e35659bd9613bc
Signed-off-by: Naveen Joy <najoy@cisco.com>
Type: improvement
The log buffer and event buffer get lots of messages written like
"Processed 2 messages" by linux-nl when its enabled. This can crowd out
more important messages and should only actually be stored if debug
messages are desired. Change from logging with NL_INFO() to NL_DBG().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f
Docstring in VPP Python API says that find_api_dir() will search for
environment variable VPP_API_DIR first and foremost, except it doesn't.
Prepend VPP_API_DIR if it exists, and allow dirs to be omitted in case
it will be the empty list []
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: Ic892e4bb7d8ff50f18e64ddfd2a61343883f07ea
NAT44 enable/disable return status was used
instead of appropriate VNET_API_ERROR_ code.
Type: fix
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
Don't redirect to "favicon.ico/index.html" if you can't find
"favicon.ico".
If asked to serve up a nonexistent path, see if the path ends with a
known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request
on the spot: "Error 404 Not Found." Do not issue a redirect.
This change will not break the obvious corner case: if the browser
asks for "its_a_dir.mp3/index.html" - and the file exists - the server
will produce it.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526
Add plugin-path parameter to aid external plugin development.
Multiple directories are supported as a colon separated list.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ida35dedceccd0019ea68e56f7a3672c530258447
Use the Python API binding to generate a set of API messages
in binary format, that can later be replayed independently
of the Python API.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iaab6ca31fd2809193e461ab53f7cc7332a231eb5
Signed-off-by: Ole Troan <ot@cisco.com>
To support testing of external plugins, add support to the test framework and PAPI
for specifying a list of locations to look for api.json files.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d
Signed-off-by: Ole Troan <ot@cisco.com>
if the api client didn't wait for the last message, we'd get a SIGPIPE
from Unix and VPP would crash.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iac7705ec09ccd67cc249cc9a9525a7cb379e2f6f
Signed-off-by: Ole Troan <ot@cisco.com>
Async use of the API is much faster than blocking calls.
Seemed like it only worked over shared memory transport.
This patches re-enables support for async calls over socket
transport.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I05f3b362035ce0a1c16788ba9003a35601ddb04e
Signed-off-by: Ole Troan <ot@cisco.com>
The request vector generated by hss_ts_rx_callback() must be NULL
terminated.
The hss_main_t use_ptr_thresh member must be a u64 since
unformat_memory_size() expects it. Otherwise, the adjacent u8
enable_url_handlers may have an accident.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf
The metadata in classifier entries is used to index a fib or a dpo in
the acl nodes which can exceeds UINT16_MAX in large configurations.
To maintain entries size and alignment, decrease next_index from 32- to
16-bits: next_index should not exceed 16-bits in VPP, as it is already
shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node.
Type: fix
Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This adds basic, functional-only, test of TCP connection with delay and
packet loss introduced by Network Delay Simulator.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Ibedf4c680c152921b733cf39d99b178412748d3c
Add an http redirect template to generate correct-looking "301 Moved
Permanently" replies.
Supply a default value of 1<<31 for the use_ptr_thresh config parameter.
Expose hss_session_get() so friend plugins which register GET / POST
handlers with the http_static server can add data to the session fifos.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f
The return value in this function is initialized with 0, so if a vector of length 0 is passed
to stat_segment_dump_r, then this return value is never populated, resulting in inability
to distinguish between a successful dump of an empty vector and an error.
Solution: call vec_alloc(). As a side effect might get some trivial speed-up.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I33fefd801df457152e9ec257742305182e91f339
Test suite now supports assertions which on fail stop test case run,
also it allows to create docker containers which are going to be
stopped automatically after the test run is finished.
Type: improvement
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I2834709b1efd17b8182d36cc0404b986b4ed595d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
This change was introduced to workaround a bug in the NAT code, but
we should not woraround plugin bugs in infra.
Type: fix
Fixes: f8631ce7e8
Change-Id: Id6ee281cf1fe8466b6522905fc2a176716e3d52f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Account for the potential of sysconf() returning -1 if it can not
get the page size and make it a fatal error.
Coverity: 277313
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628
convert vhost device driver to a plugin as described in
https://jira.fd.io/browse/VPP-2065
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
Support generic flow in native avf.
Enable necessary RSS hash function for generic flow. Extend some
structures and functions from for FDIR only to for both RSS and FDIR
flows. Modify virtual channel message to align with ice kernel driver.
Add functions to parse generic flow patterns. The parsing results will
be delivered to the kernel driver and create corresponding flow rules.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
The initiate handshake process can be called a numbers times for each
peers, then the main VPP thread called by Wireguard starting to
allocate memory. This behaviour can lead to out of memory when VPP has
a lot of Wireguard tunnels concurrently.
This fix add mutex to send only once handshake initiate at time for
each peers.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
Write time into /sys/boottime on VPP start.
This allows a stateless control plane agent to validate if it's reconnecting to the same
VPP instance.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0
Signed-off-by: Ole Troan <ot@cisco.com>
Maintain a single writer multiple readers usage model for transport
endpoints pool.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8555700ed725971341f145ea97f031042a298e83
The issue can be reproduced by running "vpp_get_stats tightpoll"
The root cause is that the control flow discards the "result" struct
being prepared, along with pointer its allocated name.
This results in a memory leak.
Type: fix
Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution
will fall into scalar path of processing packets. But with a wrong
initialization value for n_left set to zero, i in the for-loop will
equal to n_rx_packets. This leads to the bypass of required ip4 checksum
validation and byte count endianness conversion in scalar path.
Besides, refactor the code using while instead of for-loop to keep
consistency with VPP code style.
Type: fix
Fixes: bf93670c51 ("rdma: fix ipv4 checksum check in rdma-input node")
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
Type: fix
Fixes: a51f9b3747
Some IPsec message type definitions were not being written to
ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and
ipsec_sad_entry_add.
The cause appears to be that tunnel_flags, which is defined in
tunnel_types.api is a special case of enum called an enumflag. These do
not appear to have been handled in the code that generates the vapi
header files.
This patch adds processing of enumflag objects for vapi.
Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Fast path spd was explicitely storing array of policy id vectors.
This information was redundand, as this inofrmation is already stored
in bihash table. This additional array was affecting performance
when adding and removing fast path policies.
The other place that needed refactoring after removing this array was
cli command showing fast path policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
Not ideal. The sparse vector used to map ports to next nodes assumes
only a few ports are ever used. When udp transport is enabled this does
not hold and, to make matters worse, ports are consumed in a random
order.
This can lead to a lot of slow updates to internal data structures
which in turn can slow udp connection allocations until all ports are
eventually consumed.
Consequently, reallocate sparse vector, preallocate all ports and have
them point to UDP_NO_NODE_SET. We could consider switching the sparse
vector to a preallocated vector but that would increase memory
consumption for vpp deployments that do not rely on host stack.
For reference, populating one of the v4 or v6 sparse vectors in reverse
order takes about 9.8s on a skylake cpu.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
Implements the API for SRv6 Path Tracing
Type: feature
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
In order to loop over the list of `vl_api_ip_address_details_t`,
increment the pointer by one instead of `i`.
Type: fix
Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7
Signed-off-by: Timur Celik <mail@timurcelik.de>
Type: fix
Fib entries for attached routes when sourced from
FIB_SOURCE_API or FIB_SOURCE_CLI
get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source.
Such a route added from linux-cp doesn't get this flag.
Fix this flag for linux-cp sources by passing it to the
fib entry's update/create function in lcp_router_route_add().
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
Type: docs
Several kinds of policers are implemented in VPP.
However, they could differ from the RFCs it is
said they are from.
Additionally, the CLI command's help has been
updated with the current list of acceptable
parameters.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
We add the crypto key to the vnet crypto library via vnet_crypto_key_add.
However, when the session is disconnected, we don't call
vnet_crypto_key_del and the memory is leaked in vnet_crypto library
as well as in pico tls key store.
It seems dispose crypto is the appropriate place to add
vnet_crypto_key_del.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec
Multi-Buffer library checks for both AVX2 and BMI2 sets during init.
VirtualBox VM doesn't provide BMI2 by default to guest operating system.
Result is that VPP plugin decides to use AVX2 initialization and library
then doesn't do it. Since flush_job remains empty, the self-check fails
and with that the whole VPP crashes on start-up.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
Make sure they only double in size.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33
API refactoring moved the address-family tag from rule
level down to prefix level.
This necessarily warrants the check that they are the same.
Also, add a check that the address family is sane.
Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether
the address is ipv4 or ipv6 within unformat_ip_address - however, its
logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified)
will result in "true" result. This is probably not an issue for most
of the cases (the unspecified address is quite rare),
however if the unformat_ip_address is used as part of the
prefix parsing, the ::/0 is a fairly often utilized construct,
which gets parsed as 0.0.0.0
Solution: return the old logic, but use a temporary
variable to avoid overwriting the target memory on failure.
Type: fix
Fixes: dd2f12ba6a.
Change-Id: I272f740dfdf07036cec68516e153f0701a53233d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
cli show policer's help info is not consistent
with it's arguments.
Type: improvement
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd
Each NAT44 ED session has a per_vrf_sessions_index referencing
an element in the thread-local vector per_vrf_sessions_vec.
However this index can be possibly invalidated by vec_del1() in
per_vrf_sessions_cleanup(), before a session is registered.
Such a stale index can cause an assertion failure in function
per_vrf_sessions_is_expired() when we use it to locate the
per_vrf_sessions object.
A possible sequence to reproduce is:
1. Create two NAT44 ED sessions s1, s2 so that two per_vrf_sessions are created:
index 0: between VRF pair 10 and 11 (expired=0, ses_count=1)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s1->per_vrf_sessions_index == 0
s2->per_vrf_sessions_index == 1
2. Delete the first session via CLI, now the two per_vrf_sessions become:
index 0: between VRF pair 10 and 11 (expired=0, ses_count=0)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s2->per_vrf_sessions_index == 1
3. Delete the VRF 11:
index 0: between VRF pair 10 and 11 (expired=1, ses_count=0)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s2->per_vrf_sessions_index == 1
4. Create a new session s3 between VRF pair 20 and 21 so that the first
per_vrf_sessions will be deleted:
index 0: between VRF pair 20 and 21 (expired=0, ses_count=2)
For the sessions we have:
s2->per_vrf_sessions_index == 1
s3->per_vrf_sessions_index == 0
Here, note that the actual index of per_vrf_session is changed due
to vec_del1(). The new session is added after the cleanup so it gets
the correct index. But the index held by the existing session is not
updated.
5. Trigger the fast path of the session s2. To achieve this, session
s2 could be created in step 1 by
ping -i20 -Iiface_in_vrf_10 1.1.1.1
and steps 2-4 should then be performed within the 20-second interval.
This patch fixes this by changing per_vrf_sessions_vec to a pool so
that indicies are kept intact.
Type: fix
Signed-off-by: Jing Peng <jing@meter.com>
Change-Id: I4c08f9bfd50134bcb5f08e50ad61af2bddbcb645
fix byte order error about the struct snat_address_t's member net.
for example configurations:
set interface ip table loop1 1
set interface ip addr loop1 10.10.10.2/24
nat44 add address 10.10.10.2 tenant-vrf 1
the snat address's net should be "as_u8 = {0xa, 0xa, 0xa, 0x0}",
but now it's "as_u8 = {0x0, 0xa, 0xa, 0x2}" because of missing
transition of byte order about the member net of snat_address_t.
(gdb) p/x *snat_main->addresses
$3 = {addr = {data = {0xa, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a0a,
as_u8 = {0xa, 0xa, 0xa, 0x2}, as_u16 = {0xa0a, 0x20a},
as_u32 = 0x20a0a0a}, net = {data = {0x0, 0xa, 0xa, 0x2},
data_u32 = 0x20a0a00, as_u8 = {0x0, 0xa, 0xa, 0x2},
as_u16 = {0xa00, 0x20a}, as_u32 = 0x20a0a00},
sw_if_index = 0x3, fib_index = 0x1,addr_len = 0x18}
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I4f25f0639ae90a7f2e8715b44f825571283d994d
Type: fix
The router flag on a neighbor advertisement can be used by neighbors to
detect that a router has changed to a host (RFC 4861 section 4.4).
If a neighbor adds routes after receiving a router advertisement sent
by VPP and subsequently receives a neighbor advertisement sent by VPP,
it may remove any routes it added based on the RA if the NA does not
have the router flag set. It appears that this is how windows behaves.
When sending a neighbor advertisement, set the router flag if sending
RAs is enabled on the interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d
Otherwise, the newly configured interface will never send RADV's.
See below. In the typical case, suppress = 0 and is_no = 0, which
propagates the current value of radv->send_radv:
radv_info->send_radv =
(suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv;
No other bit of code will set send_radv, at least in straightforward
ways.
Type:fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d
When echo client fails to connect to remote, it should quit.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I787423bdc61a58eea48bab7bd8b73137626c02b4
Type: refactor
1) Removed deprecated API.
- These specific APIs do not have repleacement
because features that they controled
aren't part of current NAT44-ED
implementation anymore.
2) Removed unused typedef of port allocation funciton.
- Missed left over removed.
Change-Id: Ib3f763449065eda7cdcb2c6565a9cae51baf23d6
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
_clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fffb3a7e1b5 "%s:%d (%s) assertion `%s' fails") at src/vppinfra/error.c:143
mbedtls_ctx_get (ctx_index=0) at src/plugins/tlsmbedtls/tls_mbedtls.c:114
tls_ctx_get (ctx_handle=536870912) at src/vnet/tls/tls.c:310
tls_app_session_cleanup (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/tls/tls.c:624
app_worker_cleanup_notify (app_wrk=0x7fffbef95f80, s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/application_worker.c:445
session_cleanup_notify (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/session.c:262
session_free_w_fifos (s=0x7fffbf102040) at src/vnet/session/session.c:268
session_delete (s=0x7fffbf102040) at src/vnet/session/session.c:287
session_transport_delete_notify (tc=0x7fffbdf63c40) at src/vnet/session/session.c:1159
tcp_handle_cleanups (wrk=0x7fffbef46d40, now=133.30033046694487) at src/vnet/tcp/tcp.c:1298
tcp_update_time (now=133.30033046694487, thread_index=2 '\002') at src/vnet/tcp/tcp.c:1309
session_update_time_subscribers (smm=0x7ffff7f75ce0 <session_main>, now=133.30033046694487, thread_index=2) at src/vnet/session/session_node.c:1817
session_queue_node_fn (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1934
dispatch_node (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4722227957546624) at src/vlib/main.c:960
Putting a breakpoint in gdb, I found out ctx was free in mbedtls_app_close.
Looking at app_close function in picotls and openssl, I don't see they
free ctx and they don't crash when processing cleanup. I am inclined to
think that mbedtls_ctx_free should not be called in mbedtls_app_close
at src/plugins/tlsmbedtls/tls_mbedtls.c:92
at src/plugins/tlsmbedtls/tls_mbedtls.c:559
at src/vnet/tls/tls.c:360
thread_index=2) at src/vnet/tls/tls.c:762
conn_index=536870912, thread_index=2 '\002')
at src/vnet/session/transport.c:332
at src/vnet/session/session.c:1608
elt=0x7fffbdfef3dc)
at src/vnet/session/session_node.c:1672
node=0x7fffbe0b1340, frame=0x0)
at src/vnet/session/session_node.c:1966
node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT,
dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0,
last_time_stamp=4721919444027682)
at src/vlib/main.c:960
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic5c13e659aee618c8accee42af9f40931b62f467
The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.
In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.
Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
Since vpp_sswan plugin already merged in /vpp/extras/strongswan,
no need to provide additional vpp_sswan source files for docker image.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
make install-ext-dep failed with,
sudo rpm -Uih vpp-ext-deps-23.02-4.aarch64.rpm
error: Failed dependencies:
perl(IBswcountlimits) is needed by vpp-ext-deps-23.02-4.aarch64
vpp-ext-deps have dependencies on infiniband-diags and libibumad
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2aea453f53d6507285b4f87f04c6dfc4845098cd
Fix initialization of the table u32 var which is leading to the incorrect
unformat of interface map type
Type: fix
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b
To aid sesipon debug, add session event log in SM debug to track
the session state.
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686
Type: fix
virtio transmit node uses header offsets to set the
appropriate metadata for packet with offloads. But
l2_hdr_offset is not correctly set by previous node(s).
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218
Type: fix
af_packet transmit node uses header offsets to set the
appropriate metadata for packet with offload. But
l2_hdr_offset is not correctly set by previous node.
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0
CQE flags located in bits 16-31 at offset 0x1c should be defined as
actual numbers instead of indexes. Besides, L3 header type for IPv4 is
10(2 in decimal) and for IPv6 is 01(1 in decimal) according to CQE entry
fields description of page 120 in Mellanox Programmer Reference Manual.
(https://network.nvidia.com/files/doc-2020/ethernet-adapters-programming-manual.pdf)
Fixing this issue will lead to correct CQE flags printing for rdma-input
node when buffer trace is enabled.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9b578ca5cbd8cd93a577aa83131e31c79f60430e
- cqe_flags pointer should be incremented accordingly otherwise only the
first element in cqe_flags will be updated
- flag l3_ok should be set for match variable when verifying if packets
are IPv4 packets with flag l3_ok set
- mask/match variables should be converted to network byte order to
match the endianness of cqe_flags
- vector processing of checking cqe flags will set return value to
0xFFFF by mistake if packet numbers are not multiple of 16(VEC256) or
8(VEC128)
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9fec09e449fdffbb0ace8e5a6ccfeb6869b5cac1
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP handling a lot of tunnels for
Wireguard, where one thread modify the hash table and other threads
starting to lookup at the same time.
The fix add a local variable to store how many bits are used by a user
object.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iecf6b3ef9f308b61015c66277cc459a6d019c9c1
The documentation for the cnat plugin is highly outdated specially on
the snat section.
Type: docs
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
Pass vec_foreach args in the right order
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I90d3dfb70ee2dbd9a48ae9ecfd2c1526a74d0786
vxlan will be moved to a plugin. Remove vnet files from including
vxlan header include files.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I4268110b4ed54f7ae3ffecd6db0e3025122fa59c
When there are several workers, iterator can and will skip
head iterator and it will last until BARRIER_SYNC_TIMEOUT won't
expire and will cause SIGABRT with `worker thread deadlock`
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
- add session debug cli to enable fine control of which event logs
are enable/disable with below syntax
session debug {show | group <list> level <n>}
list may be entered with a dash, "0-4"
or it may be entered with a comma, "0,1,4"
- fix compilation errors when SESSION_EVT is enable
- change SESSION_EVT_FREE_HANDLER to use DEC_SESSION_ED instead of
DEC_SESSION_ETD because the transport may already be free when the
handler is called
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iab2989e0a847bb59002ef16494eebcc1d112b2ae
Backward compatibility was broken when updating ipsecmb version to 1.3.
