aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-10-13VPP-1027: DNS name resolverDave Barach14-9/+3205
This patch is a plausible first-cut, suitable for initial testing by vcl (host stack client library). Main features; - recursive name resolution - multiple ip4/ip6 name servers - cache size limit enforcement - currently limited to 65K - ttl / aging - static mapping support - show / clear / debug CLI commands Binary APIs provided for the following: - add/delete name servers - enable/disable the name cache - resolve a name To Do list: - Respond to ip4/ip6 client DNS requests (vs. binary API requests) - Perf / scale tuning - map pending transaction ids to pool indices, so the cache can (greatly) exceed 65K entries - Security improvements - Use unpredictable dns transaction IDs, related to previous item - Make sure that response-packet src ip addresses match the server - Add binary APIs - deliver raw response data to clients - control recursive name resolution - Documentation Change-Id: I48c373d5c05d7108ccd814d4055caf8c75ca10b7 Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-13acl-plugin: split the "show" commands and add an option to show ACLs by ↵Andrew Yourtchenko1-317/+407
interface From the troubleshooting perspective, it is nice to immediately know the ACEs for the ACLs applied to an interface, so implement that. To make the CLI more friendly, split each of the "show" variants into an independent _cmd function with the distinct CLI path. Change-Id: I519e4799083c04e8f0fcdf3e262a73493be4b690 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-13LDPRELOAD: Add ioctl, fcntl, and setsockopt supportSteven6-32/+255
Add support for the following system calls: ioctl (FIONREAD) fcntl (F_GETFL) fcntl (F_SETFL) setsockopt (SOL_IPV6, IPV6_V6ONLY) setsockopt (SOL_TCP, TCP_NODELAY) setsockopt (SOL_SOCKET, SO_REUSEADDR) setsockopt (SOL_SOCKET, SO_BROADCAST) This patch supersedes https://gerrit.fd.io/r/#/c/8765/ Change-Id: I5d5309d9f43d93a990b389d8cb667631de1903fe Signed-off-by: Steven <sluong@cisco.com>
2017-10-12VCL: Add SET_KEEPALIVE, SET_TCP_KEEPIDLE, and SET_TCP_KEEPINTVLSteven2-0/+12
Add the subject enums to unblock LDPRELOAD. Just the enums, no real implementation yet. Change-Id: Ia3ec576c2779ee20956a37f0adebc06f16d1fe7f Signed-off-by: Steven <sluong@cisco.com>
2017-10-12dpdk/ipsec: coverity fixesSergio Gonzalez Monroy4-17/+28
Change-Id: Ica3bc74ffbb1c0df4e198b0abff8df10cdeb2182 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-12libmemif: Add memif_cancel_poll_event() + bug fixing.Milan Lenco3-30/+78
Change-Id: I27d6bf93216f1f639f01fad730506afdc7115e46 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-10-12Remove libsubunit 'dependency' for openSUSE and fix NASMMarco Varlese2-3/+14
This patch addresses the unrequired dependency on libsubunit for opensuse; it also adds the required new dependency on check (add check-devel to the top-level Makefile). It adds some extra logic to install the correct NASM version to support AESNI. Change-Id: Ie368dd8f8485a67ab125e735fd12cbe25b9b588f Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-12LLDP: Add Management Address TLVSteve Shin8-28/+271
- Management Address TLV is added as per IEEE Std 802.1AB-2009. - Support of management ipv4/ipv6 addresses and OID. Change-Id: I57c14741774390809ce5a829cc087947424432c7 Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-12Add support for packaging SUSE RPMs.Marco Varlese2-0/+384
This patch adds a new spec file for SUSE distribution and modifies the Makefile to learn which platform is building the RPMs for. Change-Id: Ic8ee0ddf978042cc1785ebc28bd1a6c9faf9bb74 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-12tcp: do not format sb if not established (VPP-1018)Florin Coras1-2/+3
Change-Id: I011dda118f37cb31a37dda270027612d0af57ca0 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 87f141172212b7568f519653ab32ebd1b5d34344)
2017-10-12VCL: Add REUSEADDR, BROADCAST, and V6ONLY to vppcom_session_attr APISteven2-1/+13
1. Add the subject enum type 2. Fix a typo for the clib_warning Change-Id: I59f6d15d51c66b96022d51592d65c41755c1582a Signed-off-by: Steven <sluong@cisco.com>
2017-10-12Initial push of vcl-ldpreload to extrasKeith Burns (alagalah)14-0/+8327
- fix checkstyle Change-Id: I4317757258ed6a65b8fae1377f17db39375282ac Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com> Signed-off-by: shrinivasan ganapathy <shrinivasanganapathy@gmail.com>
2017-10-11Revert "VPP-1001 - update AF Packet Driver to for modern kernels"Damjan Marion4-119/+10
