- caused by regeneration of source tarball after the
marvel repo moved to a new account
Type: fix
Change-Id: I44616408d673c8d208ff73ea29d9f5cc12778cef
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Also rework the logic so the skipping of marked Ubuntu 22.04 occurs at framework level
Leave debian11 special cases as-is.
Type: fix
Change-Id: I481eb32cd1a0860935482e9f930ced409da653c9
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
(cherry picked from commit 9987d470a6)
IPFIX buffers are stored on a per worker thread basis. Currently, the
flush callbacks will flush only buffers stored for the main thread. And
buffers for worker threads will not be sent until their size reach the
path MTU configured for the exporter. So if traffic is constant, the
problem will unlikely to be visible. Buffers will be sent once they
reach the maximum size. However, if traffic stops at some point and
flush is triggered in order to make the plugin send all currently
buffered data, this will not happen. And collectors will not receive
that data. The plugin will keep the remaining data until traffic starts
again, the buffers reach the maximum size, and be sent.
With this fix, flush buffers for worker threads and for the main thread
when the flush callbacks are triggered.
This will allow to remove @tag_fixme_vpp_workers from the unit tests
that don't set timers. The tests that set timers will still be failing
for other multi-worker related problems.
Type: fix
Change-Id: I9a7d9cef8ddbec7ee68c79309e48e7bc0953d488
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
(cherry picked from commit 4c7305f124)
In esp_encrypt_inline(), if two or more consecutive packets are
associated with the same SA which has no crypto or integrity algorithms
set, only the first one gets dropped. Subsequent packets either get sent
(synchronous crypto) or cause a segv (asynchronous crypto).
The current SA's index and pool entry are cached before it can be
determined whether the packet should be dropped due to no algorithms
being set. The check for no algorithms is only performed when the cached
SA index is different than the SA index for the current packet. So
packets after the first one associated with the "none" alg SA aren't
handled properly.
This was broken by my previous commit ("ipsec: keep esp encrypt pointer
and index synced") which fixed a segv that occurred under a different
set of circumstances.
Check whether each packet should be dropped instead of only checking
when a new SA is encountered.
Update unit tests:
- Add a test for no algs on tunnel interface which enables
asynchronous crypto.
- Send more than one packet in the tests for no algs.
Type: fix
Fixes: dac9e566cd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I69e951f22044051eb8557da187cb58f5535b54bf
(cherry picked from commit ff71939c30)
Added vl_api_lcp_itf_pair_add_del_v3_t_handler method, it can return
vif_index in reply. Also added vl_api_lcp_itf_pair_get_v2_t_handler
methods, this method is able to dump only one lcp pair or dump all
lcp pairs via stream_msg.
Type: improvement
Change-Id: I1d25344ee57f8fac8b857bb3a9a03116230b4d2c
Signed-off-by: Anton Nikolaev <anikolaev@netgate.com>
(cherry picked from commit 83ad79d69a)
Type: improvement
The vnet buffer metadata for full IP reassembly and shallow virtual
reassembly overlaps. If you have full reassembly and virtual reassembly
enabled on the same interface and virtual reassembly happens to process
packets first, full reassembly will stomp on the metadata populated by
virtual reassembly.
Virtual reassembly gets enabled implicitly when NAT feature nodes
are enabled. Those NAT feature nodes rely on the virtual reassembly
metadata being populated correctly in order to find L4 proto & ports.
When NAT and IP full reassembly are both enabled on an interface, NAT
can drop fragmented packets because the virtual reassembly metadata
can be overwritten by full reassembly.
Ensure that full reassembly runs before virtual reassembly. Add a
runs_before dependency to ensure that ip4-full-reassembly-feature
runs before ip4-sv-reassembly-feature.
There was a duplicate VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. It seems to have been intended for enabling
ip4-full-reassembly-custom as a feature node, but its contents are
identical to the earlier VNET_FEATURE_INIT() for
ip4-full-reassembly-feature. Removed the duplicate.
Change-Id: Ie600b854d4ceb90a7cb736810140d410b8f72447
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 205ed8f884)
Make sure ctx is initialized before ho is marked as done.
Type: fix
Change-Id: If0525a9890a56e289e2ab006c669a9d64dc6505d
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 0ded4890be)
The improvement was removed in 40129,
causing 5-40% regressions in AVF tests.
There is a memory-speed trade-off,
this change prefers speed over memory efficiency.
Ideally, the choice should be configurable,
but that is not easy to achieve, considering
how early is vlib_buffer_main_init called.
Type: fix
Fixes: 038dad7ef2
Change-Id: I4746f3634abe6d233c9d092a372de05b3d1ae4b6
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
(cherry picked from commit 04fd51c03c)
Argument to vcl_epoll_ctl_add_unhandled_event is often the result of an
and between events and EPOLLET which is larger than u8
Type: fix
Change-Id: I8c98f557fa1db9f3eb79c90ecdd60ac9366d4d40
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit e81f27ffb2)
Handle non-even n_elts for the larger array instead of reading past
the source buffer.
Type: fix
Fixes: f62ed3f9c1
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Ic1708a3f33fe71ca752345b5c77b6ae7a2d42bcd
77caeb1b19 has changed the behavior
in an incompatible way, breaking users (including CSIT).
The new behavior is more pythonic,
but the old behavior has to be supported
at least one release after publicly deprecating it.
Type: fix
Change-Id: I9dfdd2229065010216e49db80b14b856c545965c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Avoid situations when notifications are delayed for long enough for
transports to start closing/cleaning up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
VPP requires GNU Make to build, on GNU systems (such as Debian), GNU
Make is installed as 'make', typically with a symlink from 'gmake'.
On other systems (such as FreeBSD), 'make' is a BSD Make derriviative
and GNU Make is installed a 'gmake'.
Use $(MAKE) variable for make calls from within Makefiles. This
variable is set to the path of the calling make program, i.e.,
/usr/local/bin/gmake on a bsd system.
This is the recommended way to call make from Makefiles in the GNU Make
documentation.
Type: improvement
Change-Id: Id9162a34a0f8358f22090718087918dae31c0fce
Signed-off-by: Tom Jones <thj@freebsd.org>
When unsetting VPP_PLATFORM in cmake, it unmasks the cached value
instead, misleading the platform selection logic in src/cmake/cpu.cmake
Type: fix
Fixes: 01fe7ab88e
Change-Id: I676cd0af9ba28150f8ac07724c03df8ef24b640f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Also re-enable external echo QUIC test.
Type: test
Change-Id: I3973409c31fd7c42b97ac3ceae1a5cbad6f1b2b6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Correctly wrap data indices in test_bihash.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I740fa1cf9f8c382c12f01f607095c5995be6845f
Introduce a dump api for LLDP plugin
Type: improvement
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: If67dedd329cced59227187284646d147ef6ef92c
Don't access free'd memory in vec_prepend.
Don't allow prepend when v1 == v2 as it also causes a use-after-free.
Found via ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I21f8422c007d07d40d237e873b84c042be1fe8e8
Type: make
memif.h file is independent code which can be used outside of
VPP. Hence it uses its own cacheline size MACRO. This patch
sets the value of MEMIF_CACHELINE_SIZE in the cmake file for
memif plugin to VPP_CACHE_LINE_SIZE.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I8185e78897f4571f1a0430dd7e758816e127444c
VPP requires bash for all shell scripts. Align shebang lines in build
and test scripts to look up the location of bash rather than hard coding
'/bin/bash'.
Look up the location of bash for makefiles.
Type: improvement
Change-Id: I23b705d81d60389fa8af61c680cf0abd74f0ea24
Signed-off-by: Tom Jones <thj@freebsd.org>
Fixes compilation error with GCC 14
'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument
Type: fix
Change-Id: Ie328ecc711976547df2cffe17325b786bc7a8849
Signed-off-by: nucleo <alekcejk@googlemail.com>
When sanity test is not done, API files are not loaded until the
first test case is run. Hence, it is not possible to use enums, etc.
outside of a test class.
By preloading API files before running any tests, it prevents its
issue.
Type: fix
Change-Id: I8730150374e6c5f8d6933ec037811372ac2a8da0
Signed-off-by: Maxime Peim <mpeim@cisco.com>
curl sometimes uses 2 different source ports during the test.
Type: test
Change-Id: Ib27e9d22a9cc951f4729f4bd0ae99d80bf8d938b
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Setting g+w permission for unix sockets didn't work. There were
two problems:
1. new flag local_only wasn't set for all AF_UNIX sockets;
2. fchmod is not a good choice for sockets.
fchmod was replaced with couple of umasks, and local_only with
socket type check.
Type: fix
Fixes: 085757bb49
Change-Id: I8dc0fceb110a36bfa234f552bbdf182e09e55e27
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
Normally af_packet sets next0 = next_index on each cycle. It works for the most cases.
But if vlib_validate_buffer_enqueue_x1() changes the next_index (from NEXT_ETHERNET to NEXT_DROP for example)
then the following next0 will have the wrong value, and the correct packet will be dropped.
AF_PACKET_IF_MODE_IP handles this case, but AF_PACKET_IF_MODE_ETHERNET doesn't.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ic742043e8b10a2abe56b314bb584277151a9c5eb
vapi generators were missing from the VPP_HOST_TOOLS_ONLY, which
prevents building an out-of-tree plugin with API files. We now
install them.
Type: improvement
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie613c8f64034e933124325242f2f8b3ac3955878
checkstyle.sh assumes clang-format-11 but allows it to be overridden.
Debian12 ships with a minimal version of clang-14, so set the correct
version for checkstyle.
Before:
$ make checkstyle
extras/scripts/checkstyle.sh: line 41: --version: command not found
make: *** [Makefile:720: checkstyle] Error 127
After:
$ make checkstyle
Debian clang-format version 14.0.6
*******************************************************************
* CHECKSTYLE SUCCESSFULLY COMPLETED
*******************************************************************
Type: make
Fixes: 712fc03089
Change-Id: I0c58456477011397115810dab825865b5850d10d
Signed-off-by: pim@ipng.nl
* Refactor the existing prometheus exporter to function print_metric_v1()
* Add a 'v2' flag which instead uses metric names with labels, example:
nodes_clocks{node="ip4-lookup",index="0",thread="4"} 30198798628761
nodes_vectors{node="ip4-lookup",index="0",thread="4"} 298176625181
nodes_calls{node="ip4-lookup",index="0",thread="4"} 119789874274
nodes_suspends{node="ip4-lookup",index="0",thread="4"} 0
interfaces_rx_packets{interface="tap0",index="0",thread="1"} 79582338270
interfaces_rx_bytes{interface="tap0",index="0",thread="1"} 16265349667188
* For stat names that we don't know, print their v1 equivalent, which
keeps backwards compatibility.
Details in https://ipng.ch/s/articles/2023/04/09/vpp-stats.html
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I53ed3ede8cc7853eb46c354834d89eb788ece3b1
Type: improvement
This patch implements support to check the host interface offload
capabilities.
NOTE: this check is only done once when interface is being created.
Any changes to the cap of host interface after that will not reflect
changes to af_packet interface in VPP.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ibc9953131f64f3fb3e601d34036b9f453913692a
Add clang-14 and libffi8 which ship with Debian Bookworm. The project
compiles cleanly with these versions.
Type: make
Change-Id: I17350aae30cec72987792d54d88231b3221b56b9
Signed-off-by: pim@ipng.nl
- Fix buffer overflow caused by strncpy(dst, src, strlen(src)),
use sized buffer to ensure overflow safe.
- Fix test_app getopt usage
When use example/icmp_responder in slave mode
- Fix segfault when buffer size is not specified
- Fix wrong packet send out.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I5ed47fd8e630420d7ae0203a2605d2b9abd33d2a
Increase slot variable to u32 to address combinations of num-queues and queue-size that cause slot variable to wrap when declared as u16, e.g. num-queues > 8 && queue-size is 2^12
Type: fix
Change-Id: I5bd6198d60395156a06f1a280ea2594824ceaa9d
Signed-off-by: mbly <mbly@ciena.com>
Rewind logic was not supporting count = 1, where size was > memif_buffer_size and a rewind is required.
Fixed slot-->next_buf bug for !master as well.
Type: fix
Change-Id: I65cf0d3d0c105f37125412a613e5ff8c5da9a3a2
Signed-off-by: mbly <mbly@ciena.com>
This patch provides unit tests for libmemif written in Unity
Type: test
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I19116def6e6d28efd5f460c93911245474a11321
Ensure alignment between the Intel IPsec-mb library on the
host and VPP targets.If the version of Intel ipsec-mb on the
host is misaligned with the targets,terminate the compilation
process to prevent potential library linkage issues.
Type: fix
Change-Id: I38864115d59ae09fb5556ad4a29e884ebace8155
Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com>
Signal when consuming a batch of netlink messages, in order to inhibit
lcp_sync from generating new netlink messages. This avoids link up/down
state changess from triggering an infinite loop.
Do this in the regular case of nl_route_process_msgs()
and in the special case of re-synchronizing in lcp_nl_recv_dump_replies().
Type: fix
Change-Id: I419d3f9aa350c119b3778b644c65165cb4cc1bef
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Add an urpf_interface_dump() API call, with optional sw_if_index.
If either a mode or a table is specified in any given interface
address family and direction, return it in a list, otherwise omit
it.
TESTED:
create loopback interface instance 0
create loopback interface instance 1
create loopback interface instance 2
create loopback interface instance 3
ip6 table add 8298
set urpf ip4 rx loose loop1
set urpf ip6 tx off loop2 table 8298
API call urpf_interface_dump(sw_if_index=~1) returns:
[
urpf_interface_details(_0=658, context=2, sw_if_index=2, is_rx=True, mode=<vl_api_urpf_mode_t.URPF_API_MODE_LOOSE: 1>, af=<vl_api_address_family_t.ADDRESS_IP4: 0>, table_id=0),
urpf_interface_details(_0=658, context=2, sw_if_index=3, is_rx=False, mode=<vl_api_urpf_mode_t.URPF_API_MODE_OFF: 0>, af=<vl_api_address_family_t.ADDRESS_IP6: 1>, table_id=8298)
]
Type: improvement
Change-Id: I1ded5c445dc07dab73ea41b817b5827b72ca79d4
Signed-off-by: pim@ipng.nl
One less pointer chase when accepting sessions.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
Adds support for connectionless listener port reuse. Until now, cl
listeners had fifos allocated to them and therefore only one app worker
could ever listen, i.e., a session cannot have multiple fifos.
To circumvent the limitation, this separates the fifos from the listener
by allocating new cl sessions for each app worker that reuses the app
listener. Flows are hashed to app worker cl sessions but, for now, this
is not a consistent/fixed hash.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
Currently, when flowprobe_export_send() calls vlib_time_now(), a pointer
to the main thread's vlib_main_t is always passed (the one cached in
flow_report_main). However, that code can also be executed from a worker
thread. And passing a pointer to the main thread's vlib_main_t to
vlib_time_now() from a worker thread may cause time synchronization
issues. Also, running a debug binary will cause an assertion failure in
vlib_time_now() in this case.
With this fix, flowprobe_export_send() passes the pointer to the current
thread's vlib_main_t to vlib_time_how().
This doesn't allow to remove @tag_fixme_vpp_workers from the unit tests
yet as they will be failing for other multi-worker related problems.
Type: fix
Change-Id: Ia35e3a4176777b88cf8ca8af8af7c42c495cbc6a
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Fix minor differences between Ubuntu 18.04 LTS and Ubuntu 22.04 LTS when
using the scheme to test new code.
Type: docs
Change-Id: I5810b6f3d76d8d98fa764b61828b1ca32507bd91
Signed-off-by: Dave Barach <dave@barachs.net>
Quic does not seed random value, so if the plugin is loaded
separately RAND_bytes will fail.
Type: fix
Change-Id: If600cbde1fef30afb6316fc1a355261b008c3191
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Incase the ack for the fin is lost twice or want to dup ack
packets with incorrect ack/seq # at different times and
session state is already closed, this fifo event is set for
the first ack that went out and prevents queuing of further events.
Type: fix
Change-Id: I102019fca26918a51e055a751db7209011bd43ad
Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
Use lowercased hex in uuid in sysfs/vmbus names
Type: fix
Change-Id: Ic4b7b995441723dc1b29ff8a75346cc8ba7f85f1
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
- gmake set CC=cc as the default therefore the test/test-debug
makefile targets will build using gcc (cc == gcc for debian/ubuntu
distros) unless set explicitly to clang due to use of 'CC=$(CC)' in
test macro.
Note: the CI builds vpp images prior to running 'make test', thus
the CI does test vpp built using clang. This basically makes local
runs of 'make test' build using clang as well.
Type: make
Change-Id: I7221098c200be23b53bb616e41a42a6d65a03699
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch allows the formatting of deleted Load-balancer
objects. This is needed in the case a trace references a DPO
that went away in the interim.
Type: improvement
Change-Id: I6d67519b8d62f69aafde3c8fe3065bc85a7adbde
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
In the API there is a difference between enum and enumflags.
The latter one allowing multiple set entitires, while enum
only allows one.
Type: fix
Change-Id: I5db88c15c85fc6c7130b7b35febcd1ea02ef8f76
Signed-off-by: Ole Troan <otroan@employees.org>
This merge request adds the feature to manipulate localsids and policies for SRv6 mobile via API.
Type: feature
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Change-Id: Ibb46bf71ae1d9d4591ce2c8ccf66f520887dad70
The _v3 was not handling endianness on flags (e.g. mode).
Marking _v3 as deprecated, but keeping it
as there might be users who learned to preprocess their flag values.
+ Also, format PCI product_name as a vector, not a string.
Type: fix
Change-Id: I50c4b44f3570f02518dbd9a43239c1a37612d24a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
If ho cleans up on first worker before owner of established session
receives connected notification, the ho session is prematurely cleaned
up.
Wait for established ctx to be allocated before freeing ho.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Icf707e5d8c62a288a49d078460d2ada3b5c41b0e
Even if the device name is specified in the startup config it may
be appended to if the device is a switch domain member. This leads
to unexpected device naming if an explicit device name was requested.
Type: fix
Change-Id: Ib56b4ac41c17008db55dc69497721e3cb7d540c1
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
This patch introduces a fix for correcting a counter for the number
of processed vectors in the crypto-dispatch node.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Icaeb925a352a9ac766652f43c4e752f6727cdeb9
Use the correct string type for vlib_get_node_by_name. Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: I679d27050487e013e3320a4c558d78fa60c5e98a
This patch prevents the sw interfaces format
function to fail when the interface was deleted.
It also prints the swifindex alongside the 'DELETED'
keyword.
Printing deleted swifindex should not happen, but it is still
helpful to have these safeguards for troubleshooting in the case
invariants get corrupted (e.g. fib entry refcounts, ...)
Type: improvement
Change-Id: I66711049db2eebe0ad17e37c3a260ac81d1e5134
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Type: fix
Fetch 'pg-input' node index instead
of using a hardcoded value
Change-Id: I1ca27ddb54806530b546085d83e83b880acc4573
Signed-off-by: hsandid <halsandi@cisco.com>
The hit_count does not implement the corresponding processing logic, and here the missing is fixed
Type: fix
Fixes: missing
Change-Id: I04a8e11d6b48c2a15c371cbeb2467fa89a9d82bb
Signed-off-by: yanlong <dyl_wlc@163.com>
First genaration of AVF APIs we currently use doesn't support more...
Type: improvement
Change-Id: I1ae27f322403a2b455fcad8b028fa2004b449789
Signed-off-by: Damjan Marion <damarion@cisco.com>
With socket api, applications should not expect reply after worker del
msg. VCL in particular closes the socket after it enqueues the message.
Found by ASAN.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
LDP workers is used as vector but was initialized as a pool. There was
no side effect but ASAN does not properly unpoison memory and this
triggers false used-after-poison crashes.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie769dad0e86ab970de9929800d0a4131f846e70e
We might have less than 1 mss when attempting write but more after
write, as application could be actively enqueuing more data. Relax
assert.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I54a83c4460f8e022a88758f0ebd7828df711dbb9
During recovery, send unsent data even if less than mss available as
application is not guaranteed to provide more.
This should speed up recovery when all data in flight was lost.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7a3c73a0d04d93d51a5910d85450c173c3ad8e93
fix asan failure when params number is less then 3:
functions that are set as format_half_open pointer values have
different number of arguments
Type: fix
Fixes: de9a849a18
Change-Id: I6b6e1adf4ffc0c1ec847613f00fe269af640d42b
Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
Pass a correct form of node variant config in tests
Type: fix
Signed-off-by: d-valter@yandex-team.ru
Change-Id: I8cdc240b18a1664e57a5814d6cd644891c99f515
Fixes: 8800f732f8
Properly set type
path->fp_type = FIB_PATH_TYPE_SPECIAL
for paths with (path->fp_cfg_flags & FIB_PATH_CFG_FLAG_DROP)
Type: fix
Change-Id: Id61dbcda781d872b878e6a6410c05b840795ed46
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
When a periodic BFD packet cannot be sent because the interface is
disabled, the allocated buffer needs to be freed. This currently will
occur for IPv4 sessions. However, buffers will leak for IPv6 sessions as
in this case, bfd_transport_control_frame() and bfd_transport_udp6()
will not indicate failure.
With this fix, stop always returning success in bfd_transport_udp6() and
start returning the actual return value.
Type: fix
Change-Id: I5fa4d9206e32cccae3053ef24966d80e2022fc81
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
The previous fix was adding the sentinel before refilling rx,
which gave the NIC time to overwrite it with a new descriptor.
Ticket: VPP-2087
Type: fix
Fixes: 8b4d474abd
Change-Id: I32bde4a763a62fb66c5c3871d9f10af6066e2d47
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Make sure ct client segment handles do not collide if multi worker
application establishes cut-through sessions to only one server segment
manager.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I905379f9ed73c64d57a826a3e97d53dab3a87517
The previous change made CSIT virtio tests fail,
but those tests are not part of trending.
Ticket: VPP-2088
Type: fix
Fixes: a181eaa59b
Change-Id: If0439a030c051894e07007da9cf0a2e4dc1434c3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
This is because mlx5_pci is also compatible with another
series of NICs such as ConnectX-5 and ConnectX-6.
Type: fix
Change-Id: I10f0468bbe36ab61c72fb3dc0aa898f8e2f9e88c
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Type: fix
In esp_encrypt_inline(), an index and pointer to the last processed SA
are stored. If the next packet uses the same SA, we defer on updating
counters until a different SA is encountered.
The pointer was being retrieved, then the SA was checked to see if the
packet should be dropped due to no crypto/integ algs, then the index was
updated. If the check failed, we would skip further processing and now
the pointer refers to a different SA than the index. When you have a
batch of packets that are encrypted using an SA followed by a packet
which is dropped for no algs and then more packets to be encrypted using
the original SA, the packets that arrive after the one that was dropped
end up being processed using a pointer that refers to the wrong SA data.
This can result in a segv.
Update the current_sa_index at the same time that the sa0 pointer is
updated.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I65f1511a37475b4f737f5e1b51749c0a30e88806
DHCPv4 aka BOOTP is somewhat awkward. A DHCP client
on an interface must receive DHCP packets to
the broadcast address or to a unicast address.
Apparently before it's been assigned to itself.
Add this new API to allow external DHCP clients
enable the DHCP client detect feature per interface.
Type: improvement
Change-Id: If55aac03f25a045496be483940e4f5e7e18885b9
Signed-off-by: Ole Troan <otroan@employees.org>
The recent TX flows generation fix introduced "l3_hdr_offset" which
represents the offset of the IP header in the buffer's data. The problem
is that it is erroneously defined as a 16-bit unsigned integer. If the
calculated offset is negative, "l3_hdr_offset" will get a value close to
UINT16_MAX. And the code will search the IP header somewhere beyond the
buffer's data. For example, this will occur in the case when an ICMP
error is being sent in response to a received packet.
With this fix, make "l3_hdr_offset" a signed integer.
Type: fix
Change-Id: I6f1283c7ba02656d0f592519b5863e68348c5583
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Currently, when IPFIX records generation is enabled for an interface in
the TX direction, some rewritten traffic is being sent from that
interface, and the Ethernet header's location has changed due to
rewriting, generated TX flows will contain fields with wrong and zero
values. For example, that can be observed when traffic is rewritten from
a subinterface to a hardware interface (i.e. when tags are removed). A
TX flow generated in this case will have wrong L2 fields because of an
incorrectly located Ethernet header. And zero L3/L4 fields because the
Ethernet type will match neither IP4 nor IP6.
The same code is executed to generate flows for both input and output
features. And the same mechanism is applied to identify the Ethernet
header in the buffer's data. However, such general code usually works
with the buffer's data conditionally based on the direction. For most
input features, the buffer's current_data will likely point to the IP
header. For most output features, the buffer's current_data will likely
point to the Ethernet header.
With this fix:
- Keep relying on ethernet_buffer_get_header() to locate the Ethernet
header for input features. And start using vlib_buffer_get_current()
to locate the Ethernet header for output features. The function will
account for the Ethernet header's position change in the buffer's
data if there is rewriting.
- After fixing Ethernet header determination in the buffer's data,
L3/L4 fields will contain non-zero but still incorrect data. That is
because IP header determination needs to be fixed too. It currently
relies on the fact that the Ethernet header is always located at the
beginning of the buffer's data and that l2_hdr_sz can be used as an
IP header offset. However, this may not be the case after rewriting.
So start calculating the actual offset of the IP header in the
buffer's data.
- Add a unit test to cover the case.
Type: fix
Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Do not force cleanup of tcp half-open connection if tcp's cleanup
notification to tls is pending.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
Updated the gtpu plugin code to support the PDU Session user plane protocol, required for 5G, as
specified in 3GPP TS 38.415 version 17.0.0. This enables some initial support of 5G gNodeB's with
the gtpu plugin.
New features:
- Basic support for the GTP-U Extension Header Flag.
Packets with one extension can now be decapsulated.
This enables basic support of the PDU Session user plane protocol (3GPP TS 38.415 version 17.0.0).
New tunnels can be created with a PDU enable flag and a 6-bit QoS Flow Identifier (QFI).
With this, encapsulated packets will have the PDU Session extension header, and the QFI set.
- Ability to forward GTP-U packets that are not handled by the plugin directly.
Only GTP-U packets with a message type of 255 (G-PDU) are handled directly.
However, 3GPP TS 29.281 defines several other message types like echo and error indication.
A new feature is added to optionally forward unknown or unsupported packets to a new IP address.
This works separately for unknown GTP-U message types, unknown TEIDs, and packets with an unknown
GTP-U header.
This allows both echo and error indications from a 5G gNodeB to be handled by a different system
outside VPP.
- Simple way to get metrics for active tunnels and on tunnel close.
In 5G session/tunnel lifetime is often short and created frequently.
The normal API becomes too slow and inaccurate when too many tunnels are created and deleted
every second.
Improvements:
- A clean ground structure to handle multiple message type in the future.
The code path for G-PDU packets is optimized for performance, representing the typical case.
Unsupported GTP-U packets enter a slow path that decodes the nature of the error.
This presents a easy hook to handle other message types in the future.
- Improved error reporting
When using traces there is more details in the tunnel descriptions.
- Updated the API with several enums.
Fixes:
- gtpu0->length field in IPv6 was computed with IPv4 header lengths in the encapsulation code.
- vec_set_len (t->rewrite, ...) size was computed with the IPv4 header size also for IPv6 tunnels.
Issues:
- This PR does not enable full support of the 3GPP specification.
In particular it only supports a single QoS/QFI flow for each tunnel.
It ignores all incoming extension header flags.
- API functions might change again when/if more support of the 3GPP TS 38.415 spec is added.
Note that I have bumped the API version to 2.1.0 as it seems to be the correct approach based on
my API changes.
Type: feature
Signed-off-by: Rune E. Jensen <runeerle@wgtwo.com>
Change-Id: I91cd2b31f2561f1b3fb1e46c4c34a5a3c71b4625
- notify app on failed connect
- avoid cleanup of ctx before transport cleanup to be able to handle
pending rx notifications.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
In some anti-replay, some functions weren't using the boolean
telling if the window was huge or not. Hence, limiting the constant
propagation at compilation.
Type: fix
Change-Id: Ie5f2dda38339bb32113c6f7b2b82c82135fc92a8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Notify app that transport is closed when tcp moves to closed state.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18cbe1ac16b1a48ecd06af4c1b5535e12e4b0e75
Make sure underlying transport connection is not removed on rescheduled
read event.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
- test_http_static.py: If namespace creation fails, try to delete the namespace and create it again
- vpp_qemu_utils.py: Added "isinstance()" to "delete_namespace()" to match "create_namespace()"
Type: test
Change-Id: I88ff7a36f5d52816fee16283efba6af025496491
Signed-off-by: adrianvillin <avillin@cisco.com>
af_packet does not process data until the interface is UP. If after interface creation, but before it is UP, the host interfaces are flooded, then blocking case may occur - VPP interface will never be able to process the data.
If the EDGE_TRIGGERED flag is set, the event will not arrive, because nothing new is happening anymore (probably because the queue is already full).
Therefore, we need to use LEVEL_TRIGGERED (default value), which indicates that there is still unprocessed data (accumulated after interface creation, but before it was UP).