Type: improvement
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I87a76859ec5e2ef6be0bc2af0960fa2494ce4297
This allows for custom next node selection on output.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib0fee71a01847184e95c18097bbbfdadfbd9d030
This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.
Type: feature
Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
- Use the latest IPsec Multi-Buffer library release v1.3
- Use ipsec-mb burst API for HMAC-SHAx algorithms
- Use ipsec-mb burst API for AES-CBC and AES-CTR algorithms
The new burst API available in ipsecmb v1.3 brings significant
performance improvements for certain algorithms compared to the job API.
Type: feature
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I3490b35a616a2ea77607f103426df62438c22b2b
otherwise the next time the counter is validated this is dangling.
Type: fix
Fixes: 58fd481d73
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e
Delete redundant help information in ip neighbor's
cli. There is no code implementation about fib-id and
proxy in the cli's subsequent process.
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I1e276aad030409e3f2f62fee489ea95d316e67b5
Coverity complains dead codes in 2 places due to a recent commit as
pointed out in Fixes. The dead codes are
if (seed < L2_BD_ID_MAX % 2)
is_seed_low = 1;
and
if (is_seed_low)
seed += (2 * (i % 2) - 1) * i;
seed can never be less than (L2_BD_ID_MAX % 2).
Consequently, is_seed_low is always 0.
There is also other problem. The inner loop is iterating only once.
The fix is to greatly simplify the code to generate a random bd_id.
Type: fix
Fixes: Ieb6919f958f437fc603d5e1f48cab01de780951d
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I318773b9a59950920e051548ef14e36054ebd5e6
Session debug code does not compile anymore due to vlib_mains global
variable disappearing over time. Replace it with vlib_get_main_by_index
call.
Add a cmake variable and pass it from make command line to enable
session debug. Notice transport debug is required for session debug.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON VPP_EXTRA_CMAKE_ARGS+=-DVPP_SESSION_DEBUG=ON
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic2e887c6b10b77cbabd56934f4931fcfa04a6751
Because envoy didn't have permission for `envoy.log` file it would stop.
This made tests involving envoy fail.
Adding `ENVOY_UID` environment variable makes envoy run as root,
which avoids the problem.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I910416ad1c87137396e7da89c13de7739ce74c70
Due to refactor keeping api common code in vlibapi, changes order
linked library to this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
The log file directory is configurable with run.py using the
--log-dir argument. This patch removes the use of /tmp as
the default dir for storing all test logs. The default
log dir is now set to show the year, month and day
of the test run. This provides a more meaningful aggregation
of test logs for effective troubleshooting. The default log
dir is set to <CWD>/test-run-YYYY-MM-DD.
Type: improvement
Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566
Signed-off-by: Naveen Joy <najoy@cisco.com>
When checking for CLIB_SANITIZE_ADDR to enable specific behavior for
AddressSanitizer, we must have vppinfra/clib.h included as it is defined
there.
Type: fix
Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
existing details report the last_heard as the seconds since VPP
started, this is not very useful, so report additionaly
time_since_last_heard in seconds between VPP time and
last_heard.
Change-Id: Ifd34b1449e57919242b1f0e22156d3590af3c738
Type: improvement
Signed-off-by: Dave Cornejo <dcornejo@netgate.com>
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Fix vpp crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel
with 0.0.0.0 dst ip in debug build. The ASSERT should be move
out of fib_prefix_from_ip46_addr, which may be called when
create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip.
How to reproduce:
1. build debug vpp and run vpp
2. create vxlan t src 192.168.0.2 dst 0.0.0.0 vni 1 instance 1
create vxlan-gpe tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
create geneve tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
create gtpu tunnel src 192.168.0.2 dst 0.0.0.0 teid 1
Type: fix
Change-Id: I19972f6af588f4ff7fd17de1b16b9301e43d596f
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Some files include tcp_debug.h without including <vpp/vnet/config.h>
As a result, those files do not get VPP_TCP_DEBUG_ALWAYS option
set. The fix is to include <vpp/vnet/config.h> in tcp_debug.h
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0c141147f1e8d1b49c5a1440fac1e97cbd96aaa7
Add cmake option to enable TCP_DEBUG_ALWAYS.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=OFF
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I911a8d615f76516ae0a988bc6135c3b0d8fcb3df
- tell git to ignore all build/external generated files
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3
this patch adds a mode to urpf in order to perform the lookup in a specified vrf instead of the interface vrf
Type: feature
Change-Id: Ieb91de6ccdfbf32b6939364f3bebeecd2d57af19
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Type: fix
The handler for abf_itf_attach_add_del was always returning 0. Set rv to
the return value of call to abf_itf_attach() or abf_itf_detach().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb888bb148e6e03fc2776e2384b3a6e26148a429
Type: improvement
This patch provides:
1. interrupt mode support,
2. abstract socket support,
3. overriding responder example and divides it to two examples:
-icmp_responder_cb
-icmp_responder_poll
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Change-Id: I99c86d053521760c457541fc596ed554f4077608
adj_delegate_adj_created() is incorrectly called when an existing
adj is found and returned. This can lead to crashes in some cases
in the pmtu delegate:
(gdb) bt
0 0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6
2 0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437
3 0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188
4 <signal handler called>
5 0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156
6 0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197
7 0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166
8 0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95
9 0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217
10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108
11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593
12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810
13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208
14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429
15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235
16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123
17 0x00007f2a47cf5d60 in ?? ()
18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260
19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316
20 0x0000000000000000 in ?? ()
(gdb)
Type: fix
Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
- Also fix log output to remove hardcoded compiler version
Type: make
Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- Verify mlx_rdma_dpdk_matrix.txt versions,
build MLX drivers in dpdk if the versions match.
Also output version comparison results to a file
for CI job to send notification email when the
versions do not match.
Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
It looks like tcp_time_now has been deprecated for a while and the
replacement is tcp_time_now_us
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64
Encode entropy value in UDP source port when requested per RFC 7510.
CLI already has "src-port-is-entropy", use zero UDP source port in API
to avoid breaking changes, since zero port is not something to be used
in wild.
Also, mark UDP encapsualtion API as mp-safe as already done for CLI.
Type: feature
Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Added scripts to reparing setups for testing
To prepare and run containers:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers
To prepare setups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh config
To clean-up settups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean
To deleted all containers and images in Docker:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
Added plugin vpp-swan is a plugin that helps offloading
Strongswan IPsec ESP process from Linux Kernel to VPP.
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
Type: test
"test_wg_handshake_ratelimiting_multi_peer" has been unstable recently
because the test strongly relies on execution speed. Currently, the test
triggers ratelimiting for peer 1 and sends handshake initiations from
peer 1 and 2 mixed up. After that, the test expects that all handshake
initiations for peer 1 are ratelimited and a handshake response for peer
2 is received.
Ratelimiting is based on the token bucket algorithm. The more time
passes between triggering ratelimiting for peer 1 and sending a mixture
of handshake initiations from peer 1 and 2, the more tokens will be
added into the bucket for peer 1. Depending on delays between these
steps, the number of tokens might be enough to process handshake
initiations from peer 1 while they are expected to be rejected due to
ratelimiting.
With this change, these two steps are combined into one and the logic
modified. The test triggers ratelimiting for both peer 1 and 2. Packets
that trigger ratelimiting and that are to be rejected are sent in one
batch that is going to reduce delays between packet processing. Also,
verify that number of rejected handshake messages is in expected range
instead of verifying the exact number as it still may slightly vary.
Also, this should finish making the wireguard tests stable on Ubuntu
22.04 and Debian 11.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802
default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or
load complex bpf program, libbpf will return permission error.
root cause is default 64 is not large enough. So we change it before
load bpf program.
Type: fix
Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Type: fix
Currently, when a wg interface is administratively disabled initially or
during operation, handshake packets continue to be sent. Data packets
stop being sent because routes pointing to the wg interface will not be
used. But data keys remain.
With this fix, when a wg interface is administratively disabled during
peer creation, avoid connection initialization to the peer. Data keys
and timers should be empty at this point. When a wg interface is
disabled during operation, disable all peers (i.e. stop all timers,
clear data keys, etc.). Thus, state should be identical in both cases.
When a wg interface is administratively enabled, enable all peers (i.e.
get ready to exchange data packets and initiate a connection). Also,
cover these scenarios with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c
Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
with it
PS. openSSL 3.x.x
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If715a80228548b4e588cee222968d9da9024c438
Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
Type: fix
As per the protocol:
A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms,
if a response has not been received...
Currently, if retransmit handshake timer is started, it will trigger
after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake
initiation via wg_send_handshake() given that no responses have been
received. wg_send_handshake() will verify that time stored in
REKEY_TIMEOUT has passed since last handshake initiation sending and if
has, will send a handshake initiation. Time when a handshake initiation
was last sent is stored in last_sent_handshake.
The problem is that last_sent_handshake is not only updated in
wg_send_handshake() when sending handshake initiations but also in
wg_send_handshake_response() when sending handshake responses. When
retransmit handshake timer triggers and a handshake response has been
sent recently, a handshake initiation will not be sent because for
wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT
has not passed yet. Also, the timer will not be restarted.
wg_send_handshake_response() must not update last_sent_handshake,
because this time is used only when sending handshake intitiations. And
the protocol does not say that handshake initiation retransmission and
handshake response sending (i.e. replying to authenticated handshake
initiations) must coordinate.
With this fix, stop updating last_sent_handshake in
wg_send_handshake_response().
Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds
and did not receive any handshake initiations. Then they fail.
Also, long-running tests that send wrong packets and do not expect
anything in reply may now receive handshake intiations, consider them as
replies to the wrond packets, and fail. Those are updated to filter out
handshake initiations in such verifications. Moreover, after sending
wrong packets, error counters are already inspected there to confirm
packet processing was unsuccessful.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6
The previous patch[37164] was a bit flawed.
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667
This patch introduces fast path matching for inbound traffic ipv6.
Fast path uses bihash tables in order to find matching policy.
Adding and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve the perfromance.
Type: feature
Change-Id: Iaef6638033666ad6eb028ffe0c8a4f4374451753
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
This adds the ability to specify we want an IPv4 route via an IPv6 adj
and vice-versa.
Type: improvement
Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When manually adding neighbor entries for proxy-arp, those will be
fib-adj entries. Check for proxy-arp instead of dropping immediately.
Type: improvement
Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The script accepts zero or one argument (the commit hash), and outputs
the detected components, the component maintainers,
and the final suggested reviewer list. See the script
for the example output.
Change-Id: Ief671fe837c6201bb11fd05d02af881822b0bb33
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Add a new tool packetforge to extras. This tool is to support generic flow.
Packetforge is a library to translate naming or json profile format flow
pattern to the required input of generic flow, i.e. spec and mask. Using
python script flow_create.py, it can add and enable a new flow rule for
an interface via flow VAPI, and can delete an existed flow rule as well.
Command examples are shown below. Json profile examples can be found in
./parsegraph/samples.
Naming format input:
python flow_create.py --add -p "mac()/ipv4(src=1.1.1.1,dst=2.2.2.2)/udp()"
-a "redirect-to-queue 3" -i 1
python flow_create.py --del -i 1 -I 0
Json profile format input:
python flow_create.py -f "./flow_rule_examples/mac_ipv4.json" -i 1
With this command, flow rule can be added or deleted, and the flow
entry can be listed with "show flow entry" command in VPP CLI.
Packetforge is based on a parsegraph. The parsegraph can be built by
users. A Spec can be found in ./parsegraph as guidance. More details
about packetforge are in README file.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ia9f539741c5dca27ff236f2bcc493c5dd48c0df1
When ESTABLISHED TCP connection is terminated by an RST packet,
EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using
VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) +
EPOLLRDHUP(if requested).
libevent will interpret the two cases as different EV combinations.
Below is the code snippet for libevent v2.12:
if (what & EPOLLERR) {
ev = EV_READ | EV_WRITE;
} else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) {
ev = EV_READ | EV_WRITE;
} else {
if (what & EPOLLIN)
ev |= EV_READ;
if (what & EPOLLOUT)
ev |= EV_WRITE;
if (what & EPOLLRDHUP)
ev |= EV_CLOSED;
}
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05
Usage:
test/run.py -r -t {test_filter}
Instead of starting a new instance of VPP, when the -r argument
is provided, test is run against a running VPP instance. Optionally,
one can also set the VPP socket directory using the -d
argument. The default location for socket files is
/var/run/user/${uid}/vpp and /var/run/vpp if VPP is started
as root.
Type: improvement
Change-Id: I05e57a067fcb90fb49973f8159fc17925b741f1a
Signed-off-by: Naveen Joy <najoy@cisco.com>
It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
Also check for non-zero rpath length in CLI cmd.
While there, no need to use "else" after a return.
Also while there, notice and fix numerous input_line
buffer leaks and fix them.
Type: fix
Fixes: 669d07dc01
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
Type: fix
If an attempt is made to delete a teib entry and the entry does not
exist, a message is logged. The format string contained an extra "%U",
which results in a segv.
Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
When we follow arp feature arc for proxy-arp, we should still update
the error reason in case proxy-arp cannot handle the arp request and
drops it.
Type: improvement
Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
If unrecognized input was provided to the commands which add or delete a
pair, the error message was being created incorrectly and only displayed
something like "unknown input `'". Provide the correct argument to
format_unformat_error so that the actual unrecognized input is printed.
There also was no error or useful information printed if only the base
command were provided without any additional arguments. This should
print a warning about what required data was missing. Reorganize code to
handle this and to make sure that memory gets freed appropriately.
Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Handle the case of the mapping not being found by GID.
Type: fix
Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
add hugepage for vcl configure and svm
Type: feature
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
add dma support to session, acclerate host-stack with dma
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
If one attempts to add a pattern with zero length, first time
it will succeed, and the second time it will cause an invalid memcmp call.
Solution: do not allow to add zero-length patterns.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2
The number of available dynamic ports is set to (0xffff - 1024) =
64511, which is not divisable by the pow2 number of workers - the
only integer divisors are 31 and 2081.
So, total dynamic port range of all workers will be less than it:
1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536
2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535
4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533
8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529
...
As seen, with multiple workers there are unused trailing ports for every
nat pool address and that is the reason of out-of-bound index in the
worker array on out2in path due (port - 1024) / port_per_thread math.
This was fixed in 5c9f9968de, so packets
to unused ports will go to existing worker and dropped there.
Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6:
6. Port Number Ranges
o the System Ports, also known as the Well Known Ports, from 0-1023
(assigned by IANA)
o the User Ports, also known as the Registered Ports, from 1024-
49151 (assigned by IANA)
o the Dynamic Ports, also known as the Private or Ephemeral Ports,
from 49152-65535 (never assigned)
According that let's allocate dynamic ports from 1024 and have full port
range with a wide range of the workers number - 64 integer divisors in
total, including pow2 ones:
1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536
2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536
3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536
4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536
5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534
6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536
7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536
8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536
...
Modulo from 5c9f9968de is still required
when the numbers of workers is not the integer divisor of 64512.
Type: fix
Fixes: 5c9f9968de
Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
DPO in the new copy was not locked ...
Type: fix
Fixes: 0bfe5d8
Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6
Signed-off-by: Damjan Marion <dmarion@me.com>
Free node frames in worker mains on refork. Otherwise these frames are
never returned to free pool and it causes massive memory leaks if
performed under traffic load
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
When a session is found expired, the next node of in2out fast path
should be in2out slow path instead of out2in slow path.
Type: fix
Signed-off-by: Jing Peng <jing@meter.com>
Change-Id: If1dd920502089c25b33bea5434823b0496a44499
Type: improvement
Roaming functionality allows the peer address to change. The main thread
was being called to update a peer's address if necessary after
processing a received packet. Check in the worker whether this is
necessary before incurring the overhead of the RPC to the main thread.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45
The ability to modify the vlan setting must be checked prior to using
VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan
stripping
Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.
The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
- default to opensuse-leap 15.4, no python2 support in this version
- deprecate version openSUSE 15.0, openSUSE 15.3 still supported
Type: make
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
Change-Id: Ic7178ff5238e2669bc45166c1f13d3f077f6069b
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.
Type: fix
Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- Ubuntu 22.04 enables LTO by default and dpdk
adds lto flags to CFLAGS. This CI jobs to fail
with OOM-Kill (especially on ARM64) due to lto
consuming large amounts of memory.
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5a3d3a08e2caddb4790b281b80b16081567aed5b
Store mss and sw_if_index to udp_connection_t and display them via
show sessipn verbose 2
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
Initialize the session index in case of error to ~0,
so is defined in case trace needs to copy it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
It may contain garbage in debug builds resulting in wrong
gho detected flags and offsets.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
dpdk 22.03 introduces iavf driver but misses rx vector path on Arm.
This causes VF fail to receive packet when running VPP device test
with no-multi-seg configuration.
Add iavf basic Neon RX support to fix this.
Type: fix
Fixes: 2f132efc3c ("dpdk: bump to DPDK v22.03")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I75ae74c8060428cee0e1c235feab1246c014801e
Mark arp packet as locally originated when probing/replying and don't apply any
arp-term logic against it.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
The unformat type for "%d" should be u32 or int, otherwise the 'did' in
high stack address will be overflow to zero by the 'qid' which is in the
low stack address.
Like input "dev wq3.2" will return "did=0, qid=2".
Type: fix
Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90
When there is a bad descriptor, it may in the beginning, in the middle,
or at the end of the batch if the batch has more than 3 descriptors.
When processing a bad descriptor is encountered in the batch, we need to
rollback n_buffers in memif_process_desc(), or the statement in the same
function
memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy,
dst_off, n_buffers - 1);
is wrong because it picks up the wrong buffer_vec_index of the bad
descriptor while parsing a good descriptor immediately following the
bad descriptor. n_buffers was incremented in the beginning of
while (n_left) loop.
The other problem is we should count the number of bad packets and
reduce ptd->n_packets to get the correct number of packets for subsequent
processing in device_input.
The last fix is to check if n_buffers == 0 in device_input and skip
doing any descriptor copy. This case can happen when all the descriptors
are bad in the batch.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I28ed1d87236b045657006755747b5750a9a733be
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei,
is called only if ei is set.
Type: fix
Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: feature
This patch bumps DPDK version to 22.07.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I72ecb31ca15774aed4453778042120610020a0c1
Following the discussion during the review
of b46a4e69e5,
remove the redundant ei0. This resulted in realization
that in order for this code to do anything useful,
the ei must be always non-zero, so rewrite the logical
condition for it. Also, make it a conjunction which seems simpler
to understand.