Issues observed with specific kernel versions, e.g. stock Ubuntu 16.04 kernel. This reverts commit 3eab064e3fadaf2a6a128f167ad04ca0319b4e17. Change-Id: I24241f3b580df749fc686af3a319011ca035fb5e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-11test: retry 3 times if test fails during verifyDamjan Marion1-1/+1
Change-Id: Ib1cb7f09c444f3667904eade935eb220f327b6fe Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-11Redhat and small system supportJohn DeNisco23-0/+6148
Initial 17.10 commit Final 17.07 cleanup, 17.10 next Added CentOS grub support, this should complete the CentOS support Added Centos install/unistall Added TCP parameters. Change-Id: I064e3a4118969ac36e62924a6a3f8a98f132ba60 Signed-off-by: John DeNisco <jdenisco@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-10Add VCL session get/set attributes api function.Dave Wallace3-26/+193
Change-Id: I72b0c063e89bf8299699dafec2a7e0395b86c8b9 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-10session: add support for application namespacingFlorin Coras43-793/+2927
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10dpdk: fix mempool size calculationDamjan Marion1-2/+3
Change-Id: I5b48310c46ca8a2143b2132110240d7e9a52c25d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-10make test: add RETRIES optionKlement Sekera3-20/+93
Change-Id: Ibe31e932bc997f0101a8947e01df90a90d1f100f Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-10-10jvpp: adding callbacks for all messages (VPP-914)Matej Perina21-147/+171
1) In the previous version callbacks were generated based on request-replay naming conventions. It turned out they were too strict in case of events (e.g. BFD sends Details messages as notifications). So now we generate callback for all messages, allowing to receive any message as notification.(callback_gen.py) 2) "notification" suffix is no longer added because all messages are treated same (dto_gen.py, jvpp_c_gen_.py) 3) name of property that holds notification/events changed in callback facade and future apis 4) JVppNotification.java is no longer used since all events are treated equally Change-Id: I13f6438affc3473040d63cd4acb3984d03e97482 Signed-off-by: Matej <matej.perina@pantheon.tech>
2017-10-10punt and drop features:Neale Ranns19-215/+1882
- new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-10dpdk: patch to support bonded interface for MLX NICSteve Shin2-1/+64
At present, creating bonding devices using --vdev is broken for PMD like mlx5 as it is neither UIO nor VFIO based and hence PMD driver is unknown to find_port_id_by_pci_addr(). This DPDK patch fixes parsing PCI ID from bonding device params by verifying it in RTE PCI bus, rather than checking dev->kdrv. Change-Id: If575f63ef31733102566610d769ddd212d74736a Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-10openSUSE packages fix.Marco Varlese1-5/+5
Adding the capability for CLANG for various opensuse distros. Added rpm-build package to build RPMs. Tiny edit for correct error message. Change-Id: I96a1e009d1daa44cbf8d0df60fc24091a50688d7 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-10API versioning: Fix coverity errors from strncpy()Ole Troan2-2/+2
Change-Id: Ife87f9b00f918ff1bb8c91c6f13ebe53a3555a12 Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-09TEST,L2-FIB:refactor test-removing shared stateEyal Bari1-179/+135
and remove dependencies between tests Change-Id: I6ceacfdeb65b2d3c64811309358c3bfd47b213ef Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-10-09IP neighbour move incorrectly placed jump labelNeale Ranns1-2/+2
Change-Id: I19fdf13a4848306ee3841d822b832cba96c5bce5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-09vppapigen: support per-file (major,minor,patch) version stampsDave Barach57-9/+260
Add one of these statements to foo.api: vl_api_version 1.2.3 to generate a version tuple stanza in foo.api.h: /****** Version tuple *****/ vl_api_version_tuple(foo, 1, 2, 3) Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-09NAT: hairpinning rework (VPP-1003)Matus Fabian4-16/+125
Change-Id: I7c6911cd6ac366fe62675fd0ff8b0246a25ea1db Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-09NAT: fixed ICMP broken translation for GRE tunnel interface (VPP-1008)Matus Fabian3-31/+27
Change-Id: Ie3245b96c511cc30915e70e8c881f445291a38c2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-09fix buffer allocation for sparse jumbo frames in vhostPierre Pfister1-1/+3