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ied459fd194149d09f226bcb0a5907b3e327b148a
As a result of recent fixes, all currently stored flows of an interface
are deleted when the feature is being disabled for the interface. This
includes stopping the timer and freeing the flow entries for further
reuse. The problem is that meta information is not cleared in the flow
entries being deleted. For example, packet delta count will keep its
value. The next flow that gets one of these pool entries will already
have a non-zero packet count. So the counting of packets will start from
a non-zero value. And incorrect packet delta count will be exported for
that flow.
With this fix, clear meta information too when clearing interface state.
Also, update the corresponding test to cover this case.
Type: fix
Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
The array bounds and string overread check on GCC 12 report a dozen of
false positives that result in VPP build failures on ubuntu 22.04.
Work around this build issue by unconditionally disabling these two
warnings if C compiler is GCC 12 or newer version.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I999e847bb625ebdf3ef5f11b11598c553f306670
GCC 12 complains about such errors while the code itself looks good.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I021719fdbf7d9bd93a12eac76aeac8cbca13a810
DPDK added new Rx checksum flags[1] to handle cases like the virtual
drivers. Current check of flags is not strict enough for flags like
RTE_MBUF_F_RX_IP_CKSUM_NONE and will always be true no matter the
checksum in packet is good or bad.
Fix this issue by comparing the result of AND operation with the
correspinding Rx checksum flags.
Before this patch, packet trace prints the offload flags as below:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_IP_CKSUM_NONE (0x0090) no IP cksum of RX pkt.
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_NONE (0x0108) no L4 cksum of RX pkt.
After this patch, packet offload flags would be like:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Type: fix
[1] 5842289a54
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I3182022d9ccd46b2fc55bb3edfbfac9062ed7c89
Allow settings default values explicitly in positive_int_or_default and
positive_float_or_default.
It allows setting setting default 0 test retries explicitly despite it
being not positive.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Id23a9fdae0ef174eea8992c1f9fc2530aade6194
- Make framework.py classes a subset of asfframework.py classes
- Remove all packet related code from asfframework.py
- Add test class and test case set up debug output to log
- Repatriate packet tests from asf to test directory
- Remove non-packet related code from framework.py and
inherit them from asfframework.py classes
- Clean up unused import variables
- Re-enable BFD tests on Ubuntu 22.04 and fix
intermittent test failures in echo_looped_back
testcases (where # control packets verified but
not guaranteed to be received during test)
- Re-enable Wireguard tests on Ubuntu 22.04 and fix
intermittent test failures in handshake ratelimiting
testcases and event testcase
- Run Wiregard testcase suites solo
- Improve debug output in log.txt
- Increase VCL/LDP post sleep timeout to allow iperf server
to finish cleanly.
- Fix pcap history files to be sorted by suite and testcase
and ensure order/timestamp is correct based on creation
in the testcase.
- Decode pcap files for each suite and testcase for all
errors or if configured via comandline option / env var
- Improve vpp corefile detection to allow complete corefile
generation
- Disable vm vpp interfaces testcases on debian11
- Clean up failed unittest dir when retrying failed testcases
and unify testname directory and failed linknames into
framwork functions
Type: test
Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Do not add ip header as that's added by tcp output and fix checksum.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9439acf5c66184af0350b1d4d7406b3feb2e79a1
As long as ack and segment are legitimate accept ooo data as we
transition to established.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I85cdc65d70cb8ae689a9ce9bbe4f86228b1ac533
- Use of well known UDP port numbers causes random
failure of mdata and bufmon tests
Type: test
Change-Id: I21a01c54e5f166aea101d3caace85b53f3f7285d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
Modified "VPP with Containers" doc section to run on Ubuntu 22.04 LTS.
Change-Id: Ic09b88cf0e3b492711222a1bb24552de964a7d03
Signed-off-by: hsandid <halsandi@cisco.com>
This fix differentiates UDP and UDP-encapsulated ESP packets processing.
While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as
other plain-text protocols is NOT dispatched against SPD policies.
Key logic is taken from RFC 3948, and is based on the fact
that the checksum of UDP packet encapsulating ESP packet must be zero.
Type: fix
Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com>
Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
In this patch, IPsec related test files have been modified to send UDP-encapsulated
ESP packets,and validate against Inbound and Outbound policies that are configured
with Bypass, Discard and Protect action.
Type: test
Change-Id: I4b8da18270fd177868223bfe1389dc9c50e86cc5
Signed-off-by: vinay Tripathi <vinayx.tripathi@intel.com>
This inline function is introduced to simplify code readability and allows to splitting of
UDP and ESP processing in the next step.
Type: improvement
Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d
Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
Type: improvement
Since RFC4303 does not specify the anti-replay window size, VPP should
support multiple window size. It is done through a clib_bitmap.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
Currently, TCP flags of a flow entry don't get reset once the flow is
exported (unlike other meta information about a flow - packet delta
count and octet delta count). So TCP flags are accumulated as long as
the flow is active. When the flow expires, it is exported the last time,
and its pool entry is freed for further reuse. The next flow that gets
this pool entry will already have non-zero TCP flags. If it's a TCP
flow, the flags will keep being accumulated. This might look fine when
exported. If it's a non-TCP flow, that will definitely look erroneous.
With this fix, reset TCP flags once the flow is exported. Also, cover
the reuse case with tests.
Type: fix
Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Setting and using the SOURCE_DATE_EPOCH variable takes
care of most of the magic necessary.
https://reproducible-builds.org/docs/source-date-epoch/
vpp-ext-deps packages after this change is being built with that
date set to date of the last modification of the
subtree (similar logic to deriving the "number" for
the package version)
For the rest of the packages, pinning the following
three variables should result in bit-identical
artifacts across multiple runs:
export SOURCE_DATE_EPOCH=$(date +%s)
export VPP_BUILD_HOST="buildhost"
export VPP_BUILD_USER="builduser"
Add a blurb in the docs describing this new functionality.
Type: improvement
Change-Id: I71b085f0577b2358aa98f01dafd8e392239420a6
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
If an interface address is added, the glean adjacency for it's covering
prefix is updated with that address. In the case of multiple addresses
within the same prefix being added, the most recently added one will end
up being used as the sender protocol address for ARP requests.
Similar behavior occurs when an interface address is deleted. The glean
adjacency is updated to some appropriate entry under it's covering
prefix. If there were multiple interface addresses configured, we may
update the address on the adjacency even though the address currently in
use is not the one being deleted.
Add a new value PROVIDES_GLEAN to fib_entry_src_flag_t. The flag
identifies whether a source interface entry is being used as the address
for the glean adjacency for the covering prefix.
Update logic so that the glean is only updated on adding an interface
address if there is not already a sibling entry in use which has the
flag set. Also, only update the glean on deleting an interface address
if the address being deleted has the flag set.
Also update unit test which validates expected behavior in the case
where multiple addresses within a prefix are configured on an interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7d918b8dd703735b20ec76e0a60af6d7e571b766
In current pattern parsing function in DPDK, some of the variables of
packet length are defined as uint8_t, which are too small for some
large-size packets, such as srv6. Change the type to uint16_t.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I06819e9716da098ca456c0405f0e6fd9a8eb0bc9
Check if crypto ops vector is matching actual ops instead if blindly
dereferencing it.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Ib88ab44137d9360ee96228e72349a62b2fa7a7e0
Currently, when L2 and L4 recording is enabled on the L2 datapath, the
L2 template will contain L4 fields and L2 flows will be exported with
those fields always set to zero.
With this fix, when L4 recording is enabled, add L4 fields to templates
other than the L2 template (i.e. to the IP4, IP6, L2_IP4, and L2_IP6
templates). And export L2 flows without L4 fields. Also, cover that case
in the tests.
Type: fix
Change-Id: Id5ed8b99af5634fb9d5c6e695203344782fdac01
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
memif_disconect may be called without barrier sync. It removes stuff in mq
without protection which may cause troubles for memif RX/TX worker threads.
The fix is to protect mq removal in memif_disconnect.
Type: fix
Change-Id: I368c466d1f13df98980dfa87e8442fbcd822a428
Signed-off-by: Steven Luong <sluong@cisco.com>
Using the source address selection algorithm to determine the best source
of an NS for address resolution risks incompatible behavior.
It may choose a source address that is off-link to the other host.
Which may drop it.
A safer approach is to always use the link-local address as the SA.
It's recommended to pick a source that an application will later use,
as VPP is mostly a router, that rarely applies. And regardlessly we have
no mechanism to signal from an application that triggered address resolutiuon
what source address it intends to use.
Type: fix
Change-Id: I3c5de66e41505f3682767706ef1195a20e4f0e54
Signed-off-by: Ole Troan <otroan@employees.org>
When IPFIX flow record generation is enabled on an interface and the
active timer is set, flows will be saved and then exported according to
the active and passive timers. If then disable the feature on the
interface, the flow entries currently saved will remain in the state
tables. They will gradually expire and be exported. The problem is that
the template for them has already been removed. And they will be sent
with zero template ID which will make them unreadable.
A similar problem will occur if feature settings are "changed" on the
interface - i.e. disable the feature and re-enable it with different
settings (e.g. set a different datapath). The remaining flows that
correspond to the previous feature settings will be eventually sent
either with zero template ID or with template ID that corresponds to the
current feature settings on the interface (and look like garbage data).
With this fix, flush the current buffers before template removal and
clear the remaining flows of the interface during feature disabling.
Type: fix
Change-Id: I1e57db06adfdd3a02fed1a6a89b5418f85a35e16
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This prevents ipfix flood with the repeating events and allows
to enable nat64 max_session and max_bibs events. Also fix wrong
endian for det44 and nat64 ipfix tests, now should be fine with
extended tests enabled.
Max session per user event @ nat44-ei requires more precise rate
limiter per user address, probably with sparse vec, not handled.
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ib20cc1ee3f81e7acc88a415fe83b4e2deae2a836
Support rewriting the inner packet for ICMP6 error messages.
Type: feature
Change-Id: I7e11f53626037075a23310f1cb7e673b0cb52843
Signed-off-by: Ole Troan <otroan@employees.org>
Flushing the neighbor cache was only available through API.
Add CLI command. Either flushes whole table (IP4,IP6)
or all neighbors on specified interface.
Type: improvement
Change-Id: Ia8c68fb032a2dfd940a136edc2aee80db5c37685
Signed-off-by: Ole Troan <otroan@employees.org>
Now we create tun/tap and then check whether lcp_itf_pair was already
created. Move the check in the beginning.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I848685a9cfdbe92a5e38ecb8e5d5322262b4e384
When MAC address changes for an interface, address change callbacks are
executed for it. In turn adjacencies register a callback for MAC address
changes to be able to update their rewrite strings accordingly.
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered when address change callbacks are executed. After MAC address
change on the parent interface, packets sent from subinterfaces might
have wrong source MAC address as the result of stale adjacencies. For
example, ARP messages might be sent with the wrong (previous) MAC
address and address resolution will fail.
With this fix, when address change callbacks are executed for an
interface, they will be also executed for its subinterfaces. And
adjacencies will be able to update accordingly.
Type: fix
Change-Id: I87349698c10b9c3a31a28c0287e6dc711d9413a2
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
When running unpriviledged sysfs allows reading only first
64 bytes of PCI config space.
Change-Id: I62d18328925a2e4936406c2842154b20182cacb9
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Be less aggressive with rx events on connect/accept notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie93a08c7eef69383bf0301a163fd2131dd51372a
Currently, L2 flows are exported using L2_IP6 template if L3 or L4
recording is enabled on L2 datapath. That occurs because during feature
enable, L2 template is added and its ID is not saved immediately. Then
L2_IP4 and L2_IP6 templates are added overwriting "template_id" each
time. And in the end, the current value of "template_id" is saved for L2
template. The problem is that "template_id" at that point contains the
ID of L2_IP6 template.
With this fix, save the template ID immediately after adding a template
for all variants (datapaths). Also, cover the case with a test.
Type: fix
Change-Id: Id27288043b3b8f0e89e77f45ae9a01fa7439e20e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
List BlueField NICs as a supported PCI devices.
Type: feature
Change-Id: Ida2300df516ab9cd2fcde1f816bbdc081016039a
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
s->tx_fifo is 0 for the connecting half open session.
Type: fix
Change-Id: I2ba1ae99a2fa4fae1896587f40e0e4fb73c1edcb
Signed-off-by: Steven Luong <sluong@cisco.com>
- Causes per-port-vip testcases to fail when the
uninitialized reserved field in the stack variable
key for the hash lookup was a non-zero stack memory
location.
Type: fix
Change-Id: I56afa15e7df60bc2340514f2c7ce5e71a9cb47a9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- pass buffer pool name trough va
- make buffers naturaly aligned
- fix calculation of total number of buffers
Type: improvement
Change-Id: I6aebf249ebd67823b4632ac08905bfa3aa7d1ee5
Signed-off-by: Damjan Marion <damarion@cisco.com>
If builtin apps refuse connections, they should be cleaned up.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I95ef22902ac3fe873e15e250aa5f03031c2dc0c4
Type: feature
this patch adds a hash config field to cnat translation
to use it in load balancing instead of always using default one
Change-Id: I5b79642ca8b365b5dcc06664f6c100a9d3830a29
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
This patch changes config to run containers on Ubuntu 22.04.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3be48099cb48d2c4a04526c15780244614bef3d4
Type: feature
This patch makes the port range used by the transport layer
configurable in the manner of sysctl's ip_local_port_range.
Change-Id: Ie17f776538311b29d1dca64643a3a0bd74cb90a6
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
When custom-packaging the VPP artifacts, it can be useful to exclude
some of the core plugins from packaging/testing, for some reasons.
A removal of a plugin(s) from the worktree needs to be tracked as
a separate change, and thus is tricky from the maintenance
point of view.
This change adds the ability to "pretend they do not exist" -
plugins which are added to the comma-separated environment
variable "VPP_EXCLUDED_PLUGINS" will not be added to the build
process and not packaged.
The tests do not have the 1:1 relationship as plugins,
so they might need to be modified separately. This change
includes some of these modifications as an example.
Type: feature
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id31562d00a01ced1acbb4996a633517cbd6f09d8
Two similar CLI paths in nat66 plugin cause
unexpected behavior. Bug fix following [1] fix.
[1] https://gerrit.fd.io/r/c/vpp/+/35859
Change-Id: I771dd230fa6edb6bab3936652770a388d6e41a3f
Type: fix
Signed-off-by: Filip Varga <fivarga@cisco.com>
There are cases where default port for prometheus exporter is not
available e.g. when multiple vpp are running on single node.
Type: improvement
Change-Id: I39701486f9dfaf4dc9f08aab56e88126687b507a
Signed-off-by: Fahad Khan <fahadnaeemkhan@gmail.com>
This patch adds support for using l2tpv3 as RSS type
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: Ic3e0935a4754d084184f1cc38ea9531ddfd9e7bc
From GCC 12, march=armv9-a option is supported, which includes the sve
and crc options needed. Furthermore, VPP L3Fwd benchmark results on N2
based servers show that N_PREFETCH set to 6 gives the best performance.
Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9c4fcad84d4db1189d956dabab22b26d020fbfd6
The VPP is crashing when specify a very big prefix length, like
ip route add 1.1.1.1/55 via 2.2.2.2
Type: fix
Signed-off-by: Gavril Florian <gflorian@3nets.io>
Change-Id: Ic491c0b24e07be897ff35ae1e835280f04ab3ea5
Update my email address in maintainer document.
Type: improvement
Change-Id: I8ba518fa4c9cb414342383e1461f3f94b661ac33
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
This patch provides minor improvements to the logic governing dequeuing
from the ring. Previously whenever a frame was dequeued
we've been trying to dequeue from the ring another one till
inflight == 0. Now threshold is set for 8 frames pending in the cache
to be consumed by the vnet. This threshold has been chosen based on
cache ring stats observation in the system under load.
Some unnecessary logic for setting deq_tail has been removed.
Also logging has been corrected, and cache ring logic simplied.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I19f3daf5913006e9cb23e142a163f596e85f5bda
List Mellanox ConnectX-6LX and ConnectX-7 as a supported PCI devices.
Type: feature
Change-Id: Ieeca3f214d08f29238c387354055ac1320cab75f
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
Type: feature
This patch update the Intel IPsec-MB lib to v1.4
Remove v0.54 and v0.55 support, as the compatible IMB APIs
are deprecated in v1.4
Signed-off-by: Ranjan Raj <ranjanx.raj@intel.com>
Change-Id: I01f71134c6bd17a68ec20b7bb4b0b0ff43fc644b
Next drop node should be related to payload protocol.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: If12e8dc8b19c61f8c96c275b3f9e565e91ecdbed
Four packets are batched after 696e88da97,
so prefetch is required for the next 4-7 packets, not for 2-5.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I4ab01e66c3b446caf113a154915473e96ab32198
Correct trace functions correspond with the encap type rather than with
the payload type.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Iea1eb08a2ce9d147984ef604c7a39c62c7330e80
pretty=on|off has been removed from qemu and its presence
causes VM boot up issues.
Type: fix
Change-Id: I4a9f15dba5015e81fbd32278b1c74b2606c32c8f
Signed-off-by: Naveen Joy <najoy@cisco.com>
If the control agent enabled a binding on an interface multiple times,
we would add the node in the feature arc multiple times.
Type: fix
Change-Id: I2ca247db0a0211f5fa3974a18ca4fcae8485cb12
Signed-off-by: Ole Troan <otroan@employees.org>
For blocking sessions, if fifo event still active before size check it
could lead to vpp not generating an event because of race to check flag
in vpp and to eventually unset flag in vcl.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0e350b9ff92a4e08a9249345ae224589c09d305b
This patch fixes configuration of priority, port and type of protocol
for inbound and outbound policies in policy-based IPsec of this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I01ddc2e13ebbe87380e66a525aac1b615f619604
Session state cannot be updated after async notification event is
generated for app. Instead, make sure quic sessions that accept new
streams are switched to listening state only on accept.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9663ccadbea99d555ad49e871f7dff897239dc84
As per discussion on the VPP community call,
since the message is used in CSIT tests and did
not see the changes in a while, mark as production
for the purposes of change process.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4a79aafb1a9f37ac87faea7abea28cf01d1ffb4c
As discussed on the VPP call, since CSIT tests use these messages
and they have not been changedfor quite a while, bump the version
so these messages are considered as "production" from the change
process standpoint.
Type: improvement
Change-Id: I93a04b10b273d5904c0678fa0b85d47f9f683a9b
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
As per discussion on the VPP call - since the APIs are used
in CSIT tests, mark them as production from the change process
perspective.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9164073425384e8aa281445a2852fee49b777e2f
As per discussion on VPP call - since the APIs are used in CSIT tests,
and there has not been changes in a while, mark them as stable from
the API change process PoV.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia644e1dfcd9d182cc6f10089fc44397a61e8aaf6
As per discussion on the VPP call: since the CSIT tests use these
APIs and the APIs have not changed in quite a while, stabilize the API
from the change process point of view.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Id81999d03cce37764f6ed7d4f77ef5a71fe41ad1
perf_user_access_enabled is defined as u8,
clib_sysfs_read format type is %u, this is for unsigned int,
change type from u8 to u32.
Type: fix
Fixes: 268d7be66b ("perfmon: enable perfmon plugin for Arm")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I48ec00605e496d185370e77d894d7852d6d22124
This change aims to affect crypto_sw_scheduler behavior,
but all the edits end up in vnet/crypto.
Previous release CSIT tests were testing async crypto in polling mode.
After 9a9604b09f introduced adaptive mode
for crypto dispatch, the CSIT performance got way worse.
Possibly, there is another VPP bug related to adaptive mode
(it should not lose as many packets as seen in CSIT),
but the next release is too close for trying to fix that.
This change (instead of fixing adaptive mode)
allows CSIT to continue testing polling mode (after explicit API call),
while keeping the adaptive mode as default behavior.
The deprecated crypto_set_async_dispatch always disable adaptive mode,
crypto_set_async_dispatch_v2 has parameter to enable or disable it.
The mode parameter is still used for the inital state of adaptive mode.
Type: feature
Change-Id: Ib98080eefb4be291207af543884f2c3837f92f59
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The checkstyle --fix command remains confused
around the def/foreach/undef usage in convert_async_crypto_id,
but at least the other functions now look correctly indented to me.
Type: style
Change-Id: Ic8f7b580267386b7a6b07d33d9ba7ae9787c0e0a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The logic for calcuating processed elements in the cache ring was broken.
In case tail and deq_tail equals and frame element pointed by the tile
is not NULL it means there is exactly one processed element in the ring.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I69c978334fc952049393214ccc9cc5245351f7f7
Use client address hash to pick the first outside address
instead of just address high octet, becasue it may denegerate
into stable 10/172/192, depending on nat address count.
Fix outside address distribution test to acually test the
distribution, not the algo, so previous distribution will
fail with 65 nat addresses and 100 clients:
FAIL: Outside address distribution based on source address
Traceback (most recent call last):
File ".../test/test_nat44_ed.py", line 2048, in test_outside_address_distribution
msg="Bad outside address distribution")
AssertionError: 156.25 not less than 0.33 : Bad outside address distribution
Type: improvement
Change-Id: I604b1294422f20d211db5614c47559557a78a193
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Punt support for ICMP6 messages allows for an external IPv6 RA advertisement agent.
Type: feature
Change-Id: I0cc928b747ac1f8335ee9f7c42a3231424825dbc
Signed-off-by: Ole Troan <otroan@employees.org>
Several api messages were not mp-safe although marked as such
because non-zero base id was not taken into account, and therefore
some other (from zero base id) were falsely mp-safe instead.
Keep messages as mp-safe, as they falsely were before:
10 get_first_msg_id 0 1
12 api_versions 0 1
Messages that are no longer mp-safe as they weren't marked:
15 sockclnt_create 0 1
33 proxy_arp_intfc_dump 0 1
Fix messages to be really mp-safe:
809 bridge_domain_dump 0 1
920 ip_route_add_del 0 1
921 ip_route_add_del_v2 0 1
1362 get_node_graph 0 1
1671 create_vhost_user_if 0 1
1675 create_vhost_user_if_v2 0 1
Additionally mark messages as mp-safe, seems they need no barrier:
1360 show_threads 0 1
1370 show_version 0 1
1372 show_vpe_system_time 0 1
Type: fix
Change-Id: Ie6c1e3aa89f26bf51bfbcb7e7c4d9fee885487b7
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Type: fix
Byte swapping should be done before verifying message otherwise the message length will be wrongly computed.
Change-Id: I90b2f60bd33e5362e0edd5ee425f6a6f07886f1e
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
Plugin is still in experimental state. No reason why it needs
to be default enabled.
Type: fix
Change-Id: Ibf1810215d4c8079a068bfc60aa7dd49306ee4e4
Signed-off-by: Ole Troan <otroan@employees.org>
The new arping_acd call includes the responders mac address in the reply.
Enabling a client doing address conflict detection to identify if it
is itself that is replying or that it is another host uses the IP
address.
Type: feature
Change-Id: Ia4bab2af1086f06ed71ba42e2e07368d4e330a27
Signed-off-by: Ole Troan <otroan@employees.org>
Applied the checksum delta to the source address instead of the destination address
in the RX direction.
Cleaned up tests a little.
Type: fix
Change-Id: I871f3448365587e5319dfbca6ea356935321ff9b
Signed-off-by: Ole Troan <otroan@employees.org>
In order to be able to filter on encapsulated packet, a new node
has been added to the ip4/6-unicast arcs.
Type: feature
Change-Id: I1e8ee05bc6d0fce20cadd8319c81bab260c17d21
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Fifos need to be synchronously allocated once a transport like tcp
accepts a session. Since events are now delivered asynchronously,
proxy apps must explicitly register a cb function that manages
fifo allocation prior to being notified of connect event.
Type: fix
Fixes: 0242d30
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7df973b7014e53e0766ea2bdc61e9871160bc18b
Upon test teardown, MAP features were not disabled, potentially
leading packets to be treated by the wrong node.
Type: test
Change-Id: I0c1c614318d1308f825c5cc0bf95688e92f6d00a
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Make sure there's at least 3% space in the tx fifo before notifying vcl
of a tx event. The threshold is somewhat arbibrary but for a 4M fifo, it
now means that ~120kB of space should be available.
Should help minimize the amount of tx notifications generated by
session layer when apps are faster.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I11dd0931dca8f989000a2481f1f495bd267589c4
For the reasons of modularity and security, it is useful
to have various functionality split into processes different from VPP.
However, this approach presents the challenges of managing those processes,
and is markedly different from simply running everything within VPP process.
This plugin is an experiment in having the VPP itself start off a monitor
process which in turn starts the child processes, and restarts them if they
quit.
If the VPP process ceases to exist, the monitor process terminates all
the descendant processes and quits itself.
This allows to preserve the "single entity to manage" approach of
simply running a barebones VPP.
An example of running it:
export DPDK_CONFIG=""
export DISABLED_PLUGINS=dpdk
export EXTRA_VPP_CONFIG="fateshare { monitor ./build-root/install-vpp_debug-native/vpp/bin/vpp_fateshare_monitor command ./test1 }"
make run
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I66221fd7403f220d9652fe76958ca499cfd070a7
Type: feature
Wrap SESSION_EVT in do loop to avoid complaints about if statement
having no arguments which can happen if debugging for groups is not
enabled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I35af179b806ed47a1e20816a19291c31fdb7566a
Add an API call mpls_interface_dump() which returns a list of mpls_interface_details:
- If no sw_if_index is given, all MPLS enabled sw_if_index are returned.
- If a particular sw_if_index is given, and it doesn't exist, an empty list is returned.
- If a sw_if_index exists and has MPLS enabled, a list of that one sw_if_index is returned.
Tested:
- Create 3 loopback interfaces
- Call for ~0 and for sw_if_index 0..5 all return empty lists
- set int mpls loop0 enable
- set int mpls loop1 enable
- Call for ~0 returns 2, and the call for sw_if_index=1 and =2 (the loopbacks) returns
each a list of one sw_if_index 1 resp 2, the other values of sw_if_index return empty list
- set int mpls loop0 disable
- Call for ~0 returns 1, and the call for sw_if_index=2 (loop1) returns both a list of one
sw_if_index=2, the other values of sw_if_index return empty list
- set int mpls loop1 disable
- Call for ~0 and for sw_if_index 0..5 all return empty lists
Example Python3 API program:
```
api_response = vpp.api.mpls_interface_dump()
print(f"Response is {api_response}")
for i in [ 0, 1, 2, 3, 4, 5 ]:
api_response = vpp.api.mpls_interface_dump(sw_if_index=i)
print(f"Response[{i}] = {api_response}")
```
Type: improvement
Change-Id: If87f7d7f8972d99260e859757dbcb251c6fa54a8
Signed-off-by: Pim van Pelt <pim@ipng.nl>
lport and eport in Cli "nat44 add load-balancing static mapping" should hton()
Type: fix
Signed-off-by: Wei Li <realbaseball2008@gmail.com>
Change-Id: I2eadb7e341efb70cc406e10b3b189e5ebff09ff4
This is the initial commit of a NPTv6 (RFC6296) implementation for VPP.
It's restricted to a single internal to external binding and runs
as an output/input feature on the egress interface.
Type: feature
Change-Id: I0e3497af97f1ebd99377b84dbf599ecea935ca24
Signed-off-by: Ole Troan <otroan@employees.org>
Support compiling in Linux Mint OS
Type: improvement
Change-Id: I08721227352b00127fe0acac67269775997fd974
Signed-off-by: spencercoder <xiexiaosong@ruijie.com.cn>
This is a clone of Gerrit 35419.
(It is abandoned and I am not the owner so I cannot reopen.)
Ticket: CSIT-1816
Type: fix
Fixes: 5e0ea09d96
Change-Id: I2265cf38a9ce3155460a1025821c2749afca0add
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Moved the kernel call for the timestamp outside of the inner loop to improve the batch proccessing, and minimizing the kernel calls.
Type: improvement
Change-Id: I0245c223fc8a178724bb8c5df2b98083be046c26
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Sw ring is renamed to the cache ring. This name better reflects the
puropse of this ring. We've introduced push/pop functions, as well as
other utility functions which remove code repetition. Error handlig
is improved: previously in case of an error all frame elements were
marked as bad, now only these for which errors occured have the error
status set.
Unnecessary stats counters have been removed.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2fd42a529ac84ce5ad260611d6b35a861d441c79
Type: feature
this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it
Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Add a new native idpf driver. This patch enables the device
initialization. Add some necessary functions and definations
for input and output. A new version of virtchnl is introduced.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ibbd9cd645e64469f1c4c8b33346c1301be3f6927
- Package update performed by
1. updating pip, pip-tools, setuptools
2. 'make test-refresh-deps' on ubuntu 22.04
3. fixing 'make test' and 'make docs' issues
on ubuntu 22.04
4. 'make test-refresh-deps' on ubuntu 20.04
- Add dependency for 'make test-refresh-deps'
to insure python venv is set up.
- Update of python formatter, black,
caused reformating of 41 python code
files.
Type: make
Change-Id: I7cafdf4b5189065ac57cb6b254937f6e0897a924
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Supplemented the documentation of "l2 rewrite", and added examples
Type:docs
Change-Id: If49ae0b22989b3cd1c88a27a4e51b74be32d75e7
Signed-off-by: yanlong <dyl_wlc@163.com>
As per discussion on the VPP call, since they are being
used in CSIT tests and have not seen changes in a while,
mark the messages as production from the change process
standpoint.