Type: improvement
Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Using the error name makes it less explicit in the packet trace than
the error description when a packet is dropped. Example of the trace
when the TTL is <=1:
01:03:17:015278: drop
ip4-input: time_expired
We should have "ip4 ttl <= 1" instead of "time_expired"
Type: fix
Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add
static ARP entries will output wrong mac addresses due to lack of
big/little endian conversion. Fix this error by converting mac address
from big endian to little endian before doing the self-increment.
Before patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
After patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0
4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0
4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0
4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0
4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
Add an assert to express the constraint to coverity without
incurring the overhead in release builds.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
Add an ASSERT so coverity is aware of the assumption taken,
without incurring any penalty in release build.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Check that the pointer is non-null before dereferencing it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
In case of a bad packet, the bihash kv is not initialized before being
copied in the trace. Make sure it is initialized to 0.
Type: fix
Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
Previously, libmemif can only use buffer size which
have to be power of 2. memif protocol does not enforce
this. This patch fixes this issue.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic71e6a51685e2c2228c744920797064d4c7c65c9
Initialize the host_sw_if_index to ~0 so in the error cases
the variable is set to something predictable.
Type: fix
Change-Id: Ic55e4f0cbfa286e85dfb54b89b5321af18a439a1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Zero-initialize the temporary struct, else a->map.adj_index is being used unset.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia02636ea1e911250d6aa5e413de48e1e09863880
- this warning causes build errors with gcc on ubuntu 22.04
Type: make
Change-Id: Id8f6ab44b2315ce8a4564ea924d799ecb6f57fdf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch introduces DMA infrastructure into vlib. This is well known
that large amount of memory movements will drain core resource. Nowadays
more and more hardware accelerators were designed out for freeing core
from this burden. Meanwhile some restrictions still remained when
utilizing hardware accelerators, e.g. cross numa throughput will have a
significant drop compared to same node. Normally the number of hardware
accelerator instances will less than cores number, not to mention that
applications number will even beyond the number of cores. Some hardware
may support share virtual address with cores, while others are not.
Here we introduce new DMA infrastructure which can fulfill the
requirements of vpp applications like session and memif and in the
meantime dealing with hardware limitations.
Here is some design backgrounds:
Backend is the abstract of resource which allocated from DMA device
and can do some basic operations like configuration, DMA copy and
result query.
Config is the abstract of application DMA requirement. Application
need to request an unique config index from DMA infrastructure. This
unique config index is associated with backend resource. Two options
cpu fallback and barrier before last can be specified in config.
DMA transfer will be performed by CPU when backend is busy if cpu
fallback option is enabled. DMA transfer callback will be in order
if barrier before last option is enabled.
We constructs all the stuffs that DMA transfer request needed into
DMA batch. It contains the pattern of DMA descriptors and function
pointers for submission and callback. One DMA transfer request need
multiple times batch update and one time batch submission.
DMA backends will assigned to config's workers threads equally. Lock
will be used for thread-safety if same backends assigned to multiple
threads. Backend node will check all the pending requests in worker
thread and do callback with the pointer of DMA batch if transfer
completed. Application can utilize cookie in DMA batch for selves
usage.
DMA architecture:
+----------+ +----------+ +----------+ +----------+
| Config1 | | Config2 | | Config1 | | Config2 |
+----------+ +----------+ +----------+ +----------+
|| || || ||
+-------------------------+ +-------------------------+
| DMA polling thread A | | DMA polling thread B |
+-------------------------+ +-------------------------+
|| ||
+----------+ +----------+
| Backend1 | | Backend2 |
+----------+ +----------+
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I1725e0c26687985aac29618c9abe4f5e0de08ebf
The ipv6 header length should not be counted in the ipv6 payload length.
This is similar to https://gerrit.fd.io/r/c/vpp/+/36945.
Type: fix
Change-Id: I22de0ff828175829102a85288513ee3f55709108
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: improvement
When trying to use a version string in a downstream build that appends a
timestamp to the standard version string, compiling fails because the
version string is too long for the version and version_required fields
in vlib_plugin_registration_t. Increase the size of those arrays from 32
to 64 chars.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I3632139e5ae7110aa4769359f380ad29522ad4ed
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
Type: improvement
VPP crashes when a linux-cp tap is added to a bridge on the host system
because rtnl_neigh_get_dst() returns NULL for the neighbor message that
is sent by the kernel.
Check for NULL before trying to use the address from a neighbor in a
netlink message.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I8a683d815a09620df9c0cc76e18df39828428e2c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Add the error checks in parsing, aimed to avoid parser walking past the end of packet in case the data
is garbage.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9541b555a18baf63cb8081bcd7a4c2750f2ed012
flags is u64, makes sure we do not overflow when shifting.
Type: fix
Change-Id: Ieea34187c0b568dc4d24c9415b9cff36907a5a87
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Day1 latent integer overflow.
vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32
in split_and_rehash as well.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
rather than using obfuscated macro hacery, simplify
the per-protocol data management by directly using
an array of NAT protocol types.
Type: refactor
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I6fe987556ac9f402f8d490da0740e2b91440304c
Type: improvement
If an SA protecting an IPv6 tunnel interface has UDP encapsulation
enabled, the code in esp_encrypt_inline() inserts a UDP header but does
not set the next protocol or the UDP payload length, so the peer that
receives the packet drops it. Set the next protocol field and the UDP
payload length correctly.
The port(s) for UDP encapsulation of IPsec was not registered for IPv6.
Add this registration for IPv6 SAs when UDP encapsulation is enabled.
Add punt handling for IPv6 IKE on NAT-T port.
Add registration of linux-cp for the new punt reason.
Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
Free up the vapi context in case of failure.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4f64e8718014d714f1b82877e69d2354b5fa44fb
Crypto backend errors should not be using the same error as missing
keypair.
Type: fix
Change-Id: I78c2b3df3f08a354463b7824349b08627f2b023c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
IPv6 payload length should not include the size of the IPv6 header.
Type: fix
Change-Id: Iedcd17d0af8d72d9b5f8f9b605da7c99e151bc9d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Fix a copy-n-paste issue that left clib_bitmap_set()'s return
type documentation incorrect. Chnage it to indicate that
the function returns a new pointer for the bitmap that could
be different due to a possible reallocation.
Type: docs
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ia193c4673c0e4d1760e91cd7f80ebe1868a3c9b5
Previously, each address maintained an array of 32-bit
reference counts for each of 65K possible ports for each
of 4 NAT protocols. Totalling 1MB per address. Wow.
A close read of the code shows that an "is used" check
precedes each attempted reference count increment.
That means the refcount never actually gets above 1.
That in turn means algorithmically, a bit vector is
sufficient. And one need not be allocated for more
than the highest validated port referenced.
These changes introduce a dynamically sized bit vector
replacing the reference counts, for a maximum of 32K
if all 4 protocols use port 65535. In fact, protocol
OTHER is never used, so at most 24K will be used, and
none of it will be "statically" allocated per address.
Type: fix
Fixes: 85bee7548b
Change-Id: I7fd70050e7bf4871692a862231f8f38cf0158132
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Zero-initialize the temporary struct on stack.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I89ced4cca8e832827fe054e2e60986de5910360c
Zero-initialize the temporary struct on stack.
Type: fix
Change-Id: I651f87deeb79c6c073d5c510435fa268893a3b0e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
plus the addition of the 'thorttle' counter of IP6.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload
to enable stronger guarantees of forward secrecy.
When the KEi payload is included in the CREATE_CHILD_SA request,
responder should reply with the KEr payload and complete the key
exchange, in accordance with the RFC.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
We validate each descriptor via memif_validate_desc_data and set
desc_status to non-zero for the corresponding descriptor when
the descriptor is bad. However, desc_status is not propagated back to
xor_status in memif_validate_desc_data which eventually sets
ptd->xor_status.
Not setting ptd->xor_status causes us to treat all descriptors as
"simple". In that case, when we try to copy also the bad descriptors to
the buffers, it results a crash since desc_data is not set to point
to the correct memory in the descriptor.
The fix is to set xor_status in memif_validate_desc_data such that if
there is a bad descriptor in the frame, "is_simple" is set to false and
we have to selectively copy only the good descriptors to the buffers.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I780f51a42aa0f8745edcddebbe02b2961c183598
Type: fix
After peers roaming support addition, FIB entry tracking stopped
working. For example, it can be observed when an adjacency is stacked on
a FIB entry by the plugin and the FIB entry hasn't got ARP resolution
yet. Once the FIB entry gets ARP resolution, the adjacency is not
re-stacked as it used to. This results in endless ARP requests when a
traffic is sent via the adjacency.
This is broken because the plugin stopped using "midchain delegate" with
peers roaming support addition. The reason is that "midchain delegate"
didn't support stacking on a different FIB entry which is needed when
peer's endpoint changes. Now it is supported there (added in 36892).
With this fix, start using "midchane delegate" again and thus, fix FIB
entry tracking. Also, cover this in tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iea91f38739ab129e601fd6567b52565dbd649371
Type: improvement
Currently, once an adjacency is stacked on a FIB entry via
adj_midchain_delegate_stack(), "midchain delegate" is created for the
adjacency and the FIB index is stored there. And all further calls to
adj_midchain_delegate_stack() even passing another FIB index will cause
the function to still use the stored one. In other words, there is
currently no way to stack an adjacency on another FIB index if "midchain
delegate" already exists for it.
Being able to stack on another FIB index is needed for the wireguard
plugin. As per the protocol, peers can roam between different external
endpoints. When an authenticated packet is received and it was sent from
a different endpoint than currently stored, the endpoint needs to be
updated and all futher communication needs to happen with that endpoint.
Thus, the corresponding to that peer adjacencies need to be stacked on
the FIB entry that corresponds to the new endpoint.
With this change, add adj_midchain_delegate_remove() that removes
"midchain delegate". When stacking on another FIB entry is needed,
existing "midchain delegate" can be removed and then, a new one created
with a new FIB index via adj_midchain_delegate_stack().
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
Type: refactor
- refactored VPP test code to remove "ignore_path" variable
from "discover_tests" function and "run_test" code
- configured VPP test makefile, config file, and 'run.sh' shell script
to move "venv" directory from "test" dir to "build-root" dir
Signed-off-by: Saima Yunus <yunus.saima.234@gmail.com>
Change-Id: Id2beecbb99f24ce13ed118a1869c5adbef247e50
In several NAT submodules, the number of available ports (0xffff - 1024)
may not be divisible by the number of workers, so port_per_thread is
determined by integer division, which is the floor of the quotient.
Later when a worker index is needed, dividing the port with port_per_thread
may yield an out-of-bound array index into the workers array.
As an example, assume 2 workers are configured, then port_per_thread
will be (0xffff - 1024) / 2, which is 32255. When we compute a worker
index with port 0xffff, we get (0xffff - 1024) / 32255, which is 2,
but since we only have 2 workers, only 0 and 1 are valid indices.
This patch fixes the problem by adding a modulo at the end of the division.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ieae3d5faf716410422610484a68222f1c957f3f8
we need cancel vrrp_vr_timer when deleting vrrp vr
Type: fix
Signed-off-by: luoyaozu <luoyaozu@chinatelecom.cn>
Change-Id: I8ea01f1943d6e3e60c4990c5be945de613bc8b53
- the cnxk code fails to link using the gcc-11 toolchain
included in the ARM64 Ubuntu-22.04 distro. This is required
for Ubuntu-22.04 CI jobs (both docker image building & CI
job execution on ARM64)
- Currently unable to replicate this failure on the dpdk repo.
Type: fix
Change-Id: Ice44aef9f0f721b4c88ac78f92a14bda87dc80a6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
If a tun/L3 interface is paired with a multipoint tunnel interface,
pass packets arriving from the host to ip[46]-lookup instead of
cross-connecting them to the tunnel interface. Adjacencies are used
to drive the rewrite for Multipoint tunnel interfaces, so the generic
adjacency used with a P2P tunnel will not work correctly.
Change-Id: I2d8be56dc5029760978c05bc4953f84c8924a412
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: fix
API and internal flags do not match 1:1.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
Type: improvement
This method allows the assignment of a severity to the error.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
Type: feature
With this change, peers are able to roam between different external
endpoints. Successfully authenticated handshake or data packet that is
received from a new endpoint will cause the peer's endpoint to be
updated accordingly.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c
Type: feature
With this change, if being under load a handshake message with both
valid mac1 and mac2 is received, the peer will be rate limited. Cover
this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Id8d58bb293a7975c3d922c48b4948fd25e20af4b
This change implement a flavour of vlib_validate_buffer_enqueue_x1 with
aux data support
Change-Id: I2ecf7af49cf15ecd23b12d8acd57fe90546c1af7
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
With this change:
- if the number of received handshake messages exceeds the limit
calculated based on the peers number, under load state will activate;
- if being under load a handshake message with a valid mac1 is
received, but mac2 is invalid, a cookie reply will be sent.
Also, cover these with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode()
returns an error it actually returns success. This has been changed to
return a clib_error_return() value.
Type: fix
Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522
Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
Type: improvement
This patches makes the make json-api-files
run in parallel in the same python runtime.
Default number of workers is 8, and run time
goes from ~20s to ~2s on average.
Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Use the script test/run.py to run a test named test_vm_tap
inside a QEMU VM. The run script builds out a virtual env,
launches a light weight QEMU VM, mounts host directories,
starts VPP inside the VM and runs the test. The test named
test_vm_tap, creates two tap v2 interfaces in separate Linux
namespaces and using iPerf, streams traffic between the VM
and VPP. All data files are stored in the directory named
/tmp/vpp-vm-tests. To clean up, use the make test-wipe
command.
Usage:
test/run.py --vm --debug --test test_vm_tap
Type: improvement
Change-Id: I4425dbef52acee1e5b8af5acaa169b89a2c0f171
Signed-off-by: Naveen Joy <najoy@cisco.com>
May cause pointers point to unexpected non-zero addresses if not
validate vec
Type: fix
Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Type: feature
Currently, if a handshake message is sent and a cookie message is
received in reply, the cookie message will be ignored. Thus, further
handshake messages will not have valid mac2 and handshake will not be
able to be completed.
With this change, process received cookie messages to be able to
calculate mac2 for further handshake messages sent. Cover this with
tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I6d51459778b7145be7077badec479b2aa85960b9
Type: fix
Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right
Signed-off-by: liangrq <liangrq@efly.cc>
Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
format_base10 reads 64b but is fed 32b values at the callsite; change
to u64 consistently. The function has only one call site in
interface/monitor.c which has a few additional bugs (spurious
character, and ambiguous 'bits' versus 'bytes' in the output).
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
Type: fix
This patch fixes chain buffer support as transmit side
missing to set the flag to the descriptor in case of
chain buffers.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I73ff11be69a388f14fea39a19272d8eb76148fba
If an API methos is specified as "autoendian" it should use macros with
_END at the end.
Type: fix
Change-Id: I73b7b4f6996b30631c4355ace156ed0665c4b8ad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Sometimes VPP rejects application connection requests
due to various reasons. Some errors application can
retry to get a successful connection.
In a non-blocking session, VCL sends EPOLLHUP.
An application can call a new API
vppcom_session_get_error to find the details and retry
depending on the error.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: If0e21a8e25701f66a190a2799b2209e0c31f897c
namespace is a keyword for c++ compilers
Type: fix
Change-Id: Ia8fc9ef1cc15fe9d0e40b3f543f9e8f411203b89
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
This change adds loops per second in the stats segment.
Applications using the stats segment to monitor VPP
can use this for better monitoring
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: I53081f40ee918eec9763513a639b9d8a02488b20
With thousands of UDP sessions,
Sometimes VPP needs more time to grab the MQ lock for a session.
So increased tries from 5 to 75.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
Type: fix
A user had trouble compiling C++ code to work with the linux-cp APIs
because some messages contain a field called namespace, which is a
reserved word for C++. We wish to rename those fields so the messages
which are affected are being set to in_progress.
Change-Id: I3bd1dc898c146a9980161a562b2b453313bb58fd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Build vpp with MLX DPDK PMD,
make DPDK_MLX4_PMD=y DPDK_MLX5_PMD=y DPDK_MLX5_COMMON_PMD=y build-release
With no-multi-seg in startup.conf,
Mellanox NIC init failed with following message,
rte_eth_rx_queue_setup[port:2, errno:-12]: Unknown error -12
mlx5_net: port 2 Rx queue 0: Scatter offload is not configured and
no enough mbuf space(2176) to contain the maximum RX packet length(2065)
with head-room(128)
In Mellanox NIC PMD driver, 'di.max_rx_pktlen' is returned as 65536,
and 'di.max_mtu' is returned as 65535, which makes
the driver_frame_overhead logic not suitable for Mellanox NICs.
So skip the logic code if MAX_MTU is returned as 65535.
Type: fix
Fixes: 1cd0e5dd53 ("vnet: distinguish between max_frame_size and MTU")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I027b76b8d07fb453015b8eebb36d160b4bc8df9c
This patch introduces set of python tests for fast path ipv6, based on
ipv4 tests. Some missing parts of ipsec framework has been added
in order to test ipv6 implementation.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Icc13322787d76485c08106bad2cb071947ad9846
With this patch fast path for ipv6 policy lookup is enabled.
This impelentation scales and outperforms original implementation when
the number of defined flows is higher thatn 100k.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
This patch enables statistics from the Arm PMUv3 through the perfmon
plugin.
In comparison to using the Linux "perf" tool, it allows obtaining
direct, per node level statistics (rather than per thread). By accessing
the PMU counter registers directly from userspace, we can avoid the
overhead of using a read() system call and get more accurate and fine
grained statistics about the running of individual nodes.
A demo of perfmon on Arm can be found at:
https://asciinema.org/a/egVNN1OF7JEKHYmfl5bpDYxfF
*Important Note*
Perfmon on Arm is dependent on and works only on Linux kernel versions
of v5.17+ as this is when userspace access to Arm perf counters was
included.
On most Arm systems, a maximum of 7 PMU events can be configured at once
- (6x PMU events + 1x CPU_CYCLE counter). If some perf counters are in
use elsewhere by other applications, and there are insufficient counters
remaining to open the bundle, the perf_event_open call will fail
(provided the events are grouped with the group_fd param, which perfmon
currently utilises).
See arm/events.h for a list of PMUv3 events available, although it is
implementation defined whether most events are implemented or not. Only
a small set of 7 events is required to be implemented in Armv8.0, with
some additional events required in later versions. As such, depending on
the implementation, some statistics may not be available. See Arm
Architecture Reference Manual for Armv8-A, D7.10.2 "The PMU event number
space and common events" for more information.
arm/events.c:arm_init() gets information from the sysfs about what
events are implemented on a particular CPU at runtime. Arm's
implementation of the perfmon source callback .bundle_support uses this
information to disable unsupported events in a bundle, or in the case
no events are supported, disable the entire bundle.