A bug was reported where a jumbo packet would stay in vhost queue forever or until a large enough number of other packets arrived in the queue too. This is due to a bug in vhost input node buffer allocation. The fix is to make sure that vhost always allocates at least enough buffers for one single big packet. '40' is used to account for 65kB frames. Change-Id: I1d293028854165083e30cd798fab9d4140230b78 Signed-off-by: Pierre Pfister <ppfister@cisco.com> (cherry picked from commit 67700d41169ac37d21c400949a316750eabad969)
2017-10-09Allow use of /etc/os-release fileMarco Varlese5-46/+33
The top-level Makefile in VPP already uses the file /etc/os-release to recognize which OS the build is being performed on. The scripts for vagrant images instead were still using different files for different distros and adding a new distro to be supported causes issues with the extra-logic to deal with it. This patch aligns the vagrant scripts to use the same approach followed by the top-level Makefile and simplifies the steps to identify / update the OS and build / run VPP. Change-Id: I539f4a7c27b3fef70ed1c12b0276049bc47dc289 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-06Coverity fixes for API socketChris Luke2-8/+10
- Coverity whines about a zero-length field not being initialized. Change the struct setup to an initializer which will implicitly zero all unused fields, and add the coverity notation that should stop it whining. One or both of these should shut it up! - Fix some incorrect use of ntohl that was tainting values; in these cases htonl should have been used, and avoid a double-swap. Change-Id: I00493a77eb23a0b8feb647165ee349e1e9d5cfdb Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-10-06VCL: add epoll_* functions.Dave Wallace5-87/+815
Change-Id: Ife27795ea96919c116fb6ff33d106663b54df72d Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-06tuntap: Introduce per thread structure to suport multi-threadsSteven2-65/+99
https://gerrit.fd.io/r/#/c/8551/ decoupled the global variable, namely tm->iovecs from TX and RX. However, to support multi-threads, we have to eliminate the use of this global variable with per thread variable. I notice that rx_buffers must also be per thread variable. So, we introduce per thread struct to contain rx_buffers and iovecs. Each thread will find the per thread struct with thread_index. Change-Id: I61abf2fdace8d722525a382ac72f0d04a173b9ce Signed-off-by: Steven <sluong@cisco.com>
2017-10-06Initial GENEVE TUNNEL implementation and tests.Marco Varlese20-2/+4600
Notes on this first implementation: * First version of the implementation does NOT support GENEVE OPTIONS HEADER: it isn't well understood what the purpose of the OPTIONS will be and/or what content would be placed in the variable option data; Once the IETF work will evolve and further information will be available it could be possible to modify the frame rewrite to contemplate the actual GENEVE OPTIONS. Change-Id: Iddfe6f408cc45bb0800f00ce6a3e302e48a4ed52 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-06Separate CP and DP fib table for PPPoEHongjun Ni3-56/+66
CP table: link_table DP table: session_table Change-Id: I2adbfd8f6a63d51d00d6dd291f32aebf20d13e4d Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-10-05dpdk/ipsec: rework plus improved cli commandsSergio Gonzalez Monroy15-1704/+2524
This patch reworks the DPDK ipsec implementation including the cryptodev management as well as replacing new cli commands for better usability. For the data path: - The dpdk-esp-encrypt-post node is not necessary anymore. - IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead of ip4-input. The DPDK cryptodev cli commands are replaced by the following new commands: - show dpdk crypto devices - show dpdk crypto placement [verbose] - set dpdk crypto placement (<device> <thread> | auto) - clear dpdk crypto placement <device> [<thread>] - show dpdk crypto pools Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-05Clean up "show api ring" debug CLIDave Barach2-4/+15
Add a primary svm_region_t pointer to the api_main_t so we can always find the primary region, even when processing an API message from a memfd segment. Change-Id: I07fffe2ac1088ce44de10a34bc771ddc93af967d Signed-off-by: Dave Barach <dave@barachs.net>
2017-10-05Distributed Virtual Router SupportNeale Ranns16-109/+727