Type: improvement
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I7fda71edd923b798d034380320a869f7c35cb5a6
When a listen session receives an ACCEPTED message, but then
receives either a RESET or DISCONNECTED message from VPP before the
session is accepted, the listen session state is switched to
VPP_CLOSING or DISCONNECT.
The subsequent CLEANUP message handler attempts to send a
disconneted or reset reply message to VPP, but since the vpp_evt_q
for the listen session is null, this leads to a crash.
Type: fix
Change-Id: Ic51f78f631fe8d15bf8c56b795f4a900c3e2f724
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch bumps DPDK version from 23.03 to 23.07.
Type: feature
Change-Id: I15140cecd008bfafb358f6348a1cb8fc08f70f02
Signed-off-by: Kai Ji <kai.ji@intel.com>
- Remove test code & non-vpp code from coverage report
- Remove driver/hardware vpp code which cannot be tested
in 'make test' from coverage report
Type: fix
Change-Id: I04b50c14bc3437b845f2afafae47297189e61e3f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Move from synchronous flushing of io and ctrl events from transports to
applications to an async model via a new session_input input node that
runs in interrupt mode. Events are coalesced per application worker.
On the one hand, this helps by minimizing message queue locking churn.
And on the other, it opens the possibility for further optimizations of
event message generation, obviates need for rx rescheduling rpcs and is
a first step towards a fully async data/io rx path.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
Type: improvement
Remove rwlock contention on timestamps. ~10% pps with
10k sessions. Use fixed-size-pools of increasing sizes
starting with 4K, and with a x2 step each time.
We don't free/shrink allocated pools.
Change-Id: I5fea51faba40430106c823275a6356e81709d118
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This replace the cnat ip4/ip6 to client
lookups previously done with a regular
hash, by a bihash lookup.
Type: improvement
Do the client lookup in a bihash instead of
a hash.
Change-Id: I730c1893525c002b44ada8e290a36802835e88e9
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This adds a flag on the translation
asking the VIP & input-feature nodes
not to create the return session when
translating / load-balancing an incoming
flow. This is needed with maglev & DSR
Type: feature
Change-Id: I699012310ddc59f6ceeeb4878638eac6da5128dc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Maybe some function calls the wrapper funtion like read which invokes
the ldp_init_check in the other libs as a constructor before
ldp_constructor. Then the ldp has been initialized already when
ldp_constructor is invoked. And it's normal case, we shouldn't treat it
as an error.
So ldp_init should return success if ldp is initialized already instead
of an assert.
Type: fix
Change-Id: Ifa2a7b1d5471981a3f840b14a4fa5d48fb1f1374
Signed-off-by: Gao Feng <gfree.wind@outlook.com>
more generic version of clib_sysfs_link_to_name with support for
format strings...
Type: improvement
Change-Id: I0cb263748970378c661415196eb7e08450370677
Signed-off-by: Damjan Marion <damarion@cisco.com>
works with vectors of pointers...
Type: improvement
Change-Id: I530653978fcf981be299cf42a1133be000d74d0c
Signed-off-by: Damjan Marion <damarion@cisco.com>
More conveninet way to unformat file by providing filesystem path.
Takes format string for easier constuction of path...
Type: improvement
Change-Id: I433204fa20dc98e2b11c53914883d047a7fc62c6
Signed-off-by: Damjan Marion <damarion@cisco.com>
When a VCL_STATE_LISTEN_NO_MQ session receives an ACCEPTED message,
but then receives either a RESET or DISCONNECTED message from VPP
before the session is unlistened, the listen session state is
switched to DISCONNECT.
The subsequent CLEANUP message handler attempts to send a reset
reply message to VPP, but since the vpp_evt_q for the listen
session is null, this leads to a crash.
Type: fix
Change-Id: Id7e88dcb16df3eda912b3f763730ec8d8973473a
Signed-off-by: wanghanlin <wanghanlin@corp.netease.com>
This patch removes zero checks for new_addr, new_port
meaning sessions with zero values will rewrite the packet
with a 0 value instead of leaving it in place. This allows
to reduce branchiness in the code, and sessions are fully
resolved at creation time anyway.
This also adds support for checksum offloads:
- IP checksum offload : we always compute the checksum to
avoid issues with drivers. We'll revert this if we realize
cost gets too important.
- TCP/UDP checksum offload : we add the implementation for
pseudo header checksum computation. This is needed for the
drivers that do not re-compute this pseudo-checksum before
the packet is TX-ed (e.g. a few DPDK drivers).
Type: improvement
Change-Id: I6543f3aec8c120ec50f4219108609138283620ef
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Since gre is a plugin, nsh should not use symbol names directly.
Type: fix
Fixes: cefb178aa4
Change-Id: I1a1c20740aabdaafd69f507cd71016c3109b0205
Signed-off-by: Benoît Ganne <bganne@cisco.com>
So error logs are displayed on console earlier....
Type: improvement
Change-Id: If31b76c9d06254b0fec5b5b3f4e92a881b4cf786
Signed-off-by: Damjan Marion <damarion@cisco.com>
Avoid explicit manipulation of session state and generate closing event
if need be.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I07cda1db08a2673b27b496ea1371b0dfd8e6f98a
Type: fix
Buffer needs to be rewinded before being passed to punt-dispatch node.
Change-Id: I43d103515d372e425f4c3b08ca1779398f1fced4
Signed-off-by: Sylvain Cadilhac <sylvain.cadilhac@freepro.com>
App transports like TLS can close sessions on tx and consequently
generate new events. That can realloc the event pool.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I58a97502acc1182b3d051ba1aa9e0e98c16f4593
To allow dynamic registration of device classes..."
Change-Id: Ie8435e8c55b7e300be06abe97b653c0c3ce7f732
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Small mistake was made, reported by coverty scan.
Type: fix
Change-Id: I98ca16c0275a94b2def99831f9353d4ff3fe93a9
Signed-off-by: Maxime Peim <mpeim@cisco.com>
The following issues are fixed:
* in responder code: do lookup again as the old pointer could be
invalidated during the cleanup operation
* in initiar code: do the cleanup of session if there're no child SAs or
if there's no response from the responder during initial request (this
can easily happen if the response packet was lost/dropped/etc)
* print the state of ikev2 profile (for easier tshooting)
Type: fix
Change-Id: I853d9851c0cf131696585e3c98fa97e66789badd
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
It is a function in vlib, so no reason to mention vnet.
Type: fix
Fixes: bf179a91d8
Change-Id: Ic5f601d94d88b667f7ce44a017a0e1d5b4db5da1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
The extra format line was added for no reason from patch ff27c9f8e.
Type: fix
Fixes: ff27c9f8e
Change-Id: Ib25149cc8a17c29d0c8a0dbc06f0ea12ca4f328c
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value changes
from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I84f8cf314d36183a5e6f544cd756c01d1d10a1a5
In the current implementation there is a bug related to the incorrect
message handling due to the wrong id.
The fix changes logic responsible for handling incoming API messages
by correcting their ids.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iea29506053c9fd2e1d01bce83e7f4a6e1de39321
Type: improvement
Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled.
Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7
Signed-off-by: qinyang <qiny@yusur.tech>
When _VEC128 instructions are not enabled logic is buggy.
The function always returned 1.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I603200637e8d65813f4e49ef15d798e74b79b9cf
When msg->msg_controllen is set in recvmsg, the caller wants to receive
additional information about the messages. However, they might not
always be available. In that case, we should clear cmsg since
the caller uses CMSG_NXTHDR which might access uninitialized fields in
cmsg.
Type: fix
Change-Id: Ifdf9634bfcb1427f7ae3812014a46bfd7f4bc473
Signed-off-by: Steven Luong <sluong@cisco.com>
This patch addresses the issue when the list of available interfaces
is not up to date. Due to this issue adding a new route fails
and finally the connection is not established.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3a63c0dd99ebc28ea149b4b23867440937682761
This patch addresses the issue where the message ID registration
in the register_event function is incorrect. Due to this incorrect
registration, the lookup for the corresponding callback on received
messages fails, eventually leading to a segmentation fault
and double-free memory space.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If95182f972f64adb44d514e18c831cc9627d8f0f
In the current implementation there is a bug in the function
responsible for getting software interface index by the name of the
interface. Incorrect function is used to send the API message, also
the handler with replied message is incorrect.
The fix changes function to send dump message and also adds handler
with replied message in the correct way.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id1a3ba2ce7e92d216907f344431b9e2acb1d5572
- Move the VPP API Change Process documentation
from the wiki page into the in-tree VPP docs
Type: docs
Change-Id: I42f661618b8632230bebe3aa8fbad455b9a05d01
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
There is a mode field in ipip_tunnel_details. The handler for the dump
API does not do anything to populate it so it always contains 0
(TUNNEL_API_MODE_P2P). This is correct for p2p tunnels but is wrong for
multipoint tunnels.
Populate the field with the correct mode.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I6c1288a0d3929db0f67100748b5760c36b594f97
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.
This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.
The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248
Type: fix
Fixes: 613e6dc0bf ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
nl_route_add() recently started to use its optional argument to check
whether replace flag is set for the message. When notification messages
are processed, the argument is a pointer to the corresponding message
info. However, when dump replies are processed, the argument is a null
pointer. This leads to null pointer dereference and crash when dump of
routes is processed.
With this fix, check for replace flag only if message info was passed
to nl_route_add(). Otherwise, assume the flag is not set. Dump replies
do not have it set.
Type: fix
Change-Id: Icb04a1146e09cc965b623018c28f91b347be0eab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
1) Imports ENCAP_MPLS labels from IPv4/IPv6 routes.
Note that this requires libnl 3.6.0 or newer.
In previous patches, the fib_path_ext_t had a path ID of -1.
After a long investigation, it turned out to be caused by route weight
being set to 0. There is a comment explaining more details.
2) Handles MPLS routes.
MPLS routes were wrongly added as IPv4 routes before.
POP and SWAP are now both supported.
All the routes are installed as NON-EOS and EOS routes,
as the Linux kernel does not differentiate.
EOS POP used in PHP uses the next-hop address family
to determine the resulting address family.
This patch is sufficient for P setups.
PE setups with implicit null should also function okay, as long as a
seperate label gets programmed per address family.
PE setups with explicit null will also forward packets,
but punting is a bit odd and needs MPLS input enabled on the LCP host
device.
3) Propagate MPLS input state to LCP Pair and Linux.
Since the Linux kernel uses the MPLS routes itself,
the LCP pair tap needs MPLS enabled to allow host originated packets.
This also syncs the Linux `net.mpls.conf.<host_if>.input` sysctl to
allow punted packets to have MPLS labels, mostly explicit nulls.
In addition, a special feature is enabled to cross connect MPLS packets
coming from Linux directly to interface-output untouched.
Make sure to enable MPLS/add a table in VPP first and load the
MPLS kernel modules!!
Type: feature
Change-Id: Ie4184bb4cc96905bf8b483a27e7ca6d251697374
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Signed-off-by: Pim van Pelt <pim@ipng.nl>
stats entries /if/names are never deleted as it is a vector of the
sw_if_index value. When the interface is deleted and then created again
later, and if the new interface takes a different sw_if_index, we may
end up with duplicate entries for the same interface name. For example,
the following configuration sequence causes problem
create loopback interface
create loopback interface
delete loopback interface intfc loop0
delete loopback interface intfc loop1
create loopback interface
vpp_get_stats dump /if/names
[0]: local0 /if/names
[1]: loop0 /if/names
[2]: loop0 /if/names
The fix is to set the delete /if/names entry to deleted when the interface is deleted.
Type: fix
Change-Id: I7d811b12d56e3cf8c7deffe14736ea0f24814d02
Signed-off-by: Steven Luong <sluong@cisco.com>
clang-16 complains about signed one-bit bitfield value
changes from 1 to -1. Use unsigned type instead.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Iab006c036d4068af2fe3caaefc871a95b26cc578
List of changed messages:
- lcp_itf_pair_add_del
- lcp_itf_pair_add_del_reply
- lcp_itf_pair_add_del_v2
- lcp_itf_pair_add_del_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ic20a852dd1fb27858c8776095f9c98757b89bfe8
List of changed messages:
- ip_punt_redirect_dump
- ip_punt_redirect_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Icf91f760b9bd328110b0f9fc2e421bb954033d21
List of changed messages:
- memif_socket_filename_add_del
- memif_socket_filename_add_del_reply
- memif_create
- memif_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Id334990584b64a0efa3c28a3d8b6b641adab8c09
List of changed messages:
- memclnt_create
- memclnt_create_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0031cc2f1604ca4c34574c8e1ee28e358c2bbe5d
List of changed messages:
- pg_create_interface
- pg_create_interface_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I574927f0820c54d748f27fd96a45afec5243b645
List of changed messages:
- sr_policies_dump
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I16ae1bed83ad8c73e3254b6d195251702de84f97
List of changed messages:
- ipsec_sad_entry_add_del_v2
- ipsec_sad_entry_add_del_v2_reply
- ipsec_sa_v2_dump
- ipsec_sa_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I8fd6906e9684ef7ebc0688dc8b0637ae2dc8d0a2
This patch introduces sw_ring to the crypto op data path implementation,
so that raw data path and crypto op data path use same mechanism of processing
async frames. Crypto op ring has been removed from the implementation.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id823f80a88cfa0ff40252616a36de8bb044c7f45
When vlib buffer is processed on vnet side its length is corrected by
cipher padding and icv_sz. These changes need to be reflected in
the mbuf internals.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0aa03f67f556dfc8f9a577ca1967210527221e02
There is an API call to change neighbor database configuration (i.e.
limit on peer number, aging, and recycling). With this change, make
getting current values of these settings available via the API.
Type: improvement
Change-Id: Ie9394e086b68cf9b28ad98dea162f203f8043cbb
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
List of changed messages:
- af_packet_create
- af_packet_create_reply
- af_packet_create_v2
- af_packet_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: Ia065c3bbc2c7923de64f47417099aea1aa1216b1
List of changed messages:
- tap_create_v2
- tap_create_v2_reply
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I7b1b22cc4a0e31f5c19fe48e7a0f30631576f9df
List of changed messages:
- vxlan_add_del_tunnel
- vxlan_add_del_tunnel_v2
- vxlan_add_del_tunnel_reply
- vxlan_add_del_tunnel_v2_reply
- vxlan_tunnel_dump
- vxlan_tunnel_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I0a7227e76a493731fd136f8e6310ad372fab2494
Namespace keyword is reverved c++ word, so it's not possible to include
vapi header for af_xdp plugin and use it.
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I42a0e0a89ff2c407090d3c18c1bc5a5605ddf032
If a frame should be sent to 'ethernet-input' set the
ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX flag. It will force 'ethernet-input'
to use a fast-path for such frames.
This patch also aligns the behaviour with other input nodes.
Type: improvement
Change-Id: Icff0fa31204d5304a2ea0a4f4e7bc418dedbfe32
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
An SA is normally bound to the first thread using it. However, one
could want to manually bind an SA to a specific worker.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I05cbbf753e44a01d9964ee47812c964db9bbb488
Packet-generator does not support TCP options.
Along with its support, a formatting function has been added.
Further work will be needed to update header formatting functions
to take into account TCP connection options. For now, TCP options
are taken on a per-packet basis.
Type: improvement
Change-Id: Id800887853c4941d893be353ce6d8624ed8bbc5d
Signed-off-by: Maxime Peim <mpeim@cisco.com>
cdf73b9731 has added the qemu tests as part of the default test run,
which results in "make test" failure in more restricted environments which do not allow the
namespace creation.
Add a config flag to skip those tests, and skip them if the namespace creation fails.
Type: test
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ie631f7fb2a80864f77c79619eba4a43712e950e5
Make sure half-open sessions are marked as transport closed once
connected notification is provided. This ensures that if they've been
scheduled for tx, the event is ignored.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8c44584e843d93365ec737ae4e1bcb74eba35506
This rework tries to address issues found on SPR QAT, for traffic
reaching max possible throughoutput for single QAT PF packet drops were
observed.
Fix changes enq/deq scheme by utilizing software ring in enq call from
VNET but enq and deq to QAT happens only in deq callback function what
should enable better utlization of hardware resources.
Type: improvement
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2e8c473d20a269fd5e93f0c8d1f8c8aa193712bd
The af_xdp plugin does not support chained buffers; attempting to send
chain buffers will result truncated packets or even send other packet's
data. As a workaround, turn any buffer chain into a single buffer before
tx.
Type: fix
Change-Id: I05dec912455eb2bb6c8122a28cd646f88983aa9a
Signed-off-by: Shmuel Hazan <shmuel.h@siklu.com>
This patch introduces sw_ring. This ring is used in next set of patchas
and plays role of a buffer for QAT, allowing collecting frame elements
in case QAT queue is fully utilized, and assembling frame
from QAT dequeued elements.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Dastin Wilski <dastin.wilski@gmail.com>
Change-Id: I20718e200986ab4dba5cbc31c05a904072a6981a
Make sure the same frame is not used for multiple interfaces, otherwise it breaks the ETH_INPUT_FRAME_F_SINGLE_SW_IF_IDX promise.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I02546259ceaea36f65cb9f78b9b3ee45ed4075c9
TCP nodes consume the buffers so they have no nexts. To avoid long drop
path through vlib graph, add drop node.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ibe6e075e83612ed16270934398c6a013f236ae35
AF_XDP socket will only tx enqueued packets up to a max batch size so
we need to retry until everything has been sent.
Type: fix
Change-Id: Ia487ab63d3e85a478471cd1d679c5fb471804ba3
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The async frames pool may be resized once drained. This will cause 2 problems: original pool pointer is invalidated and pool size changed, both problems will confuse the crypto infra user graph nodes (like IPsec and Wireguard) and crypto engines if they expect the pool pointers always valid and the pool size never changed (for performance reason).
This patch introduces fixed size of the async frames pool. This helps zeroing surprise to the components shown above and avoiding segmentation fault when pool resizing happened. In addition, the crypto engine may take advantage of the feature to sync its own pool/vector with crypto infra.
Type: improvement
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2a71783b90149fa376848b9c4f84ce8c6c034bef
Otherwise, we will get an error. The program could remain from the previous run.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I68e4072bd3b327592013804d67ccab7eb0ed3a0e
SVM_FIFO_WANT_DEQ_NOTIF_IF_FULL should be treated as a
config option that is not frequently changed. Or alternatively, it
should be set together with SVM_FIFO_WANT_DEQ_NOTIF to elicit a one time
tx notification.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie4132c7789ee87227a875ff981eb98f9f4d898a9
- do not allocate port sparse vector when only checking if a port is
already in use
- do not display port that have been unregistered by default
Type: improvement
Change-Id: I6cc94e35806dd8d415cd5d1c1c51e6b066ac26a1
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Linux uses NLM_F_REPLACE in the netlink message to signal a FIB update
The code invariably does a FIB update for IPv4 and a addition for IPv6.
Without this fix, the following:
ip route add 2001:db8::/48 via 2001:db8::1
ip route replace 2001:db8::/48 via 2001:db8::2
ends up as two separate FIB entries in VPP. With the fix, there will be one FIB entry (the second one with nexthop ::2).
Type: fix
Change-Id: I8f98d6ded52ae0c60bfddaa7fc39acbbaa19d34a
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Type: feature
With this change, packets that are larger than a single buffer can fit
will be able to be sent and received over a Wireguard tunnel. Also,
cover this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ifaf7325676d728580097bc389b51a9be39e44d88
List of changed messages:
- nat44_add_del_static_mapping
- nat44_user_session_dump
- nat44_user_session_details
- nat44_user_session_v2_dump
- nat44_user_session_v2_details
This change is part of VPP API cleanup initiative.
Type: fix
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I317ae93a0e763c3759a8c24fd550e1c97f6f4987
This patch can make crypto dispatch node adaptively switching
between pooling and interrupt mode, and improve vpp overall
performance.
Type: improvement
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I845ed1d29ba9f3c507ea95a337f6dca7f8d6e24e
In some cases, in the trace dump v2 dump function, we iterate over the
client cache even though this one could be empty.
Type: fix
Change-Id: Ice5cefa25bb93dabe86fe565347cdc32faa674ac
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Type: test
This application creates two memif interfaces which connect
to an external application i.e. VPP.
Usage:
1) Start VPP with following config.
create interface memif id 0 master
create interface memif id 1 master
set int state memif0/0 up
set int state memif0/1 up
create packet-generator interface pg0
set int state pg0 up
create packet-generator interface pg1
set int state pg1 up
set int l2 xconn pg0 memif0/0
set int l2 xconn memif0/0 pg0
set int l2 xconn pg1 memif0/1
set int l2 xconn memif0/1 pg1
packet-generator new { \
name memif \
limit -1 \
node ethernet-input \
size 64-64 \
interface pg0 \
worker 0 \
data { \
IP4: 42:01:0a:00:00:0a -> 02:fe:4b:6e:4d:c1 \
UDP: 172.16.2.2 -> 172.16.0.2 \
UDP: 1234 -> 1234 \
length 30 checksum 0 incrementing 1 \
} \
}
2) Compile and Run the test_app in another terminal.
mkdir -p extras/libmemif/build
cd extras/libmemif/build
cmake ..
make
sudo ./examples/test_app
3) Run in VPP cli
vpp# packet enable
4) Run monitor to see the throughput and pps
vpp# monitor interface memif0/0
Or
vpp# monitor interface memif0/1
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I4b9062fca8ad3020225adb7b1b09e5d66b1a7d48
The plugin creates and manages adjacencies for the physical interface in
each interface pair (they are part of the x-connect feature). When a
link update notification is received from the host system, MAC address
of the corresponding physical interface is updated (as needed) as well
as previously created adjacencies for it (because a new rewrite string
needs to be generated).
Subinterfaces inherit MAC address from the parent interface. When MAC
address of the parent interface changes, it also implies MAC address
change for its subinterfaces. The problem is that this is currently not
considered in the plugin. After MAC address update on the parent
interface, packets sent from subinterfaces might have wrong source MAC
address. For example, IPv6 Neighbor Solicitation messages will be sent
with the wrong (previous) MAC address and neighbor discovery will fail.
With this fix, when the plugin updates adjacencies for a physical
interface, it will also update adjacencies for the subinterfaces with
existing interface pair.
Type: fix
Change-Id: Ia5f617197e33cb79b9b025c02c2c126c31a551ec
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Epoll events might not have been cleared by user so always compute event
flags locally and assign to user provided epoll event.
Type: fix
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I3b594a0fd7be345a0e0ad81d1d3636e9354cc15d
When dumping packets from multiple threads using the API, first all
packets from thread 0 are dumped then all ones from thread 1, etc
Until we reach the limit specified by the API call, so we could never
get packets trace from threads with higher ids.
However, the tracedump CLI dump a maximum number of packets from all
threads, which we can expect from the API to do.
We also add a trace_clear_cache API so the client gets an answer when
he only wants to clear its packet cache.
Type: improvement
Change-Id: I0d4df8f6210a298ac3f22cd651eb4d8f445e1034
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Peer fib index and nh fib index should be different when nh-table-id is
specified.
Type: fix
Change-Id: I4c8296adb5aeab1c0022bfc1046e9559331b79b2
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
There was already a basic type defined, but nothing more.
This implements callbacks similar to
ip4_enable_disable_interface_callback_t.
Type: feature
Change-Id: I34fcb146ca68af4eb8cdd244529eb149f884284d
Signed-off-by: Adrian Pistol <vifino@posteo.net>
The order of the parameters when calling the ip_neighbor_probe_dst for
an aged neighbor is wrong and given that it runs on the master thread,
probes for IPv6 neighbors were never sent, leading to a certain neighbor
strike out and death and its removal from the neighbor cache.
Change-Id: Ic021bd0ece05bd2c1c6ab90eab0e2dc27cb10360
Type: fix
Fixes: fd2417b2a4
Signed-off-by: Sergio Gonzalez Monroy <monroy@anapaya.net>
- Make error message more human readable.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Iefc276b3a85ff82b927028a72bb91ed87ebd04ba
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Rename extra_vpp_punt_config to a more generic name extra_vpp_config to
better fit its purpose. It's fit for general use and already used that
way by quic and vcl tests anyway.
Type: refactor
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: Ib0a5789b0dbb3a8c3cae654dea4e32ac5e56dd41
The built stat_segment_data_t is leaked if stat_segment_access_end()
returns false.
Type: fix
Signed-off-by: Duncan Eastoe <duncan@graphiant.com>
Change-Id: I70adabbe7947d3e8a798cdfb3eaa14c683dce9da
load-balance and replicate dpos both store their number of buckets as
u16, which can overflow if too many paths are configured. For
load-balance it can happens quite quickly because of weights
normalization.
Type: fix
Change-Id: I0c78c39fc3d40626dfc58b49e7d99d71f9852b50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
If openssl tls server handshake fails, track the fact that the context
does not have an app session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5f493059a3610067b59caffbbe441ce9e0868252
On epoll ctl mod, set want deq flag before checking if unhandled events
are needed.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id1491837c7156a66c21e0e45af60b04b1c18601c
Reset deq notification flag even if session is no longer epolled.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4e9aed1849aa2817176f3a54ae41910df5e704a0
This feature enables the use of the classifier and ip-in-out-acl nodes
to redirect matching sessions via arbitrary fib paths instead of relying
on additional VRFs.
Type: feature
Change-Id: Ia59d35481c2555aec96c806b62bf29671abb295a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
format_hexdump currently requires the length parameter to be uword
(64-bits) hence all callers must make sure to cast the length to uword.
Use u32 instead to benefit from C automatic integer promotion: any
length smaller or equal to u32 will be promoted to int fitting in u32).
Only callers using a length of u64 needs to downcast.
It also makes it similar to other variants.
Type: fix
Change-Id: I09b52fdde3970cec0be4150a29126ff63106c75b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Add the missing AArch64 support for printing program counter.
Type: improvement
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Idb63737ed72e10fa29fd61e1eab5af059e2b8e28
In some cases with Generic FLow, it is only required to show the pattern
of spec and mask, but no need to add the flow. Therefore, add an option
in packetforge so that users can show spec and mask only.
Type: improvement
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I7b3040689eb82d0b58924712ee6fc9cfa0a42fa1
Print fib-index, next node index and opaque.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id2ff265c9acffc75f8b04fb9f26c6d571fc2ef98
Prior to dpdk-22.11, VPP can count on rte_eth_dev_socket_id to return
numa node 0 if the device didn't set it. Ever since below patch is
committed in dpdk
https://patchwork.dpdk.org/project/dpdk/patch/20220929120512.480-1-olivier.matz@6wind.com/#152498
the aforementioned assumption is no longer true. If the device didn't
set the numa node, VPP gets -1 from the aforementioned API call. This
causes VPP to crash.
This fix is to set the numa node to 0 if the API returns -1, or SOCKET_ID_ANY
Type: fix
Change-Id: I2fde2870e5a3eb98473fe8d119fef594bfba9a8d
Signed-off-by: Steven Luong <sluong@cisco.com>
Move GRE folder under vnet to the plugin folder, and modify some of path
of the #inlude<header> to the new path.
Add a plugin.c file to register a plugin.
JIRA: VPP-2044
Type: improvement
Change-Id: I7f64cecd97538a7492e56a41558dab58281a9fa5
Signed-off-by: Chuhao Tang <nicotang@cisco.com>
In some cases an .api file may contain only counter definitions.
If so do not generate the setup_msg functions.
Type: improvement
Change-Id: Idf89a7a5ab135428e9577726bc356acfd7c30113
Signed-off-by: Ole Troan <otroan@employees.org>
- remove non-inclusive language in message and improve
clarity of the error message
Type: style
Change-Id: I3f4895d6a502c2583a8b6b3c325a3f30ced03f84
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- Update rdma-core library to 45.0 to work with DPDK 23.03
Type: feature
Change-Id: I6bd54c509b93de905e1b0194dce414e4a6e11990
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch bumps DPDK version from 22.11 to 23.03.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I10203a6408ceb5a40fe392924130652b91ebc993
This patch prepares code for bumping DPDK version to 23.03, but the DPDK version of this patch keeps at 22.11 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I589afba165e85138437e731531414a033f64f8d3
Make sure half-open table is cleaned up on close and cleanup of
half-open.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id7ad177f364d6395f7379dc927e449a40547510e
Update rdma-core library to 43.0 to work with DPDK 22.11.
Type: feature
Change-Id: Iad8bb9c7745dd5bc5f8c0935a31362fd92447ff6
Signed-off-by: Alexander Kozyrev <akozyrev@nvidia.com>
After the clib_socket_init syntax changed, the behavior of VCL
socket creation was broken. This patch introduces app_namespace_add_del_v4
to address the behavioral change.
Type: refactor
Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I9f0f786b50aa77383b16e0f844c85f236f7aa8d0
This patch bumps DPDK version from 22.07 to 22.11.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I82df2c0678e1cc1b3739a5b0677f0c4a4180a489
A plugin can set "VAT_AUTO_TEST_ OFF" to disable building of the autogenerated
Type: improvement
Change-Id: I856fbfd83bbc5c7df0759e550b20ac75df77d9d7
Signed-off-by: Ole Troan <otroan@employees.org>
traceroute sends 3 packets rapidly that triggers and depends on ICMP error
generation. The current ICMP4 throttle setting at 1-e3 throttles the last
ICMP error and makes traceroute sit in a timeout.
