aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-01-24nat: in2out-output nodes work with acl reflectMatthew Smith2-2/+107
Type: feature The current feature ordering of NAT44 nodes with respect to the ACL plugin's IPv4 input/output features is: ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes ACL rules with action permit+reflect can keep track of outbound flows and allow the replies inbound without an explicit inbound rule. If ACL permit+reflect rules are configured on an interface that also has NAT44 configured with output-feature/postrouting translation of outbound packets, the ACL rules cannot allow inbound packets. The ACL state that was stored on the outbound flow contains the IP addresses of the original packet, prior to translation. The inbound packets are being evaluated by the ACL node using the translated addresses. The order of processing inbound needs to be the opposite of what it was outbound for this to work. Change the NAT44 features on ip4-output so that they run before outbound ACL nodes. This matches the existing behavior of the NAT44 nodes which rewrite source addresses as an input feature instead of an output feature. This was only done for endpoint dependent mode because the regular endpoint independent in2out-output node currently selects an explicit next node rather than using the next node on the feature arc. Unit test added to configure both NAT and an ACL and ensure that out2in packets matching an in2out flow are permitted by the ACL and translated by NAT. Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-01-23vcl: always report EPOLLHUP/EPOLLRDHUP on closeFlorin Coras1-4/+0
Type: fix Change-Id: I3d24a7973c7113ffeb9109e89cda7fa960e73a5b Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-23vcl session: udp session migration notificationsFlorin Coras4-1/+70
Type: feature Change-Id: I402549818ba6e078802e914293304174dc6625c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-23docs: add AddressSanitizer mini-howtoBenoît Ganne2-0/+47
Type: docs Change-Id: I3bb589d04f15a03166a6d457552ffc316fb02f94 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-23srv6-mobile: fix the converity issueTetsuya Murakami1-26/+21
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
2020-01-23api: mark api_trace_command_fn thread-safeDave Barach1-1/+20
Binary API trace replay with multiple worker threads depends in many cases on worker thread graph replica maintenance. If we (implicitly) assert a worker thread barrier at the debug CLI level, all graph replica changes are deferred until the replay operation completes. If an interface is deleted, the wheels may fall off. Type: fix Ticket: VPP-1824 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9b07d43f8501caa5519e5ff9ae4c19dc2661cc84
2020-01-22ipsec: re-enable DPDK IPSec for tunnel decap/encap (VPP-1823)Neale Ranns7-14/+55
Type: fix Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22fib: Adjacency realloc during rewrite update walk (VPP-1822)Neale Ranns1-4/+4
Type: fix Change-Id: I0e826284c50713d322ee7943d87fd3363cfbdfbc Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22hsa: proxy app fixesFlorin Coras1-33/+15
Type: fix Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-22fib: FIB crash removing labelled route (VPP-1818)Neale Ranns1-7/+12
Type: fix The crash occured trying to retreive a NULL path list to walk the path extensions. A walk shoul not be required, because there should be no extensins, since all paths are removed. The problem is that when the paths were added, they were not sorted, hence neither were the extensions and when they were updated, duplicate extensions were added, and hence a path removal did not remove them all. Fix is to make sure paths are sorted. Change-Id: I069d937de8e7bc8aae3d92f588db4daff727d863 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 257749c40946a9269140d322e374d74c3b6eefb8)
2020-01-22nsim: enable output scheduling on main threadDave Wallace2-2/+29
Type: fix Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-01-21nat: fix dhcp client on outside interface with output featureAlexander Chernavin2-18/+18
There was an attempt to fix this problem in the commit: d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd But checking the LOCALLY_ORIGINATED flag didn't work because this flag gets reset before it can reach the NAT nodes. With this commit, replace the check for the LOCALLY_ORIGINATED flag with a check to see if the packet is a DHCP broadcast. Type: fix Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-21nat: removed obsolete fragmentation codeFilip Varga1-84/+16
Type: fix Ticket: VPP-1817 Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
2020-01-20classify: fix pcap filter set initFlorin Coras1-4/+2
Type: fix Change-Id: I6a48a6c14bfb84b3460e8211021bc9df6e915dba Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-17lb: fix that lb_add_del_vip and lb_add_del_as api doesn't work correctlyYulong Pei4-12/+18