Where a particular event in a bundle is not implemented, the statistic
for that event is shown as '-' in the 'show perfmon statistics' cli
output, by disabling the column.
There is additional code in perfmon.c to only open events which are
marked as implemented. Since we're only opening and reading events that
are implemented, some extra logic is required in cli.c to re-align
either perfmon_node_stats_t or perfmon_reading_t with the column
headings configured in each bundle, taking into account disabled
columns.
Userspace access to perf counters is disabled by default, and needs to
be enabled with 'sudo sysctl kernel/perf_user_access=1'.
There is a check built into the Arm event source init function
(arm/events.c:arm_init) to check that userspace reading of perf counters
is enabled in the /proc/sys/kernel/perf_user_access file.
If the above file does not exist, it means the kernel version is
unsupported. Users without a supported kernel will see a warning
message, and no Arm bundles will be registered to use in perfmon.
Enabling/using plugin:
- include the following in startup.conf:
- plugins { plugin perfmon_plugin.so { enable }
- 'show perfmon bundle [verbose]' - show available statistics bundles
- 'perfmon start bundle <bundle-name>' - enable and start logging
- 'perfmon stop' - stop logging
- 'show perfmon statistics' - show output
For a general guide on using and understanding Arm PMUv3 events, see
https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/arm-neoverse-n1-performance-analysis-methodology
Type: feature
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I0620fe5b1bbe78842dfb1d0b6a060bb99e777651
In preparation for enabling perfmon on Arm platforms, move some Intel
/arch specific logic into the /intel directory and update the CMake to
split the common code from arch specific files.
Since the dispatch_wrapper code is very different on Arm/Intel,
each arch can provide their own implementation + conduct any additional
arch specific config e.g. on Intel, all indexes from the mmap pages are
cached. The new method intel_config_dispatch_wrapper conducts this
config and returns a pointer to the dispatch wrapper to use.
Similarly, is_bundle_supported() looks very different on Arm/Intel, so
each implementation is to provide their own arch specific checks.
Two new callbacks/function ptrs are added in PERFMON_REGISTER_SOURCE to
support this - .bundle_support and .config_dispatch_wrapper.
Type: refactor
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Idd121ddcfd1cc80a57c949cecd64eb2db0ac8be3
Type: improvement
Enable use of 4th gen QAT devices. Will be available on Sapphire Rapids.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I89e7d29e10ecb4c36c700ff5e017796161ec6c5e
0 is not NULL (at least not in all cases), passing 0 into a variadic
function in a place where the consumer reads it as pointer might
leave parts of the pointer uninitilized and hence filled with random
data.
It seems that this used to work with gcc, but clang seems to treat the
0 in those places as a 32bit integer.
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
There is a very rare bug in NAT processing that yeilds a thread
index of ~0. When this happens, vlib_get_frame_queue_elt()
suffers a segfault and VPP quits. Prevent an outright fault
by dropping the packet instead.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
classify hash used to be stored as u64 in buffer metadata, use 32 bits
instead:
- on almost all our supported arch (x86 and arm64) we use crc32c
intrinsics to compute the final hash: we really get a 32-bits hash
- the hash itself is used to compute a 32-bits bucket index by masking
upper bits: we always discard the higher 32-bits
- this allows to increase the l2 classify buffer metadata padding such
as it does not overlap with the ip fib_index metadata anymore. This
overlap is an issue when using the 'set metadata' action in the ip
ACL node which updates both fields
Type: fix
Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
svm_msg_q_size_to_alloc must return a valid base address, if it fails
pass up the error for handling
Type: fix
Change-Id: I408492f65f646862122acb9a187819b3bbf4f91c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
This patch introduces set of python tests for fast path, based on
flow cache tests. There was a bug in calculating of policy mask when
adding to fast path, which has been fixed. Memory size for bihash
tables for both ip4 and ip6 outbound fast path policies
has been increased.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibeee904ae7179f5dafbd45bb44282436f0b80821
This patch adds performacne and functional tests for ip4
outbound traffic policy matching.
Test setup is configurable in startup.conf and though the test
parameters. Cache, fast path, fast path burst mode can be enabled
and disabled,
and performance for different lookup setup can be measured.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
This patch updates the "show ipsec spd" cli to display
policies maintained by fast path bihash table.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
Parser can be configured from the level of startup.conf file:
fast path can be enabled and disabled.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
This patch adds matching functionality for spd fast path
policy matching. Fast path matching has been introduced
for outbound traffic only.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
This patch introduces ipsec_output.h file. Matching implementation is
moved there. The reason behind is the possibility of unit testing
matching mechanism. Therefore we need to have functions that are in
scope of our intrest there and since these are inline their
implementation needs to be moved to the header file as well.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444
This patch introduces functions to add and delete fast path
policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
This patch introdcues basic types supporting fast path lookup.
Fast path performs policy matching with use of hash lookup
(particularly bihash tries has been used for that purpose). Fast path
lookup addresses situation where huge number of policies is created
(~100k or more). In such scenario adding/removing a policy
and policy matching is not efficient and poorly scales (for example
adding 500k policies takes a few hours. Also lookup time
increases significantly). With fast path adding and matching up to
1M flows scales up linearly (adding 1M of policies takes about 150s
on the test machine vs many hours in case of original implementation,
also matching time is significantly improved). Fast path will not
deal well with a huge number of policies that are spanning large
ip/port ranges. Large range will be masked out almost entirely leaving
only a few bits for calculating the hash key. Such keys will tend to
gather much more policies than other keys and hash will match most of
the packets anihilating advantages of hashing. Having said that
we also think that it is not the real life scenario.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I600dae5111a37768ed4b23aa18426e66bbf7b529
Currently 0 has been used as the wildcard representing ANY type of
protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore
it should not be used as a wildcard. Instead 255 is used which is
guaranteed by IANA to be reserved and not used as a protocol id.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
if when the rx_fifo grows, svm_fifo_enqueue() return -4,
stream_data->app_rx_data_len += rlen type conversion occurs,
Finally,stream->recvstate.data_off calculation is wrong.
Type:fix
Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
Type: fix
Currently, prometheus exporter may crash because of memory exhaustion
when dumps metrics if the FIB contains large number of routes.
With this fix, increase memory size for prometheus exporter to be able
to handle large number of FIB entries.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ia2b9a665368883c87448deee9bcf8d2ac1168357
- also add docs-spell to checkstyle-all make target
Type: fix
Fixes: 5f6422db9
Change-Id: I8e9d7d17a03ee7b55f4e1785983459c43af267f7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: fix
Added stats for success and failure cases
Fixed Custom app behaviors for the error / drop cases
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
* apt '—force-yes' is deprecated in the version of apt in Ubuntu 22.04
* several Ubuntu-22.04-specific packages (e.g. python3-virtualenv, libssl-dev, clang clang-format-11)
are needed in the current VPP installation as well
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I96ead90152f692233da812cdc853792bedb47c3c
Issue:
Let iperf3 server run via ldp and vcl on top of vpp's host stack. If
iperf3 client connects this iperf3 server with tcp MSS setting option,
iperf3 server will always crash.
Root cause:
When MSS option is specified by iperf3 client, iperf3 server will
recreate the listening socket firstly, then call setsockopt() to set MSS
immediately. Iperf3 code can be referred here:
58332f8154/src/iperf_tcp.c (L186).
However, in vcl layer vpp_evt_q of this recreated session is not
allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access.
Fix:
Add session vpp_evt_q null pointer check in vcl_session_transport_attr().
Add a vcl test case for this MSS option scenario.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7
Type: improvement
When packets were received and processed successfully, increment the
byte/packet counters for the tunnel interface.
Change-Id: I42855607ac6916de641be42aac86c9942cc97140
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
We were not allocating space for the
variable length payload in the response
message.
Type: fix
Change-Id: I345102f4555f66c5632ab0882ca1dd178e98eb7b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
If ip4_neighbor_probe (or any other) is sending packet to a deleted interface,
ASSERT trips and dataplane crashes. Example:
create loopback interface instance 0
set interface ip address loop0 10.0.0.1/32
set interface state GigabitEthernet3/0/1 up
set interface state loop0 up
set interface state loop0 down
set interface ip address del loop0 10.0.0.1/32
delete loopback interface intfc loop0
set interface state GigabitEthernet3/0/1 down
set interface state GigabitEthernet3/0/1 up
comment { the following crashes VPP }
set interface state GigabitEthernet3/0/1 down
This sequence reliably crashes VPP:
(gdb)p n->name
$4 = (u8 *) 0x7fff82b47578 "interface-3-output-deleted”
If the interface doesn't exist, return ~0 and be tolerant of this in the
two call sites of counter_index()
Type: fix
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I90ec58fc0d14b20c9822703fe914f2ce89acb18d
Type: fix
Currently, neighbor adjacencies on a wg interface are converted into a
midchain only if one of the peers has a matching allowed prefix
configured. If create a route that goes through a wg interface but the
next-hop address does not match any allowed prefixes, an ARP/ND request
will try to be sent via the wg interface to resolve the next-hop address
when matching traffic occurs. And sending an ARP request will cause VPP
to crash while copying hardware address of the wg interface which is
NULL. Sending an ND message will not cause VPP to crash but the error
logged will be unclear (no source address).
With this fix, convert all neighbor adjacencies on a wg interface into a
midchain and update tests to cover the case. If there is no matching
allowed prefix configured, traffic going such routes will be dropped
because of "Peer error". No changes if there is matching allowed prefix
configured.
Also, fix getting peer by adjacency index.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd
The flow_report_process_send() function always allocates a frame.
However, when no template_send is needed, template_bi is ~0.
When this happens, no vectors are placed in the frame. When
the frame is then "put", a check for n_vectors == 0 prevents
the frame from actually being placed back on the free list.
Fix that by using a direct call to vlib_frame_free() when
there are no frame vctors.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
Type: fix
reported stats seem to have mixed up used and total counters
Signed-off-by: Leland Krych <leland.krych@gmail.com>
Change-Id: I221c7b114c0da2ed53171d7f047a4bda07ee6cb2
https://docs.python.org/3/library/stdtypes.html
"if concatenating bytes objects, you can similarly use bytes.join() or io.BytesIO, or you can do in-place concatenation with a bytearray object. bytearray objects are mutable and have an efficient overallocation mechanism"
Type: improvement
Signed-off-by: Viktor Velichkin <avisom@yandex.ru>
Change-Id: Id20d337f909cce83fcd9e08e8049bb0bf5970fbc
Allows features to update their data structures after change in number
of worker threads.
Type: improvement
Change-Id: Icd4d197e28608f5bbb1edd13eb624cd98e33cafe
Signed-off-by: Damjan Marion <damarion@cisco.com>
When failing to match an ip address, we should not reset the ip address
that could have been initialized by a previous match.
Type: fix
Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
A packet passing through nat44-ei-in2out-output,
has its ttl value validated in earlier nodes.
"ip4-input" node checks ttl for locally generated packets.
"ip4-rewrite" node validates ttl in forwarded packets.
Thus for example, the ED counterpart disables ttl checks
in its "nat44-ed-in2out-output" node.
This patch updates nat44 EI conditions for ttl checks to
those currently used in nat44 ED case, meaning no extra ttl
validation for in2out when output-feature is enabled.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
This patch updates the go-api-files logic for supporting go1.18.
Notable changes are that `go get ...` changed to `go install`
and that we need to bump the govpp binapigen version to integrate
a go1.18 fix.
This patch also simplifies the cli execution syntax
Type: fix
Change-Id: I1d8aac65490fe3ea4c1965a4775b6bf8d5c05d26
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
- python3 pip module is missing on a new Ubuntu installation
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I5a9886cd5f9226dc0a968c2f70a7c436a06ddf50
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
This patch makes the `make docs` directive incremental
avoiding re-running the siphon when the source hasn't
changed, and leveraging sphinx internal cache.
It adds a `make rebuild-docs` directive for cases where
this caching logic might break, e.g. in CI.
The virtualenv doesn't also get recreated on each build,
which might be enough when writing docs, provided
automated process leverage its rebuild counterpart.
Type: improvement
Change-Id: Ie90de3adebeed017b249cad81c6c160719f71e8d
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Serveral IPSec SPD cases re-use the same test class name,
leads to test error when do parrallel test with TEST_JOBS=16,
change the test class names to unique values.
Type: fix
Fixes: 7cd35f5d68
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ia5768654ddb6274531222761cc82b226d97325a9
When running tests via run.sh, default setting of None would cause
failed directory symlink to appear in vpp workspace with an ugly name.
This patch places the symlink in temporary directory.
Type: fix
Fixes: b23ffd7ef2
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ic1715eba7ac1f82f71855e2aeb9b659d27bbb3af
Add generic flow type and rss action type to vapi. It is to support
creating generic flow rule via vapi.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ifeaa007679487e02bd2903dc591d80a1caba33bc
Type: fix
reset the memory trace if mem trace is turned on
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: Ib99355b9ed42ff66c720bbea5cbbf03c65820d12
C enum values by default start from 0.
All unassigned names should get value as value of previous name plus one.
The problem was that default value was 0 and adding one for the first
value would make generated api files start from 1 instead of 0.
Type: fix
Change-Id: I772d6411435648de3ec514f57025ef1acae87338
Signed-off-by: Filip Varga <fivarga@cisco.com>
Type: fix
Correct vnet_hw_interface_t flags update on link state changes.
Currently incomplete set of flags is applied on each change,
only flags related to the most recent change are being set correct.
E.g. setting the link up would erase the duplex part of the flags.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I5b95e1c0eaea0c283b108dbf7f809682ec9064eb
Type: fix
Don't set link speed for tap interface when link speed is unknown
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
Change-Id: Ia97277b3bf7c958fa665e4ead8d0e48f02921e69
Type: fix
pool_is_free_index() check is performed only for the first element
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Icadc715a9b54761ec69805a134a69a262137536d
Type: fix
Custom node functionality is missing in v6, so bringing in similar to v4 functionality into ip6 as well
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I28b0be2fc55a00bfc0b456b1caaa1dcf5641a44e
single struct to hold all api handler, flags, etc.
Provide functions to toggle flags instead of writing directly to
internal data.
Type: refactor
Change-Id: I4730d7290e57489de8eda34a72211527e015b721
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: If8c62a05c7d28bfa6ac530c2cd5124834b4e8a70
A node name is not bound to a node index. For example, if an interface
is deleted and re-added, the indexes of its nodes "<itfc_name>-tx"
and "<itfc_name>-output" may change. Thus, when the collector updates
the nodes stats, it should first delete all the symlinks for nodes that
have changed their names before adding new symlinks. Otherwise, it
could attempt to add already existing symlinks or delete valid ones.
Example of a series of command that triggers a crash in the assert
`ASSERT (node_data[i].symlinks[j] != CLIB_U32_MAX);`:
```
create loopback interface
create loopback interface
```
Wait for the nodes stats to update, then:
```
delete loopback interface intfc loop0
delete loopback interface intfc loop1
create loopback interface
create loopback interface
```
Type: fix
Change-Id: Ief8e7135e5c02dc6bc64dc94b76cff21ea9ab3a9
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Type: fix
Adding stats from debugging point of view
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I3118d3fd5d630fad80a42ab960e30459789123cf
Type: fix
as number of reass contexts increasing based on workers, increasing the number of nbuckets for bihash
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I83d061a709ecb8845ce745b18d03fdefc795787f
Type: fix
There were several places where mbps were converted to kbps for
link_speed, but often drivers of devices set link speed to unknown
(0xFFFFFFFF) on initialization, so there was multiplication of
link_speed equal 0xFFFFFFFF(UINT32_MAX) by 1000, this provides
overflow of unsigned int, and as result link_speed was equal
4295 Gbps, but actually link_speed is unknown.
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
Change-Id: Ib462ed6ed685654af4687041e115bfb74e640f13
The statement
pw0->pending_clear_sw_if_index_bitmap =
clib_bitmap_dup (pw0->serviced_sw_if_index_bitmap);
will cause pw0->pending_clear_sw_if_index_bitmap's previous
vector to be gone. Need to free it prior to calling clib_bitmap_dup()
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I20de780e73daea7be17efa0bf660af2592cd4680
Type: improvement
With this change:
- add dump/details messages to obtain interfaces for which IPFIX flow
record generation is enabled;
- add get message to obtain parameters;
- add a new message to set parameters with validation present and to
correspond with get/set naming;
- add tests for get/set parameters and dump/details interfaces.
Change-Id: I09f6ec990171ac8bcb9d2f5c92629803b8ab6c28
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This fixes long standing annoyance that CLIs with optional args cannot
be executed from file, as they cannot distinguish between valid optional
args and next line in the file.
Multiline statements can be provided simply by using backslash before \n.
Also comments are supported - everything after # is ignored up to the
end of the line.
Example:
# multiline cli using backslash
show version \
verbose # end of line comment
packet-generator new { \
name x \
limit 5 \
# comment inside cmultiline cli \
size 128-128 \
interface local0 \
node null-node \
data { \
incrementing 30 \
} \
}
Type: fix
Change-Id: Ia6d588169bae14e6e3f18effe94820d05ace1dbf
Signed-off-by: Damjan Marion <damarion@cisco.com>
When the driver's max_rx_pktlen is >= 65536, max_supported_frame_size
overflows and queue creation fails.
Change-Id: If78707cb698adf8619ec44a852dd05d570917577
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I6c2406cff53a741e800e2d05593696f3e9fd6ff5
Type: feature
Currently, the plugin supports only IPFIX flow record generation for
outbound packets.
With this change:
- add a new API message for enabling the feature on an interface that
accepts direction (rx, tx, both);
- update existing debug command for feature enabling to accept
direction;
- update existing debug command for showing currently enabled feature
on interfaces to display direction;
- update templates to include a direction field;
- generate flow records on the specified direction and data path;
- report direction in flow data;
- update tests to use the new API;
- add tests for inbound flows.
Change-Id: I121fd904b38408641036ebeea848df7a4e5e0b30
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
- add pnat_binding_add_v2 which explicitly requires match mask to
set to PNAT_PROTO if we want to match on IP Protocol
- fix pnat_binding_add backward compatibility i.e. no need to set
match mast to PNAT_PROTO
Type: improvement
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: I5a23244be55b7d4c10552c555881527a4b2f325f
Add --check to black to pass back error value and fail checkstyle if
a reformat would occur.
Type: fix
Fixes: d9b0c6fbf7
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I9a1fbe224929fc461ff833a589f73ca06e7cc9d6
2ca88ff978 introduced the change
into the shared memory atexit, which breaks IPSec tests in some
environments.