Type: fix
Change-Id: Ie886303600ad0374dcb6ae311e949154727a93d2
Signed-off-by: Ole Troan <otroan@employees.org>
Type: fix
Currently sw_scheduler runs interchangeably over queues of one selected
type either ENCRYPT or DECRYPT. Then switches the type for the next run.
This works fine in polling mode as missed frames get processed on the
next run. In interrupt mode if all of the workers miss a frame on the
first run the interrupt flag is lowered so the frame remains pending in
queues waiting for another crypto event to raise the interrupt.
With this fix force sw_scheduler in interrupt mode check the second half
of the queues if the first pass returned no results. This guarantees a
pending frame gets into processing before interrupt is reset.
Change-Id: I7e91d125702336eba72c6a3abaeabcae010d396a
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
This patch add in missing src/dst port assignment in SA for udp port
if encap.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I84219c016c5a32590aba0371c01ad8d44cbf4c5c
Fix corner case when a test would be skipped if it was not possible to
start it due to insufficient cpus available in the middle of the loop.
Type: fix
Change-Id: Ie4580685ff55688375d649d7009131d9fe1e4f33
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Support multiple comma-delimited filter expressions,
e.g. to run both bfd and ip4 tests, it's now possible to do:
make test TEST=bfd,ip4
Same goes for wildcards, e.g.:
make test TEST=bfd,..test_longest_prefix_match,..test_icmp_error
Type: improvement
Change-Id: I0cceaa443cb612dca955f301c7407959f9a71a6e
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
This change is part of VPP API cleanup initiative.
Type: refactor
Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
Change-Id: I26d13a697c9b70a75555c04e925e9d6aaf7ed755
When trying to start perfmon with a bundle that has a unique type while
specifying that type as argument, the command fails
(e.g. perfmon start bundle branch-mispred type node).
This error occurs because the returned value of
unformat_perfmon_active_type is actually a perfmon_bundle_type_t, but
it was treated as a perfmon_bundle_type_flag_t by a test in the CLI
function.
However, this test is useless and thus can just be removed.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I5d8b9815871621e8ee7b935586f4cedbc0e7a53d
Introduce async model into memif by utilizing new DMA API. Original
process is broken down to submission stage and completion stage. As
multiple submissions may in flight simultaneously, per thread data is
no longer safe, now replace thread data into each dma data structure.
As slave side already support zero copy mode, DMA option is only added
in master side.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I084f253866f5127cdc73b9a08c8ce73b091488f3
This patch prepares code for bumping DPDK version to 22.11, but the DPDK version of this patch keeps at 22.07 for compatibility.
the "no-dsa" parameter in DPDK configuration is removed, the "blacklist" parameter can be used to block the related DSA devices.
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I08787c6584bba66383fc0a784963f33171196910
Apache ab sometimes fails during extensive performace testing.
This patch makes sure hs-test perf tests always pass.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I0921682f0f07df3af45b342b9a7ddfa1af037ceb
Set the mask of calculating the next cqe index to the corresponding CQ
size instead of rxq size.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I67494f029967af64051f51452eba1fd699984cd9
With 'api-trace { on }' in startup.conf, running 'api trace dump' in
vppctl was causing VPP to seg fault. vl_msg_print_trace() was calling
m->endian_handler() without checking whether its null.
Checking if its non-null prevents a crash, but the trace dump prints
the message IDs for trace_plugin_msg_ids in network byte order. There is
an auto-generated endian function for that message. Set it on the call
to vl_msg_api_config() for trace_plugin_msg_ids so the IDs will be
printed in host byte order in trace dump output.
Type: fix
Fixes: fe45f8f5
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I0ab463985e9a983155feba13ac4eb99ab883ace6
Previously, .src_ip_sticky may have been left uninitialized.
Type: fix
Fixes: 613e6dc0bf
Change-Id: Ifd866d6322fe9ff723f92b7ab3fd77e720a3cfa4
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
To make out of tree plugins require a particular version, they need
access to the version they are built with. Install version.h.
Type: fix
Change-Id: I5916d0a16aed7e054ede452af956fee56cd078f0
Signed-off-by: Ole Troan <ot@cisco.com>
When a stats entry is removed it is marked empty.
The stats client did not check for that and returned an empty string.
This resulted in blank lines in vpp_get_stats. Fix by returning null instead
and checking value.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I08a39ba3ef4421bf275747a6300f97fe36791b50
for testing purposes, disabled by default
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
Change-Id: Id616e2b3b21ae0f0b44e2b55ecefd501afacc7f2
RTA_VIA allows routes to have a next-hop in a different address family.
This commit makes linux-cp import those types of routes correctly,
instead of importing the routes without a gateway.
This uses rtnl_route_nh_get_gateway, which is available since libnl
3.4.0 (Oct. 9, 2017). Even Debian Stretch has it via backports.
Type: fix
Change-Id: I06297c700461ba7874eb8baf9355bd40990b3121
Signed-off-by: Adrian Pistol <vifino@posteo.net>
Nat in2out sessions are distributing among workers by client
addresses. In case there's multiple client vrfs with very
similar client addresses (usually from rfc1918), session
distribution/load can be unfair just due similar hash.
Let's take dynamic client fib_index into account, it'll affect
external port range only, outside address picking has own
address-based hash therefore not affected.
Type: improvement
Change-Id: I56ab2e1ce8dd27f2b1f9e7f22839ccf7774bfb82
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
The unformat type for "%d" should be u32 or int.
Type: fix
Signed-off-by: Ted Chen <znscnchen@gmail.com>
Change-Id: I2483df6259ed8d3c7648c8db6345e5063ac8b57e
Adding api nat44_ed_vrf_tables_v2_dump which may replace
nat44_ed_vrf_tables_dump in the future.
- fixing endianess
Type: improvement
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
Change-Id: I40d09ea3252589bdcb61db9f1629dacd87f69978
Some components, like dhcp, log constantly changing strings which in
turn forces elog string table to grow unbound.
To avoid this, as a workaround, only turn on elog logging if requested.
Actual fix that adds configuration for logging subclasses should come in
a later patch.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ie8b26251fb7115d866c2bd65353daa33cdab1ab6
The punt socket code rewinds the current_data pointer by sizeof (ethernet_header_t),
which is incorrect if the header is tagged - resulting in truncated destination MAC
address. Use ethernet_buffer_header_size() instead, which takes tags into account.
Also add the unittest that verifies the issue and the fix.
Type: fix
Change-Id: I6352a174df144ca1e4230390c126f4b698724ebc
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Creation of lcp tap for non-ethernet interfaces can potentially lead to a crash, so avoid it.
Type: fix
Change-Id: I76ded8a08ea38a2c31d0215804af023207d4d3e1
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Previously we encountered the issue of failing to create completion
queues on some Arm platforms because DPDK may set MLX5_CQE_SIZE to 128
if DPDK MLX PMDs are built and DPDK plugin is loaded, which does not
satisfy the requirement of 64B size CQE by RDMA plugin.
We fixed this issue in 844a0e8b0("always use 64 byte CQEs for MLX5"),
but some of CSIT test cases failed due to this code change. It turns out
that we don't need to specify compressed CQE mode for txq CQ because
RDMA tx doesn't have the code logic to handle compressed CQEs, which
might cause unexpected behavior if it is enabled.
Type: fix
Fixes: 844a0e8b0 ("always use 64 byte CQEs for MLX5")
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I7909a6d44b15bcf39c15dfac9377b65520a0cbfb
The time wheel should not be started in the loop while processing expired events.
can be set p->stop_timer_handle = ~0 to solve.
Type: fix
Signed-off-by: jinsh <jinsh11@chinatelecom.cn>
Change-Id: Ie9a4293f39f981f50d280b39a5d958d319ee2300
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: fix
The main loop populates a vector of suspended process nodes to dispatch
by calling TW (tw_timer_expire_timers_vec), which identifies expired
timers and appends the user handle for each one to the vector.
Subsequently, the vector is iterated and the process node corresponding
to each handle is dispatched. The vast majority of the time, the process
node will end up suspending itself again to wait for a new timer or
event.
Given a process node A whose timer has expired, between the point when
the timer expired and the point when A is dispatched and suspends itself
again, its stop_timer_handle contains a stale value.
If another process node B is dispatched before A is dispatched, it may
end up using the timer ID that A formerly used. If another process node
C is dispatched after B and before A and calls
vlib_process_signal_event() to signal A, the timer started by B can be
deleted by vlib_process_signal_event_helper().
After getting the vector of process node IDs for expired timers, reset
the stop_timer_handle on each of those nodes.
Change-Id: I266da438e76e1fc356016da0b9b4941efac1c28a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change of enums used in REPLY_MACRO() to appropriate one
for handlers:
-vl_api_nat44_ed_add_del_vrf_table_t_handler
-vl_api_nat44_ed_add_del_vrf_route_t_handler
Type: fix
Change-Id: I58e97817b1678da7c025c0d03a8b938a4e0f7b6c
Signed-off-by: Daniel Béreš <daniel.beres@pantheon.tech>
support with GTPv1 TEID added to the flow hash.
This can able to ECMP to PGW and parallelization.
Type: feature
Change-Id: I6f758579027caf6123831ef2db7afe17e424a6eb
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
Since connects can be done without a worker barrier, first
worker should flush connects to destination workers only
after session layer has a chance to fully initialize the
half-open session.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I82fe0f0c7e520baa72fd380d0a43a76ebbd5f548
Vlib panic uses longjmp to exit main loop, but workers don't set main_loop_exit
field on initialization, so this jump corrupts registers and causes segfault.
There I add clib_warning and abort if longjmp context hasn't been set.
Type: fix
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
Change-Id: I0d705f1f139c4083af75066aeb525964ed0aa202
Originally the name for each session pool is incorrectly prepared.
It doesn't have right length. It is not null terminated.
The fix corrects the name formatting for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I67da3d64702ccb27a5907825528f8c95d91040bb
In case of UDP length errors in udp_local node, these errors are
being lost and incomplete header may be advanced by wrong offset.
Fix it with only full packets processing and explicit error set
otherwise. Also, optimize two buffer loop perfomance into fast
path with both buffers are ok and slow path with one or none.
Type: fix
Change-Id: I6b7edc3eb5593981e55d7ae20d753c0fd1549d86
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Originally the name for each session pool can be incorrect prepared.
The fix changes formatting for name for each session pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I42e0752f9f46c5a42524ec7b863a7c9dd3c23110
wrk->event_elts has 5 elements if no user events
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: Ib38fab422304efc470e20ccb7121442f05bf8bf3
Using pre-shared keys is usually a bad idea, one should use eg. IKEv2
instead, but one does not always have the choice.
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C) whereas for AES-CTR or AES-GCM, the IV should never be reused with
the same key material (see NIST SP800-38a Appendix B and NIST SP800-38d
section 8).
If one uses pre-shared keys and VPP is restarted, the IV counter
restarts at 0 and the same IVs are generated with the same pre-shared
keys materials.
To fix those issues we follow the recommendation from NIST SP800-38a
and NIST SP800-38d:
- we use a PRNG (not cryptographically secured) to generate IVs to
avoid generating the same IV sequence between VPP restarts. The PRNG is
chosen so that there is a low chance of generating the same sequence
- for AES-CBC, the generated IV is encrypted as part of the message.
This makes the (predictable) PRNG-generated IV unpredictable as it is
encrypted with the secret key
- for AES-CTR and GCM, we use the IV as-is as predictable IVs are fine
Most of the changes in this patch are caused by the need to shoehorn an
additional state of 2 u64 for the PRNG in the 1st cacheline of the SA
object.
Type: improvement
Change-Id: I2af89c21ae4b2c4c33dd21aeffcfb79c13c9d84c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
To allow a more flexible throttling configuration, the number of bits
used in the throttling bitmap can be chosen.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I7bfe391dd64729011b03f3e5b89408dfc340e036
Type: fix
API clients can register for peer events (e.g. to be notified when
connection is established). In a multi-worker setup, peer events might
be triggered from a worker thread. In order to send a peer event to the
clients, an API message needs to be allocated and populated.
API messages allocation is only allowed from the main thread. Currently,
the code does not handle the case when a peer event is trying to be sent
from a worker thread. In debug builds, when this happens, it causes
SIGABRT in vl_msg_api_alloc_internal() because assertion "pool == 0 ||
vlib_get_thread_index () == 0" fails. In production builds, when this
happens, it might cause unexplained behavior.
There is a test that is supposed to catch this but all multi-worker
Wireguard tests are currently disabled. This problem is likely to be one
of the reasons they were disabled.
With this fix, when a peer event is triggered from a worker thread,
allocate and send corresponding API message from the main thread using
RPC.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib3fe19f8070563b35732afd16c017411c089437e
Previously, even if sa defined traffic selectors esp packet src and dst
have been used for fast path inbound spd matching. This patch provides
a fix for that issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibd3ca224b155cc9e0c6aedd0f36aff489b7af5b8
Using clib_bitmap_vec_validate makes free bitmap vector
to be x64 times bigger (assuming x86_64) than necessary
when non-zero and possible oom due (u32)(0 - 1) math with
zero alloc.
Fix it with clib_bitmap_validate which takes bit size, not
index and ensure at least one bit is allocated.
Type: fix
Change-Id: I7e191f4e2fb3722a06bb800e1d075f7c7e2dcec9
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
In a case where one pounds on a single kvp in a KVP_AT_BUCKET_LEVEL
table, the code would sporadically return a transitional value (junk)
from a half-deleted kvp. At most, 64-bits worth of the kvp will be
written atomically, so using memset(...) to smear 0xFF's across a kvp
to free it left a lot to be desired.
Performance impact: very mild positive, thanks to FC for doing a
multi-thread host stack perf/scale test.
Added an ASSERT to catch attempts to add a (key,value) pair which
contains the magic "free kvp" value.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I6a1aa8a2c30bc70bec4b696ce7b17c2839927065
Exported indentifiers in Go start with capital letters. Only few fields
in hs-test, which are being unmarshaled from yaml are required to be
exported. Every other field name or method name should start with
lower-case letter, to be consistent with this naming convention.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I7eab0eef9fd08a7890c77b6ce1aeb3fa4b80f3cd
Location changed and binary renamed to test_infra
Also it is built by default.
Type: improvement
Change-Id: I27cd97f274501ceb7a01213e2bc9676cea00f39c
Signed-off-by: Damjan Marion <damarion@cisco.com>
Used on intel client CPUs which suppport VAES instruction set without
AVX512
Type: improvement
Change-Id: I5f816a1ea9f89a8d298d2c0f38d8d7c06f414ba0
Signed-off-by: Damjan Marion <damarion@cisco.com>
DMA batch status was set by hardware. Its value may be variable between
cpus twice accesses. Saving the value of status can fix it.
Type: fix
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ibc9337239555744a571685b486c986991c3e9b18
Recognize and drive google virtual ethernet (gve) in google cloud.
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ia559615ac059cabbca5d10bcd4049e87beaad638
Fix the typo in the intrinsic name, which caused incorrect intrinsic to be used.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ib7fde14d12897e4d1bfb5a01f6d65025473e4f8e
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and
leverage it for non-connected udp tx.
Non-connected udp sessions are listeners and are therefore allocated on
main thread. Consequently, whenever session queue node is not polling
main, tx events generated by external applications might be missed or
processed with some delay. To solve this, request that apps use
SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and
send that to first worker as opposed to main.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
Specify the number of max_batches when applying for dma config.
Skip this round when no batch available from vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: Ic6e0acf81ba4fc3ed33aea6ac6990ef841021c59
Allocate and initialize dma batch structure when adding dma config.
The number of required dma batches is set by max_batches parameter.
Thus dma batches are not allocated dynamically in worker thread.
Application need to check the return value of vlib_dma_batch_new.
Type: improvement
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I5d05a67b59634cf2862a377d5ab77cb1040343ce
Make sure endpoint freelist is drained before alloc of fixed local
source port is tried.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I302deee5609a463af8135185af71722ac8c55a27
Those CPUs are announcing VAES capability but they don't support AVX512.
Type: fix
Fixes: 73a60b2
Change-Id: I7b4be95e91bb6f367cd71461f1126690f3ecd988
Signed-off-by: Damjan Marion <damarion@cisco.com>
udp_output_get_connection handles correctly if the connection
is a listener whereas udp_connection_get does not which may lead
to a crash.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I40b57287a8686820d29872cae2cfd6ae27a57c26
This avoids printing ldp debug messages while debug is disabled and vcl
is initializing.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I5dfd1d59032db937fea146b6b84b8e26307a0de0
Process 8 packets perf batch in vlib_buffer_free_inline() when
CLIB_HAVE_VEC512 is enabled.
Type: improvement
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Change-Id: I78b8a525bce25ee355c9bf0e0f651698a8c45bda
Type: fix
In vpp, file descriptor handler closes the fd upon error
if there is no error handling function is registered.
This patch fixes the issue for af_packet interface by
registering the error handling function.
Errors will also be gracefully logged.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I260d780ac54ffd0199dcd6ca5b95e5afe957e968
Also make sure that only sessions with fifos try to set deq notification
flag on fifo
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I878c2d2e18bb98109ee03b42a4f0f8c48aa23e9f
For non-connected udp, when retrieving the subscriber session to send
the notification, it uses the current worker thread index whereas the
subscriber session is actually on the main thread. Using the worker
thread may cause a crash since the corresponding session may not be
valid in the worker thread context and even if it is valid, it is the
wrong session. This scenario is seen when the application forks
and adds subscribers to the worker thread session.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I236ee9d9ff9f3b2f7f9f8e782d70d1080aa1b627
Type: test
Add a helper wrapper script for vppctl called vppcli to vpp docker image
with proper cli socket path.
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I1a51aa54bc91c1c812698501a56401c525d498e8
If not, worker threads may continue own loops after deinit and/or
thread0 exit with related crashes due no rpc capability, unmapped
shared memory, etc. Main loop exit handlers that uses barrier sync
will be happy too as long as recursive barrier sync is supported.
Type: feature
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I255a796b06936d96715683e3f062128060233dc6
format_udp_connection takes 2 arguments from the caller.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ie618a809936a01c094982f9a8c81309826e0b087
Although removal from epoll means listener no longer accepts new
sessions, the accept queue built by vpp cannot be drained by stopping
the listener. Morover, some applications, e.g., nginx, might constantly
remove and add listeners to their epfds. Removing listeners in such
situations causes a lot of churn in vpp as segments and segment managers
need to be recreated.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia412b3f8d50fbb4881a99ff024f798353b521af7
Otherwise if vcl epoll lt events are ignored by the app, libc and vcl mq
events are never drained.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1e22f6da46d56236c52714181f6c20dcb80a33a5
- avoid setting LD_PRELOAD for container
- save nginx error log to shared volume
- reduce test run time to 10s
- add vcl and ldp debug env variables to docker file. Default to
disabled.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I401ac74e7c0ebe87befedb44150b04f773f244ea
vec_alloc() does not mark vector as accessible contrary to
vec_validate().
Also removes redundant memset(0) as vector allocation always zeroed
new memory.
Type: fix
Change-Id: I8309831b964a618454ed0bebbcdec7ec21149414
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- allocates the memory trace spinlock independently from the main heap
- disable tracing on a per thread basis
- make sure we hold the memory trace spinlock when changing tracing
Type: fix
Change-Id: I7d84f22132abdc895343d447cd3a2c574786f58d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- clib_open_netns() expects a NULL-terminated C-string
- if no netns was given, we should not try to format it otherwise we'll
get "(nil)" as netns name.
Type: fix
Change-Id: I7b6022f6e8999640d0d2a83b854455b15fa4c134
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Node renames, clone and node_by_name hash updates should be done
in vlib_node_register() / vlib_node_rename() under barrier, or
else runtime per-node stats can be either inaccurate or lead to UB.
Drop cli process nodes renaming rather than adding barrier
syncronization on reuse, nodes will get "unix-cli-process-ID"
stable names, description and terminal names are preserved and can
be obtained with "show cli-sessions" and "show terminal" commands.
Also fix insufficient name width for "show cli-sessions" with table
formatting, output sample:
DBGvpp# sh cli-sessions
PNI FD Name Flags
708 14 unix-cli-local:10558 iSLpa
710 15 unix-cli-127.0.0.1:33252 ISlpA
DBGvpp# sh terminal
Terminal name: unix-cli-127.0.0.1:33252
Terminal node: unix-cli-process-1
Terminal mode: char-by-char
Terminal width: 158
Terminal height: 43
ANSI capable: yes
Interactive: yes
History enabled: yes
History limit: 50
Pager enabled: yes
Pager limit: 100000
CRLF mode: CR+LF
Type: improvement
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: I40af4c0a5e5be92d5e3ebcd440fa55390aeb0e8b
There's a chance that vnet_sw_interface_set_flags_helper()
has successfully called some sw interface add callback functions
before returning the error. So the sw interface del callbacks
should also be called
Type: fix
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
Change-Id: I2cd7dc6d5b3a5ebfd2c4d1a6be5390083dee6401
Signed-off-by: varasteh <mahdy.varasteh@gmail.com>
IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).
Type: improvement
Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Explicitly set the ptd->n_packets to 0 if no packet is received in
memif_device_input_inline(). Otherwise ptd->n_packets just keeps
last time rx packets number, then this stale number is added to
memif_input_node->vectors_since_last_overflow in every dispatch_node()
call for memif_input_node.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: Ide98a481c925262f9a609535a314f784cab424d8
Witout thread barrier, when dpdk_process_node initiating
dpdk lib, workers thread may also be initiating. Main
and workers threads may both setting error_main info,
that will cause memory ASAN issue.
Type: fix
Signed-off-by: Xiaoming Jiang <jiangxiaoming@outlook.com>
Change-Id: I87b73b310730719035d4985a2cff2e3308120ec2
This patch introduces IP in IP packet support for flow cli and dpdk plugin.
Specifically, the following IP in IP packet types are supported:
MAC-IPv4-IPv4-TCP/UDP/None,
MAC-IPv4-IPv6-TCP/UDP/None,
MAC-IPv6-IPv4-TCP/UDP/None,
MAC-IPv6-IPv6-TCP/UDP/None,
IP in IP flow rules can be created by using the following new keywords in vppctl:
in-src-ip, in-dst-ip : to provide information for inner IPv4 header
in-ip6-src-ip, in-ip6-dst-ip: to provide information for inner IPv6 header
in-proto : to specify inner transport layer protocol type (TCP or UDP)
in-src-port, in-dst-port : to provide information for inner TCP/UDP header
An example to create flow rule for MAC-IPv6-IPv6-TCP:
test flow add index 0 ip6-src-ip any ip6-dst-ip any in-ip6-src-ip any in-ip6-dst-ip any in-proto tcp in-src-port 1234 in-dst-port any rss function default
Another example to create flow rule for MAC-IPv6-IPv6:
test flow add index 0 ip6-src-ip any in-ip6-src-ip any rss function default
Type: feature
Signed-off-by: Xinyao Cai <xinyao.cai@intel.com>
Change-Id: I6a1ca36d47eb65b9cb5a4b8d874b2a7f017c35cd
Pool's pool_put_will_expand() calls clib_bitmap_will_expand(),
so every put except ones that leads to free_bitmap reallocation
will get false positive results and vice versa.
Unfortunatelly there's no related test and existing bitmap
tests are failing silently with false positive result as well.
Fortunatelly neither clib_bitmap_will_expand() nor
pool_put_will_expand() are being used by current vpp codebase.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Id5bb900cf6a1b1002d37670f5c415c74165b5421
When VPP builds its external packages from source, it will download the
package, patch it, configure it, build and install it. For DPDK, it will
depend on rdma-core if mlx4/mlx5 PMD is enabled. So phony target
dpdk-config needs to have the prerequisites of rdma-core-install and
ipsec-mb-install(x86 only), which are both phony targets. This leads to
redundant behavior of recipes executing twice in dpdk-config.
Replace the phony target with hidden file *.install.ok to avoid that.
Type: improvement
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ibf3b766ab7a4ccfcbffe08f6cdb90da72ca1ce29
SElinux added support for defining what files can be mmap()'d a while back.
This change defines those files that VPP maps.
This is needed for EL9 support
Type: fix
Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: Iedd26914e29347169c4cc138628df7823ddd5691
Currently only RHEL/CentOS 8 and Fedora are supported.
EL9 is a middle ground and thus require some different dependencies.
Type: feature
Signed-off-by: Christian Svensson <blue@cmd.nu>
Change-Id: I7be79e61994800bb796d4e9141f0ff6ad8bdead2
When using memory traces it can take a long time to display all traces
bigger than 1k if there are lots of them, especially as we need to
resolve symbols.
It is better to display only the 1st 50 by default, unless verbose is
used.
Also fix the help string.
Type: improvement
Change-Id: I1e5e30209f10d2b05c561dbf856cb126e0cf513d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This patch adds an API memif_socket_filename_add_del_v2
that allows autogenerating memif socket_id when passing
~0 in the socket_id field.
It opportunistically walks the hash to find a free ID
to use, and returns it in the reply.
socket_filename also becomes a variable length string,
to accomodate for longer names (in case a netns gets
passed)
Type: feature
Change-Id: I33fc3e1cf553af27579d6bad8691b22b530531cc
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
This patch fix the memory leaks discovered in the current
implementation, inlcuding expired data, spd dump, and host names.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I3794f5db3c58d1e78df25f242c91e7a67363de53
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP is handling a lot of tunnels
for Wireguard, where one thread modifies the hash table and other
threads start the lookup at the same time.
This fix adds a barrier sync to the hash table access when Wireguard
adds or deletes an element.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id460dfcd46ace17c7bdcd23bd9687d26cecf0a39
For e.g. prometheus export it makes more sense to use the same metric name,
and expose the various symlinks as labels.
The VPP symlink metric:
/interfaces/local0/rx_unicast
that points to
/if/rx_unicast
Becomes in Prometheus:
interfaces_rx_unicast_bytes{index="0",label="local0"} 0
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ide0ab4fda4b3eb7ba7ddfc44680121c53f5267f6
Async binds may be possible due to vls generated async binds as a result
of application adding or removing listeners from epoll.
App does not need to be notified of the event.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4d01be7ddb39ba894db85feef55e9935556c24f5
Accept one spurious wakeup from vcl in epoll_pwait_eventfd to avoid
returning zero events to app without timeout.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I447c7f8176413c562be28605376a92d15e22a1f9
Nginx recreates epfds. Make sure ldp tracks the event and recreates the
libc epfd or eventfd flavor of epoll pwait will not work.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I2994bead9494f0fbb85dd32767cecc1cf69ff6eb
Type: improvement
Since VPP-SWAN does not really need StrongSwan to be compiled,
this patch refines the Makefile to reflect the change.
In addition README is updated.
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
Change-Id: I185957167ac71a44f4d12e78e1dac31c194f80f4
Old distros Centos 8 / Ubuntu 18.04 header files doesn't have UDP_SEGMENT
declared, define UDP_SEGMENT to right value if not defined.
Type: fix
Fixes: eff5f7aea8 ("vcl: ldp support for ip_pktinfo")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I99314b895e7d09962a36e7f5582c09d0d77563dc
After gerrit 38370 (729b9c94), apps are registered via ldp using program
name. Update tests to support that.
Also add make file help for UNCONFIGURE.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4ad50abfd175664b47b358df1a72e0758f51190d
Move port allocation logic from transports into generic transport layer.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I55a21f185d00f5e118c36bcc4a6ffba2cbda885e
Treat certain configuration files, which contain runtime-dependent
information, as templates. The information is filled at runtime and the
files are copied into containers.
This allows to avoid hard-coding IP addresses into configuration files.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1dae8f15f4f76c0bf1779d7c68b7f3859bf5a861
Adding `UNCONFIGURE=true` argument when running `make test` will skip
test run and unconfigure existing topology for that test.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I197747a56ca68807f0b2c3f25b6f61c3dcc41ace
This joins separate representations of veth and tap interfaces
into a single struct. It removes the need for type interface
and embedding which simplifies the code.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I1b2c368bfe90a5bdfaaa9a5129c27d7d96f8fe3b
This patch adds a missing file descriptor free handler to prevent
invalid dereferencing in the future
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Idc809a70b1fedec9a06446344d5481d467c78c19
The current implementation can cause memory leaks of async frames
and exhaust the async frames pool. Wireguard can early get async frame,
even when later it turns out it is not needed. Then such frame won't
be freed.
This fix changes the moment of acquiring async frame from the pool, so
it doesn't leak.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If7696de6a6f5db84e0dffef60caa31d4a5e6280e
This will make name of the test unique so that executing specifically
this test won't execute also other tests starting with same name.
Type: test
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
Change-Id: I8013aa453c2a1c3c156e6476a93fd58bbb850b93
- add support for building/running debug/release images
- have one point of control (Makefile)
- list all test cases
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I97949abc2fff85d7a2b3784122be159aeec72b52
- The version of libsrtp2 (2.4.2) on ubuntu-22.04 changed
the 'ekt' field in srtp_policy_t to 'deprecated_ekt'.
Type: fix
Change-Id: Icb9d8f3b56c8305bcdac5066a5f8e3e5d17d37cf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Make sure applications, especially builtin ones, cannot close a session
multiple times.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I960a1ae89a48eb359e7e1873a59d47c298c37ef1
For some apps(e.g. wrk2) upon vpp hoststack, ldp_epoll_pwait()
is called. In this function, epoll fd was created on one thread,
but it is now used on another thread. The vcl worker index is still
invalid, so the fetched ldp worker is also invalid and can corrupt
some already allocated memory.