Currently if user want to set ip4 address to the api, it must convert to ip6 format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201", it is not acceptable, this fix solved the issue. Ticket: FDIO-753 Type: fix Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2020-01-17nat: refactor of port/address allocation functionsFilip Varga8-15/+429
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95 Ticket: VPP-1815 Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-01-16sr: some fixes for SRv6 CLI/APIAhmed Abdelsalam2-4/+19
Return FIB table_id instead of vrf_index to clients Type: fix Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I76a97bad3ecd3ac8eb045efb1657eaa90c2a57b6
2020-01-16misc: binary-api sw_interface_vhost_user_dump is brokenSteven Luong2-0/+2
Recent modificaton to vhost_user APIs for typing which added a sw_if_index filter to the API sw_interface_vhost_user_dump with the default value -1 to mean all interfaces. But the default is not set from api_format.c, causing the binary-api command for sw_interface_vhost_user_dump to display nothing. Also missing is the proper display on custom dump for the aformentioned API. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I05546e2318165af7531977fbed66ea7224c4a7ce
2020-01-16gso: fix typo in the quad-loopSteven Luong1-3/+3
Fix minor typo in the quad-loop for swif which may actually causes problem if swif0 != swif1 or swif2 or swif3. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ib81f323479c7ecbd28d84956cffbc20b1072d2c2
2020-01-16tests: fix typo in test doc stringPaul Vinciguerra1-1/+1
Type: test Change-Id: I97e02ebc5989eee794511c1ed6049e300be7d64e Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-16tests: fix TypeError in run_tests.pyPaul Vinciguerra1-4/+5
Traceback (most recent call last): File "run_tests.py", line 886, in <module> exit_code, suites = parse_results(results) File "run_tests.py", line 732, in parse_results results_per_suite.print_results() File "run_tests.py", line 683, in print_results result.get_testcase_names(failed_test_id) TypeError: 'NoneType' object is not iterable Type: test Change-Id: I2c5ae0b9e11be6bfb4490d9ce057db0b0a84c9bf Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-16tcp: fix rxt delivered without sacksFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I69c245cb0e3f6d599a3270a485fa0a5845cde8eb
2020-01-16vcl: add rx event on epoll ctl if neededFlorin Coras2-2/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib6d0387076a4bb0b52e4cdfdcd62b6060b704fe6
2020-01-16udp: fix ipv6 listen port registrationFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7f2233eb9bf3d81a697f76ba985083cf1040e2e9
2020-01-16tcp: fix listen node coverity warningFlorin Coras1-11/+12
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5ec3ec4f46d3840c2b3c3005f093b5dddefc289
2020-01-16vppinfra: fixing compilation issues in 32-bitVijayabhaskar Katamreddy1-2/+3
Fixing compilation issuues for 32-bit also setting init flag for shm based bihash Type: fix Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com> Change-Id: Ic2072c5ba7fc77d061ca9f1b844a71f6e22e58b2
2020-01-15build: Add missing version.h dependency in vnetChris Luke1-1/+1
Two modules in vnet include vpp/app/version.h but there is no explicit build dependency for this generated file. This leaves a race condition in the build system that the Coverity build has recently started triggering. Change-Id: I8e2bb32feeb16e1bdd8efb0d2633cfdba60f51aa Type: fix Signed-off-by: Chris Luke <chrisy@flirble.org>
2020-01-15misc: Initial 20.05-rc0 commitAndrew Yourtchenko1-0/+5
Type: docs Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Change-Id: I935a28d96078629607b23ce9c2aecec47e88b0b1 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-01-15ip: align reass.save_rewrite_lengthv20.05-rc0Klement Sekera3-20/+13
By aligning vnet_buffer_opaque.ip.save_rewrite_length and vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow virtual reassembly code from overwrite save_rewrite_length, allowing other features down the pipe to rely on this value. A static assert is added to guard this alignment. Type: fix Fixes: f126e746fc01c75bc99329d10ce9127b26b23814 Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-01-15build: install vpp_echo for CSIT QUIC perf testsDave Wallace1-1/+0
Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e
2020-01-15tcp: fix tcp check tx offload issueSimon Zhang1-2/+6
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I3b8755831d762abf51e1cbe1b57024f9297de9a4 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-01-15tls: enable async node on demandYu Ping1-3/+1
Type: fix Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-15ip6: during icmp to icmp6 translation truncate error messagesAlexander Chernavin1-2/+2
All translated ICMPv6 packets that exceed the minimal IPv6 MTU get truncated but according to RFC 4443 2.4 only ICMPv6 error messages (type < 128) need to be truncated. With this commit, truncate only ICMPv6 error messages. Type: fix Change-Id: Ic455352de2ff4ff6aa3421b46a2a54923f2d3f80 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-15quic: add FEATURE.yamlAloys Augustin2-0/+11