A distributed virtual router works by attmpeting to switch a packet, but on failing to find a local consumer (i.e. the packet is destined to a locally attached host) then the packet is sent unmodified 'upstream' to where the rest of the 'distributed' router is present. When L3 switching a packet this means the L2 header must not be modifed. This patch adds a 'l2-bridge' object to the L3 FIB which re-injects packets from the L3 path back into the L2 path - use with extreme caution. Change-Id: I069724eb45956647d7980cbe40a80a788ee6ee82 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-04[aarch64] Fixes CLI crashes on dpaa2 platform.Christophe Fontaine74-130/+130
- always use 'va_args' as pointer in all format_* functions - u32 for all 'indent' params as it's declaration was inconsistent Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-10-04Packages dependencies: added clang3_8 and indent packagesMarco Varlese1-2/+3
Change-Id: I4ed2d5f7e743369e2a41cfcb93b016d928cfed95 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-10-04checkstyle: add clang-format dependency, fix bugKlement Sekera2-2/+2
Change-Id: I608d3b73700d57652b015a9fc09300e99386a37f Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-10-04Set MAC address needs the HW interface indexNeale Ranns2-2/+6
Change-Id: I7b175d57b85e626aab00221b6dac0498aebcbeae Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-04dpdk: use vpp physmem allocator for dpdk buffersDamjan Marion2-63/+144
This allows us to have single contignuous allocation for DPDK buffers with single mmap FD, so buffer memory can be easily shared with diffrent process. As a consequence dpdk socket-mem is no longer in charge for allocating buffer memory, but still we need some space allocated for dpdk structures so default socket-mem is reduced form 256 to 64 MB. For a default of 16K buffers per numa node, physmem allocation is now 40MB, so basically this change reduces footprint from 256MB per socket to 48 (64 + 40). Change-Id: Ic8cfe83930a18411545b37a12b14aac89affd04f Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-04Dump of deag/lookup routes has is_drop=1 (VPP-995)Neale Ranns1-0/+2
Change-Id: I58772a83e22885a9ea8a7a981d2bcb4b31a050d2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-10-04libmemif: memif_rx_burst fixJakub Grajciar1-2/+2
Change-Id: I2f488fef828df8915b57552567e1be79efe69700 Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-10-04memif: crash on slave modeSteven1-0/+1
Crash was seen on recent image with this BT on top of the stack (gdb) bt full (mif=0x7fffb6226568) at /vpp/build-data/../src/plugins/memif/memif.c:297 ring = 0x0 <<<<<<<<<< i = 0 j = 0 buffer_offset = 65792 r = 0x7fffb5e59f80 alloc = {flags = 1, name = 0x7fffb449f965 "memif region", size = 4260096, numa_node = 0, addr = 0x7fff41dac000, fd = 11, log2_page_size = 12, n_pages = 1041} err = 0x0 __FUNCTION__ = "memif_init_regions_and_queues" The crash happened at this line. ring = memif_get_ring (mif, MEMIF_RING_S2M, i); ring=>head = ring->tail = 0; <===== Please note that the crash is caused by dereferencing NULL rinng. Put breakpoint into the function. I notice that mif->regions[0].shm is not initialized. (gdb) p mif->regions[0].shm $8 = (void *) 0x0 It looks like we forgot to set shm after clib_mem_vm_ext_alloc(). Add the missing cide and the crash is fixed. Change-Id: Ib722a6c241c77acfa8e33962106b57faa50e1ea7 Signed-off-by: Steven <sluong@cisco.com>
2017-10-04Update CSIT tests 170926 -> 171002Jan Gelety1-1/+1
- update of CSIT operational branch to be used for VPP-patch test Change-Id: I6331016b17b0811bf0ea1be03c5782428514a01a Signed-off-by: Jan Gelety <jgelety@cisco.com>
2017-10-04VPP-1001 - update AF Packet Driver to for modern kernelsAnton Ivanov4-10/+119
1. Add VNET headers support for checksumming - required to operate correctly on any recent Linux 2. Bypass QDISC on transmit - improves performance by ~ 5%. Enabled only if the macro is detected - apparently not present on archaic distributions. This still does not solve all issues with TSO - it can be fixed only by going to tpacket v3 and dynamic rx ring as well as significant changes in the TX (sendmmsg?). Change-Id: Iea14ade12586c0a8da49e6dd1012108a08bc85b3 Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>
2017-10-04Add API support to dump IPsec SAsMatthew Smith3-0/+292
Add an API request message type to dump IPsec SAs. Either all IPsec SAs can be dumped or it can be limited to a single SA ID (numeric ID set at creation time - not an index). Add a handler for incoming messages with the new request type. Add an API response message type containing the data for an IPsec SA. Add VAT support for new message type. Change-Id: Id7828d000efc637dee7f988a87d3f707a8b466b7 Signed-off-by: Matthew Smith <mgsmith@netgate.com>