Just as the ldp_epoll_pwait_eventfd(), make sure the vcl worker is valid
before getting the ldp worker in ldp_epoll_pwait().
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2ec23a4b5d5b0879a06642ffd80f95e948af4274
Currently wg-output-tun() doesn't check if a buffer has enough space for
prepending an ethernet header (wg header over ipv6 vxlan header case
leaves only 8 bytes free).
In such a case move buffer's content.
Type: fix
Change-Id: Iad18860e6b86a3d81f3d96d782de7c59556152d0
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
VPP build failed on Centos stream 8 when build xdp-tool
and dpdk mlx driver, Add the missing tools, libraries and headers.
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: Ie705dc8f558ceb872029f9ab4f1351b514c87405
Support running tests with `--tmp-dir` on a filesystem different from /tmp.
os.rename withs only within a single FS whereas shutil.move works accross
different filesystems.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I5371f5d75386bd2b82a75b3e6c1f2c850bc62356
The current implementation of vpp-swan plugin adds the same policy rule
in SPD twice, and it is not necessary to have two the same rules in
inbound-protect database.
This patch fixes an issue that prevents the addition of a second
identical policy rule in SPD.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ieef74288e5301455658e4e101433147d6d2482e9
When DPDK MLX PMDs are built, and the DPDK plugin is loaded, DPDK may
set the MLX5_CQE_SIZE environment variable to 128. This causes the RDMA
plugin to be unable to create completion queues. Since the RDMA plugin
expects the CQEs to be 64 bytes, set the cqe_size explicitly when
creating the CQ. This avoids any issues with different values for the
MLX5_CQE_SIZE environment variable.
Type: improvement
Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Change-Id: Idfd078d3045a4dcb674325ef36f85a89df6fbebc
Can to define src ip of outer IPv6 Hdr for each encap policy.
Along with that, I decided to develop it as API version V2.
This is useful in the SRv6 MUP case.
For example, it will be possible to handle multiple UPF destinations.
Type: feature
Change-Id: I44ff7b54e8868619069621ab53e194e2c7a17435
Signed-off-by: Takeru Hayasaka <hayatake396@gmail.com>
This converts remaining tests to configation of VPP from test context.
Type: test
Change-Id: I386714f6b290e03d1757c2a033a25fae0340f5d6
Signed-off-by: Maros Ondrejicka <mondreji@cisco.com>
This converts more tests to configure VPP from test context.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Idf26b0c16f87e87c97b198412af39b99d947ced6
pip compiled requirements file named requirements-3.txt exists in the
test directory. No need to auto-generate it again
Type: improvement
Change-Id: Ib2b51c983af8d0e4b000e4544012b6cd94405519
Signed-off-by: Naveen Joy <najoy@cisco.com>
Instead of configuring VPP instances running inside of a container,
now the configuration is going to be done from within the test context
by using binary API and shared volume that exposes api socket.
This converts just some of the test cases, rest is to follow.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I87e4ab15de488f0eebb01ff514596265fc2a787f
Allow apps/vcl to provide updated local ips for dgrams. In particular,
allow sessions bound to 0/0 to send data with valid local ips.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I50a086b1c252731a32a15b6a181ad3dba0c687e0
In current flow creating process in native avf and dpdk-plugins, when
parsing the input arguments, it does not copy IPv6 src address correctly,
so that IPv6 src address will not be configured in any flow rule, and
any packet with the same address will not be matched.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ic957c57e3e1488b74e6281f4ed1df7fd491af35c
When parsing flow action type in avf, there is an incorrect flag for
flow director, which makes flow director rule created unexpectedly.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Id9fed5db8ccacd5cc6c2f4833183364d763188c1
Fix some configurations of avf checksum offload to get the correct
udp and tcp checksum. Change Tx checksum offload capability since
avf supports ipv4, tcp and udp offload all. Remove the operation to
swap bit of checksum.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I55a916cc9ee6bef5b2074b5b6bb5f517fc2c178d
In avf the function fls_u32 is used to calculate the power of 2.
Fix the expression of this function.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I27160de8588a5efb3f24306597a5a240deb3ab74
Type: improvement
With this change, add support for dumping IPv6 Router Advertisements
details on a per-interface basis (or all). Also, cover that with a test.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I89fa93439d33cc36252377f27187b18b3d30a1d4
For AES-CBC, the IV must be unpredictable (see NIST SP800-38a Appendix
C). Chaining IVs like is done by ipsecmb and native backends for the
VNET_CRYPTO_OP_FLAG_INIT_IV is fully predictable.
Encrypt a counter as part of the message, making the (predictable)
counter-generated IV unpredictable.
Fixes: VPP-2037
Type: fix
Change-Id: If4f192d62bf97dda553e7573331c75efa11822ae
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Control use of apis that rely on _GNU_SOURCE being defined with compile
time macro.
Also fixes sendmmsg and recvmmsg which were not probably wrapped.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I207de23210d4b9dc960bb4289159502760c5614d
Add one new edge for ipv6 after gtppsc so that packetforge can parse
this protocol combination.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I1bae1ec617c4867de2e0b3de27eda77b89e5580c
In some IPsec tests, the SA called scapy_sa designs the SA that
encrypts Scapy packets and decrypts them in VPP, and the one
called vpp_sa the SA that encrypts VPP packets and decrypts them
with Scapy. However, this pattern is not consistent across all
tests. Some tests use the opposite logic. Others even mix both
correlating scapy_tra_spi with vpp_tra_sa_id and vice-versa.
Because of that, sometimes, the SA called vpp_sa_in is used as an
outbound SA and vpp_sa_out as an inbound one.
This patch forces all the tests to follow the same following logic:
- scapy_sa is the SA used to encrypt Scapy packets and decrypt
them in VPP. It matches the VPP inbound SA.
- vpp_sa is the SA used to encrypt VPP packets and decrypt them in
Scapy. It matches the VPP outbound SA.
Type: fix
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Change-Id: Iadccdccbf98e834add13b5f4ad87af57e2ea3c2a
Nat session is allocated before the port allocation. During port allocation
candidate address+port are set to o2i 6-tuple and tested against the flow hash.
If insertion fails, the port is busy and rejected. When all N attempts are
unsuccessful, "out-of-ports" error is recorded and the session is to be
deleted.
During session deletion o2i and i2o tuples are deleted from the flow hash.
In case of "out-of-ports" i2o tuple is not valid, however o2i is and it refers
to **some other** session that's known to be allocated.
By backing match tuple up session should be invalidated well enough not to
collide with any valid one.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Id30be6f26ecce7a5a63135fb971bb65ce318af82
This patch adds a "charon.plugins.kernel-vpp.use_tunnel_mode_sa"
key into strongswan.conf. If this is turned off, SAs will be
installed without tunnel information and can be used to
"ipsec tunnel protect". For the route-based IPsec, it will be
used with turning "policies" off in swanctl.conf.
Type: feature
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I58fb94bfe56627fa7002d9b95c48930a32993d2d
When application performs SSL_read from the app rx-fifo, it can
pre-allocate multiple segments, but there is an issue if the OpenSSL
manages to partially fill in the first segment, in this case, since
data is assumed to be copied over by OpenSSL to the pre-allocated
segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs
zero copy by passing the pre-allocated segment to SSL_read.
If the decrypted data size is smaller than the pre-allocated fifo
segment buffer size, application will fetch buffers including zero
in the area not filled in by SSL_read.
Type: fix
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
lcp_itf_pair_pool could grew during sub-interface creation.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Ideafe392f9bb2b418ce9d6faa4f08dfe26f4a273
If we match a next table, we must save its index in the trace instead of
the index of the 1st table.
Type: fix
Change-Id: Idd862242e7fc200eb3ab29b17a26131b844af2c0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Update custom XDP program example to work with libbpf 0.8.0 and
libxdp 1.2.9.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Ib8d03f0be7f71fe996dfb7da0cfe35165711ebb0
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
In the defination of mac node, the order of dst and src address is
reversed. Swap their order in this patch.
Type: fix
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I039accc0a881eef12f13c75c5becf8b7df97d525
Change to get ad->linux_ifindex in af_xdp_create_if() instead of in
af_xdp_load_program(), previous if did not load custom XDP program,
ad->linux_ifindex will be none, but bpf_xdp_detach() need it, so default
xdp program will be not unloaded when delete af_xdp interface.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: Id8a640204e8d29152f03349a0b58104b275635aa
Policer API calls were only by policer name. It is now possible to
select a policer by its index.
Some functionalities are also added to allow updating a policer
configuration and to refill its token buckets.
Some dead codes are being removed, and small fixes made.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I4cc8fda0fc7c635a4110da3e757356b150f9b606
adj_delegate_remove() makes 'ad' invalid, invalidate it only after its
use.
Type: fix
Change-Id: I6908d3dd2962ebd3fdf37e946cb19dae727bda09
Signed-off-by: Benoît Ganne <bganne@cisco.com>
We cannot confidently say that if we have received and processed
the handshake_initiation message, then the connection has been established.
Because we also send a response.
The fact that the connection is established can only be considered if a keepalive packet was received.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61731916071990f28cdebcd1d0e4d302fa1dee15
- clean up nomenclature & use f-strings where applicable
Type: test
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I561b7808cfc3fbfa463f7698732d19759d9ddcd4
The vector size must be increased before setting the element so that
AddressSanitizer can keep track of the accessible memory.
Type: fix
Change-Id: I7b13ce98ff29d98e643f399ec1ecb4681d3cec92
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Playing with vector length prevents AddressSanitizer to track accessible
memory. Make sure we update the size of the vector once we received the
data.
Type: fix
Change-Id: If7808254d46d7ab37d516e3de49e3583d07bb9ff
Signed-off-by: Benoît Ganne <bganne@cisco.com>
socket_tx_buffer is a vector, update its length accordingly so that
AddressSanitizer can keep track of the allowed memory area.
By doing so we can get rid of socket_tx_nbytes which becomes redundant
with the vector length.
Type: fix
Change-Id: Ied7cb430b5dd40d5ed1390aa15bd5f455a0dba62
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This patch allows to pass a tag when specifying
the dpdk `dev { }` interface configuration.
It allows a control plane generating a vpp.conf
file to retreive the resulting mapping between
dpdk interfaces & sw_if_indices in VPP without
having to change the interface name exposed
to the user.
Type: feature
Change-Id: I55907417de0083b82d4a127172816cec3459acf3
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
After creating a peer, we send a handshake request. But it's not quite right
to call wg_send_keepalive() directly.
According to documentation, handshake initiation is sent after (REKEY_TIMEOUT + jitter) ms.
Since it's the first one - we don't need to take REKEY_TIMEOUT into account,
but we still have jitter.
It also makes no sense to immediately send keepalives,
because the connection is not created yet.
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: I61707e4be79be65abc3396b5f1dbd48ecbf7ba60
Allow enabling and disabling pcap capture via the API.
A little bug is fixed along the way in
vl_api_classify_pcap_set_table_t_handler.
Type: improvement
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I096129c82aecdc82bee5dbfb5e19c76a51d80aab
In libbpf code, xsk_socket__create will call xsk_link_lookup to get the
xdp_sock bpf prog. But xsk_link_lookup can't get any bpf prog. This will
cause Libbpf not to insert the fd into xsks_map and return ERROR.
The solution to this problem is to insert fd into xsks_map ourselves
instead of libbpf.
Type: fix
Change-Id: Ic5d279c6ddc02d67371262d6106a5b53b70e7913
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Enable codegen for C type from 'rpc A returns B stream C' notation
Type: improvement
Change-Id: I05cfce71c385d414d7b177a080009628bc8c8fad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Don't truncate with vec_set_len bytes before they can be used. When
built with ASAN, it these bytes are poisoned and trigger SIGSEGV when
read.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I912dbbd83822b884f214b3ddcde02e3527848592
vec_alloc_aligned() pre-allocates the vector memory but does not
update its size, making ASan unhappy when trying to access it.
Type: fix
Change-Id: I80e753cf2458cf516d1180a24cfaca4f382339d5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
In clib_bitmap_set_region and clib_bitmap_set_multiple the index of
the last bit to set was off by 1. If this index was pointing to the
last bit of the bitmap, another uword would have been allocated,
even though it was unnecessary.
Moreover, in clib_bitmap_set_region, bits in the last word were not
properly set. Indeed, the n_bits_left value is wrong since n_bits
is not decreased by the number of already set bits.
Type: fix
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I8d7ef6f47abb9f1f64f38297da2c59509d74dd72
This patch adds source ip based sticky session, which is already
implemented in many hardware LBs and software LBs. Note that sticky
sessions may be reset if the hash is recalculated as ASs are added
or deleted.
Since this feature is unrelated to the other existing options, the
lb_add_del_vip API version has been upgraded to v2 and a new option
"src_ip_sticky" has been added.
Type: feature
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I3eb3680a28defbc701f28c873933ec2fb54544ab
In some situations, CMake will find ccache in /usr/bin but /usr/bin
might not present in PATH. The former fix for this was to place the
ccache configuration logic before the project() declaration, but since
CMake 3.4 there is a new variable to be used which handles this case.
For the original problem, see also
https://crascit.com/2016/04/09/using-ccache-with-cmake/
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Ie026e02b2b06e2dca2d62da5fea7b1a104bcc7c3
Should drop execution time for all tests by about 80%.
Type: test
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib6b4ef9fb4e7745a61b40c0b34e53e4046ccdbcc
In function ‘memcpy’,
inlined from ‘clib_memcpy_fast’ at /home/vpp/src/vppinfra/string.h:86:10,
inlined from ‘memcpy_s_inline’ at /home/vpp/src/vppinfra/string.h:157:7,
inlined from ‘vnet_pppoe_add_del_session’ at /home/vpp/src/plugins/pppoe/pppoe.c:356:7:
error: ‘__builtin_memcpy’ offset [0, 5] is out of the bounds [0, 0] [-Werror=array-bounds]
34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc1: all warnings being treated as errors
Hardware address is zero length vector for PPP, use vec_len instead.
Type: fix
Fixes: 62f9cdd82c ("Add PPPoE Plugin")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: If9fb409cfbbac77c15559d103987f0130bf30255
Fool-proof assert_checksum_valid so that one does not verify checksum on
wrong layer (because of how scapy internally works).
Make assert_packet_checksums_valid start checksum checking at inner
layers and outwards to make it more obvious where the error is. With old
behaviour, if one received an ICMP packet carrying a truncated TCP
packet, an error would be raised for ICMP checksum, as that one would be
the first to be wrong after recalculating all packet checksums, while
the real issue is TCP header being truncated and thus unsuitable for use
with this function.
Type: improvement
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Change-Id: I39a2b50ec5610f969cfde9796416ee3a50ae0ba3
The musl libc does not support closedir(0) resulting in a crash. Only
call closedir() if we successfully opened it.
Type: fix
Change-Id: I3198454f44735501047afc42b94b2fea273212f4
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Since VPP binaries are being compiled on host system,
it makes sense to autodetect Ubuntu version when building test images
so that containers would be running version equal to host system.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I0e13d9ba1ddcd3ad5835bce1b8cccfc048e5e528
Allow the CLI caller to specify an optional [index <idx>] index,
which will remove the ACL at that index. This mimicks the API behavior,
Add a 'delete acl-plugin acl index <idx>' to mimick the API acl_del
call, which will refuse to delete a non-existent index, as well as
an index that is referenced by an interface.
Type: improvement
Signed-off-by: pim@ipng.nl
Change-Id: I5f240f7a4e3bca14e8122917e8a5186d80094de2
Move config files to resources and docker files to separate directory
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I24dd0705c4a463c06de525f28cb54d882527320a
The current implementation of wireguard use dereference value from
pointer, but between get and dereference the value from pointer can be
occur change in pool memory, which means that this pointer can be
invalid. Since current implementation doesn't handle with invalid
pointers, segfault can occur.
The fix add a local variable to keep index of peer from pool and also
handle with null pointers from get pointer from pool.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Ic161ab08266e584493338c682d827ea1fd754b98
In fast path implementation of spd policy lookup opposite convention to
the original implementation has been applied and local ip range has been
interchanged with the remote ip range. This fix addresses this issue.
Type: fix
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I0b6cccc80bf52b34524e98cfd1f1d542008bb7d0
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: Ib437a01663aa61860c6a938d869ed1111da71ec7
These functions do not need modifiable strings.
It helps with linker sections as well as C++ compatibility.
It is a good style to use const where approriate.
Type: refactor
Signed-off-by: void234@gmail.com
Change-Id: I8d1e922197b3594122296e8c1af57e0a8ec0bf3d
Official nginx image is based on Debian with older libc version,
that causes a runtime fail when VPP libraries are compiled in Ubuntu
which has newer libc.
Using equal version of Ubuntu in VPP image and in nginx image
ensures that running nginx won't fail due to different libc versions.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I48f3b23be30a9d9d9144351437ce163d64a4bb6b
Installs the unversioned .so symlink in the -dev component.
This prevent debian lintian error:
link-to-shared-library-in-wrong-package
NAMELINK_COMPONENT was added in cmake 3.12
Type: make
Change-Id: I9d743218fa1f6b677659d745525e399ff66e73f4
Signed-off-by: Nick Brown <nickbroon@gmail.com>
AF_XDP support is deprecated in libbpf since v0.7.0 [1], the libxdp library
now provides the functionality which once was in libbpf, this commit updates
af_xdp plugin to depend on libxdp, libbpf still remains a dependency even if
libxdp is present, as it need use libbpf APIs for program loading.
libxdp is distributed within xdp-tool [2], xdp-tools package also
include libbpf in it as dependency, so here installed libxdp v1.2.9 and
libbpf v0.8.0, both from xdp-tool-1.2.9 package.
More information about libxdp compatibility can be found in the libxdp
README [3].
In libbpf v0.8.0, The bpf_prog_load function was deprecated and changed to
bpf_object__open_file and bpf_object__next_program and bpf_object__load,
The bpf_get_link_xdp_id and bpf_set_link_xdp_fd functions were deprecated
and changed to bpf_xdp_attach and bpf_xdp_detach, The bpf_object__unload
function was deprecated and changed to bpf_object__close.
[1] https://github.com/libbpf/libbpf/commit/277846bc6c15
[2] https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.9
[3] https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/README.org
Type: improvement
Change-Id: Ifbf6e3aa38bc6e0b77561f26311fd11c15ddb47e
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
serialize_get() -> serialize_write_not_inline(...) was losing track of
the current buffer index when it managed to empty the overflow vector
but had to turn around and use it again.
Test-case added to test_serialize.c.
This issue dates from 2010.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I024a03f7a50fd6df543ddbc7c45d85def4f1981d
This fixes an issue on systems with http proxy set.
Type: test
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Ic84fcd0b8a7698ef101b369d46be858cbe85fc73
Musl is stricter than glibc and has a warning that including fctnl.h and
poll.h should be prefered rather than their sys/ counterparts, which
breaks -Wall setups.
Type: fix
Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
Change-Id: Id101e999371951b0927cc8c4109f8f1536de1bc2
Copy necessary only plugins in docker image
Type: improvement
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: I5f60a8a1ccbbe099ac60774562dc5901f3b4fbed
Volumes can be referenced with anchors to reduce text duplication
and to explicitly show which containers share a volume.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Id408a78262573b3faf2257c32bfa569eca2e2049
This patch removes a
.runs_after = VNET_FEATURES ("ip6-lookup"),
On the 'pt' node, as 'ip6-lookup' does not belong to the 'ip6-output' arc.
Type: fix
Change-Id: Ie34aaf7351593f08c61e3b02aaf9f72a4de1a437
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
In most cases we only need OpenSSL libcrypto (crypto primitives) but
not libssl (tls).
Type: improvement
Change-Id: I9dce27d23d65bf46aea2d0f8aaf417240701efcc
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
This patch adds a fix for an issue in the ipsecmb library resulting in
lower than expected performance in multi-threaded scenarios. This is
due to multiple threads writing the same global variable simultaneously.
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: Ibcac321aa40da4b1709198dec3e18226e3891138
When use update api delete a virtual address, no matter which IP want to delete, always delete the last one.
Type: fix
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Change-Id: Ia67c06dd53a442740794e1884d1a4aaa06965398
This will add a new target (fixstyle) to Makefile that runs gofmt tool.
Type: style
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Change-Id: Icba60633f82aa8bbc75749f080e00f0375b55a18
Type: improvement
Allow vapi to signal to an application's RX thread that it should wake
up and exit.
Before disconnecting from VPP's API, libvlibmemoryclient inserts an
rx_thread_exit message into the client's own input queue to cause its
RX thread to wake up from its blocking dequeue and exit cleanly. Add a
function to vapi's API which will allow libvapi client applications
which have an RX thread waiting for incoming messages using vapi_wait()
to do the same thing.
The existing libvlibmemoryclient code which does this was moved to a
separate function and made available for vapi_stop_rx_thread() to call.
Also fixed some inconsistencies in indentation of function prototypes in
vapi.h to make checkstyle.sh happy.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I7bbb73470807123cc63ef313cfb91d1fd31b34e5
We were creating an additional worker not backed by any VPP threads,
leading off-by-1 access in the session main workers vector.
Also uses vec_elt_at_index() when accessing session main workers vector
elements to catch those errors more easily.
Type: fix
Change-Id: I6059116b7b64ae6b26ad83c1fcf55df8522868ad
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Previously it was linked and worker properly. While rdma build
was simplified, link was lost so all encrypted data won't pass
via Mellanox interfaces(ipsec, ipip, ssh etc) and NetVSC taps
won't created the right way.
Errors:
mlx5_common: Verbs device not found: 21a5:00:02.0
mlx5_common: Failed to initialize device context.
EAL: Requested device 21a5:00:02.0 cannot be used
Tested on Azure. Same errors appears on physical machine with
Mellanox connect adapter
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Ib68976282e0ed91c016a7318db6b5eddf5510c47
- load openssl legacy providers during quic init
when building with openssl 3.0 or greater
- re-enable quic 'make test' testcases on
ubuntu-22.04
Type: fix
Change-Id: Icfd429b6bc1bddf9f9937baa44cc47cd535ac5f2
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Options
"-p" to not remove topology elements after the test finishes
"-v" from now on extra output from tests is hidden by default,
this will show it again
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I626188561c883534e9004d5130ee2a972d12b4e2
While before the my_client_index variable was stored as global variable
in api_main_t, after commit 2ca88ff978
the my_client_index becomes part of vapi_ctx_t.
Each API client (internal/external) connected to VPP stores its
client index in vapi_ctx_t.
The issue is in the client disconnection. The vapi_disconnect is
untouched in patch 2ca88ff978,
so it keeps the behavior of using the my_client_index stored
in api_main_t.
Ticket: VPP-2069
Type: fix
Fixes: 2ca88ff978
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Idf8c1d1056cbd631cc3057cf7acc486216fa8303
Definition of shared volumes and containers has been moved
to yaml files to be together with network topology.
Containers are automatically run at the beginning of each test case
and stopped afterward.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I264cbb4f1355f8bd7aade221e9609fb5b9bd693e
fix memory leak and refactor nat44-ed db init/free through.
how to reproduce memory leak: input "set nat44 session limit
50000 vrf 1" repeatedly.
Program received signal SIGABRT, Aborted.
0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
(gdb) bt
0 0x00007ff4b3cc5337 in raise () from /lib64/libc.so.6
1 0x00007ff4b3cc6a28 in abort () from /lib64/libc.so.6
2 0x00000000004079db in os_panic () at /usr/src/debug/vpp-23.02/src/vpp/vnet/main.c:417
3 0x00007ff4b43e784f in os_out_of_memory ()
at /usr/src/debug/vpp-23.02/src/vppinfra/unix-misc.c:221
4 0x00007ff4b43a71aa in clib_mem_heap_alloc_inline (heap=0x0, size=27263040, align=64,
os_out_of_memory_on_failure=1) at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:613
5 0x00007ff4b43a7256 in clib_mem_alloc_aligned (size=27263040, align=64)
at /usr/src/debug/vpp-23.02/src/vppinfra/mem_dlmalloc.c:635
6 0x00007ff4b522fafa in alloc_aligned_16_8 (h=0x7ff46a7815b8 <snat_main+408>, nbytes=27262976)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:59
7 0x00007ff4b522fd12 in clib_bihash_instantiate_16_8 (h=0x7ff46a7815b8 <snat_main+408>)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:163
8 0x00007ff4b5230037 in clib_bihash_init2_16_8 (a=0x7ff465f36870)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:245
9 0x00007ff4b52300ac in clib_bihash_init_16_8 (h=0x7ff46a7815b8 <snat_main+408>,
name=0x7ff46a754871 "ed-flow-hash", nbuckets=262144, memory_size=0)
at /usr/src/debug/vpp-23.02/src/vppinfra/bihash_template.c:260
10 0x00007ff46a7013e8 in reinit_ed_flow_hash ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3264
11 0x00007ff46a7014fd in nat44_ed_sessions_clear ()
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3299
12 0x00007ff46a701044 in nat44_update_session_limit (session_limit=70000, vrf_id=1)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed.c:3225
13 0x00007ff46a73d3d1 in nat44_set_session_limit_command_fn (vm=0x7ff473c8f740,
input=0x7ff465f36ef0, cmd=0x7ff474c5ce48)
at /usr/src/debug/vpp-23.02/src/plugins/nat/nat44-ed/nat44_ed_cli.c:1638
14 0x00007ff4b5d56527 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=97)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:650
15 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=98)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
16 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=21)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
17 0x00007ff4b5d562c3 in vlib_cli_dispatch_sub_commands (vm=0x7ff473c8f740,
cm=0x4273f0 <vlib_global_main+48>, input=0x7ff465f36ef0, parent_command_index=0)
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:607
18 0x00007ff4b5d569cb in vlib_cli_input (vm=0x7ff473c8f740, input=0x7ff465f36ef0,
function=0x7ff4b5dc2406 <unix_vlib_cli_output>, function_arg=0)
---Type <return> to continue, or q <return> to quit---
at /usr/src/debug/vpp-23.02/src/vlib/cli.c:753
19 0x00007ff4b5dc7b0c in unix_cli_process_input (cm=0x7ff4b5e4ae00 <unix_cli_main>,
cli_file_index=0) at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2616
20 0x00007ff4b5dc825a in unix_cli_process (vm=0x7ff473c8f740, rt=0x7ff4797a5280, f=0x0)
at /usr/src/debug/vpp-23.02/src/vlib/unix/cli.c:2745
21 0x00007ff4b5d80a25 in vlib_process_bootstrap (_a=140687718901968)
at /usr/src/debug/vpp-23.02/src/vlib/main.c:1221
22 0x00007ff4b439e298 in clib_calljmp () at /usr/src/debug/vpp-23.02/src/vppinfra/longjmp.S:123
23 0x00007ff4698268a0 in ?? ()
24 0x00007ff4b5d80b4e in vlib_process_startup (vm=0x7ff4b43a77a3 <clib_mem_size+24>,
p=0x7ff4698268d0, f=0x7ff474b1e580) at /usr/src/debug/vpp-23.02/src/vlib/main.c:1246
25 0x00007ff4b5dbdbe6 in vec_max_bytes (v=0x8)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:161
26 0x00007ff474b1e598 in ?? ()
27 0x0000000000000004 in ?? ()
28 0x00000000000000ff in ?? ()
29 0x00007ff469826980 in ?? ()
30 0x00007ff4b5dbddcb in _vec_set_len (
v=<error reading variable: Cannot access memory at address 0xfffffffffffffff5>,
len=<error reading variable: Cannot access memory at address 0xffffffffffffffed>,
elt_sz=<error reading variable: Cannot access memory at address 0xffffffffffffffe5>)
at /usr/src/debug/vpp-23.02/src/vppinfra/vec_bootstrap.h:196
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I52a7d229c95e4ab30f7f2cfe574440aa37bed6a2
New BFD UDP errors were no longer compatible with BFD errors. This was causing
out-of-bound reads and ASAN test crashes.
Fix this issue by statically checking if these enums are compatible.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I92fddd26270f946bc16ade840c94e5496e2cb88a
Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.
Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
After deleting a sw interface with nat44 features, the next created
sw interface will get the same sw_index reused and therefore will
erroneously have the same nat features enabled.
Type: fix
Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Some upon apps(e.g. Nginx-quic) package it's several protocol buffers into a struct msg
which is a combination of gso_buffer and gso_size.
but if HostStack regardless the gso_size to the buffer and split the buffer with default mss,
that cause peer client failed on parsing the package.
Type: improvement
Signed-off-by: Dou Chao <chao.dou@intel.com>
Change-Id: I805eb642be826038ba96d1b85dad8ec0c0f6c459
Signed-off-by: Dou Chao <chao.dou@intel.com>
Type: improvement
The function vapi_wait() is intended to allow a caller to block while
waiting until the API queue can be read/written. It was a stub that
returned VAPI_ENOTSUP. Add code which implements the wait on being able
to read an incoming message.