Type: docs Change-Id: Ica60b42e64703879c5c229209e4a4fac278bda31 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-01-15srv6-mobile: Revert "srv6-mobile:"Andrew Yourtchenko16-2117/+329
This reverts commit 57584d99dd8a8524db90c67c88525d58879d9b8e. The reasons for reverting: - the documentation seems "work in progress". Also, 500K of pngs should probably go on wiki, rather than in the repo. Please make sure that newly added documentation renders correctly and sensibly as part of the review/commit process. - runner.py seems to contain unit tests, so it should be rewritten in a manner that allows the testing from within CI (including an unprivileged docker container) - the above items, especially the testing one, warrant more work, and at a RC1 milestone time it is probably not a good idea to include a significant patch without proper care. I suggest to prepare it so it is ready for the next release, or cherrypick it for a 20.01.1 release, if having it in stable/2001 is absolute necessity. - when submitting it, ensure that the commit message makes sense, especially having "srv6-mobile:" with no further text should be absolutely avoided. Change-Id: If81441f7ebf11a6ad5638b1327faf18e8ebe6a35 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-01-15tls: add picotls session close processSimon Zhang1-1/+10
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
2020-01-14tcp: handle ack advancement with no holes and renegingFlorin Coras2-2/+36
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
2020-01-14tests: fix worker thread initializationPaul Vinciguerra3-11/+19
from threading.thread __init__: This constructor should always be called with keyword arguments. If a subclass overrides the constructor, it must make sure to invoke the base class constructor (Thread.__init__()) before doing anything else to the thread. Type: test Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-14srv6-mobile:Tetsuya Murakami16-329/+2117
Type: feature Add new functions in SRv6 Mobile Plug-in GTP4.DT and GTP6.DT Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I573a0c27bd463dd56a4d11b940941b8a8c826e08 Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-01-14classify: Reduce the include dependencies on vnet_classify.hNeale Ranns7-1/+6
Type: refactor currently vnet_classify.h is included in ip.h where it's not required. Change-Id: Id55682637601655aa2edda681536a979c8e323bd Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-14dpdk: enforce max tx retriesBenoît Ganne1-0/+1
n_retry was never decremented and so never enforced. Type: fix Change-Id: I71d60a72c156286f7e5b82b1c77a723361317c69 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-13acl: Remove unsued typeNeale Ranns2-53/+31
Type: style and add some indent offs. Change-Id: I31cf3ab9ff9b64d2cd1f2034dcedd4a9c453efb4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-13ct6: dst,src copy typoNeale Ranns1-1/+1
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I266fa5dc637383fd8dac6592c9c266a1b70a73e9
2020-01-13misc: feature file for unsupported feature l2tpOle Troan1-0/+8
Type: docs Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I11db583650bc051f88f38358b877410f355b110f Signed-off-by: Ole Troan <ot@cisco.com>
2020-01-13tests: disable the tap test for the time beingAndrew Yourtchenko1-1/+1
TAP tests require root access, which breaks the testing in unprivileged scenario. Disable the test until we find consensus on how to deal with it. Type: test Change-Id: I66ee2b130723233682d858cad0b6e424ab0b2383 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-01-13tls: enable TLS OpenSSL plugin works in 3.0.0Yu Ping1-0/+5
Type: fix Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-11misc: VPP 19.08.1 release notesAndrew Yourtchenko1-0/+69
Change-Id: I365696bfcf11fcc74a698f764dec62e470fc7853 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Type: docs
2020-01-11ip: avoid fib lookup for consecutive pkts having same source IPNitin Saxena1-5/+5
Type: fix Fixes: be2286b0 This patch does following: - If terminating frame has consecutive packets with same source IP, this patch avoids fib lookup for those packets in ip4-local node. This drops cycle count for ip4-local node on both ARM and x86. It being done by enabling dead code in else {} case of ip4_local_check_src_x2() and ip4_local_check_src() functions. - In case all packets in terminating frame have unique source IP (e.g: incrementing), ip4-local is costlier by 2 cycles (broadwell) Change-Id: I472ddc324716cec8bfe601568b8aeb7565f97ab3 Signed-off-by: Nitin Saxena <nsaxena@marvell.com>
2020-01-10gso: add FEATURE.yamlMohsin Kazmi1-0/+12
Type: docs Change-Id: I64743c9f5ad7eef21855e883e1a00f355fddf3ee Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2020-01-10sr: feature YAML files for Segment Routingpcamaril5-0/+49
Type: docs Signed-off-by: pcamaril <pcamaril@cisco.com> Change-Id: Ia35d18113e17fd2ba5310e81ca527d3569cd110e Signed-off-by: pcamaril <pcamaril@cisco.com>