Type: fix
Fixes: 2ca88ff978
Change-Id: Ia132cb045e8d66f55e41d29cffdca3458d61096d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
This mempool flag should be cleared when the mempool is populated, to
reproduce the behaviour of rte_mempool_populate_iova in DPDK 22.03
Change-Id: I4c0e07efca9df2e472e8e393689127c01cf66da2
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Fixes: 2f132efc3c
Drop pycodestyle for code style checking in favor of black. Black is
much faster, stable PEP8 compliant code style checker offering also
automatic formatting. It aims to be very stable and produce smallest
diffs. It's used by many small and big projects.
Running checkstyle with black takes a few seconds with a terse output.
Thus, test-checkstyle-diff is no longer necessary.
Expand scope of checkstyle to all python files in the repo, replacing
test-checkstyle with checkstyle-python.
Also, fixstyle-python is now available for automatic style formatting.
Note: python virtualenv has been consolidated in test/Makefile,
test/requirements*.txt which will eventually be moved to a central
location. This is required to simply the automated generation of
docker executor images in the CI.
Type: improvement
Change-Id: I022a326603485f58585e879ac0f697fceefbc9c8
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
We allocate vring_spinlock for all vrings in the vui, not just the ones
being used. So when we free the vui, we have to free vring_spinlock for
all vrings, not just the one being used.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I3951fda71ce6e11474b04302116ea9e08b404758
Type: fix
A simple "create host-interface name xxx" is enough to trigger the bug:
The interface is not found, and we goto error with apif=NULL
Signed-off-by: Gabriel Ganne <gabriel.ganne@gmail.com>
Change-Id: I2f894176d39b3d15efab054dc7340e7a0600a2e8
This patch fixes the issue that in DPDK FDIR generic flow parsing, the
inputs will be changed during processing, which will lead to a failure
in vnet flow when creating generic flow rules.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I107735a305ff48593d66746e0cd642c76ad5700d
- fix branch prediction for checking rdma ERROR flag
- add the missing right angle bracket to help message
Type: improvement
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Reviewed-by: Lijian Zhang <lijian.zhang@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2ce667631b3e3f60939069e2a16ddba0ff12a695
It looks like in a distant past we were using a vnet_rewrite but this
no longer the case.
Type: fix
Change-Id: Ib8d336aec7d5abd7749f543739f531144e76e551
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
set use_custom_mac for args in create_vhost_user_if_v2 API
Add testcase for custom mac-address
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Change-Id: Iac64d818e0f1e6d36187fe769ee33d202aaafd05
Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com>
Catch exception if sw_if_index is invalid when querying interface
binding config. If the interface is not there, it's surely not bound to
any table ...
Type: improvement
Change-Id: I1f3e04a631653feb5c2350662b6a041adccefa1f
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Add vapi_connect_from_vpp() and vapi_disconnect_from_vpp()
calls to allow API clients from within VPP process.
Add a new memclnt_create version that gives the user a
knob to enable or disable dead client scans (keepalive).
Type: feature
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Id0b7bb89308db3a3aed2d3fcbedf4e1282dcd03f
Signed-off-by: Ole Troan <ot@cisco.com>
This patch fixes two problems:
1. The lease field in the dhcp_compl_event message can include a list of
vl_api_domain_server_t structs, but no memory is allocated for it.
2. The DNS server address is not copied properly, resulting in wrong IP4
addresses in the event message.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I42c533e7af697568c69714011d983f88368a7e15
During build some header guards are created based on full path where
build is happening. If one directory contains @ character build breaks
because compiler believes it's a macro declaration.
Jenkins adds `@${EXECUTOR_NUMBER}` suffix to workspace directory when
it uses more than one executor for that job, breaking the build.
Replace any @ character on guard name by _ to get it fixed.
Type: fix
Change-Id: Id0f4cfc33fda95e168541aa4e353a0d08aa3b664
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
In case of timer is set and expires:
1. timer_fd is readable and stay readable.
2. timer_fd is part of epoll_fd set. This makes epoll_pwait()
calls return immediately instead of sleeping.
Type: fix
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Change-Id: I9b228464fe45b83def9b182c885d6febf428049c
Enable the flow action for RSS queue group. Packets can be distributed
among queues in group based on specific fields. Queues must be continous
in the group. This feature is to support 5G enhancement requirement.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I74fdc617659bcb61f00b3b1934c95ab1c73bb8f3
Significantly reduces compilation time for uses who are interested
to run binaries only on the build machine.
Type: make
Change-Id: I431f6f7374b6dfa8b3f7c72dc69f3d5cafd1f6bb
Signed-off-by: Damjan Marion <damarion@cisco.com>
VPP_IP_FIB_MTRIE_16 should be defined only if the option is enabled
instead of being defined as "ON" or "OFF".
Type: fix
Change-Id: Ib4e29a827bcbd84c8012f05ad264c1408ffccee7
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Supports more connections and track connect time. Can be used to measure
CPS. Only works in unidirectional mode for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I70bc6a271996407dd16a96115f509bd680a0f302
Make sure producer drops lock when it waits for empty ring slot.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id77d54ee8c01bed20c9eaf5ad372ed4b1e9fa712
The RFC7857 state machine introduced in 56c492a is a trade-off.
It tries to retain sessions as much as possible and also offers
some protection against spurious RST by re-establishing sessions if data
is received after the RST. From experience in the wild, this algorithm is
a little too liberal, as it leaves too many spurious established sessions
in the session table.
E.g. a oberserved pattern is:
client server
<- FIN, ACK
ACK ->
ACK ->
RST, ACK ->
With the current state machine this would leave the session in established state.
These proposed changes do:
- require 3-way handshake to establish session.
(current requires only to see SYNs from both sides)
- RST will move session to transitory without recovery if data is sent after
- Only a single FIN is needed to move to transitory
Fixes: 56c492aa05
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I92e593e00b2efe48d04997642d85bd59e0eaa2ea
Signed-off-by: Ole Troan <ot@cisco.com>
Type: fix
current_data is set to 0 for each packet in af-packet input node.
It is not required to include it to calculate the headers offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I538d8c04e24c758155b3f8d6a1532472ef549459
Listener proxies are allowed to listen on IPs that are not local.
Configurable only by builtin apps for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Idb380ee3584a088878a03d45fd85e7bb0deeb590
Type: fix
Set is_add function argument to 0 when deleting interface role.
Change-Id: I6ca88d6511e1c88285e51b3750eb501fde2b341b
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
The following illustrates the problem:
./build-root/install-vpp_debug-native/vpp/bin/vpp api-trace { on } unix { cli-listen /tmp/vpp-api-cli.sock } plugins { plugin dpdk_plugin.so { disable } }
sleep 5
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show version
./build-root/install-vpp_debug-native/vpp/bin/vppctl -s /tmp/vpp-api-cli.sock show api dump file /tmp/api-table.master-api-baseline compare
The last CLI hangs in an infinite loop.
Fix the typo which got in during the conversion of _vec_len to read-only:
.@@ -1285,7 +1285,7 @@ extract_name (u8 * s)
. rv = vec_dup (s);
.
. while (vec_len (rv) && rv[vec_len (rv)] != '_')
.- _vec_len (rv)--;
.+ vec_dec_len (rv, 0);
.
Type: fix
Fixes: 8bea589cfe
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4f895348ae0ebaaba9da97c3a440912d38210f10
In some environment like when running a lot of functional tests, it can
be useful to run more VPP instances than CPU and let the Linux scheduler
decide what to do. This change disable cpu pinning altogether in the
single-threaded case, provided that no main-core is explicitely
specified in the config
Type: improvement
Change-Id: I8c2f36fdd49c00f9adaaeb4c81aefb27c3420a9b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
Free the old rewrite string before assigning a new rewrite string for the updated new tteid value.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I1ec19bce6afda3dfdc31c8724b32ac7b9bc84e89
During deb package build, a .buildinfo file is created at build-root.
Add this to .gitignore.
Type: make
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Id86c21e22aa2b9e4b559cfc0bc662de835fa1621
Adding flow cache support to improve inbound IPv4/IPSec Security Policy
Database (SPD) lookup performance. By enabling the flow cache in startup
conf, this replaces a linear O(N) SPD search, with an O(1) hash table
search.
This patch is the ipsec4_input_node counterpart to
https://gerrit.fd.io/r/c/vpp/+/31694, and shares much of the same code,
theory and mechanism of action.
Details about the flow cache:
Mechanism:
1. First packet of a flow will undergo linear search in SPD
table. Once a policy match is found, a new entry will be added
into the flow cache. From 2nd packet onwards, the policy lookup
will happen in flow cache.
2. The flow cache is implemented using a hash table without collision
handling. This will avoid the logic to age out or recycle the old
flows in flow cache. Whenever a collision occurs, the old entry
will be overwritten by the new entry. Worst case is when all the
256 packets in a batch result in collision, falling back to linear
search. Average and best case will be O(1).
3. The size of flow cache is fixed and decided based on the number
of flows to be supported. The default is set to 1 million flows,
but is configurable by a startup.conf option.
4. Whenever a SPD rule is added/deleted by the control plane, all
current flow cache entries will be invalidated. As the SPD API is
not mp-safe, the data plane will wait for the control plane
operation to complete.
Cache invalidation is via an epoch counter that is incremented on
policy add/del and stored with each entry in the flow cache. If the
epoch counter in the flow cache does not match the current count,
the entry is considered stale, and we fall back to linear search.
The following configurable options are available through startup
conf under the ipsec{} entry:
1. ipv4-inbound-spd-flow-cache on/off - enable SPD flow cache
(default off)
2. ipv4-inbound-spd-hash-buckets %d - set number of hash buckets
(default 4,194,304: ~1 million flows with 25% load factor)
Performance with 1 core, 1 ESP Tunnel, null-decrypt then bypass,
94B (null encrypted packet) for different SPD policy matching indices:
SPD Policy index : 2 10 100 1000
Throughput : Mbps/Mbps Mbps/Mbps Mbps/Mbps Mbps/Mbps
(Baseline/Optimized)
ARM TX2 : 300/290 230/290 70/290 8.5/290
Type: improvement
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Signed-off-by: mgovind <govindarajan.Mohandoss@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I8be2ad4715accbb335c38cd933904119db75827b
The sys/random.h header, which provides the getrandom syscall wrapper,
was only added in glibc2.25. To make it compatible with older version,
we can directly call the syscall.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I93c5f8a49c0323511a4e34273f0b3c0e24663bfd
Type: fix
After changes made in f840880, VRRP IPv6 cannot reply for neighbor
solicitations requesting the link layer address of the configured
virtual address.
VRRP IPv6 enables the vrrp6-nd-input feature in the ip6-local feature
arc for an interface on which a virtual router is configured. When
neighbor solicitations arrive on that interface, ip6-local should start
feature arc walk for that interface and the messages should be processed
by vrrp6-nd-input. The problem is that currently, the feature arc is
started for the interface obtained from the receive DPO that has
interface unset (i.e. max u32) for local mfib entries. Thus, the feature
arc is started not on the interface the messages were received on and
vrrp6-nd-input is not traversed.
With this fix, if interface obtained from the receive DPO is unset, use
RX interface from the buffer to start the ip46-local feature arc.
Also, enable tests of this case for both IPv4 and IPv6 address families
that are currently tagged as extended and not run on every change. They
configure VRRP with priority 255 and are expected to be stable.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I11ef3d5a7a986e04431e8613d1510b8666094bd7
In test_bihash_threads, if a test thread fails to be created,
it is still counted towards the total thread count, which could
lead to never-ending test loop. This patch fixes the issue.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ic0f1d4dde9c5ea672b52f0e2e49f16d42f982b77
Use the specified nexthop table id instead of the interface table id.
Type: fix
Change-Id: I61bf61d50d2716fcd9a6e35df4d60222dc4f36d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This patch fixes test_bihash_unittest in two ways:
1. The number of searches, namely tm->search_iter, defaults to 0,
thus disabling the test. This patch changes the default to 1.
2. Test errors are reported by clib_warning() instead of being
returned, thus the caller test/test_bihash.py is never aware of them.
This patch returns the errors constructed by clib_error_return().
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I60e99a829ebe6aa2a56e7a9332cf973afa100311
clang-14 is default for Upcoming Ubuntu 22.04 LTS...
Type: make
Change-Id: I65328d0e90a4c13d5766e51da8b90a8899b773d9
Signed-off-by: Damjan Marion <dmarion@me.com>
Type: fix
Fixes: 616447c392
In lcp_router_link_mtu(), either vnet_hw_interface_set_mtu() or
vnet_sw_interface_set_mtu() is called, based on whether this appears to
be a physical interface. The test to determine whether this is true was
incorrect and probably never worked right so vnet_sw_interface_set_mtu()
was always being called. This causes some breakage with Recent changes
to code which manages interface MTUs. Fix the test so the right function
is called.
Change-Id: I1ecccbce37d5a1e53b2349ed40f3d0d27eb03569
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Do not access allocated elements beyond the end of the vector. They are
allocated, but not yet valid both logically (they are at best NULLs) and
according to ASAN.
Type: fix
Change-Id: Iaf43767d6d3bd4c24c7c5a0ba9b3410bbeeb0556
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
The clib interrupt structure has a couple of fields at the start of
the cacheline, and then in the next cacheline it has a bitmap, which
is then followed by an atomic bitmap. The size of the bitmaps is
based on the number of interrupts, and when the memory is allocated
the number of interrupts needed is used to size the overall block of
memory. The interrupts typically map to pool entries, so if we want
to store 512 entries then we store them in indices 0..511. This
would then take 8 6 4bit words, so each bitmap would be this size
when the struct is allocated.
It is possible to walk over the end of the allocated data with certain
sizes, one of which is 512. The reason this happens with 512 is that
the check to see when to exit the loop is returning when offset is
greater than the value needed to fit all the values. In this case
512 >> 6 = 8. If there had only been 511 entries then the size would
have been 511 >> 6 = 7, and so it would have fitted in the space.
Therefore modify the check to also check that we are not looking into
the memory beyond what we have allocated in the case where the
number of interrupt is one of the boundary values like 512.
Also add a similar check first time round the loop as it is
possible we could have ate same problem there too.
Add a new test file to verify the new code works. The old version
of the code made this test fail when run with the address
sanitizer. Without the sanitiser it tended to pass because the
following memory was typically set to 0 even though it was
uninitialised.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I2ec4afae43d296a5c30299bd7694c072ca76b9a4
Type: improvement
Short message lengths are correctly handled by the code, asserting makes unit tests that verify this behaviour (e.g. test_ip_punt_api_validation) fail/crash with a debug image.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ib3a377e5d49fde0eee252b92f0e58a8a0d0d83ec
An unexpected packet that shows up on a Wireguard interace
that happens not to have a forwarding peer will cause a
segfault trying to index the vector of peers by adjacency.
Rather than segfaulting, recognize a non-adjacent packet
and drop it instead.
This leaves open the question of what _should_ be
happening to, say, IPv6 multicast packets.
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
Fixes: edca1325cf
Change-Id: Ic0a29e6cf6fe812a4895ec11bedcca86c62e590b
This patch bumps dpdk version from 21.11 to 22.03.
Type: feature
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I152a7857378371d3fd26d7473421c2b3113cd3ee
New dpdk version deprecates some macros used by VPP.
This patch changes them to 22.03 version.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: Ic362ed318dc1ad88bb682ef13fbd6159171fbaef
New version of dpdk changes some macros names.
This patch ensures VPP will be compatible with older dpdk versions.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I3d9736278e70064610a1dcad5f2d2f6eb26e0d4b
Two similar CLI paths "nat44" and "nat44 add interface address"
caused unexpected behavior. If "nat44 add interface address"
command would fail the vlib cli processing function would
call "nat44" handler. This would also clean any previously
set errors from the first command and basically return
same error returned by "nat44" handler for every failed
command that starts with the same path string.
Fixes nat44-ed and nat44-ei plugin.
Change-Id: I1aac85c8ae2932da582a2b78243521d1bf8a0653
Ticket: VPP-2021
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
This commit only update is_equal flavours to use
_mm512_cmpneq_epi64_mask() but clang-format decided to also reformat the
whole block.
Type: improvement
Change-Id: I530cf91e8bceaf15022556f803b27de4f8583217
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Use of _vec_len() to set vector length breaks address sanitizer.
Users should use vec_set_len(), vec_inc_len(), vec_dec_len () instead.
Type: improvement
Change-Id: I441ae948771eb21c23a61f3ff9163bdad74a2cb8
Signed-off-by: Damjan Marion <damarion@cisco.com>
vl_api_sw_interface_tx_placement_get_t_handler is autoendian.
So (contrary to most other uses) the context is in native order there.
Thus, send_interface_tx_placement_details needs to convert back
before using REPLY_MACRO_DETAILS5 macro.
Type: fix
Fixes: 0d05c0d214
Change-Id: I00a3734cafa66d7d76c7edaea526a1eae0448ad9
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Add simple counter statistics to VRRP, based on a subset of those
defined in RFC8347.
Add an update API that allows in-place modification of an existing
instance. The method returns a vrrp_index which can be used both for
retrieving statistics and to modify non-key parameters. Also add a
delete method which will take that vrrp_index as parameter.
Type: improvement
Signed-off-by: Emanuele Di Pascale <lele84@gmail.com>
Change-Id: I2cd11467b4dbd9dfdb5aa748783144b4883dba57
Type: fix
VLAN programming is currently enabled for IXGBE. However, that is only
supported for IXGBE_VF.
With this fix, disable VLAN programming for IXGBE.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I37b1d0733988c964d2b0f5a49328effacec1cb6f
Type: fix
This patch fixes the following DPDK plugin issue:
CID 253333: Control flow issues (DEADCODE)
The change also includes some cosmetic changes for error
handling.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I830020bc3ae9a508f3a905f78333fa3ae25ce784
This patch affects how destination fib is choosen during session
creation. Default behavior of choosing fib based on output
interfaces is kept.
Configuration gives you the ability to change default behavior
to direct or restrict traffic between different FIB tables.
NAT specific VRF routing options:
a) keeping communication in the same VRF
b) option to add multiple destination VRFs
c) option to control the resolution order of destination VRFs
TX FIB resolution is based on looking up RX FIB entry in NATs
VRF table and picking the first FIB that resolves
destination address.
Ticket: VPP-2009
Type: improvement
Change-Id: If500c48d7ce3466533ad9581c0847870788fc4fb
Signed-off-by: Filip Varga <fivarga@cisco.com>
Set deprecated option on unsupported API calls.
Cleaned up API calls with deprecated option. Removed
in progress option from long term used API calls.
Removed obsolete/unused nodes, functions, variables.
Fixed set frame queue nelts function. Calling API
would incorrectly not fail even though frame queue nelts
can only be set before first call nat44_plugin_enable.
Moved all formatting functions to _format.c file.