Had to touch a few other things in vapi.h to make checkstyle.sh happy
after changing the prototype of vapi_wait().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ida80c1a1d34fe297ab23268087be65ea53ad7040
- append make output to quicly build & install logs
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I4cfe7afdaa633295968c25902b12f58100f8ca69
Tests gso/gro-coalesce features on tapv2, tunv2 and af_packet
interfaces to ensure that packet transmission is enabled correctly
for various MTU sizes and interface combinations in bridged and
routed topologies for IPv4 and IPv6. Interface tests are
dynamically generated at run time from the config file
vm_test_config.py.
Type: test
Change-Id: I5f9d8cc80d20b4e34011fc8a87e35659bd9613bc
Signed-off-by: Naveen Joy <najoy@cisco.com>
Type: improvement
The log buffer and event buffer get lots of messages written like
"Processed 2 messages" by linux-nl when its enabled. This can crowd out
more important messages and should only actually be stored if debug
messages are desired. Change from logging with NL_INFO() to NL_DBG().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I9055432f7ef35d3e0ad59dce307d2b3c6284002f
Docstring in VPP Python API says that find_api_dir() will search for
environment variable VPP_API_DIR first and foremost, except it doesn't.
Prepend VPP_API_DIR if it exists, and allow dirs to be omitted in case
it will be the empty list []
Type: fix
Signed-off-by: pim@ipng.nl
Change-Id: Ic892e4bb7d8ff50f18e64ddfd2a61343883f07ea
NAT44 enable/disable return status was used
instead of appropriate VNET_API_ERROR_ code.
Type: fix
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
Change-Id: If944866bf3061afdc91284c0ad475135e529bdc4
Don't redirect to "favicon.ico/index.html" if you can't find
"favicon.ico".
If asked to serve up a nonexistent path, see if the path ends with a
known suffix: ".jpg, .html, .ico" etc. If it does, flunk the request
on the spot: "Error 404 Not Found." Do not issue a redirect.
This change will not break the obvious corner case: if the browser
asks for "its_a_dir.mp3/index.html" - and the file exists - the server
will produce it.
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I91aad90be05b98ba2b40e240d13d71816aed4526
Add plugin-path parameter to aid external plugin development.
Multiple directories are supported as a colon separated list.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Ida35dedceccd0019ea68e56f7a3672c530258447
Use the Python API binding to generate a set of API messages
in binary format, that can later be replayed independently
of the Python API.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iaab6ca31fd2809193e461ab53f7cc7332a231eb5
Signed-off-by: Ole Troan <ot@cisco.com>
To support testing of external plugins, add support to the test framework and PAPI
for specifying a list of locations to look for api.json files.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I128a306e3c091dc8ef994801b1470b82d2f4595d
Signed-off-by: Ole Troan <ot@cisco.com>
if the api client didn't wait for the last message, we'd get a SIGPIPE
from Unix and VPP would crash.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iac7705ec09ccd67cc249cc9a9525a7cb379e2f6f
Signed-off-by: Ole Troan <ot@cisco.com>
Async use of the API is much faster than blocking calls.
Seemed like it only worked over shared memory transport.
This patches re-enables support for async calls over socket
transport.
Type: fix
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: I05f3b362035ce0a1c16788ba9003a35601ddb04e
Signed-off-by: Ole Troan <ot@cisco.com>
The request vector generated by hss_ts_rx_callback() must be NULL
terminated.
The hss_main_t use_ptr_thresh member must be a u64 since
unformat_memory_size() expects it. Otherwise, the adjacent u8
enable_url_handlers may have an accident.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I2cc08e3cbd31b225fb03799283c055515add13bf
The metadata in classifier entries is used to index a fib or a dpo in
the acl nodes which can exceeds UINT16_MAX in large configurations.
To maintain entries size and alignment, decrease next_index from 32- to
16-bits: next_index should not exceed 16-bits in VPP, as it is already
shown by vlib_buffer_enqueue_to_next() or dpo_id_t.dpoi_next_node.
Type: fix
Change-Id: I4fd1b3cd495319420044c219036b2d2ea952270a
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This adds basic, functional-only, test of TCP connection with delay and
packet loss introduced by Network Delay Simulator.
Type: test
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: Ibedf4c680c152921b733cf39d99b178412748d3c
Add an http redirect template to generate correct-looking "301 Moved
Permanently" replies.
Supply a default value of 1<<31 for the use_ptr_thresh config parameter.
Expose hss_session_get() so friend plugins which register GET / POST
handlers with the http_static server can add data to the session fifos.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: Ie1452eaf61c6f67311fbab092bc1fe03050bf94f
The return value in this function is initialized with 0, so if a vector of length 0 is passed
to stat_segment_dump_r, then this return value is never populated, resulting in inability
to distinguish between a successful dump of an empty vector and an error.
Solution: call vec_alloc(). As a side effect might get some trivial speed-up.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I33fefd801df457152e9ec257742305182e91f339
Test suite now supports assertions which on fail stop test case run,
also it allows to create docker containers which are going to be
stopped automatically after the test run is finished.
Type: improvement
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I2834709b1efd17b8182d36cc0404b986b4ed595d
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
This change was introduced to workaround a bug in the NAT code, but
we should not woraround plugin bugs in infra.
Type: fix
Fixes: f8631ce7e8
Change-Id: Id6ee281cf1fe8466b6522905fc2a176716e3d52f
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Account for the potential of sysconf() returning -1 if it can not
get the page size and make it a fatal error.
Coverity: 277313
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I8cae6a35ec2f745c37f1fe6557e5fa66720b4628
convert vhost device driver to a plugin as described in
https://jira.fd.io/browse/VPP-2065
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ibfe2f351bcaed36a04b136d082ae414145dd37b5
Support generic flow in native avf.
Enable necessary RSS hash function for generic flow. Extend some
structures and functions from for FDIR only to for both RSS and FDIR
flows. Modify virtual channel message to align with ice kernel driver.
Add functions to parse generic flow patterns. The parsing results will
be delivered to the kernel driver and create corresponding flow rules.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: I82ce102a21993f1bae8a8bf23e491d5e1c261f61
The initiate handshake process can be called a numbers times for each
peers, then the main VPP thread called by Wireguard starting to
allocate memory. This behaviour can lead to out of memory when VPP has
a lot of Wireguard tunnels concurrently.
This fix add mutex to send only once handshake initiate at time for
each peers.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I13b4b2d47021753926d42a38ccadb36a411c5b79
Write time into /sys/boottime on VPP start.
This allows a stateless control plane agent to validate if it's reconnecting to the same
VPP instance.
Type: improvement
Signed-off-by: Ole Troan <ot@cisco.com>
Change-Id: Iba7f334339c46142045e43da6efab11612e7b9c0
Signed-off-by: Ole Troan <ot@cisco.com>
Maintain a single writer multiple readers usage model for transport
endpoints pool.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I8555700ed725971341f145ea97f031042a298e83
The issue can be reproduced by running "vpp_get_stats tightpoll"
The root cause is that the control flow discards the "result" struct
being prepared, along with pointer its allocated name.
This results in a memory leak.
Type: fix
Change-Id: Ibf884e92314f19b983a0159fc1257b3fa0110443
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
When n_rx_packets is less then 16(VEC256) or 8(VEC128), code execution
will fall into scalar path of processing packets. But with a wrong
initialization value for n_left set to zero, i in the for-loop will
equal to n_rx_packets. This leads to the bypass of required ip4 checksum
validation and byte count endianness conversion in scalar path.
Besides, refactor the code using while instead of for-loop to keep
consistency with VPP code style.
Type: fix
Fixes: bf93670c51 ("rdma: fix ipv4 checksum check in rdma-input node")
Signed-off-by: Lijian Zhang <lijian.zhang@arm.com>
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Ib4e8cb5202735f8b060c99caddf26035657551e1
Type: fix
Fixes: a51f9b3747
Some IPsec message type definitions were not being written to
ipsec.api.vapi.h. These include ipsec_sad_entry_add_del_v3 and
ipsec_sad_entry_add.
The cause appears to be that tunnel_flags, which is defined in
tunnel_types.api is a special case of enum called an enumflag. These do
not appear to have been handled in the code that generates the vapi
header files.
This patch adds processing of enumflag objects for vapi.
Change-Id: Ie506c4fcb5a07fe97a330ba11c252d1df98adfd9
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Fast path spd was explicitely storing array of policy id vectors.
This information was redundand, as this inofrmation is already stored
in bihash table. This additional array was affecting performance
when adding and removing fast path policies.
The other place that needed refactoring after removing this array was
cli command showing fast path policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I78d45653f71539e7ba90ff5d2834451f83ead4be
Not ideal. The sparse vector used to map ports to next nodes assumes
only a few ports are ever used. When udp transport is enabled this does
not hold and, to make matters worse, ports are consumed in a random
order.
This can lead to a lot of slow updates to internal data structures
which in turn can slow udp connection allocations until all ports are
eventually consumed.
Consequently, reallocate sparse vector, preallocate all ports and have
them point to UDP_NO_NODE_SET. We could consider switching the sparse
vector to a preallocated vector but that would increase memory
consumption for vpp deployments that do not rely on host stack.
For reference, populating one of the v4 or v6 sparse vectors in reverse
order takes about 9.8s on a skylake cpu.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Id795e1805d0d3ba54f56a152a9506a7a2a06ecbc
Implements the API for SRv6 Path Tracing
Type: feature
Signed-off-by: Julian Klaiber <julian@klaiber.me>
Change-Id: Iefa7e512c8e1894595a9e3f5d42eab4160db1f28
In order to loop over the list of `vl_api_ip_address_details_t`,
increment the pointer by one instead of `i`.
Type: fix
Change-Id: I8554d1388d67bb95e029eddf444d383fb85ecac7
Signed-off-by: Timur Celik <mail@timurcelik.de>
Type: fix
Fib entries for attached routes when sourced from
FIB_SOURCE_API or FIB_SOURCE_CLI
get the FIB_ENTRY_FLAG_ATTACHED flag raised on the source.
Such a route added from linux-cp doesn't get this flag.
Fix this flag for linux-cp sources by passing it to the
fib entry's update/create function in lcp_router_route_add().
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: I24278ef86886cfee8a14acb250fb6992a754cc3c
Type: docs
Several kinds of policers are implemented in VPP.
However, they could differ from the RFCs it is
said they are from.
Additionally, the CLI command's help has been
updated with the current list of acceptable
parameters.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: Ic9bf94e1094bea0fcc87ccaa882c2c5f88824041
We add the crypto key to the vnet crypto library via vnet_crypto_key_add.
However, when the session is disconnected, we don't call
vnet_crypto_key_del and the memory is leaked in vnet_crypto library
as well as in pico tls key store.
It seems dispose crypto is the appropriate place to add
vnet_crypto_key_del.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
Plugin checks just for AVX2 instruction set, while the v1.3 of IPsec
Multi-Buffer library checks for both AVX2 and BMI2 sets during init.
VirtualBox VM doesn't provide BMI2 by default to guest operating system.
Result is that VPP plugin decides to use AVX2 initialization and library
then doesn't do it. Since flush_job remains empty, the self-check fails
and with that the whole VPP crashes on start-up.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I6b661f2b9bbe6dd03b499c55c38a9b814e6d718a
Make sure they only double in size.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18d5508c7f32836deb3b25943e8e3af39d0dbc33
API refactoring moved the address-family tag from rule
level down to prefix level.
This necessarily warrants the check that they are the same.
Also, add a check that the address family is sane.
Change-Id: Ia63b688cc9e7c9e9cc773e89708d9e9f99185fb7
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
dd2f12ba made use of ip46_address_is_ip4() in order to determine whether
the address is ipv4 or ipv6 within unformat_ip_address - however, its
logic is correct only for some addresses. e.g. a valid IPv6 address of :: (unspecified)
will result in "true" result. This is probably not an issue for most
of the cases (the unspecified address is quite rare),
however if the unformat_ip_address is used as part of the
prefix parsing, the ::/0 is a fairly often utilized construct,
which gets parsed as 0.0.0.0
Solution: return the old logic, but use a temporary
variable to avoid overwriting the target memory on failure.
Type: fix
Fixes: dd2f12ba6a.
Change-Id: I272f740dfdf07036cec68516e153f0701a53233d
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
cli show policer's help info is not consistent
with it's arguments.
Type: improvement
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I8332fe97ba343e98511db9ff1bb6afd6f3c657cd
Each NAT44 ED session has a per_vrf_sessions_index referencing
an element in the thread-local vector per_vrf_sessions_vec.
However this index can be possibly invalidated by vec_del1() in
per_vrf_sessions_cleanup(), before a session is registered.
Such a stale index can cause an assertion failure in function
per_vrf_sessions_is_expired() when we use it to locate the
per_vrf_sessions object.
A possible sequence to reproduce is:
1. Create two NAT44 ED sessions s1, s2 so that two per_vrf_sessions are created:
index 0: between VRF pair 10 and 11 (expired=0, ses_count=1)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s1->per_vrf_sessions_index == 0
s2->per_vrf_sessions_index == 1
2. Delete the first session via CLI, now the two per_vrf_sessions become:
index 0: between VRF pair 10 and 11 (expired=0, ses_count=0)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s2->per_vrf_sessions_index == 1
3. Delete the VRF 11:
index 0: between VRF pair 10 and 11 (expired=1, ses_count=0)
index 1: between VRF pair 20 and 21 (expired=0, ses_count=1)
For the sessions we have:
s2->per_vrf_sessions_index == 1
4. Create a new session s3 between VRF pair 20 and 21 so that the first
per_vrf_sessions will be deleted:
index 0: between VRF pair 20 and 21 (expired=0, ses_count=2)
For the sessions we have:
s2->per_vrf_sessions_index == 1
s3->per_vrf_sessions_index == 0
Here, note that the actual index of per_vrf_session is changed due
to vec_del1(). The new session is added after the cleanup so it gets
the correct index. But the index held by the existing session is not
updated.
5. Trigger the fast path of the session s2. To achieve this, session
s2 could be created in step 1 by
ping -i20 -Iiface_in_vrf_10 1.1.1.1
and steps 2-4 should then be performed within the 20-second interval.
This patch fixes this by changing per_vrf_sessions_vec to a pool so
that indicies are kept intact.
Type: fix
Signed-off-by: Jing Peng <jing@meter.com>
Change-Id: I4c08f9bfd50134bcb5f08e50ad61af2bddbcb645
fix byte order error about the struct snat_address_t's member net.
for example configurations:
set interface ip table loop1 1
set interface ip addr loop1 10.10.10.2/24
nat44 add address 10.10.10.2 tenant-vrf 1
the snat address's net should be "as_u8 = {0xa, 0xa, 0xa, 0x0}",
but now it's "as_u8 = {0x0, 0xa, 0xa, 0x2}" because of missing
transition of byte order about the member net of snat_address_t.
(gdb) p/x *snat_main->addresses
$3 = {addr = {data = {0xa, 0xa, 0xa, 0x2}, data_u32 = 0x20a0a0a,
as_u8 = {0xa, 0xa, 0xa, 0x2}, as_u16 = {0xa0a, 0x20a},
as_u32 = 0x20a0a0a}, net = {data = {0x0, 0xa, 0xa, 0x2},
data_u32 = 0x20a0a00, as_u8 = {0x0, 0xa, 0xa, 0x2},
as_u16 = {0xa00, 0x20a}, as_u32 = 0x20a0a00},
sw_if_index = 0x3, fib_index = 0x1,addr_len = 0x18}
(gdb)
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I4f25f0639ae90a7f2e8715b44f825571283d994d
Type: fix
The router flag on a neighbor advertisement can be used by neighbors to
detect that a router has changed to a host (RFC 4861 section 4.4).
If a neighbor adds routes after receiving a router advertisement sent
by VPP and subsequently receives a neighbor advertisement sent by VPP,
it may remove any routes it added based on the RA if the NA does not
have the router flag set. It appears that this is how windows behaves.
When sending a neighbor advertisement, set the router flag if sending
RAs is enabled on the interface.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I1f3e42bbd8ea1a4c116b1ce5a8273652d4cd763d
Otherwise, the newly configured interface will never send RADV's.
See below. In the typical case, suppress = 0 and is_no = 0, which
propagates the current value of radv->send_radv:
radv_info->send_radv =
(suppress != 0) ? ((is_no != 0) ? 1 : 0) : radv_info->send_radv;
No other bit of code will set send_radv, at least in straightforward
ways.
Type:fix
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: If9368155f7676460ca1f87729c2b3c453405d08d
When echo client fails to connect to remote, it should quit.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I787423bdc61a58eea48bab7bd8b73137626c02b4
Type: refactor
1) Removed deprecated API.
- These specific APIs do not have repleacement
because features that they controled
aren't part of current NAT44-ED
implementation anymore.
2) Removed unused typedef of port allocation funciton.
- Missed left over removed.
Change-Id: Ib3f763449065eda7cdcb2c6565a9cae51baf23d6
Signed-off-by: Filip Varga <filipvarga89@gmail.com>
_clib_error (how_to_die=2, function_name=0x0, line_number=0, fmt=0x7fffb3a7e1b5 "%s:%d (%s) assertion `%s' fails") at src/vppinfra/error.c:143
mbedtls_ctx_get (ctx_index=0) at src/plugins/tlsmbedtls/tls_mbedtls.c:114
tls_ctx_get (ctx_handle=536870912) at src/vnet/tls/tls.c:310
tls_app_session_cleanup (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/tls/tls.c:624
app_worker_cleanup_notify (app_wrk=0x7fffbef95f80, s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/application_worker.c:445
session_cleanup_notify (s=0x7fffbf102040, ntf=SESSION_CLEANUP_SESSION) at src/vnet/session/session.c:262
session_free_w_fifos (s=0x7fffbf102040) at src/vnet/session/session.c:268
session_delete (s=0x7fffbf102040) at src/vnet/session/session.c:287
session_transport_delete_notify (tc=0x7fffbdf63c40) at src/vnet/session/session.c:1159
tcp_handle_cleanups (wrk=0x7fffbef46d40, now=133.30033046694487) at src/vnet/tcp/tcp.c:1298
tcp_update_time (now=133.30033046694487, thread_index=2 '\002') at src/vnet/tcp/tcp.c:1309
session_update_time_subscribers (smm=0x7ffff7f75ce0 <session_main>, now=133.30033046694487, thread_index=2) at src/vnet/session/session_node.c:1817
session_queue_node_fn (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, frame=0x0) at src/vnet/session/session_node.c:1934
dispatch_node (vm=0x7fffbdfad1c0, node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT, dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0, last_time_stamp=4722227957546624) at src/vlib/main.c:960
Putting a breakpoint in gdb, I found out ctx was free in mbedtls_app_close.
Looking at app_close function in picotls and openssl, I don't see they
free ctx and they don't crash when processing cleanup. I am inclined to
think that mbedtls_ctx_free should not be called in mbedtls_app_close
at src/plugins/tlsmbedtls/tls_mbedtls.c:92
at src/plugins/tlsmbedtls/tls_mbedtls.c:559
at src/vnet/tls/tls.c:360
thread_index=2) at src/vnet/tls/tls.c:762
conn_index=536870912, thread_index=2 '\002')
at src/vnet/session/transport.c:332
at src/vnet/session/session.c:1608
elt=0x7fffbdfef3dc)
at src/vnet/session/session_node.c:1672
node=0x7fffbe0b1340, frame=0x0)
at src/vnet/session/session_node.c:1966
node=0x7fffbe0b1340, type=VLIB_NODE_TYPE_INPUT,
dispatch_state=VLIB_NODE_STATE_POLLING, frame=0x0,
last_time_stamp=4721919444027682)
at src/vlib/main.c:960
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic5c13e659aee618c8accee42af9f40931b62f467
The tx_fifo of session may not be set up yet, if app request to
disconnect the session, svm_fifo_dequeue_drop_all will crash.
In debug image, ho_session_alloc will do clib_bitmap_validate to
prevent race condition, however the input is not correct which
will make vpp crash.
Type: fix
Change-Id: Ia8bff325d238eacb671e6764ea2a4eecd3fca609
Signed-off-by: Dongya Zhang <fortitude.zhang@gmail.com>
Since vpp_sswan plugin already merged in /vpp/extras/strongswan,
no need to provide additional vpp_sswan source files for docker image.
Type: fix
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I35bad22b1046e0dddbcf39e1af38d589d1438239
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
make install-ext-dep failed with,
sudo rpm -Uih vpp-ext-deps-23.02-4.aarch64.rpm
error: Failed dependencies:
perl(IBswcountlimits) is needed by vpp-ext-deps-23.02-4.aarch64
vpp-ext-deps have dependencies on infiniband-diags and libibumad
Type: fix
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I2aea453f53d6507285b4f87f04c6dfc4845098cd
Fix initialization of the table u32 var which is leading to the incorrect
unformat of interface map type
Type: fix
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I1e56acd0e4c735df755e85b172bb6623bf47a57b
To aid sesipon debug, add session event log in SM debug to track
the session state.
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I6909cf969cd5b6a3ea5a06d08ae32c2f1d48f686
Type: fix
virtio transmit node uses header offsets to set the
appropriate metadata for packet with offloads. But
l2_hdr_offset is not correctly set by previous node(s).
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Id2f41a7650be45c9cc1ebacc7bec298be79bf218
Type: fix
af_packet transmit node uses header offsets to set the
appropriate metadata for packet with offload. But
l2_hdr_offset is not correctly set by previous node.
This patch makes use of curren_data field as l2_hdr_offset.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I751a725af5c231a443eed22231a867eb7f3894e0
CQE flags located in bits 16-31 at offset 0x1c should be defined as
actual numbers instead of indexes. Besides, L3 header type for IPv4 is
10(2 in decimal) and for IPv6 is 01(1 in decimal) according to CQE entry
fields description of page 120 in Mellanox Programmer Reference Manual.
(https://network.nvidia.com/files/doc-2020/ethernet-adapters-programming-manual.pdf)
Fixing this issue will lead to correct CQE flags printing for rdma-input
node when buffer trace is enabled.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9b578ca5cbd8cd93a577aa83131e31c79f60430e
- cqe_flags pointer should be incremented accordingly otherwise only the
first element in cqe_flags will be updated
- flag l3_ok should be set for match variable when verifying if packets
are IPv4 packets with flag l3_ok set
- mask/match variables should be converted to network byte order to
match the endianness of cqe_flags
- vector processing of checking cqe flags will set return value to
0xFFFF by mistake if packet numbers are not multiple of 16(VEC256) or
8(VEC128)
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I9fec09e449fdffbb0ace8e5a6ccfeb6869b5cac1
The current implmentation of the hash table is not thread-safe.
This design leads to a segfault when VPP handling a lot of tunnels for
Wireguard, where one thread modify the hash table and other threads
starting to lookup at the same time.
The fix add a local variable to store how many bits are used by a user
object.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iecf6b3ef9f308b61015c66277cc459a6d019c9c1
The documentation for the cnat plugin is highly outdated specially on
the snat section.
Type: docs
Signed-off-by: Miguel Borges de Freitas <miguel-r-freitas@alticelabs.com>
Change-Id: I30b0c6295d3c812b636374753af3c37f29b0cc53
Pass vec_foreach args in the right order
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I90d3dfb70ee2dbd9a48ae9ecfd2c1526a74d0786
vxlan will be moved to a plugin. Remove vnet files from including
vxlan header include files.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I4268110b4ed54f7ae3ffecd6db0e3025122fa59c
When there are several workers, iterator can and will skip
head iterator and it will last until BARRIER_SYNC_TIMEOUT won't
expire and will cause SIGABRT with `worker thread deadlock`
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: Id4def4d5894e077ae27592367b141ecd822e86af
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
- add session debug cli to enable fine control of which event logs
are enable/disable with below syntax
session debug {show | group <list> level <n>}
list may be entered with a dash, "0-4"
or it may be entered with a comma, "0,1,4"
- fix compilation errors when SESSION_EVT is enable
- change SESSION_EVT_FREE_HANDLER to use DEC_SESSION_ED instead of
DEC_SESSION_ETD because the transport may already be free when the
handler is called
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Iab2989e0a847bb59002ef16494eebcc1d112b2ae
Backward compatibility was broken when updating ipsecmb version to 1.3.
Type: improvement
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I87a76859ec5e2ef6be0bc2af0960fa2494ce4297
This allows for custom next node selection on output.
Type: feature
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ib0fee71a01847184e95c18097bbbfdadfbd9d030
This patch adds SCTP support in the CNat translation primitives.
It also exposes a clib_crc32c_with_init function allowing to set
the init value to start the crc32 with instead of 0.
Type: feature
Change-Id: I86add4cfcac08f2a5a34d1e1841122fafd349fe7
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
- Use the latest IPsec Multi-Buffer library release v1.3
- Use ipsec-mb burst API for HMAC-SHAx algorithms
- Use ipsec-mb burst API for AES-CBC and AES-CTR algorithms
The new burst API available in ipsecmb v1.3 brings significant
performance improvements for certain algorithms compared to the job API.
Type: feature
Signed-off-by: marcel.d.cornu@intel.com
Change-Id: I3490b35a616a2ea77607f103426df62438c22b2b
otherwise the next time the counter is validated this is dangling.
Type: fix
Fixes: 58fd481d73
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ifa8d5ff27175cf6dfb30cbf023fa3251fe5c780e
Delete redundant help information in ip neighbor's
cli. There is no code implementation about fib-id and
proxy in the cli's subsequent process.
Type: fix
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Change-Id: I1e276aad030409e3f2f62fee489ea95d316e67b5
Coverity complains dead codes in 2 places due to a recent commit as
pointed out in Fixes. The dead codes are
if (seed < L2_BD_ID_MAX % 2)
is_seed_low = 1;
and
if (is_seed_low)
seed += (2 * (i % 2) - 1) * i;
seed can never be less than (L2_BD_ID_MAX % 2).
Consequently, is_seed_low is always 0.
There is also other problem. The inner loop is iterating only once.
The fix is to greatly simplify the code to generate a random bd_id.
Type: fix
Fixes: Ieb6919f958f437fc603d5e1f48cab01de780951d
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I318773b9a59950920e051548ef14e36054ebd5e6
Session debug code does not compile anymore due to vlib_mains global
variable disappearing over time. Replace it with vlib_get_main_by_index
call.
Add a cmake variable and pass it from make command line to enable
session debug. Notice transport debug is required for session debug.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON VPP_EXTRA_CMAKE_ARGS+=-DVPP_SESSION_DEBUG=ON
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ic2e887c6b10b77cbabd56934f4931fcfa04a6751
Because envoy didn't have permission for `envoy.log` file it would stop.
This made tests involving envoy fail.
Adding `ENVOY_UID` environment variable makes envoy run as root,
which avoids the problem.
Type: fix
Signed-off-by: Maros Ondrejicka <maros.ondrejicka@pantheon.tech>
Change-Id: I910416ad1c87137396e7da89c13de7739ce74c70
Due to refactor keeping api common code in vlibapi, changes order
linked library to this plugin.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Id94c0b78cbce4954d34a82123506a76370b12b23
The log file directory is configurable with run.py using the
--log-dir argument. This patch removes the use of /tmp as
the default dir for storing all test logs. The default
log dir is now set to show the year, month and day
of the test run. This provides a more meaningful aggregation
of test logs for effective troubleshooting. The default log
dir is set to <CWD>/test-run-YYYY-MM-DD.
Type: improvement
Change-Id: I6c9002e961f6e06fc953ca42d86febf4f218e566
Signed-off-by: Naveen Joy <najoy@cisco.com>
When checking for CLIB_SANITIZE_ADDR to enable specific behavior for
AddressSanitizer, we must have vppinfra/clib.h included as it is defined
there.
Type: fix
Change-Id: I9060c3c29c1289d28596c215a1d1709b2ea7c84e
Signed-off-by: Benoît Ganne <bganne@cisco.com>
existing details report the last_heard as the seconds since VPP
started, this is not very useful, so report additionaly
time_since_last_heard in seconds between VPP time and
last_heard.
Change-Id: Ifd34b1449e57919242b1f0e22156d3590af3c738
Type: improvement
Signed-off-by: Dave Cornejo <dcornejo@netgate.com>
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Fix vpp crash when create vxlan/vxlan-gpe/geneve/gtpu tunnel
with 0.0.0.0 dst ip in debug build. The ASSERT should be move
out of fib_prefix_from_ip46_addr, which may be called when
create vxlan/vxlan-gpe/geneve/gtpu tunnel with 0.0.0.0 dst ip.
How to reproduce:
1. build debug vpp and run vpp
2. create vxlan t src 192.168.0.2 dst 0.0.0.0 vni 1 instance 1
create vxlan-gpe tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
create geneve tunnel local 192.168.0.2 remote 0.0.0.0 vni 1
create gtpu tunnel src 192.168.0.2 dst 0.0.0.0 teid 1
Type: fix
Change-Id: I19972f6af588f4ff7fd17de1b16b9301e43d596f
Signed-off-by: Huawei LI <lihuawei_zzu@163.com>
Some files include tcp_debug.h without including <vpp/vnet/config.h>
As a result, those files do not get VPP_TCP_DEBUG_ALWAYS option
set. The fix is to include <vpp/vnet/config.h> in tcp_debug.h
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I0c141147f1e8d1b49c5a1440fac1e97cbd96aaa7
Add cmake option to enable TCP_DEBUG_ALWAYS.
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=ON
make rebuild VPP_EXTRA_CMAKE_ARGS=-DVPP_TCP_DEBUG_ALWAYS=OFF
Type: improvement
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I911a8d615f76516ae0a988bc6135c3b0d8fcb3df
- tell git to ignore all build/external generated files
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I4af26a76a0248939366cd09b577d422af801c0c3
this patch adds a mode to urpf in order to perform the lookup in a specified vrf instead of the interface vrf
Type: feature
Change-Id: Ieb91de6ccdfbf32b6939364f3bebeecd2d57af19
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Type: fix
The handler for abf_itf_attach_add_del was always returning 0. Set rv to
the return value of call to abf_itf_attach() or abf_itf_detach().
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb888bb148e6e03fc2776e2384b3a6e26148a429
Type: improvement
This patch provides:
1. interrupt mode support,
2. abstract socket support,
3. overriding responder example and divides it to two examples:
-icmp_responder_cb
-icmp_responder_poll
Signed-off-by: Daniel Béreš <dberes@cisco.com>
Change-Id: I99c86d053521760c457541fc596ed554f4077608
adj_delegate_adj_created() is incorrectly called when an existing
adj is found and returned. This can lead to crashes in some cases
in the pmtu delegate:
(gdb) bt
0 0x00007f2aa8fc9ce1 in raise () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007f2aa8fb3537 in abort () from /lib/x86_64-linux-gnu/libc.so.6
2 0x0000564361b5403a in os_exit (code=code@entry=1) at ./src/vpp/vnet/main.c:437
3 0x00007f2aa9271a3e in unix_signal_handler (signum=11, si=<optimized out>, uc=<optimized out>) at ./src/vlib/unix/main.c:188
4 <signal handler called>
5 0x00007f2aa9970d5a in fib_table_get_table_id_for_sw_if_index (proto=FIB_PROTOCOL_IP4, sw_if_index=<optimized out>) at ./src/vnet/fib/fib_table.c:1156
6 0x00007f2aa964aebf in ip_pmtu_adj_delegate_adj_created (ai=8) at ./src/vnet/ip/ip_path_mtu.c:197
7 0x00007f2aa9993ee5 in adj_delegate_adj_created (ai=ai@entry=8) at ./src/vnet/adj/adj_delegate.c:166
8 0x00007f2aa998dbde in adj_mcast_add_or_lock (proto=proto@entry=FIB_PROTOCOL_IP6, link_type=link_type@entry=VNET_LINK_IP6, sw_if_index=sw_if_index@entry=7) at ./src/vnet/adj/adj_mcast.c:95
9 0x00007f2aa95c7b3e in ip6_link_enable (sw_if_index=7, link_local_addr=link_local_addr@entry=0x0) at ./src/vnet/ip/ip6_link.c:217
10 0x00007f2aa9621587 in vl_api_sw_interface_ip_enable_disable_t_handler (mp=0x7f2a4fa5ad10) at ./src/vnet/ip/ip_api.c:108
11 0x00007f2aaa3b7e44 in msg_handler_internal (free_it=0, do_it=1, trace_it=<optimized out>, msg_len=<optimized out>, the_msg=0x7f2a4fa5ad10, am=0x7f2aaa3cc020 <api_global_main>) at ./src/vlibapi/api_shared.c:593
12 vl_msg_api_handler_no_free (the_msg=0x7f2a4fa5ad10, msg_len=<optimized out>) at ./src/vlibapi/api_shared.c:810
13 0x00007f2aaa3a1702 in vl_socket_process_api_msg (rp=<optimized out>, input_v=<optimized out>) at ./src/vlibmemory/socket_api.c:208
14 0x00007f2aaa3a95d8 in vl_api_clnt_process (vm=<optimized out>, node=<optimized out>, f=<optimized out>) at ./src/vlibmemory/memclnt_api.c:429
15 0x00007f2aa9226f37 in vlib_process_bootstrap (_a=<optimized out>) at ./src/vlib/main.c:1235
16 0x00007f2aa91824a8 in clib_calljmp () at /builds/graphiant/graphnos/vpp/debian/output/source_dir/src/vppinfra/longjmp.S:123
17 0x00007f2a47cf5d60 in ?? ()
18 0x00007f2aa922853f in vlib_process_startup (f=0x0, p=0x7f2a494dc000, vm=0x7f2a489ed680) at ./src/vlib/main.c:1260
19 dispatch_process (vm=0x7f2a489ed680, p=0x7f2a494dc000, last_time_stamp=<optimized out>, f=0x0) at ./src/vlib/main.c:1316
20 0x0000000000000000 in ?? ()
(gdb)
Type: fix
Change-Id: I2d3c041e0be8284471771c7882c89f743baab0e5
Signed-off-by: Peter Morrow <pdmorrow@gmail.com>
- Also fix log output to remove hardcoded compiler version
Type: make
Change-Id: I1b224d8e9a042c58dbae689a8be706089cc1377f
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
- Verify mlx_rdma_dpdk_matrix.txt versions,
build MLX drivers in dpdk if the versions match.
Also output version comparison results to a file
for CI job to send notification email when the
versions do not match.
Change-Id: Id1384ba4ea4b1f855f4d77d1d8e2c38683abfe1f
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
It looks like tcp_time_now has been deprecated for a while and the
replacement is tcp_time_now_us
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: Ifaed2632baa49d489d4e03f2623d8cc9a6f36e64
Encode entropy value in UDP source port when requested per RFC 7510.
CLI already has "src-port-is-entropy", use zero UDP source port in API
to avoid breaking changes, since zero port is not something to be used
in wild.
Also, mark UDP encapsualtion API as mp-safe as already done for CLI.
Type: feature
Change-Id: Ieb61ee11e058179ed566ff1f251a3391eb169d52
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Added scripts to reparing setups for testing
To prepare and run containers:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh prepare_containers
To prepare setups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh config
To clean-up settups:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh clean
To deleted all containers and images in Docker:
sudo ./extras/strongswan/vpp_sswan/docker/run.sh deleted
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: I77f01c0419dccc95f610046c8552ae825f2c7e12
Added plugin vpp-swan is a plugin that helps offloading
Strongswan IPsec ESP process from Linux Kernel to VPP.
Type: feature
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: Iec77945892453fac1890d3c49d7d86fc6b09c893
Type: test
"test_wg_handshake_ratelimiting_multi_peer" has been unstable recently
because the test strongly relies on execution speed. Currently, the test
triggers ratelimiting for peer 1 and sends handshake initiations from
peer 1 and 2 mixed up. After that, the test expects that all handshake
initiations for peer 1 are ratelimited and a handshake response for peer
2 is received.
Ratelimiting is based on the token bucket algorithm. The more time
passes between triggering ratelimiting for peer 1 and sending a mixture
of handshake initiations from peer 1 and 2, the more tokens will be
added into the bucket for peer 1. Depending on delays between these
steps, the number of tokens might be enough to process handshake
initiations from peer 1 while they are expected to be rejected due to
ratelimiting.
With this change, these two steps are combined into one and the logic
modified. The test triggers ratelimiting for both peer 1 and 2. Packets
that trigger ratelimiting and that are to be rejected are sent in one
batch that is going to reduce delays between packet processing. Also,
verify that number of rejected handshake messages is in expected range
instead of verifying the exact number as it still may slightly vary.
Also, this should finish making the wireguard tests stable on Ubuntu
22.04 and Debian 11.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3407d15abe1356dde23a241ac3650e84401c9802
default RLIMIT_MEMLOCK is 64. if we use multi af_xdp interfaces or
load complex bpf program, libbpf will return permission error.
root cause is default 64 is not large enough. So we change it before
load bpf program.
Type: fix
Change-Id: Ia6aed19c9256c498cf1155586a54a32b3f444105
Signed-off-by: Chen Yahui <goodluckwillcomesoon@gmail.com>
Type: fix
Currently, when a wg interface is administratively disabled initially or
during operation, handshake packets continue to be sent. Data packets
stop being sent because routes pointing to the wg interface will not be
used. But data keys remain.
With this fix, when a wg interface is administratively disabled during
peer creation, avoid connection initialization to the peer. Data keys
and timers should be empty at this point. When a wg interface is
disabled during operation, disable all peers (i.e. stop all timers,
clear data keys, etc.). Thus, state should be identical in both cases.
When a wg interface is administratively enabled, enable all peers (i.e.
get ready to exchange data packets and initiate a connection). Also,
cover these scenarios with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ie9a620077e55d519d21b0abc8c0d3c87b378bca3
Internaly, vpp uses it's own padding, so all the data
is padded using blocksize in /src/vnet/ipsec/ipsec.c
Openssl should add it's own padding, but the data
is already padded. So on decrypt stage when padding
should be removed, it can't be done. And it produces
error `bad decrypt`
Previous versions of openSSL decrypted data almost
at the beginning of EVP_DecryptUpdate/EVP_DecryptFinal_ex
and produced the same error, but data was already decrypted.
Now it's not, so some algorithms could have some problems
with it
PS. openSSL 3.x.x
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: If715a80228548b4e588cee222968d9da9024c438
Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
Type: fix
As per the protocol:
A handshake initiation is retried after "REKEY_TIMEOUT + jitter" ms,
if a response has not been received...
Currently, if retransmit handshake timer is started, it will trigger
after "REKEY_TIMEOUT + jitter" ms and will try to send a handshake
initiation via wg_send_handshake() given that no responses have been
received. wg_send_handshake() will verify that time stored in
REKEY_TIMEOUT has passed since last handshake initiation sending and if
has, will send a handshake initiation. Time when a handshake initiation
was last sent is stored in last_sent_handshake.
The problem is that last_sent_handshake is not only updated in
wg_send_handshake() when sending handshake initiations but also in
wg_send_handshake_response() when sending handshake responses. When
retransmit handshake timer triggers and a handshake response has been
sent recently, a handshake initiation will not be sent because for
wg_send_handshake() it will look like that time stored in REKEY_TIMEOUT
has not passed yet. Also, the timer will not be restarted.
wg_send_handshake_response() must not update last_sent_handshake,
because this time is used only when sending handshake intitiations. And
the protocol does not say that handshake initiation retransmission and
handshake response sending (i.e. replying to authenticated handshake
initiations) must coordinate.
With this fix, stop updating last_sent_handshake in
wg_send_handshake_response().
Also, this fixes tests that used to wait for "REKEY_TIMEOUT + 1" seconds
and did not receive any handshake initiations. Then they fail.
Also, long-running tests that send wrong packets and do not expect
anything in reply may now receive handshake intiations, consider them as
replies to the wrond packets, and fail. Those are updated to filter out
handshake initiations in such verifications. Moreover, after sending
wrong packets, error counters are already inspected there to confirm
packet processing was unsuccessful.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I43c428c97ce06cb8a79d239453cb5f6d1ed609d6
The previous patch[37164] was a bit flawed.
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ia9d8b9c7853e8f4b960ce7de26d0384243deb667
This patch introduces fast path matching for inbound traffic ipv6.
Fast path uses bihash tables in order to find matching policy.
Adding and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve the perfromance.
Type: feature
Change-Id: Iaef6638033666ad6eb028ffe0c8a4f4374451753
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
This adds the ability to specify we want an IPv4 route via an IPv6 adj
and vice-versa.
Type: improvement
Change-Id: I5f7f1ab89fc60244d31c26155bbd9b0db690257c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
When manually adding neighbor entries for proxy-arp, those will be
fib-adj entries. Check for proxy-arp instead of dropping immediately.
Type: improvement
Change-Id: Id311159f2966c99719dc2a67d4d2bc92bf366029
Signed-off-by: Benoît Ganne <bganne@cisco.com>
The script accepts zero or one argument (the commit hash), and outputs
the detected components, the component maintainers,
and the final suggested reviewer list. See the script
for the example output.
Change-Id: Ief671fe837c6201bb11fd05d02af881822b0bb33
Type: docs
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Add a new tool packetforge to extras. This tool is to support generic flow.
Packetforge is a library to translate naming or json profile format flow
pattern to the required input of generic flow, i.e. spec and mask. Using
python script flow_create.py, it can add and enable a new flow rule for
an interface via flow VAPI, and can delete an existed flow rule as well.
Command examples are shown below. Json profile examples can be found in
./parsegraph/samples.
Naming format input:
python flow_create.py --add -p "mac()/ipv4(src=1.1.1.1,dst=2.2.2.2)/udp()"
-a "redirect-to-queue 3" -i 1
python flow_create.py --del -i 1 -I 0
Json profile format input:
python flow_create.py -f "./flow_rule_examples/mac_ipv4.json" -i 1
With this command, flow rule can be added or deleted, and the flow
entry can be listed with "show flow entry" command in VPP CLI.
Packetforge is based on a parsegraph. The parsegraph can be built by
users. A Spec can be found in ./parsegraph as guidance. More details
about packetforge are in README file.
Type: feature
Signed-off-by: Ting Xu <ting.xu@intel.com>
Change-Id: Ia9f539741c5dca27ff236f2bcc493c5dd48c0df1
When ESTABLISHED TCP connection is terminated by an RST packet,
EPOLLHUP + EPOLLRDHUP would be updeliever by VCL. If not using
VPP, app would receive EPOLLHUP + EPOLLERR + EPOLLIN(if requested) +
EPOLLRDHUP(if requested).
libevent will interpret the two cases as different EV combinations.
Below is the code snippet for libevent v2.12:
if (what & EPOLLERR) {
ev = EV_READ | EV_WRITE;
} else if ((what & EPOLLHUP) && !(what & EPOLLRDHUP)) {
ev = EV_READ | EV_WRITE;
} else {
if (what & EPOLLIN)
ev |= EV_READ;
if (what & EPOLLOUT)
ev |= EV_WRITE;
if (what & EPOLLRDHUP)
ev |= EV_CLOSED;
}
Type: fix
Signed-off-by: Yacan Liu <liuyacan@corp.netease.com>
Change-Id: Ice3d2861183b6ea499f66b727bbe175eeae5cb05
Usage:
test/run.py -r -t {test_filter}
Instead of starting a new instance of VPP, when the -r argument
is provided, test is run against a running VPP instance. Optionally,
one can also set the VPP socket directory using the -d
argument. The default location for socket files is
/var/run/user/${uid}/vpp and /var/run/vpp if VPP is started
as root.
Type: improvement
Change-Id: I05e57a067fcb90fb49973f8159fc17925b741f1a
Signed-off-by: Naveen Joy <najoy@cisco.com>
It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
Also check for non-zero rpath length in CLI cmd.
While there, no need to use "else" after a return.
Also while there, notice and fix numerous input_line
buffer leaks and fix them.
Type: fix
Fixes: 669d07dc01
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I18ea44b7b82e8938c3e793e7c2a04dfe157076d8
Type: fix
If an attempt is made to delete a teib entry and the entry does not
exist, a message is logged. The format string contained an extra "%U",
which results in a segv.
Change-Id: I9b1d6ba63601982ba6ac8607cf710e34c311702a
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
When we follow arp feature arc for proxy-arp, we should still update
the error reason in case proxy-arp cannot handle the arp request and
drops it.
Type: improvement
Change-Id: I046df017ca2056cfc12af0f0a968b401058bcd6d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
If unrecognized input was provided to the commands which add or delete a
pair, the error message was being created incorrectly and only displayed
something like "unknown input `'". Provide the correct argument to
format_unformat_error so that the actual unrecognized input is printed.
There also was no error or useful information printed if only the base
command were provided without any additional arguments. This should
print a warning about what required data was missing. Reorganize code to
handle this and to make sure that memory gets freed appropriately.
Change-Id: If454714f50cf41b3b56cfadfbf017f1d160e13a4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Handle the case of the mapping not being found by GID.
Type: fix
Change-Id: Ibce3b9e8419c0dddca97b4d0d5a71f25dfd529d8
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
add hugepage for vcl configure and svm
Type: feature
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I6a8905e3fec23d840e629114b1e5a403d0a258ef
add dma support to session, acclerate host-stack with dma
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Signed-off-by: Junfeng Wang <drenfong.wang@intel.com>
Change-Id: I3d492921d69d9e3e0b34d33adc33fba3bde9e1cc
If one attempts to add a pattern with zero length, first time
it will succeed, and the second time it will cause an invalid memcmp call.
Solution: do not allow to add zero-length patterns.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ic08e021486153be605a4b12a2fe4422307bf68d2
The number of available dynamic ports is set to (0xffff - 1024) =
64511, which is not divisable by the pow2 number of workers - the
only integer divisors are 31 and 2081.
So, total dynamic port range of all workers will be less than it:
1 wrk: n = (port_per_thread = 64511/1)*1 = 64511 + 1025 = 65536
2 wrk: n = (port_per_thread = 64511/2)*2 = 64510 + 1025 = 65535
4 wrk: n = (port_per_thread = 64511/4)*4 = 64508 + 1025 = 65533
8 wrk: n = (port_per_thread = 64511/8)*8 = 64504 + 1025 = 65529
...
As seen, with multiple workers there are unused trailing ports for every
nat pool address and that is the reason of out-of-bound index in the
worker array on out2in path due (port - 1024) / port_per_thread math.
This was fixed in 5c9f9968de, so packets
to unused ports will go to existing worker and dropped there.
Per RFC 6335 https://www.rfc-editor.org/rfc/rfc6335#section-6:
6. Port Number Ranges
o the System Ports, also known as the Well Known Ports, from 0-1023
(assigned by IANA)
o the User Ports, also known as the Registered Ports, from 1024-
49151 (assigned by IANA)
o the Dynamic Ports, also known as the Private or Ephemeral Ports,
from 49152-65535 (never assigned)
According that let's allocate dynamic ports from 1024 and have full port
range with a wide range of the workers number - 64 integer divisors in
total, including pow2 ones:
1 wrk: n = (port_per_thread = 64512/1)*1 = 64512 + 1024 = 65536
2 wrk: n = (port_per_thread = 64512/2)*2 = 64512 + 1024 = 65536
3 wrk: n = (port_per_thread = 64512/3)*3 = 64512 + 1024 = 65536
4 wrk: n = (port_per_thread = 64512/4)*4 = 64512 + 1024 = 65536
5 wrk: n = (port_per_thread = 64512/5)*5 = 64510 + 1024 = 65534
6 wrk: n = (port_per_thread = 64512/6)*6 = 64512 + 1024 = 65536
7 wrk: n = (port_per_thread = 64512/7)*7 = 64512 + 1024 = 65536
8 wrk: n = (port_per_thread = 64512/8)*8 = 64512 + 1024 = 65536
...
Modulo from 5c9f9968de is still required
when the numbers of workers is not the integer divisor of 64512.
Type: fix
Fixes: 5c9f9968de
Change-Id: I9edaea07e58ff4888812b0d86cbf41a3784b189e
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
This patch introduces fast path matching for inbound traffic ipv4.
Fast path uses bihash tables in order to find matching policy. Adding
and removing policies in fast path is much faster than in current
implementation. It is still new feature and further work needs
and can be done in order to improve perfromance.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifbd5bfecc21b76ddf8363f5dc089d77595196675
DPO in the new copy was not locked ...
Type: fix
Fixes: 0bfe5d8
Change-Id: I39f1368de459af91c4bb857d98a4b531bd5692a6
Signed-off-by: Damjan Marion <dmarion@me.com>
Free node frames in worker mains on refork. Otherwise these frames are
never returned to free pool and it causes massive memory leaks if
performed under traffic load
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I15cbf024a3f4b4082445fd5e5aaa10bfcf77f363
When a session is found expired, the next node of in2out fast path
should be in2out slow path instead of out2in slow path.
Type: fix
Signed-off-by: Jing Peng <jing@meter.com>
Change-Id: If1dd920502089c25b33bea5434823b0496a44499
Type: improvement
Roaming functionality allows the peer address to change. The main thread
was being called to update a peer's address if necessary after
processing a received packet. Check in the worker whether this is
necessary before incurring the overhead of the RPC to the main thread.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I02184b92dc658e0f57dd39993a3b2f9944187b45
The ability to modify the vlan setting must be checked prior to using
VIRTCHNL_OP_DISABLE_VLAN_STRIPPING_V2 both for inner and outer vlan
stripping
Change-Id: Iffe306c34b81a6077ad6ba5deb3f5b61b5475897
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Originally initialization cryptodev device(s) calls double request
to enabled async mode and increased ref count twice for async mode.
Due to this cannot be change any assigned async handlers to other
async crypto engine.
The fixes reduce double request to enable async mode in initialization
cryptodev device(s) and VPP can be change assigned async handlers
to other crypto engine after disabled all async feature, for example:
ipsec, wireguard.
Type: fix
Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com>
Change-Id: If22e682c3c10de781d05c2e09b5420f75be151c3
- default to opensuse-leap 15.4, no python2 support in this version
- deprecate version openSUSE 15.0, openSUSE 15.3 still supported
Type: make
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
Change-Id: Ic7178ff5238e2669bc45166c1f13d3f077f6069b
Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>
client_pathname is usually smaller than pc->caddr.sun_path. snprint()
ensures we stop at the NULL character or sizeof(sun_path) whichever
comes 1st. It also guarantees NULL character termination.
Type: fix
Change-Id: I9fc2a706beab931d50d32d03f7fafca7c6c2fb0b
Signed-off-by: Benoît Ganne <bganne@cisco.com>
- Ubuntu 22.04 enables LTO by default and dpdk
adds lto flags to CFLAGS. This CI jobs to fail
with OOM-Kill (especially on ARM64) due to lto
consuming large amounts of memory.
Type: make
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Change-Id: I5a3d3a08e2caddb4790b281b80b16081567aed5b
Store mss and sw_if_index to udp_connection_t and display them via
show sessipn verbose 2
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I32928f3f4195b178873dc1bada702e035d99c464
Initialize the session index in case of error to ~0,
so is defined in case trace needs to copy it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Iddf6df42c09d2abc11e5821944eb4f41692e6e3e
It may contain garbage in debug builds resulting in wrong
gho detected flags and offsets.
Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Change-Id: Ia79633262185016f527e7dc6c67334cda6f055f2
dpdk 22.03 introduces iavf driver but misses rx vector path on Arm.
This causes VF fail to receive packet when running VPP device test
with no-multi-seg configuration.
Add iavf basic Neon RX support to fix this.
Type: fix
Fixes: 2f132efc3c ("dpdk: bump to DPDK v22.03")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I75ae74c8060428cee0e1c235feab1246c014801e
Mark arp packet as locally originated when probing/replying and don't apply any
arp-term logic against it.
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: I305ff5cac8cac456decf92f21b961aa4ce286079
The unformat type for "%d" should be u32 or int, otherwise the 'did' in
high stack address will be overflow to zero by the 'qid' which is in the
low stack address.
Like input "dev wq3.2" will return "did=0, qid=2".
Type: fix
Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Change-Id: I0fe1d5b03e2c47e0a7925193e2c2f1ccc31d3e90
When there is a bad descriptor, it may in the beginning, in the middle,
or at the end of the batch if the batch has more than 3 descriptors.
When processing a bad descriptor is encountered in the batch, we need to
rollback n_buffers in memif_process_desc(), or the statement in the same
function
memif_add_copy_op (ptd, mb0 + src_off, bytes_to_copy,
dst_off, n_buffers - 1);
is wrong because it picks up the wrong buffer_vec_index of the bad
descriptor while parsing a good descriptor immediately following the
bad descriptor. n_buffers was incremented in the beginning of
while (n_left) loop.
The other problem is we should count the number of bad packets and
reduce ptd->n_packets to get the correct number of packets for subsequent
processing in device_input.
The last fix is to check if n_buffers == 0 in device_input and skip
doing any descriptor copy. This case can happen when all the descriptors
are bad in the batch.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I28ed1d87236b045657006755747b5750a9a733be
Ensure that the ethernet_input_inline_dmac_check which directly derefererences ei,
is called only if ei is set.
Type: fix
Change-Id: I2d3bce63ee457825a5d375a6102225f3abf67703
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: feature
This patch bumps DPDK version to 22.07.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Change-Id: I72ecb31ca15774aed4453778042120610020a0c1
Following the discussion during the review
of b46a4e69e5,
remove the redundant ei0. This resulted in realization
that in order for this code to do anything useful,
the ei must be always non-zero, so rewrite the logical
condition for it. Also, make it a conjunction which seems simpler
to understand.
Type: improvement
Change-Id: Ibd7b2a63e4aeaf97eb1a98af8e69aed2ff7dd577
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Using the error name makes it less explicit in the packet trace than
the error description when a packet is dropped. Example of the trace
when the TTL is <=1:
01:03:17:015278: drop
ip4-input: time_expired
We should have "ip4 ttl <= 1" instead of "time_expired"
Type: fix
Change-Id: Ic9decf10d609cc938e39d0f449359e41c406267e
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Using "ip neighbor <ip-addr> <mac-addr> static count <count>" to add
static ARP entries will output wrong mac addresses due to lack of
big/little endian conversion. Fix this error by converting mac address
from big endian to little endian before doing the self-increment.
Before patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4400 198.18.1.5 S 05:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.4 S 04:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.3 S 03:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.2 S 02:aa:bb:cc:dd:e0 rdma-0
4.4399 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
After patched:
vpp# ip neighbor rdma-0 198.18.1.1 01:aa:bb:cc:dd:e0 static count 5
vpp# show ip neighbor
Time IP Flags Ethernet Interface
4.4528 198.18.1.5 S 01:aa:bb:cc:dd:e4 rdma-0
4.4528 198.18.1.4 S 01:aa:bb:cc:dd:e3 rdma-0
4.4528 198.18.1.3 S 01:aa:bb:cc:dd:e2 rdma-0
4.4527 198.18.1.2 S 01:aa:bb:cc:dd:e1 rdma-0
4.4527 198.18.1.1 S 01:aa:bb:cc:dd:e0 rdma-0
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: Iec1e00e381e4aba96639f831e7e42e070be3f278
Add an assert to express the constraint to coverity without
incurring the overhead in release builds.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I2c22f8b2565c645d95c9c0be37381060e151420f
Add an ASSERT so coverity is aware of the assumption taken,
without incurring any penalty in release build.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I3e7e1e77059492315409efbed47657f9e56d167c
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Check that the pointer is non-null before dereferencing it.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I611a1042d08bbe455dd09a4fa5711fe86c440240
In case of a bad packet, the bihash kv is not initialized before being
copied in the trace. Make sure it is initialized to 0.
Type: fix
Change-Id: I22fcfe99f3586d0fa128493059547a56557b8fb5
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
Previously, libmemif can only use buffer size which
have to be power of 2. memif protocol does not enforce
this. This patch fixes this issue.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: Ic71e6a51685e2c2228c744920797064d4c7c65c9
Initialize the host_sw_if_index to ~0 so in the error cases
the variable is set to something predictable.
Type: fix
Change-Id: Ic55e4f0cbfa286e85dfb54b89b5321af18a439a1
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Zero-initialize the temporary struct, else a->map.adj_index is being used unset.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: Ia02636ea1e911250d6aa5e413de48e1e09863880
- this warning causes build errors with gcc on ubuntu 22.04
Type: make
Change-Id: Id8f6ab44b2315ce8a4564ea924d799ecb6f57fdf
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
This patch introduces DMA infrastructure into vlib. This is well known
that large amount of memory movements will drain core resource. Nowadays
more and more hardware accelerators were designed out for freeing core
from this burden. Meanwhile some restrictions still remained when
utilizing hardware accelerators, e.g. cross numa throughput will have a
significant drop compared to same node. Normally the number of hardware
accelerator instances will less than cores number, not to mention that
applications number will even beyond the number of cores. Some hardware
may support share virtual address with cores, while others are not.
Here we introduce new DMA infrastructure which can fulfill the
requirements of vpp applications like session and memif and in the
meantime dealing with hardware limitations.
Here is some design backgrounds:
Backend is the abstract of resource which allocated from DMA device
and can do some basic operations like configuration, DMA copy and
result query.
Config is the abstract of application DMA requirement. Application
need to request an unique config index from DMA infrastructure. This
unique config index is associated with backend resource. Two options
cpu fallback and barrier before last can be specified in config.
DMA transfer will be performed by CPU when backend is busy if cpu
fallback option is enabled. DMA transfer callback will be in order
if barrier before last option is enabled.
We constructs all the stuffs that DMA transfer request needed into
DMA batch. It contains the pattern of DMA descriptors and function
pointers for submission and callback. One DMA transfer request need
multiple times batch update and one time batch submission.
DMA backends will assigned to config's workers threads equally. Lock
will be used for thread-safety if same backends assigned to multiple
threads. Backend node will check all the pending requests in worker
thread and do callback with the pointer of DMA batch if transfer
completed. Application can utilize cookie in DMA batch for selves
usage.
DMA architecture:
+----------+ +----------+ +----------+ +----------+
| Config1 | | Config2 | | Config1 | | Config2 |
+----------+ +----------+ +----------+ +----------+
|| || || ||
+-------------------------+ +-------------------------+
| DMA polling thread A | | DMA polling thread B |
+-------------------------+ +-------------------------+
|| ||
+----------+ +----------+
| Backend1 | | Backend2 |
+----------+ +----------+
Type: feature
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Change-Id: I1725e0c26687985aac29618c9abe4f5e0de08ebf
The ipv6 header length should not be counted in the ipv6 payload length.
This is similar to https://gerrit.fd.io/r/c/vpp/+/36945.