Type: refactor
Change-Id: I3ca16e0568f8d7eee3a27c3620ca36164833a7e4
Signed-off-by: Filip Varga <fivarga@cisco.com>
Adds api that allows workers to synchronize through main thread.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e75e2fb5144d397d19b13c4dfc7e937f11c044c
If async engines are disbaled and async is turned on vpp tries to
enqueue frame with nonexisting handler which leads to segfault.
This patch checks for handler and drops the frame in case it doesn't
exist.
Type: fix
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I67211867ee29dc41cc9f0733e8e0b3ea86677f85
Type: fix
otherwise punt features are applied multiple times to the same packet if enabled multiple times
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: If0cbd9065275f68a10fd6d35e4f7a7c7508245e0
- support of in-place growth of vectors (if there is available space next to
existing alloc)
- drops the need for alloc_aligned_at_offset from memory allocator,
which allows easier swap to different memory allocator and reduces
malloc overhead
- rework of pool and vec macros to inline functions to improve debuggability
- fix alignment - in many cases macros were not using native alignment
of the particular datatype. Explicitly setting alignment with XXX_aligned()
versions of the macro is not needed anymore in > 99% of cases
- fix ASAN usage
- avoid use of vector of voids, this was root cause of several bugs
found in vec_* and pool_* function where sizeof() was used on voids
instead of real vector data type
- introduce minimal alignment which is currently 8 bytes, vectors will
be always aligned at least to that value (underlay allocator actually always
provide 16-byte aligned allocs)
Type: improvement
Change-Id: I20f4b081bb13bbf7bc0ace85cc4e301787f12fdf
Signed-off-by: Damjan Marion <damarion@cisco.com>
When computing the inner packet checksum, the code wrongly
assumes that the IP version of the inner packet is the
same of the outer one. On the contrary, it is perfectly
possible to encapsulate v6 packets into v4 and viceversa,
so we need to check the IP format of the inner header before
calling vnet_calc_checksums_inline.
Ticket: VPP-2020
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Align runtime_data to 8 bytes to avoid alignment issues with any
pointers in runtime_data located structures.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I9cb1b73595e654a4b15c45f87b43fa6cfbcb6e51
Creating tap interface / sub interface causes allocation of a new
software interface with possible sw interface pool reallocation.
In such case accessing L3 MTU and interface flags by obsolete sw
pointer is UAF.
Instead, keep desired tap interface MTU value before sw intreface
creation and refetch sw pointer right before sw flags inheritance.
Type: fix
Fixes: b89c1ddcb3
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I21ea46d146d11060bb9bedc77377ab17ae9e22e8
Type: fix
Fixes: 1cd0e5dd53
In vnet_eth_register_interface(), max frame size was being used where
frame overhead was intended.
Change-Id: I6e6de25e2d616caaf35730ab3d15235ec679ebdd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: improvement
Currently, the plugin can monitor link state changes on hardware
interfaces for which a linux-cp pair exists. When the link goes down on
one of the hardware interfaces, the plugin processes IPv4 routes that
resolve through that interface according to the configurations:
del-static-on-link-down and del-dynamic-on-link-down.
The problem is that link state changes are not signaled for
subinterfaces and the code that handles IPv4 routes is not triggered.
When the link on a hardware interface goes down, it implies
that subinterfaces added to that interface also will have the link in
the down state.
With this change, when the link goes down on a hardware interface,
iterate over subinterfaces added to the interface and apply the same
logic of routes processing as for hardware interfaces.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I97337d2e328437c73f2d99a00737768778f197a1
Type: improvement
lcp_router_table_flush() is used to remove routes from the given route
table if they are resolved through the given interface with specified
FIB source. Currently, if you need to remove routes from a route table
that are resolved through one of the interfaces from a vector, the
function has to be executed for every interface from the vector. Every
execution walks the route table again.
With this change, lcp_router_table_flush() accepts a vector of
interfaces. Thus, the function can walk a single route table once and
delete routes that resolve through one of the interfaces from the
vector.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I6d99384064d279dea24bb4dc1790a1af943be41c
- icmp_responder: responds to ICMPv4 and ARP requests
- loopback: connects two interfaces and sends a
verification packet from master memif to slave memif
where it is looped back
- loopback (reverse path): reverses direction of packet
in loopback application (slave memif to master memif)
Type: refactor
Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Change-Id: Ie90aaa3367269408efb6c5d538ad5aa827432238
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
ply_create() is not thread safe when the ip4_ply_pool expands.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie11cc8b1ba587d5e9239a60f4e288492da61368e
Prevent crashing on nonexistent VPP binary path class member when creating
testsuite core message.
Type: fix
Fixes: b23ffd7ef2
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ib9b3dc8c69317e6561e5404bbdcbf672e417cbcd
Format host interface name as vector rather than c-string.
Otherwise non-null-terminated vector overrun triggers ASAN.
Type: fix
Fixes: 1705a6baef
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ib204e57ee17c7ed3bfeb568dcdd834d7d7519102
Do connects in an session layer rpc instead of doing cli process sleeps.
Performance with 4 workers goes from ~120k/180k first run/warmed up to
~135k/240k
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id184913e9898f8db099e29a605f3a9b1fc67be63
Convenient for type conversion
Type: improvement
Change-Id: I35a770e06e6318fb4249b70021ed6f6c93b07162
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: improvement
Currently, when the link goes down on an interface, routes that resolve
through that interface and created with Nexthop API are removed by the
kernel. However, IPv4 routes remain in the FIB because the kernel
doesn't send any notifications about that.
And for the plugin working with user-space applications that create
routes in the kernel using Nexthop API there should be a mechanism to
synchronize the FIB and the kernel in this case.
With this change, add two new startup configuration options to the
plugin to be able to control what should happen with static and dynamic
routes managed by the plugin on link down:
- del-static-on-link-down (disabled by default, delete routes created
with the linux-cp static FIB source on link down),
- del-dynamic-on-link-down (disabled by default, delete routes created
with the linux-cp dynamic FIB source on link down).
Then, monitor link state changes on interfaces for which a linux-cp pair
exists. If the link goes down on one of the interfaces, process routes
that resolve through that interface according to the new configurations.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0fbaeeca3f3d1fcd22e8eebb08a0a4a3d0dfe5b8
Fixes case when packet to link-local address is received over
gre/mpls or other non-ethernet interface and ip6-ll fib for it
is undefined.
If by a chance ip6-ll fib index is valid, packet will be passed
to some ip6 fib with possibilities to be sent out over unrelated
interface or be looped again into ip6-link-local dpo till oom
and crash.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ie985f0373ea45e2926db7fb0a1ff951eca0e38f6
When incrementing node counters with vlib_node_increment_counter
the local error index should be passed in. vlib_node_increment_counter
adds the local index to the nodes base index to get the counter to
write to. If we pass in the global counter index, the offset gets
added again in the fn, and we then potentially write into memory that
is not part of the counter vector.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I43be33a51bcb52d520495d326b971c1d848d96b5
Type: fix
otherwise if two packets arrive with the same source address but from different VRFs, then they are treated as the same and they use the same LB and thus share the same fate. but the lookup, when done, results in two different LBs, and hence the fate can be different.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id6e16f7c577a561d9ddd7066339fa4385361d07f
Type: improvement
Currently, RA message sending is enabled by default - both periodic and
in response to RS message. However, RFC 4861 section 6.2.1 says the
following:
Note that AdvSendAdvertisements MUST be FALSE by default so that a
node will not accidentally start acting as a router unless it is
explicitly configured by system management to send Router
Advertisements.
With this change, RA message sending is disabled by default and
"test_ip6.TestIPv6.test_rs" updated appropriately.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I2a8865199cb665c59268504aefe2976e5ee96dc2
Type: fix
The reported MTU should include the MPLS label overhead
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I3df6d2e0b13f49701e187a766a157498dcaafbc0
OS_ID_LIKE from /etc/os-release is used to determine
the type of packaging. On Debian it ends up being empty,
so the "ninja package" does not work for out of tree plugin
builds.
Solution: if OS_ID_LIKE is not set, set it to OS_ID
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I077d4fdb509ea94b187d11391b1f49edb94c4e30
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
The way of specifying which interface supports what has changed.
Re-add support for adaptive mode in virtio.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I2f8ffa6311a4081b93fb08a7e92408b8bffbae64
- dlmalloc.[ch] is an imported open source library which
somehow manages to choke clang-format-diff to the point
of consuming ~1 minute to run against a single character
diff.
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I16c6d6da664da8634aa682dce9d2120072626730
Type: fix
When a covering entry is removed from the table, the covered entries first see it 'updated' and then 'removed'.
the crash occurs because the covered prefixes share (simple pointer copy) the covereds hash table of path extensions. During the cervers deletion this hash table has been removed and the update of the covered crashes when recaluationg forwarding becuase it uses the free'd hash.
Fix is to refetch the shared hash table (which is NULL) when the covered is updated.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Icefca9d7b21da975111d0e974d75f663fc0cc00c
The support for interrupt mode is not being respected as it is not
copied into the driver conf, which is what is checked when trying to
enable it.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I2e502306e27bd98f8037d1a0a396201e099b50b5
Currently the last character of the error message string
is temporarily changed to a null byte '\0' before the string
is sent to syslog(3), resulting in confusingly incomplete log
entries.
This patch changes the syslog format to "%.*s" so that the
maximum number of characters to be printed could be controlled.
Type: improvement
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: I1bd6295c19b51b962a3d8ee3016cd91ffb2a4eaf
Type: feature
CPU usage ~20% less than v2.
Performance improvement 20% more than v2.
High vector rate.
Change-Id: I24bc594200f42664b59d07b44d44578e61068bbc
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Use of clib_mem_is_heap_object is not reliable enough for production use
as it relies on just few bytes of memory allocator chunk header.
Type: improvement
Change-Id: I48c8adde8b6348b15477e3a015ba515eb7ee7ec2
Signed-off-by: Damjan Marion <damarion@cisco.com>
This allows specifying both c string and vector for node name
and removes need for crafting temporary string.
Type: improvement
Change-Id: I0b016cd70aeda0f68eb6f9171c5152f303be7369
Signed-off-by: Damjan Marion <damarion@cisco.com>
bihash keys are less than 64-bytes, do not overflow.
Type: fix
Change-Id: Ic55407eb9ccca38058f7e62b363ec05c8445fbcb
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
This also makes the is_white_space function
public
Change-Id: Ifc1c0d4509f3ecae14f09bb5fa7a2eea33c49b09
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Possible races while concurrent additon to the new sessions vector
in a one process and remove from it in an another need to be avoided.
Let the vector be changed in the new session process function only.
Also cli_file_pool element may be freed already at the new session
event arrive timepoint, still causing unexpected cli banner for
noninteracive cli sessions.
Type: fix
Fixes: 17a6721858
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I022d16dd3aad9c9330834d35c58938f04b015b08
The processes vector leaked on reforking and needs to be
freed before recloning from main node processes.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id69bc3fd42e2efacfcd521f98e6e51a9c712fef5
Systemd always sends SIGCONT after KillSignal, to ensure that even suspended
tasks can be terminated cleanly. However, the default action of SIGCONT
handler in VPP such as unix_signal_handler() is process termination with
coredump, what is not really desired. So, leave it alike SIGSTOP with its
default handler.
Type: feature
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I54c06d21669ec3c709322d746db9e28448c31bb8
- move memory and server specific vl_msg_api_handler_with_vm_node()
to memory server code only
- keep api_global_main static
Apart from being cleaner, this also helps avoiding symbols conflict
when both client and server libs are loaded in the same process, as is
done by the prom plugin.
Those symbols conflict confuse ASan and can be nasty to debug.
Type: improvement
Change-Id: Iaf58596cc753ad8d3fedd8d65c4bf480ac129c2c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- No longer used now that ubuntu-18.04 is deprecated.
- Change default to clang-format-11 in checkstyle.sh
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I202244563738417bf4ae5b22fc8e2804bff2d25f
Type: fix
With multi-txq in VPP, user should be able to create
more txqs than vpp threads. MEMIF_MAX_M2S_RING should
be defined to 256 instead of number of vpp threads.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I337c3a5ea691470815653ff2dbfa862bb324b240
Fix clang-format-diff autodetection error in case of non-standard
clang-format-diff path. Also allow finding clang-format-diff.py in
non-standard location.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I3cb76aa152a8245e62db62f5fe2ba96b1ff86428
Make make test-start-vpp-in-gdb work again.
Fix incorrect temp directory when using DEBUG=attach.
Type: fix
Fixes: b23ffd7ef2
Change-Id: Ie98b637acbbe0221606ccdc7b54f63885e5951a4
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Minimize amount of rpcs from first worker to main
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3794ff028a17d18b7bff69ede2b62e1e2d45ae77
The behavior associateted to a LocalSID accordig to the definition should be u8 instead of u16;
Type: fix
Signed-off-by: Francesco Lombardo <franclombardo@gmail.com>
Change-Id: I6dd60d5facc1c3f20900cb393619349e82eef38c
Signed-off-by: Francesco Lombardo <franclombardo@gmail.com>
Just like commit 252647482b24bb3474e8f13bc86100718176832f
did for Wireguard interface keys, prevent stack smashing
the peer keys.
Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.
Type: fix
Fixes: edca1325cf
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I9f77b3faaaa01d3123b356c958db60c87238db9c
- Add peer_index, table_id, and keep-alive.
- Fix some lingering cut-n-paste issues in the API file.
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I6fc0729ba0268bbcda0248f680979c44e68b6b0c
This adds two new exported functions
for the clib_bihash
* clib_bihash_add_with_overwrite_cb allowing
to pass a callback to be called on overwriting
a key with bucket lock held.
* clib_bihash_add_del_with_hash doing an add_del
with a precomputed hash.
Type: feature
Change-Id: I1590c933fa7cf21e6a8ada89b3456a60c4988244
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
More generic vector heap code coming in another patch...
Type: refactor
Change-Id: I2327128fb3aba9d5d330f46a35afec32e1e3942e
Signed-off-by: Damjan Marion <damarion@cisco.com>
The random seed is not an integer, so the current code does not allow reproducing a test run by running e.g.
RND_SEED=1647595144.0940742 make test
Solution: make the random seed a positive float.
Also, add the missing positiveness check to the positive_integer function.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I858bab0a9b828b99c20a2252aeecb9e2dda4ee21
This is not to be used lightly.
The idea is to forces pool reallocs to be done only on main thread with
a barrier to make sure pools are always reallocated without
peekers/readers. If rpcs are delayed and the pool runs out of elements,
workers will block waiting for barrier and force the realloc.
Consumers of this api should be session layer and transports.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I533272a29534338935a3fcf7027c0e7af2ca948c
Introduce a GitHub Action to auto close PRs submitted via GitHub
Will add a helpful comment to point folks towards gerrit.
Type: feature
Signed-off-by: Ed Warnicke <hagbard@gmail.com>
Change-Id: I3c4a2590d4e38edd1061e65e800cfdb124c43866
Immediate benefit is ability to use hugepage backed memory.
Type: improvement
Change-Id: Ibcae961aa09ea92d3e931a40bedbc6346a4b2039
Signed-off-by: Damjan Marion <damarion@cisco.com>
When dNAT-ing to a VIP, it can happen
that the return session conflicts with
another forward session than the one
we own.
This patchs adds a rsession_flags
CNAT_SESSION_RETRY_SNAT that makes cnat_session_create
search for a free src port to use for the
resulting return session.
It also makes forward & return session
share their fate in the session scanner.
Type: fix
Change-Id: Id0edf59abf8e5bc0c0d8941ba289c4563c77dee0
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: fix
Calling vnet_hw_if_register_tx_queue should
be done with the worker barrier held, as
virtio-pre-input might be grabbing a queue
while a memif connect event is triggered.
Change-Id: Ie1272cdfd2477faf7a4e10f30778279872f04916
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
There is no need to verify the checksum for packets that have the IP
checksum offload flag set. This uses the same logic as
ip4_ttl_and_checksum_check.
Type: fix
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Change-Id: I177b07212a992362a4c965c074dcecf1e504c593
Checking for existence of source address on interface prevents creating
session before assigning address to said interface. Removing this check
allows more flexibility when configuring BFD feature.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ia57960e29b5dbdb758a7a64193c28f21482f229e
On the forst vector alloc values are stored into header.
Later, when vector grows values from header are used istead of provided
ones.
In the debug image code will assert if same values are not provided.
Type: improvement
Change-Id: I8fdcfa495e9c1df0f6392c90f634e8c74b73b328
Signed-off-by: Damjan Marion <damarion@cisco.com>
Add missing translation of ICMP inner IP layer.
Change responsible test so that it actually tests something.
Type: fix
Fixes: 4881cb4c6f
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Id3a6f12a7308d81b1cdf9815f857221fab2f24d9
For some unknown reason sometimes calling exec() ends up on weak
exec() defined in src/vat/api_format.c which return -1 instead of using
one few lines above.
Another proof that use of weak symbols is bad idea.
Luckily this can be easily workarounded.
Type: fix
Change-Id: Ic84e8525bff75c1b8186c233cd524aac4d95c8b5
Signed-off-by: Damjan Marion <damarion@cisco.com>
Update persist timer if data sent during snd_wnd < snd_mss was acked.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5c75ff8ddc0e49750b2088237d32afa4eda99e7f
In order to support the requirement of RSS and packet steering of new
protocols, such as GTPU PDU-type and QFI, for 5G UPF, a generic pattern
is introduced in vnet flow. The generic flow pattern is based on DDP
(Dynamic Device Personalization) function and Parser Library module in
DPDK. Using generic flow pattern, we do not need to create new packet
and field type and offset in API parser for every new protocols. We can
create flows for any protocol immediately as long as supported by DDP.
The generic flow can be used to support 5G related protocols in
different scenarios.
The input of this generic pattern are two binary strings for spec and
mask. Spec is the binary presentation of the target packet type, and
mask is used to mark the target fields.
In this patch DPDK plugins is enabled for POC. Next step we will enable
generic flow in native IAVF, which is the main target.
Here is an example. If we want to create a flow for GTPU QFI,
spec is:
00000000000100000000000208004500003C00000000001100000101010102020202000
008680028000034FF001C00000000000000850100010045000014000000000000000001
01010102020202
mask is:
00000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000007F0000000000000000000000000000
00000000000000
A naming API POC is created via VAPI to help create the rule with
the target packet format similar to Scapy. It is based on a function
module called PacketForge. In this way, the user no need to create
binary string spec and mask by themselves.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id3444f95c158bdcdfeeee19d795cd9ecbeeec07c
The index i was incremented in the wrong place, and the check on the
presence of a next buffer in the chain was actually done for the
next desc_status rather than the current one.
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: I74a64a34fea497900b7969cd96e1aeeb570a1bba
Rename vec_capacity to vec_mem_size as it returned the size of the
underlying memory allocation not the number of bytes that can be used
for vector elements.