Type: fix
Change-Id: I22de0ff828175829102a85288513ee3f55709108
Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
Type: improvement
When trying to use a version string in a downstream build that appends a
timestamp to the standard version string, compiling fails because the
version string is too long for the version and version_required fields
in vlib_plugin_registration_t. Increase the size of those arrays from 32
to 64 chars.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I3632139e5ae7110aa4769359f380ad29522ad4ed
Zero-initialize the temporary struct, else coverity complains about a bunch of uninitialized fields.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I45dc42134f06917a7459d615804f978a175bec0f
Type: improvement
VPP crashes when a linux-cp tap is added to a bridge on the host system
because rtnl_neigh_get_dst() returns NULL for the neighbor message that
is sent by the kernel.
Check for NULL before trying to use the address from a neighbor in a
netlink message.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I8a683d815a09620df9c0cc76e18df39828428e2c
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Add the error checks in parsing, aimed to avoid parser walking past the end of packet in case the data
is garbage.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I9541b555a18baf63cb8081bcd7a4c2750f2ed012
flags is u64, makes sure we do not overflow when shifting.
Type: fix
Change-Id: Ieea34187c0b568dc4d24c9415b9cff36907a5a87
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Day1 latent integer overflow.
vnet_classify_add_del defines new_hash as u32 - so replace a u64 type with u32
in split_and_rehash as well.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I51384a2db1caa4099b4d2ac25cd185bd108da037
rather than using obfuscated macro hacery, simplify
the per-protocol data management by directly using
an array of NAT protocol types.
Type: refactor
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I6fe987556ac9f402f8d490da0740e2b91440304c
Type: improvement
If an SA protecting an IPv6 tunnel interface has UDP encapsulation
enabled, the code in esp_encrypt_inline() inserts a UDP header but does
not set the next protocol or the UDP payload length, so the peer that
receives the packet drops it. Set the next protocol field and the UDP
payload length correctly.
The port(s) for UDP encapsulation of IPsec was not registered for IPv6.
Add this registration for IPv6 SAs when UDP encapsulation is enabled.
Add punt handling for IPv6 IKE on NAT-T port.
Add registration of linux-cp for the new punt reason.
Add unit tests of IPv6 ESP w/ UDP encapsulation on tun protect
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: Ibb28e423ab8c7bcea2c1964782a788a0f4da5268
Free up the vapi context in case of failure.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I4f64e8718014d714f1b82877e69d2354b5fa44fb
Crypto backend errors should not be using the same error as missing
keypair.
Type: fix
Change-Id: I78c2b3df3f08a354463b7824349b08627f2b023c
Signed-off-by: Benoît Ganne <bganne@cisco.com>
IPv6 payload length should not include the size of the IPv6 header.
Type: fix
Change-Id: Iedcd17d0af8d72d9b5f8f9b605da7c99e151bc9d
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Fix a copy-n-paste issue that left clib_bitmap_set()'s return
type documentation incorrect. Chnage it to indicate that
the function returns a new pointer for the bitmap that could
be different due to a possible reallocation.
Type: docs
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: Ia193c4673c0e4d1760e91cd7f80ebe1868a3c9b5
Previously, each address maintained an array of 32-bit
reference counts for each of 65K possible ports for each
of 4 NAT protocols. Totalling 1MB per address. Wow.
A close read of the code shows that an "is used" check
precedes each attempted reference count increment.
That means the refcount never actually gets above 1.
That in turn means algorithmically, a bit vector is
sufficient. And one need not be allocated for more
than the highest validated port referenced.
These changes introduce a dynamically sized bit vector
replacing the reference counts, for a maximum of 32K
if all 4 protocols use port 65535. In fact, protocol
OTHER is never used, so at most 24K will be used, and
none of it will be "statically" allocated per address.
Type: fix
Fixes: 85bee7548b
Change-Id: I7fd70050e7bf4871692a862231f8f38cf0158132
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Zero-initialize the temporary struct on stack.
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Change-Id: I89ced4cca8e832827fe054e2e60986de5910360c
Zero-initialize the temporary struct on stack.
Type: fix
Change-Id: I651f87deeb79c6c073d5c510435fa268893a3b0e
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Type: improvement
plus the addition of the 'thorttle' counter of IP6.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ic845247a9f3288caa755c33e79ae2eb6d2029d09
In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload
to enable stronger guarantees of forward secrecy.
When the KEi payload is included in the CREATE_CHILD_SA request,
responder should reply with the KEr payload and complete the key
exchange, in accordance with the RFC.
Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
We validate each descriptor via memif_validate_desc_data and set
desc_status to non-zero for the corresponding descriptor when
the descriptor is bad. However, desc_status is not propagated back to
xor_status in memif_validate_desc_data which eventually sets
ptd->xor_status.
Not setting ptd->xor_status causes us to treat all descriptors as
"simple". In that case, when we try to copy also the bad descriptors to
the buffers, it results a crash since desc_data is not set to point
to the correct memory in the descriptor.
The fix is to set xor_status in memif_validate_desc_data such that if
there is a bad descriptor in the frame, "is_simple" is set to false and
we have to selectively copy only the good descriptors to the buffers.
Type: fix
Signed-off-by: Steven Luong <sluong@cisco.com>
Change-Id: I780f51a42aa0f8745edcddebbe02b2961c183598
Type: fix
After peers roaming support addition, FIB entry tracking stopped
working. For example, it can be observed when an adjacency is stacked on
a FIB entry by the plugin and the FIB entry hasn't got ARP resolution
yet. Once the FIB entry gets ARP resolution, the adjacency is not
re-stacked as it used to. This results in endless ARP requests when a
traffic is sent via the adjacency.
This is broken because the plugin stopped using "midchain delegate" with
peers roaming support addition. The reason is that "midchain delegate"
didn't support stacking on a different FIB entry which is needed when
peer's endpoint changes. Now it is supported there (added in 36892).
With this fix, start using "midchane delegate" again and thus, fix FIB
entry tracking. Also, cover this in tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iea91f38739ab129e601fd6567b52565dbd649371
Type: improvement
Currently, once an adjacency is stacked on a FIB entry via
adj_midchain_delegate_stack(), "midchain delegate" is created for the
adjacency and the FIB index is stored there. And all further calls to
adj_midchain_delegate_stack() even passing another FIB index will cause
the function to still use the stored one. In other words, there is
currently no way to stack an adjacency on another FIB index if "midchain
delegate" already exists for it.
Being able to stack on another FIB index is needed for the wireguard
plugin. As per the protocol, peers can roam between different external
endpoints. When an authenticated packet is received and it was sent from
a different endpoint than currently stored, the endpoint needs to be
updated and all futher communication needs to happen with that endpoint.
Thus, the corresponding to that peer adjacencies need to be stacked on
the FIB entry that corresponds to the new endpoint.
With this change, add adj_midchain_delegate_remove() that removes
"midchain delegate". When stacking on another FIB entry is needed,
existing "midchain delegate" can be removed and then, a new one created
with a new FIB index via adj_midchain_delegate_stack().
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ibc1c99b248a5ef8ef64867f39f494fab627a1741
Type: refactor
- refactored VPP test code to remove "ignore_path" variable
from "discover_tests" function and "run_test" code
- configured VPP test makefile, config file, and 'run.sh' shell script
to move "venv" directory from "test" dir to "build-root" dir
Signed-off-by: Saima Yunus <yunus.saima.234@gmail.com>
Change-Id: Id2beecbb99f24ce13ed118a1869c5adbef247e50
In several NAT submodules, the number of available ports (0xffff - 1024)
may not be divisible by the number of workers, so port_per_thread is
determined by integer division, which is the floor of the quotient.
Later when a worker index is needed, dividing the port with port_per_thread
may yield an out-of-bound array index into the workers array.
As an example, assume 2 workers are configured, then port_per_thread
will be (0xffff - 1024) / 2, which is 32255. When we compute a worker
index with port 0xffff, we get (0xffff - 1024) / 32255, which is 2,
but since we only have 2 workers, only 0 and 1 are valid indices.
This patch fixes the problem by adding a modulo at the end of the division.
Type: fix
Signed-off-by: Jing Peng <pj.hades@gmail.com>
Change-Id: Ieae3d5faf716410422610484a68222f1c957f3f8
we need cancel vrrp_vr_timer when deleting vrrp vr
Type: fix
Signed-off-by: luoyaozu <luoyaozu@chinatelecom.cn>
Change-Id: I8ea01f1943d6e3e60c4990c5be945de613bc8b53
- the cnxk code fails to link using the gcc-11 toolchain
included in the ARM64 Ubuntu-22.04 distro. This is required
for Ubuntu-22.04 CI jobs (both docker image building & CI
job execution on ARM64)
- Currently unable to replicate this failure on the dpdk repo.
Type: fix
Change-Id: Ice44aef9f0f721b4c88ac78f92a14bda87dc80a6
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: improvement
If a tun/L3 interface is paired with a multipoint tunnel interface,
pass packets arriving from the host to ip[46]-lookup instead of
cross-connecting them to the tunnel interface. Adjacencies are used
to drive the rewrite for Multipoint tunnel interfaces, so the generic
adjacency used with a P2P tunnel will not work correctly.
Change-Id: I2d8be56dc5029760978c05bc4953f84c8924a412
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Type: fix
API and internal flags do not match 1:1.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: I0f4e53b2e071d1c9fffd1b97bf28b4789887b032
Type: improvement
This method allows the assignment of a severity to the error.
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Id1a414a88018390d03bd6b16bd048a98903bab5a
Type: feature
With this change, peers are able to roam between different external
endpoints. Successfully authenticated handshake or data packet that is
received from a new endpoint will cause the peer's endpoint to be
updated accordingly.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ib4eb7dfa3403f3fb9e8bbe19ba6237c4960c764c
Type: feature
With this change, if being under load a handshake message with both
valid mac1 and mac2 is received, the peer will be rate limited. Cover
this with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Id8d58bb293a7975c3d922c48b4948fd25e20af4b
This change implement a flavour of vlib_validate_buffer_enqueue_x1 with
aux data support
Change-Id: I2ecf7af49cf15ecd23b12d8acd57fe90546c1af7
Type: improvement
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: feature
With this change:
- if the number of received handshake messages exceeds the limit
calculated based on the peers number, under load state will activate;
- if being under load a handshake message with a valid mac1 is
received, but mac2 is invalid, a cookie reply will be sent.
Also, cover these with tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode()
returns an error it actually returns success. This has been changed to
return a clib_error_return() value.
Type: fix
Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522
Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
Type: improvement
This patches makes the make json-api-files
run in parallel in the same python runtime.
Default number of workers is 8, and run time
goes from ~20s to ~2s on average.
Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Use the script test/run.py to run a test named test_vm_tap
inside a QEMU VM. The run script builds out a virtual env,
launches a light weight QEMU VM, mounts host directories,
starts VPP inside the VM and runs the test. The test named
test_vm_tap, creates two tap v2 interfaces in separate Linux
namespaces and using iPerf, streams traffic between the VM
and VPP. All data files are stored in the directory named
/tmp/vpp-vm-tests. To clean up, use the make test-wipe
command.
Usage:
test/run.py --vm --debug --test test_vm_tap
Type: improvement
Change-Id: I4425dbef52acee1e5b8af5acaa169b89a2c0f171
Signed-off-by: Naveen Joy <najoy@cisco.com>
May cause pointers point to unexpected non-zero addresses if not
validate vec
Type: fix
Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829
Signed-off-by: GaoChX <chiso.gao@gmail.com>
Type: feature
Currently, if a handshake message is sent and a cookie message is
received in reply, the cookie message will be ignored. Thus, further
handshake messages will not have valid mac2 and handshake will not be
able to be completed.
With this change, process received cookie messages to be able to
calculate mac2 for further handshake messages sent. Cover this with
tests.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I6d51459778b7145be7077badec479b2aa85960b9
Type: fix
Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right
Signed-off-by: liangrq <liangrq@efly.cc>
Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
format_base10 reads 64b but is fed 32b values at the callsite; change
to u64 consistently. The function has only one call site in
interface/monitor.c which has a few additional bugs (spurious
character, and ambiguous 'bits' versus 'bytes' in the output).
Type: improvement
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
Type: fix
This patch fixes chain buffer support as transmit side
missing to set the flag to the descriptor in case of
chain buffers.
Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
Change-Id: I73ff11be69a388f14fea39a19272d8eb76148fba
If an API methos is specified as "autoendian" it should use macros with
_END at the end.
Type: fix
Change-Id: I73b7b4f6996b30631c4355ace156ed0665c4b8ad
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Sometimes VPP rejects application connection requests
due to various reasons. Some errors application can
retry to get a successful connection.
In a non-blocking session, VCL sends EPOLLHUP.
An application can call a new API
vppcom_session_get_error to find the details and retry
depending on the error.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: If0e21a8e25701f66a190a2799b2209e0c31f897c
namespace is a keyword for c++ compilers
Type: fix
Change-Id: Ia8fc9ef1cc15fe9d0e40b3f543f9e8f411203b89
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
This change adds loops per second in the stats segment.
Applications using the stats segment to monitor VPP
can use this for better monitoring
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: I53081f40ee918eec9763513a639b9d8a02488b20
With thousands of UDP sessions,
Sometimes VPP needs more time to grab the MQ lock for a session.
So increased tries from 5 to 75.
Type: fix
Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com>
Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
Type: fix
A user had trouble compiling C++ code to work with the linux-cp APIs
because some messages contain a field called namespace, which is a
reserved word for C++. We wish to rename those fields so the messages
which are affected are being set to in_progress.
Change-Id: I3bd1dc898c146a9980161a562b2b453313bb58fd
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Build vpp with MLX DPDK PMD,
make DPDK_MLX4_PMD=y DPDK_MLX5_PMD=y DPDK_MLX5_COMMON_PMD=y build-release
With no-multi-seg in startup.conf,
Mellanox NIC init failed with following message,
rte_eth_rx_queue_setup[port:2, errno:-12]: Unknown error -12
mlx5_net: port 2 Rx queue 0: Scatter offload is not configured and
no enough mbuf space(2176) to contain the maximum RX packet length(2065)
with head-room(128)
In Mellanox NIC PMD driver, 'di.max_rx_pktlen' is returned as 65536,
and 'di.max_mtu' is returned as 65535, which makes
the driver_frame_overhead logic not suitable for Mellanox NICs.
So skip the logic code if MAX_MTU is returned as 65535.
Type: fix
Fixes: 1cd0e5dd53 ("vnet: distinguish between max_frame_size and MTU")
Signed-off-by: Tianyu Li <tianyu.li@arm.com>
Change-Id: I027b76b8d07fb453015b8eebb36d160b4bc8df9c
This patch introduces set of python tests for fast path ipv6, based on
ipv4 tests. Some missing parts of ipsec framework has been added
in order to test ipv6 implementation.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Icc13322787d76485c08106bad2cb071947ad9846
With this patch fast path for ipv6 policy lookup is enabled.
This impelentation scales and outperforms original implementation when
the number of defined flows is higher thatn 100k.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
This patch enables statistics from the Arm PMUv3 through the perfmon
plugin.
In comparison to using the Linux "perf" tool, it allows obtaining
direct, per node level statistics (rather than per thread). By accessing
the PMU counter registers directly from userspace, we can avoid the
overhead of using a read() system call and get more accurate and fine
grained statistics about the running of individual nodes.
A demo of perfmon on Arm can be found at:
https://asciinema.org/a/egVNN1OF7JEKHYmfl5bpDYxfF
*Important Note*
Perfmon on Arm is dependent on and works only on Linux kernel versions
of v5.17+ as this is when userspace access to Arm perf counters was
included.
On most Arm systems, a maximum of 7 PMU events can be configured at once
- (6x PMU events + 1x CPU_CYCLE counter). If some perf counters are in
use elsewhere by other applications, and there are insufficient counters
remaining to open the bundle, the perf_event_open call will fail
(provided the events are grouped with the group_fd param, which perfmon
currently utilises).
See arm/events.h for a list of PMUv3 events available, although it is
implementation defined whether most events are implemented or not. Only
a small set of 7 events is required to be implemented in Armv8.0, with
some additional events required in later versions. As such, depending on
the implementation, some statistics may not be available. See Arm
Architecture Reference Manual for Armv8-A, D7.10.2 "The PMU event number
space and common events" for more information.
arm/events.c:arm_init() gets information from the sysfs about what
events are implemented on a particular CPU at runtime. Arm's
implementation of the perfmon source callback .bundle_support uses this
information to disable unsupported events in a bundle, or in the case
no events are supported, disable the entire bundle.
Where a particular event in a bundle is not implemented, the statistic
for that event is shown as '-' in the 'show perfmon statistics' cli
output, by disabling the column.
There is additional code in perfmon.c to only open events which are
marked as implemented. Since we're only opening and reading events that
are implemented, some extra logic is required in cli.c to re-align
either perfmon_node_stats_t or perfmon_reading_t with the column
headings configured in each bundle, taking into account disabled
columns.
Userspace access to perf counters is disabled by default, and needs to
be enabled with 'sudo sysctl kernel/perf_user_access=1'.
There is a check built into the Arm event source init function
(arm/events.c:arm_init) to check that userspace reading of perf counters
is enabled in the /proc/sys/kernel/perf_user_access file.
If the above file does not exist, it means the kernel version is
unsupported. Users without a supported kernel will see a warning
message, and no Arm bundles will be registered to use in perfmon.
Enabling/using plugin:
- include the following in startup.conf:
- plugins { plugin perfmon_plugin.so { enable }
- 'show perfmon bundle [verbose]' - show available statistics bundles
- 'perfmon start bundle <bundle-name>' - enable and start logging
- 'perfmon stop' - stop logging
- 'show perfmon statistics' - show output
For a general guide on using and understanding Arm PMUv3 events, see
https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/arm-neoverse-n1-performance-analysis-methodology
Type: feature
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Tested-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I0620fe5b1bbe78842dfb1d0b6a060bb99e777651
In preparation for enabling perfmon on Arm platforms, move some Intel
/arch specific logic into the /intel directory and update the CMake to
split the common code from arch specific files.
Since the dispatch_wrapper code is very different on Arm/Intel,
each arch can provide their own implementation + conduct any additional
arch specific config e.g. on Intel, all indexes from the mmap pages are
cached. The new method intel_config_dispatch_wrapper conducts this
config and returns a pointer to the dispatch wrapper to use.
Similarly, is_bundle_supported() looks very different on Arm/Intel, so
each implementation is to provide their own arch specific checks.
Two new callbacks/function ptrs are added in PERFMON_REGISTER_SOURCE to
support this - .bundle_support and .config_dispatch_wrapper.
Type: refactor
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: Idd121ddcfd1cc80a57c949cecd64eb2db0ac8be3
Type: improvement
Enable use of 4th gen QAT devices. Will be available on Sapphire Rapids.
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Change-Id: I89e7d29e10ecb4c36c700ff5e017796161ec6c5e
0 is not NULL (at least not in all cases), passing 0 into a variadic
function in a place where the consumer reads it as pointer might
leave parts of the pointer uninitilized and hence filled with random
data.
It seems that this used to work with gcc, but clang seems to treat the
0 in those places as a 32bit integer.
Type: fix
Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com>
Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
There is a very rare bug in NAT processing that yeilds a thread
index of ~0. When this happens, vlib_get_frame_queue_elt()
suffers a segfault and VPP quits. Prevent an outright fault
by dropping the packet instead.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
classify hash used to be stored as u64 in buffer metadata, use 32 bits
instead:
- on almost all our supported arch (x86 and arm64) we use crc32c
intrinsics to compute the final hash: we really get a 32-bits hash
- the hash itself is used to compute a 32-bits bucket index by masking
upper bits: we always discard the higher 32-bits
- this allows to increase the l2 classify buffer metadata padding such
as it does not overlap with the ip fib_index metadata anymore. This
overlap is an issue when using the 'set metadata' action in the ip
ACL node which updates both fields
Type: fix
Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50
Signed-off-by: Benoît Ganne <bganne@cisco.com>
svm_msg_q_size_to_alloc must return a valid base address, if it fails
pass up the error for handling
Type: fix
Change-Id: I408492f65f646862122acb9a187819b3bbf4f91c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
This patch introduces set of python tests for fast path, based on
flow cache tests. There was a bug in calculating of policy mask when
adding to fast path, which has been fixed. Memory size for bihash
tables for both ip4 and ip6 outbound fast path policies
has been increased.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ibeee904ae7179f5dafbd45bb44282436f0b80821
This patch adds performacne and functional tests for ip4
outbound traffic policy matching.
Test setup is configurable in startup.conf and though the test
parameters. Cache, fast path, fast path burst mode can be enabled
and disabled,
and performance for different lookup setup can be measured.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
This patch updates the "show ipsec spd" cli to display
policies maintained by fast path bihash table.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
Parser can be configured from the level of startup.conf file:
fast path can be enabled and disabled.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
This patch adds matching functionality for spd fast path
policy matching. Fast path matching has been introduced
for outbound traffic only.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
This patch introduces ipsec_output.h file. Matching implementation is
moved there. The reason behind is the possibility of unit testing
matching mechanism. Therefore we need to have functions that are in
scope of our intrest there and since these are inline their
implementation needs to be moved to the header file as well.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444
This patch introduces functions to add and delete fast path
policies.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I3f1f1323148080c9dac531fbe9fa33bad4efe814
This patch introdcues basic types supporting fast path lookup.
Fast path performs policy matching with use of hash lookup
(particularly bihash tries has been used for that purpose). Fast path
lookup addresses situation where huge number of policies is created
(~100k or more). In such scenario adding/removing a policy
and policy matching is not efficient and poorly scales (for example
adding 500k policies takes a few hours. Also lookup time
increases significantly). With fast path adding and matching up to
1M flows scales up linearly (adding 1M of policies takes about 150s
on the test machine vs many hours in case of original implementation,
also matching time is significantly improved). Fast path will not
deal well with a huge number of policies that are spanning large
ip/port ranges. Large range will be masked out almost entirely leaving
only a few bits for calculating the hash key. Such keys will tend to
gather much more policies than other keys and hash will match most of
the packets anihilating advantages of hashing. Having said that
we also think that it is not the real life scenario.
Type: feature
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I600dae5111a37768ed4b23aa18426e66bbf7b529
Currently 0 has been used as the wildcard representing ANY type of
protocol. However 0 is valid value of ip protocol (HOPOPT) and therefore
it should not be used as a wildcard. Instead 255 is used which is
guaranteed by IANA to be reserved and not used as a protocol id.
Type: improvement
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Change-Id: I2320bae6fe380cb999dc5a9187beb68fda2d31eb
if when the rx_fifo grows, svm_fifo_enqueue() return -4,
stream_data->app_rx_data_len += rlen type conversion occurs,
Finally,stream->recvstate.data_off calculation is wrong.
Type:fix
Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90
Type: fix
Currently, prometheus exporter may crash because of memory exhaustion
when dumps metrics if the FIB contains large number of routes.
With this fix, increase memory size for prometheus exporter to be able
to handle large number of FIB entries.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Ia2b9a665368883c87448deee9bcf8d2ac1168357
- also add docs-spell to checkstyle-all make target
Type: fix
Fixes: 5f6422db9
Change-Id: I8e9d7d17a03ee7b55f4e1785983459c43af267f7
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
Type: fix
Added stats for success and failure cases
Fixed Custom app behaviors for the error / drop cases
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Id6e981c7be5c5b3cee5af2df505666d5558da470
* apt '—force-yes' is deprecated in the version of apt in Ubuntu 22.04
* several Ubuntu-22.04-specific packages (e.g. python3-virtualenv, libssl-dev, clang clang-format-11)
are needed in the current VPP installation as well
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I96ead90152f692233da812cdc853792bedb47c3c
Issue:
Let iperf3 server run via ldp and vcl on top of vpp's host stack. If
iperf3 client connects this iperf3 server with tcp MSS setting option,
iperf3 server will always crash.
Root cause:
When MSS option is specified by iperf3 client, iperf3 server will
recreate the listening socket firstly, then call setsockopt() to set MSS
immediately. Iperf3 code can be referred here:
58332f8154/src/iperf_tcp.c (L186).
However, in vcl layer vpp_evt_q of this recreated session is not
allocated yet. So iperf3 server crashes with vpp_evt_q null pointer access.
Fix:
Add session vpp_evt_q null pointer check in vcl_session_transport_attr().
Add a vcl test case for this MSS option scenario.
Type: fix
Signed-off-by: Liangxing Wang <liangxing.wang@arm.com>
Change-Id: I2863bd0cffbe6e60108ab333f97c00530c006ba7
Type: improvement
When packets were received and processed successfully, increment the
byte/packet counters for the tunnel interface.
Change-Id: I42855607ac6916de641be42aac86c9942cc97140
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
We were not allocating space for the
variable length payload in the response
message.
Type: fix
Change-Id: I345102f4555f66c5632ab0882ca1dd178e98eb7b
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
If ip4_neighbor_probe (or any other) is sending packet to a deleted interface,
ASSERT trips and dataplane crashes. Example:
create loopback interface instance 0
set interface ip address loop0 10.0.0.1/32
set interface state GigabitEthernet3/0/1 up
set interface state loop0 up
set interface state loop0 down
set interface ip address del loop0 10.0.0.1/32
delete loopback interface intfc loop0
set interface state GigabitEthernet3/0/1 down
set interface state GigabitEthernet3/0/1 up
comment { the following crashes VPP }
set interface state GigabitEthernet3/0/1 down
This sequence reliably crashes VPP:
(gdb)p n->name
$4 = (u8 *) 0x7fff82b47578 "interface-3-output-deleted”
If the interface doesn't exist, return ~0 and be tolerant of this in the
two call sites of counter_index()
Type: fix
Signed-off-by: Pim van Pelt <pim@ipng.nl>
Change-Id: I90ec58fc0d14b20c9822703fe914f2ce89acb18d
Type: fix
Currently, neighbor adjacencies on a wg interface are converted into a
midchain only if one of the peers has a matching allowed prefix
configured. If create a route that goes through a wg interface but the
next-hop address does not match any allowed prefixes, an ARP/ND request
will try to be sent via the wg interface to resolve the next-hop address
when matching traffic occurs. And sending an ARP request will cause VPP
to crash while copying hardware address of the wg interface which is
NULL. Sending an ND message will not cause VPP to crash but the error
logged will be unclear (no source address).
With this fix, convert all neighbor adjacencies on a wg interface into a
midchain and update tests to cover the case. If there is no matching
allowed prefix configured, traffic going such routes will be dropped
because of "Peer error". No changes if there is matching allowed prefix
configured.
Also, fix getting peer by adjacency index.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: I15bc1e1f83de719e97edf3f7210a5359a35bddbd
The flow_report_process_send() function always allocates a frame.
However, when no template_send is needed, template_bi is ~0.
When this happens, no vectors are placed in the frame. When
the frame is then "put", a check for n_vectors == 0 prevents
the frame from actually being placed back on the free list.
Fix that by using a direct call to vlib_frame_free() when
there are no frame vctors.
Type: fix
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Change-Id: I936b5cea4cb3c358247c3d2e1a77d034a322ea76
Type: fix
reported stats seem to have mixed up used and total counters
Signed-off-by: Leland Krych <leland.krych@gmail.com>
Change-Id: I221c7b114c0da2ed53171d7f047a4bda07ee6cb2
https://docs.python.org/3/library/stdtypes.html
"if concatenating bytes objects, you can similarly use bytes.join() or io.BytesIO, or you can do in-place concatenation with a bytearray object. bytearray objects are mutable and have an efficient overallocation mechanism"
Type: improvement
Signed-off-by: Viktor Velichkin <avisom@yandex.ru>
Change-Id: Id20d337f909cce83fcd9e08e8049bb0bf5970fbc
Allows features to update their data structures after change in number
of worker threads.
Type: improvement
Change-Id: Icd4d197e28608f5bbb1edd13eb624cd98e33cafe
Signed-off-by: Damjan Marion <damarion@cisco.com>
When failing to match an ip address, we should not reset the ip address
that could have been initialized by a previous match.
Type: fix
Change-Id: I026766391eb3eb8230f75f66bf4b681e774741d9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Type: fix
A packet passing through nat44-ei-in2out-output,
has its ttl value validated in earlier nodes.
"ip4-input" node checks ttl for locally generated packets.
"ip4-rewrite" node validates ttl in forwarded packets.
Thus for example, the ED counterpart disables ttl checks
in its "nat44-ed-in2out-output" node.
This patch updates nat44 EI conditions for ttl checks to
those currently used in nat44 ED case, meaning no extra ttl
validation for in2out when output-feature is enabled.
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc
This patch updates the go-api-files logic for supporting go1.18.
Notable changes are that `go get ...` changed to `go install`
and that we need to bump the govpp binapigen version to integrate
a go1.18 fix.
This patch also simplifies the cli execution syntax
Type: fix
Change-Id: I1d8aac65490fe3ea4c1965a4775b6bf8d5c05d26
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
- python3 pip module is missing on a new Ubuntu installation
Type: fix
Signed-off-by: Saima Yunus <yunus.saima.99@gmail.com>
Change-Id: I5a9886cd5f9226dc0a968c2f70a7c436a06ddf50
Type: fix
*Buffer leaks and corruptions during internal errors, either overriding
or missing to add the buffer to the list
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: I1ead1eca1cde10a36d60dbfcfe36ca6375690b03
Type: fix
Pace the main thread activity for reassembly timeouts, to avoid barrier syncs
Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
Change-Id: Iebe9a38d2a7a6471afa6621f12bb545668dc8384
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