Add new vec_max_elts macro that returns number of elements that can fit
into generic vector.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2e53a2bfa6e56a89af62d6ddc073ead58b8c49bb
Type: improvement
Add a patch to the DPDK 21.11 build to enable the PCI device ID for the
I226-V.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I82ff4b70e6b6e0ba0803519943190a564e85d2ac
With DPDK plugin, VPP does the DMA page map in IOMMU, only when
DPDK supported ethernet devices are present. As a result, Mellanox NIC
and QAT combo doesn't work. As part of this fix, DPDK supported
crypto device check is added to do the DMA page map.
Type: fix
Signed-off-by: mgovind <govindarajan.mohandoss@arm.com>
Change-Id: I02de4588c5b021e0c9c62612137f28ed8784bea6
Fixes a minor issue that causes printing an error message when there is no error.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I59f5c6af7c5aeae3e812b4cf0c75a47894bb8bbd
Type: improvement
This patch improves the per dpdk-input loop number of packets
received from the port. The change mimics how packets rx happened
before VPP 22.02/DPDK 21.11: instead of trying to rx huge number
of packets (256) in one go, rx more times with up to 32 packets
max each time.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I804dce6d9121ab21b02e53dd0328dc52ac49d80f
Thanks to Ben McKeegan <ben@netservers.co.uk> for the report.
Type: fix
Change-Id: I8170dda572c326b6b1823fd330dbd5e961fdad74
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
When `make install-ext-deps` is called, it creates a debian changelog
file and use `git describe` to fill project version. On downstream
consumers it's possible to have different tags that makes it to end up
using an invalid version on changelog and breaking the installation
process.
Restrict tags to be considered by git-describe to match 'v[0-9]*'
pattern to get it fixed.
Signed-off-by: Renato Botelho do Couto <renato@netgate.com>
Change-Id: Ieabd7b42ac33735ec4d484bed9039ff20c9872f2
The tlsmbedtls plugin should only be built if mbedtls libraries are
present.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I24364177d24ea744f24f808f492be08adff3690b
This fixes a crash caused by client closing socket before adding worker.
During detach vpp tries to delete worker based on invalid worker index.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
Several test cases re-use the same test class name,
which leads to test error when do parrallel test with TEST_JOBS=16,
change the test class names to unique values.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Iefc01d40a25ebd60533baf3a2dc98a537437e8e9
Type: fix
The l2unfragmentable size is not included in the calculation of 'max', the maximum amount of data that can be added to a fragment, therefore the fragments created are too big.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1e949ad98203b6f8ea2f55322ef6fa3d507e2a6
Deadly combination is clib_{set,long}jmp + lazy linking + tail call compiler
optimization. On the first call to clib_setjmp, dynamic linker executes loader
code which then calls clib_setjmp, so stored stack position contains dynamic
loader data. Tail call optimization simply jumps back to the calling
code when clib_longjump is called and that results in wrong return
address used from the stack.
Change-Id: Ia7d8dbd5b2c425cdd0449374aa07ab6b684a330e
Type: fix
Signed-off-by: Damjan Marion <damarion@cisco.com>
As per IPSec RFC4301 [1], any non-matching packets should be dropped by
default. This is handled correctly in ipsec_output.c, however in
ipsec_input.c non-matching packets are allowed to pass as per a matched
BYPASS rule.
For full details, see:
https://lists.fd.io/g/vpp-dev/topic/ipsec_input_output_default/84943480
It appears the ipsec6_input_node only matches PROTECT policies. Until
this is extended to handle BYPASS + DISCARD, we may wish to not drop
by default here, since all IPv6 traffic not matching a PROTECT policy
will be dropped.
[1]: https://datatracker.ietf.org/doc/html/rfc4301
Type: fix
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Iddbfd008dbe082486d1928f6a10ffbd83d859a20
While setting an ACL, a user can specify the adjacency to follow after
the input ACL node. Thus, we may skip a lookup and enter directly a
local node (ex: ip4_local). To prevent the local source check from
failing, we need to specify the fib index. And, we have to do it just
before exiting the input ACL node because the l2_classify object
is overlapping with the fib_index in the vnet_buffer_opaque_t struct.
We could have added a padding to avoid this overlap but there is no
place for that in the structure.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I383c36e4aec08d181f966f28565aefed950d2a74
Type: feature
This patch bumps ipsecmb library version from 1.1 to 1.2
Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com>
Change-Id: I181e43c711fe530296c037d59b53fe3c5f2719ea
Type: improvement
Currently, when an interface is brought down administratively, IPv4
routes that resolve through that interface remain in the FIB. However,
the kernel removes those routes but doesn't send any notifications about
that. Desynchronization between the kernel and VPP happens.
With this change, when a notification received from the kernel
indicating that an interface was brought down, in addition to bringing
the VPP interface down, walk the IPv4 FIB bound to that interface and
remove any entries that resolve through that interface and were added
with one of the linux-cp FIB sources.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I0cd14bb63c9e6616ae1c5739b17c3bf33b186bc2
Type: fix
- IPv6 fragmentation did not work if the packet spaneed multiple buffers, because the 'len' calculation to did max out at the size of a buffer
- IPv6 fragmentation did not work when the l2unfragmentable size was non-zero, it was not used in the correct places
- IPv6oMPLS fragmentation would fragment all IPv6, it should do so only for link local
- IPv6oMPLS should send back TooBig ICMP6 for non locally generated
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie8f02cdfdd7b7e8474e62b6d0acda8f20c371184
Type: fix
Primarily fix an issue reported by Coverity in
lcp_nl_open_sync_socket() that close() could possibly be run with
negative fd. Also, add more checks and error logging there.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I9a88520d068392977a6eba0766451e5652fe512c
Type: improvement
Currently, read event signal is sent on every notification message
received and added in the queue.
With this change, signal read event only when all currently available
notification messages are received.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib86d189311ce01f50167e4e97feb99df0292ad96
Type: improvement
Currently, while reading notifications, ENOBUFS error is ignored and
reading continues. This was done to minimize the number of notifications
that are lost due to reopening the socket.
Now that synchronization is implemented to recover from socket errors,
ignoring ENOBUFS and reading as much notifications as possible is not
actual. Before synchronization, all currently enqueued notification are
discarded in any case.
With this change, stop reading notifications if any error occurs.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I1184d9a3aa99df63ef59bc2a67be2b1e5e0e9329
- make sure we do not overflow
- skip unknown messages if we can
Type: fix
Change-Id: I0efbe7376d9d78f6b0ec8018c0813400e6653698
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
if original packet was to the link local, then the
fib index in the buffer is that of the LL table, we can't use that
to foward the response if the new destination
is global, so reset to the fib index of the link.
In other case, the fib index we need has been written
to the buffer already.
Add a test for IPv6 ping in an MPLS-VPN where int inout interface is
not the the same VRF as the response should be sent.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I18a232d90ddd3ef051a52476c5d861c87060e76f
Type: improvement
For error conditions, such as TTL expired, dest unreach, etc, Rate limit the sending of ICMP error messages.
The rate limiting is done based on src,dst IP address of the received packet.
the rate limit has been chosen, somewhat arbitrarily, to be 1e-3. This is the same limit as the ARP throttling.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a0b791cde8c941a9bf37de6aa5da56779d3cef4
Type: improvement
When dump of neighbors is requested, the replies will also include
neighbor entries for IPv6 multicast addresses:
GigabitEthernet0/8/0 S ff02::16 33:33:00:00:00:16
GigabitEthernet0/8/0 S ff02::1:ff76:7135 33:33:ff:76:71:35
GigabitEthernet0/8/0 S ff02::2 33:33:00:00:00:02
Such entries are not reported in netlink notification messages and
VPP is unlikely to use these.
With this change, ignore neighbor entries when the IP address is a
multicast address.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic712aa4904f1d559f31fd89ff4541268e2340f84
Type: fix
This patch removes the assert and it is unnecessary.
Because given variable is used for branch testing.
Change-Id: I64f57f909fcba205216296e86c1cde2a5dadbb45
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Add the possibility to create masks and matches without l2 header in the
CLI when creating tables and entries. This is useful for tables working
on l3 and l4 only.
Type: improvement
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: I7da9e47d810c0b4a0938e2cb3bc31aa69ace3649
Type: fix
the MTU needs to be adjusted to account for the label stack, since the size of fragments produced is stack+mtu.
these changes are to the use of the stack variable 'mtu'
most of the patch results from appeasing checkstyle.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8d0e10cf52ca4dd8ecdc224ed6c54a13e4768fdd
Use system wall-clock time for packets timestamps instead of the time
since VPP started for pcap traces.
Type: improvement
Change-Id: I716165912efe8db3a8861d5c10597dc7629d2293
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: improvement
During synchronization, only the current actual set of entries is
loaded. If some entries are no longer present in the set being loaded
but present in VPP, they should be removed to fully syncronize.
With this change, add handlers for sync begin and end events. Begin
handlers will mark the entries as stale. End handlers will remove the
entries that are still marked as stale.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I4f7e872af3e1c9ffa6c63bcc3984ec76def1bb43
An updated ipsec script was identical to the existing ipsec_tun_protect script.
Remove the ipsec vnet script, and rename the ipsec_tun_protect to become the
default ipsec vnet script.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ie05ca3e089b67a5b9499d83d4cb2adf1b6c6ffba
Type: improvement
Currently, if an error happens on the netlink notification socket, the
socket gets reopened. A portion of notification messages have been lost
because of this and will never arrive on the socket. VPP will be out of
sync with the kernel networking state.
With this change, synchronize VPP state and the kernel networking state
if there was an error polling or reading the notification socket.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I8cdff89b505cd227535a0acaadb6ee757204c45e
Type: refactor
check for pool expansion in the DPO allocation, just in case.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6ba7dd66313630d3f24a51700ab4486ba43d856b
Type: improvement
For some message types, timestamps are checked on netlink message to
decide whether the message should be applied. For notification messages
timestamps are expected to be always available.
With this change, before accessing the timestamp, make sure the message
info object that carries it is not null. If it is null, pass the check.
This is to be ready to process dump replies that will not need the
timestamp check and will have the message info object set to null.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ic7211c0d451d72f6a5248898b3a8f8e0bca8f7aa
Type: fix
Currently, a tap interface created to be a member of a linux-cp pair has
default link state (down) and default link speed (10Mb/s). Then the
plugin monitors the link state of the paired hardware interface and if
it changes, the new link state is reflected on the tap interface. And
when the new link state is "up", the link speed is also reflected on the
tap interface.
The problem is that this scheme implies that the hardware interface's
link state is "down" at the moment of the linux-cp pair creation and
then changes. But there are cases when the link state is already "up" at
that moment. If that is the case, the link speed on the tap interface
will remain the default one until the link comes down and then comes up.
With this fix, when a linux-cp pair is created, reflect current link
state of the hardware interface being paired on the created tap
interface.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I73664d753f4daaa6d439c9ca898fb7363d21c06d
Some possible side effects for multicast routes appears to be in
lcp_router_table_add_or_lock. so ff00/8 route will be processed
for ospf purposes the right way
Ignore IPv6 kernel routes
Skip adding auto routes into FIB
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I35f73d629a7fffca7f7d4547adc2549b72c2048f
Include the user_instance in wireguard interface details.
In addition to dumping all wireguard interface details,
also allow selective dumping of just one interface.
Type: improvement
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Iaf1093c6ae3eb00a685f34b2e0171285b02fae2b
When building a VPP library out of tree using add_vpp_library, the build
sometimes fails because the library API files are not necessarily
generated before compiling this library.
This is fixed by adding the lib API files as dependencies of the
lib compilation.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: I69dffaecbfd547f10115504494a47358c4624258
- cli_inband is missing from vat2
Type: improvement
Change-Id: I1f22dee3ee29f3cf0f1f7c6076d5f2b2b2bf969d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- A call to vapi_msg_control_ping_hton() is generated in
a static inline function in vlib.api.vapi.h, which is
defined/generated in memclnt.api.vapi.h without
including memclnt.api.vapi.h in vlib.api.vapi.h.
This breaks the compilation of plugins which include
only vlib.api.vapi.h (e.g. hicn_plugin from the HICN
project).
Type: fix
Fixes: a1400cecb
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5574f4ed496183ea93265f493bf3624254a865a2
The app keeps on using the default app ns but each listen will be done
in the vrf configured.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0947e03188d55231b299916351115038e0b1f5da
This fixes an issue caused by session layer reading expected part of
data (cert + key) before the client actually sends it.
Type: fix
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
Raise a new UnexpectedPacketErrror, when a packet is captured
unexpectedly. This pretty-prints a terse description of said packet.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ibac19fc5bbd82a150fec3c90940a37af6344fd4f
- HICN project's hicn_plugin requires vnet header files
fib/fib_entry_track.h and udp/udp_encap.h to be
included in build-root/install-vpp*-*/vpp/include/vnet
Type: fix
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: Iabd3f8fe0aee8d727758fc6ef202e859d68d63a3
Type: fix
Fixed coverity-issue CID 248517.
Originally possible passing null pointer to one function and directly
dereferences it.
This patch fixes the issue by add a new condition to check this
pointer.
Change-Id: If506abaf08c9f003860b641971af291f68613c18
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Type: fix
Fixes: 39e9428b90
When a VRRP advertisement is received by a worker thread, the worker
calls vl_api_rpc_call_main_thread() so the main thread will process the
packet and make adjustments to VR state if necessary.
The data being passed to the main thread included a pointer to the VRRP
header in the received packet buffer. Since the main thread processes
the RPC request asynchronously from the worker thread, it's possible for
the worker to drop the packet and for the buffer to be overwritten before
the main thread can process it.
Copy the fields which may be needed by the main thread into a struct
instead of passing a pointer to a packet buffer.
Change-Id: I4e899e967df5a54776b521825a80e9cce1a94f5f
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Integer math on 32 bytes of base64 data might yield 33 bytes
of data in some poorly formed user input of private key values.
Rather than smashing the stack (detected) and aborting, simply
allow for the possible yet irrelevant 33-rd byte of data.
Type: fix
Fixes: edca1325cf
Change-Id: I42acfbf3e8fbb3d517e21c53d4f80459d4800e9d
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Type: fix
otherwise the feature is enabled n times for n lcp-pairs and the packets go n times through the feature.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I8e47e4a293d6e2711f54aa09e9545e5e07728026
adj_get() crashed in worker thread. The index is valid but was freed.
0x00007fba5fb07921 in __GI_abort () at abort.c:79
0x00007fba528de7c3 in os_panic () at /development/libvpp/src/vpp/vnet/main.c:618
0x00007fba506f2a19 in debugger () at /development/libvpp/src/vppinfra/error.c:84
0x00007fba506f2797 in _clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fba521cecd9 "%s:%d (%s) assertion `%s' fails") at /development/libvpp/src/vppinfra/error.c:143
0x00007fba51d88254 in adj_get (adj_index=79) at /development/libvpp/src/vnet/adj/adj.h:472
0x00007fba51d87642 in icmp6_neighbor_solicitation_or_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40, is_solicitation=0) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:134
0x00007fba51d8f479 in icmp6_neighbor_advertisement (vm=0x7fb9f19a0580, node=0x7fb9bb820340, frame=0x7fb9b718bc40) at /development/libvpp/src/vnet/ip6-nd/ip6_nd.c:348
Type: fix
Signed-off-by: Rajith P R <rajith@rtbrick.com>
Change-Id: Ibe29854137ee9680f7947450eb7e256b8c0ade31
mpls fib DB size was 2^20 instead of intended 2^21.
Therefore large mpls labels caused DB to overflow and write
to other tables or some random objects. Or crash with ASAN.
Sometimes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I6db65680037a266fe47e8213464a0c16de63c06c
Add support for inline packet counter verification to send_and_* functions.
Diff dictionary is a dictionary of dictionaries of interesting stats:
diff_dictionary =
{
"err" : { '/error/counter1' : 4, },
sw_if_index1 : { '/stat/segment/counter1' : 5,
'/stat/segment/counter2' : 6,
},
sw_if_index2 : { '/stat/segment/counter1' : 7,
},
}
It describes a per sw-if-index diffset, where each key is stat segment
path and value is the expected change for that counter for sw-if-index.
Special case string "err" is used for error counters.
This then allows more precise packet counter verification by first
defining a "zero" dictionary, e.g. for ED NAT:
cls.no_diff = StatsDiff({
pg.sw_if_index: {
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
'/nat44-ed/in2out/fastpath/tcp': 0,
'/nat44-ed/in2out/fastpath/udp': 0,
'/nat44-ed/in2out/fastpath/icmp': 0,
'/nat44-ed/in2out/fastpath/drops': 0,
'/nat44-ed/in2out/slowpath/tcp': 0,
'/nat44-ed/in2out/slowpath/udp': 0,
'/nat44-ed/in2out/slowpath/icmp': 0,
'/nat44-ed/in2out/slowpath/drops': 0,
}
for pg in cls.pg_interfaces
})
and then to specify only changed counters directly when calling
one of send_and_* functions:
self.send_and_assert_no_replies(
self.pg0, pkts, msg="i2o pkts",
stats_diff=self.no_diff | {
"err": {
'/err/nat44-ed-in2out-slowpath/out of ports': len(pkts),
},
self.pg0.sw_if_index: {
'/nat44-ed/in2out/slowpath/drops': len(pkts),
},
}
)
operator | is overloaded by StatsDiff class to perform a deep merge operation,
so in above case, dictionaries for "err" and self.pg0.sw_if_index do not
overwrite whole sub-dictionaries, rather the contents are merged,
assuring that all the remaining counters are verified to be zero.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I2b87f7bd58a7d4b34ee72344e2f871b2f372e2d9
Some tests might want to keep vpp config in between test functions.
Add a flag to allow that.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I90243cd667dce922b43b381f3d52f4ac0f6bf3a7
TCP/UDP packets which are dropped are not counted towards TCP/UDP
counters. Apply same behaviour to ICMP packets.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I487fa7135ac8e49431a621fac213638d2dab31c8
Breakdown the distribution of uops delivered to the frontend.
Collerates directly with the source of the uops.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I93a57dbe56dfa0f378527844aa4e63f45a548e55
Type: improvement
remove the [un]lock logs, they are not useful.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I903d3088b8ed9831f931208aeb6b6862a945550c
This is required after distinguishing between max_frame_size and MTU
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ie642bee4e30ca76903bb8be5eeb6914c2c09bf35
Type: fix
Fixed coverity-issue CID 248517.
Originally possibly passing null pointer to one function and
directly dereferences it.
This patch fixes the problem by add a new condition.
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I02fc6fb5d1cfd6138ea4ba2b1946fd8a7ef34d3b
Type: test
there were multiple instances of send_and_expect_load_balancing
and a send_and_expect_one_itf which has the same functionality as send_and_expect_one.
Put one implementation of both in framework.py (where the other send_and_X functions reside).
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I7f629d440220bee29368067f475059322e1134f7
Originally after remove the policy entry in spd, macro "vec_del1"
can change localization of the last entry in vector and finally the
entry list has not been sorted.
This patch fixes this issue by change executed macro "vec_delete"
instead of "vec_del1".
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I396591cbbe17646e1d243aedb4cdc272ed4d5e25
If the user supplies an instance number when creating a wireguard
interface, it should be used in the device name. If no user-instance
is given, the device instnce (tunnel number) is used.
For example:
vpp# wireguard create instance 17 listen-port 23023 src 1.2.3.4
private-key MDEwMjAzMDQwNTA2MDcwODA5MTAxMTEyMTMxNDE1MTY=
wg17
Type: fix
Fixes: edca1325cf
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ibf51868bf7b4b9e8a3f85557d05667207873bc91
Implement command line argument parsing instead of passing arguments via
environment variables. Add script for running tests without having to
invoke make. Deprecate running tests via make.
Type: improvement
Change-Id: I2e3054a61a2ae25d460e9be00be7d7705fbf943e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Supported only when eventfd option is enabled.
Type: feature
Change-Id: Ic9d6e38604e978f7bc8e54d74fe9b8f3fc53622d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Type: refactor
To be consistent with the location of the IPv4 responder
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ie3a5c3ecc10755317591d7ff57b74770c2798e77
Type: improvement
Ethernet frames on the wire are a minimum of 64 bytes, so use the length in the UDP header to determine if the ESP payload is one bytes of the special SPI, rather than the buffer's size (which will include the ethernet header's padding).
In the case of drop advance the packet back to the IP header so the ipx-drop node sees a sane packet.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic3b75487919f0c77507d6f725bd11202bc5afee8
Type: fix
Since commit e2a6d08bef
DPDK started advertising scattered Rx feature for elastic network adapters. Thus, dpdk
plugin doesn't have to disable it for ENA by default anymore
Signed-off-by: akolechk <akolechk@cisco.com>
Change-Id: I2d4f429be992e3c4edcc0c3adf8c55f3d5381631
Originally XDP_FLAGS_REPLACE was passed to the function.
For kernels not defining this macro (for example 5.4) in if_link.h vpp
sets it to 0.
If kernel has this macro problem appears, replace flag requires
specifying the program to be replaced. bpf_set_link_xdp_fd wraps
around __bpf_set_link_xdp_fd_replace and passes 0 as old_fd, it leads to
an error while assessing for replacement (if 0 is passed
there is no assessing for replacement).
To address this issue no flag is passed to the function, only 0.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I3689ce7eb8c71c699f0e589111929979c2bbe213
Type: improvement
When the adj subsystem is notified of a BFD session, it attempts to find the appropriate adjacency from the session's key.
This could lead to a mismatch between the adj used by BFD and that of FIB. The BFD session stores the adj it is using, so FIB uses that instead.
Since adj is now using the same adj as BFD, it does not need to maintain its own locks.
In BFD it is necessary to initialise the adj index used in INVALID and ensure it is not unlock before listeners are notified of the session delete.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I9630867b10bb18969475299a0c754942a8df0f44
Type: fix
The adjacency used is then the same one as that used by routes in the FIB and so the BFD protection/fast-failover works for thise route, since they are children of the BFD protected adjacency.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I72e10b3074697cba8a002a4c1acf690983985157
When the ipfix address was changed to be an ip_address instead of
an ip4_address the output when creating an exporter via the cli
should have been modified to take the address of the v4 part of
the addr.
Type: fix
Signed-off-by: Paul Atkins <patkins@graphiant.com>
Change-Id: I141456cd9092c861a4c4aefba4035dbde23efcd6
Fix for the crash when both crypto_native_plugin and DPDK QAT
are enabled in startup conf.
Type: fix
Signed-off-by: mgovind <govindarajan.mohandoss@arm.com>
Change-Id: Ib020ed7130a99080a093c70c06d47bcacd6d23b1
Type: refactor
IP4 does not depend on TCP (it's the other way around).
This upside down dependency leads to some nasty circular includes when trying to use ip46_address.h in interface.h
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I4a1bd21543b08b9c1cf1e5563da738414734a878
Add udp total session counts - as stat segment entries:
/bfd/udp4/sessions
/bfd/udp6/sessions
and per session packet/byte counters:
/bfd/rx-session-counters
/bfd/rx-session-echo-counters
/bfd/tx-session-counters
/bfd/tx-session-echo-counters
These counters are per-thread and per-session id.
Adjust tests to verify proper function.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ie597928022b6ac74c2220019b9e8e1714295f170
Can be used for throughput testing over http. For instance, start
server:
http tps #implicitly listens on port 80
Then, to test throughput with curl:
curl <server_ip>/test_file_10g
curl <server_ip>/test_file_123m
Similarly, for https:
http tps uri tls://<server_ip>/443
curl -k <server_ip>/test_file_1g
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I30ab7f0d94a7357b3f04546e4a3d3c410a733908
Support segment and fifo sizes for now.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie7242936de7a87df8a703eb371f665be5be4390d
Special bitmaps with VLIB_FRAME_SIZE bits.
Type: improvement
Change-Id: I48747e422e519e7b5e930fa720397459d3adbb8e
Signed-off-by: Damjan Marion <damarion@cisco.com>
Type: test
The FIB UT fails in debug mode because there is no string associated woth its fib_node_type_t.
Change the tests to register their own type, which will give it a name.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I36e546718faa7241c088494cbae10939aca51d5a
It is annoying to see unsolicited message like this spew out to the
console which an end-user cares less about.
vlib_stats_rename_symlink:301: RENAME new name: /nodes/unix-cli-local:52/clocks
Type: fix
Fixes: I92a62bb1cb799e8fdc3ec4110ae3428825254f8a
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I071f3d3736c06cd95a38ec46c7e2222caad01283
Faster memcpy variant when overrun of up to SIMD register size - 1 is
accepable.
Type: improvement
Change-Id: I1fb22e2989f2156caa9f34fa096e6ff9ea9ec7b6
Signed-off-by: Damjan Marion <damarion@cisco.com>
Half-opens are only allocated from main with worker barrier but can be
cleaned up, i.e., session_half_open_free, from main without a barrier.
In debug images, the free_bitmap can grow while workers peek the
sessions pool, e.g., session_half_open_migrate_notify, and as a result
crash while validating the session. To avoid, proactively grow bitmap in
debug images.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2410793f933fb638651fe8dc08ba78e9bee0bd77
ip6 and mpls fib_table->ft_locks memory leaked when the table is
deleted.
name tag is leaked for mpls table parsing.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ife68c0ddc3a6f9437a149b308310f042799c2116
When deleting a memif interface, there is a memory leak in
mif->local_disc_string. The code that leads to memory leak is
memif_delete_if -> memif_disconect -> vec_dup
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I579c743c3d47770131153e083e65f6cd899067b3
Debian 11 has some packages that have changed, and need adjustment.
Also - its default compiler is gcc 10, which, contrary to either gcc 8
or gcc 11 prints a bunch of warnings, which fails compilation.
And there is no gcc 11 package.
Therefore, use clang for this build.
Additionally, python 3.9 has exposed this issue:
https://bugs.python.org/issue42580
Therefore, make a local patch to scapy to tackle it.
Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I7b9c0f852ab97fe3c1feca3f22020ac0970ba3e2
IGMP packets with Router Alert option are delivered to ip4-local
without going through ip4-lookup. Make sure fib_index is initialized
properly.
Type: fix
Change-Id: Iab090a33c4c759b6d7f68c28a0b3f4da7a9de864
Signed-off-by: Benoît Ganne <bganne@cisco.com>
rte_eth_tx_burst() returns the number of packets actually stored in
transmit descriptors and the return type is uint16. n_sent cannot be
negative and the if branch is dead code.
Type: improvement
Change-Id: Idc2980d342756c1093ddf74ea6207d072e819331
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Also reset send params flags before calling transports to avoid explicit
resets in all transports.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1da7b3fab009728e7fee4199425ced933fa8a122
Mark broken test suites using @tag_fixme_asan.The main issue
is that some tests do not pass with ASan. These will need to
be fixed, but it takes time and in the meantime, new issues are
introduced that trip up ASan. When this tag is set and Asan
is enabled, failing ASan tests are skipped, so incremental
fixes can pass the CI
Type: improvement
Change-Id: I02602eb74234c25a4c701279e14704b81d4c5b71
Signed-off-by: Naveen Joy <najoy@cisco.com>
Reduce number of arguments by removing an argument which is only ever
used with same constant value.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I061635b28031d75eb1f853b570e85f6e5a9094df
This also changes the behavior of the nat44-ei hairpinning feature.
Rather then enabling the feature on every nat interface, it is enabled
only on local0.
Type: improvement
Signed-off-by: Filip Varga <fivarga@cisco.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e16a83c9e328aa75fc61df508b620ef743ca775
This is a vpp builtin alternative, not a replacement, for the existing
vpp_prometheus_exporter.
The plugin works by registering with http_static as a url handler for
stats.prom and handles requests by scraping the stats segment in the
main thread. It will therefore consume vpp process cpu cycles.
By default the plugin is disabled. To enable, first start the http
static server an then use "prom enable" cli.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If6888e965d1b2361f6a5546586068213d37079d1
The BFD delayed auth change test was failing intermittently within CI.
Debugging has shown it depends on the initial random seed, e.g. the below
will consistently fail:
RND_SEED=1643734669.7126195 TEST='bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed'
Same thing will happen with:
RND_SEED=1643736595.1363552
RND_SEED=1643722239.8224792
The analysis of the behavior shown that the function that is doing the hash verification,
modifies the content of the packet for the purposes of hash computation.
In case of the auth rollover, this function may be called twice - resulting in the second
comparison to be made with a bogus packet data, thus failing the check and the test.
The above values of random seed are the ones where the test makes it
to the point of this double comparison.
The solution is to restore the data within the packet after the check from the array
where we have copied it into before modifying the packet.
Change-Id: Ibb09beb4b1230032db04527bbf38fa335651866b
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Coverity complains the expression, j % vif->num_txq, may encounter
divide by zero. While there is little chance that vif->num_txq is
zero, it is easy to prevent divide by zero if vif->num_txq is ever
zero.
Type: fix
Fixes: I337ec63d0868f665329d68eadf1744e080b73a0d
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I2e91f296737ce266ab70fffc1f442cc600724fa2
STAT_DIR_TYPE_EMPTY is not handled. This can happen when the
interface is deleted.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic1f5a1a0e7005059628d1dde31118d692c1967d8
We invoke nat_affinity_enable for nat44_plugin_enable.
We need to invoke nat_affinity_disable for nat44_plugin_disable
to free the memory for bihash.
Type: fix
Fixes: I2743f7b1104b627bcc5ef937e3a50655313a26ea
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I9adeb3225136e3fff853c2d5b8f9a30e98ddcf4c
Add Ray Kinsella as maintainer of the perfmon plugin. Update maintainers of the
sphinx documentation.
Type: refactor
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I9c05dbed3dcc9909b497df776fa01c52bc048e0f
Use 'python3' for all python calls in virtualenv. Using $(PYTHON_INTERP)
(set to $(PYTHON)) is incorrect when $(PYTHON) contains absolute path
(e.g. '/usr/bin/pypy3') as it uses interpreter outside of virtualenv.
Type: fix
Change-Id: I19878360cfc1ab6a591e09a079b0b69c1a1a58cf
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Add API to disable full reassembly of "forus" packets. Mark packets
passing through ip[4|6]-local nodes with a new buffer flag and check for
that flag in reassembly.
Enable IP6 "forus" full reassembly by default to be consistent with
existing IP4 setting.
Type: improvement
Change-Id: I7067792fcd4304182654237968e4c4d9293c6143
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Replace unconditional usage of
buffer->total_length_not_including_first_buffer with a logic checking
whether that length is set to a valid value.
Type: fix
Fixes: 17478e4eb8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I161d0957d62cc23826edd821aa5560bcfc5c1a33
Make VPP_BUILD_DIR hold the correct value and adjust paths where
necessary.
Type: refactor
Change-Id: I5bc60666c04919956bf26badaf1ee1f1b188ef65
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Allow entering a test name on stack trace window with STEP=y option
instead of a number. This allows to run a whole suite and skip all tests
until a particular test is hit.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I23e45f8022b82545365b8921390e0e106e02b39c
This fixes the maglev logic which previously
included a wrong simplication.
It moves the maglev logic to its own file,
and adds a test function in the debug cli.
Type: improvement
Change-Id: I2790ae2a26fc1c5739ff02f41d436bfcafd5b380
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
support snort plugin on interface output via ip4-output fa
Type: feature
Signed-off-by: Sivaprasad Tummala <Sivaprasad.Tummala@intel.com>
Change-Id: I2d5e7d0719c03f88806b12debfe596675dbd66c1
Topdown level 1 and 2 for Intel Ice Lake (ICX). Limiting topdown support
to THREAD for the moment on Ice Lake, as NODE support is still
unreliable. Also removing Topdown Level 1 from Sapphire Rapids onwards,
as Topdown LeveL 2 also shows Level 1 on Sapphire, and it reduces the
overall number of bundles.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Iaa68b711dc8b6fb1090880b411debadb3c37f8bc
Previously Linux pseudo events were being counted as multiple fixed
events, such that a bundle with pseudo events could exceed the number of
available fixed counters. Reworked to ignore pseudo events in the
accounting for the moment.
Type: fix
Fixes: 0024e53ad
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: Ic938f8266fd04d7731afbd02e261c61ef22a8522
Move checking for duplicate bundle names after the other checks.
Type: fix
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I7fed5be758814e166eb8756b3df090130ac13bfd
External handlers can still be registered via hss_register_url_handler
but url handlers must be enabled when server is created.
builtinurl plugin to be removed in a future patch
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I94e103d908b9e118c7927b997a21ce3f67809889
Add a bundle to measure topdown backend bound core cycles, will indicate if any
given execution port has contention.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I37d1b38c101ac42d51c10fa4452b822d34b729c9
Type: fix
Possible negative return in open(), do not use curr_ns_fd if it is
negative. Addresses Coverity issue 248535
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I8429ede0f1fe9fe6619e3c4dbd83adb620ea62c2
Check that provided path fits into defined buffer. Don't write too many
bytes to avoid having an unterminated string.
Type: fix
Fixes: 31f1924346
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I1ea8b6d6a3474c032e542b6980ed14bac72093a8
Type: feature
please see FEATURE.yaml for details.
Signed-off-by: Neale Ranns <nranns@cisco.com>
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I6255fd9953d0b03e6b4fe75b67a6845a7c206f74
Signed-off-by: Pim van Pelt <pim@ipng.nl>
So far by suppressing depreciation messages, as there was no transition
period.
Type: make
Change-Id: I9887613fd71a22bf11bf22a04c129aca4a16867f
Signed-off-by: Damjan Marion <damarion@cisco.com>
Prune perfmon bundles that exceed the number of available pmu counters.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I70fec26bb8ca915f4b980963e06c2e43dfde5a23
Added a cli to show Linux perf config for a give perfmon bundle. This
makes it easier to format Linux perf commands for next level analysis.
Type: improvement
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Change-Id: I9adafa7d441b72120390d186e3c8f884b1bc9828
- cleanup data structures, functions and cli
- remove option to return static html. For similar results, use
http static server
- rename to http_cli.c as it better describes what the app does
Type: refactor
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I502e7566fba4376c68fbe41de9e45079a159e864
And add support for passing of pointers
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ida3e5ae4ff7842366ae92a5f33c5e761355951a6
Pass correct conditional based on how vapi is configured wrt blocking.
Type: fix
Fixes: 3fca567ff4
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I47adca19f104d7a758cb2940e93c9fd8c7cc9bfa
- move bonding hash functions to vnet/hash
- register the corresponding hash function when the bond interface
is created
- remove floating point vec256 usage
- split bond_tx_inline into bond_tx_hash and bond_tx_no_hash
Type: refactor
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I1698023c48470290d11c9b2bd00996eee9aa079d
Fixed coverity-issue CID 248456.
Originally passing argument of type "uint64_t *" to function:
"memcopy_s_inline".
This patch fixes the problem by changing type of passing argument and
make a portable assumption.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I17e4583a05ea1263e4d8a4acc9949454e5fd92c0
Implement proper state machine based on above RFCs. ACKs to SYNs/FINs
are no longer required/tracked. This is more friendly to peers and
accounts for lost packets and retransmits.
This change also means that all traffic is translated and forwarded
while in transitory timeout, which helps delivering e.g. retransmitted
FINs, FINACKs and other messages.
Also support reopening a session in transitory timeout after seeing both
FINs by seeing both SYNs again. This helps quick connection
reestablishment if the peers want to.
Type: improvement
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com>
Change-Id: Ibf521c79463472db97e593bfa02b32b4a06dfd2a
Originally cryptodev doesn't support chacha20-poly1305 with aad length
0.
This patch add support in cryptodev for chacha20-poly1305 with aad
length 0. This length is using in Wireguard.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I0608920bb557d7d071e7f9f37c80cf50bad81dcc
Type: fix
policer_add_del does not free "clib_error_t*" when it is not null.
Signed-off-by: Leung Lai Yung <benkerbuild@gmail.com>
Change-Id: I00ad8e53797e46adeb1819856262bb9f3c068c63
Remove dead code. Pool element cannot be NULL.
Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I7812efdcdc414af8352474c4e527c878d2e2c459
Instead of constantly scanning all transport vfts for update time
functions, build list at transport enable time.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id5c07cc03ee1fdd072ebbbd40119d1a440a5e3b1
Originally wireguard doesn't support async mode for decryption packets.
This patch add async mode for decryption in wireguard.
In addition, it contains some performance improvement such as
prefetching packet header and reducing the number of current time
function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieba6ae0078f3ff140c05b517891afb57232b3b7d
Originally wireguard doesn't support async mode for encryption packets.
This patch add async mode for encryption in wireguard and also adds
support chacha20-poly1305 algorithm in cryptodev for async handler.
In addition it contains new command line to activate async mode for wireguard:
set wireguard async mode on|off
and also add new command to check active mode for wireguard:
show wireguard mode
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I141d48b42ee8dbff0112b8542ab5205268089da6
Originally wireguard does packet by packet encryption and decryption.
This patch adds burst mode for encryption and decryption packets. In
addition, it contains some performance improvement such as prefetching
packet header and reducing the number of current time function calls.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I04c7daa9b6dc56cd15c789661a64ec642b35aa3f
In addition to returning the number of bytes also update the number of
segments to reflect the number used.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia87dc2aa62cea38b18dfa83df94dc2abe29d5121
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
