aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-03-02session: first approximation implementation of tlsFlorin Coras29-171/+1767
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02tapv2: CLI and binary API fixesSteven4-11/+11
1. When interface create encouners an error (see test below), the same id cannot be used again. This is due to hash_set is called too early in the function. After the hash entry is set, there are different errors may cause the interface create to be aborted. But we didn't remove the hash entry when error is encountered. The fix is to move the hash_set call near the end which has no more "goto error" DBGvpp# create tap id 1 rx-ring-size 1021 tx-ring-size 1021 create tap id 1 rx-ring-size 1021 tx-ring-size 1021 create tap: ring size must be power of 2 DBGvpp# create tap id 1 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 create tap: interface already exists DBGvpp# 2. multiple issues exist with api_format.c with the below command binary-api tap_create_v2 id 4 hw-addr 90:e2:ba:76:cf:2f rx-ring-size 1024 tx-ring-size 1024 - hw_addr is not taken due to the test for random mac is inverted - id is an integer, not a string - integer values were not converted to network format Change-Id: I5a669d702a80ad158517df46f0ab089e4d0d692e Signed-off-by: Steven <sluong@cisco.com>
2018-03-02NAT44: interface output feature and service host direct access (VPP-1176)Matus Fabian3-6/+161
forwarding mode: session initiaded from service host - translate session initiaded from remote host - do not translate Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-01Change tcp config to reflect some recent changes.John DeNisco7-3/+3
Change-Id: Ic151be9ff7114c1fdec22d5ad056654960cf12b2 Signed-off-by: John DeNisco <jdenisco@cisco.com>
2018-03-01SCTP: API to delete a sub-connectionMarco Varlese4-2/+106
This patch adds an API to delete a sub-connection following a SRC/DST IP mapping as required by the RFC4960. Change-Id: I7673dd07352557442ffeed6c6c00da274b24953d Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-016RD: Rewritten 6RD RFC5969 support.Ole Troan22-731/+1230
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-01STN: Fix stn_rules_dump/details to follow API conventionOle Troan3-8/+8
Change-Id: I94f6c35bf751d25ca7fe7c67054e676a3ad2241b Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-01Fix ERSPAN encap to set EN bits in the header and add test caseJohn Lo4-11/+112
For ERSPAN encap, both bits in the EN field of the header should be set to indicate any VLAN tag in the original Ethernet frame is preserved. Added SPAN L2 test case where the mirrored packet output is a GRE ERSPAN tunnel. Change-Id: Ie7a40992a9278469c24aa6fa9e122b4505797d10 Signed-off-by: John Lo <loj@cisco.com>
2018-03-01SCTP: API to add a sub-connectionMarco Varlese8-39/+248
This patch adds an API to add a sub-connection following a SRC/DST IP mapping as required by the RFC4960. At the same time, it changes the way the next available sub-connection is being calculated: rather than having an index in the parent connection which is prone to many issues at run-time, the next available sub-connection is being calculated by looking at the state of the set sub-connections and if marked as DOWN it means that is an available slot to be used. Change-Id: I662be6a247bfbbe8bf9aaf3f485183c07ef862fe Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-01PAPI: pycodestyle on vpp_papi.pyOle Troan1-22/+36
Change-Id: I15cf4a9fd2d2518df4bfffc1ba3c556a87ca5afa Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-01session: zero out ips in local endpoint lookup only if localFlorin Coras3-29/+75
Change-Id: I3425b1533b3d31210166e7b3798685464ad1c489 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-01make test: Add VCL LD_PRELOAD testsDave Wallace1-76/+117
- Refactor test code into VclTestCase object. - Add LDP cut thru and thru host stack tests. Change-Id: I2b16473df108004c79cc86fe1b7a789485b2dc5b Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-28Adjust vpp-selinux-policy postinstallMatthew Smith1-1/+1
Only run semodule command on hosts where selinux is enabled. Change-Id: I7bcfc758e44bb0f41ec657ad395352ddb92766eb Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-28tapv2: abort in tap_create_if (VPP-1179)Steven1-0/+1
The following command sequences cause the crash: create tap id 0 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 set interface state tap0 up set interface state tap1 up delete tap tap0 delete tap tap1 create tap id 0 rx-ring-size 1024 tx-ring-size 1024 0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46 (vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails The reason for the crash is because when the tap interface is deleted, the code does not remove the entry from the device queue. But the interface is deleted anyway from vnet_main.interface_main.hw_interfaces. When an interface is created again, it may encounter the deleted entry in the device queue and crash. Notice create and delete a single entry does not cause a crash. Need to create and delete 2 interfaces to create a "hole" in the device queue. Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f Signed-off-by: Steven <sluong@cisco.com>
2018-02-28at af_packet input, drop partial packets to prevent l4 checksum deadloop at ↵Chaoyu Jin1-4/+17
ouptut Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4 Signed-off-by: Chaoyu Jin <chjin@cisco.com>
2018-02-28Fix SELinux capabilities. Creating a tap interface with 'tap connect' was ↵Victor Nguyen -T (victong2 - OTHERWISE PORTAGE at Cisco)1-2/+2
returning an error when VPP was launched as a service (tested on CentOS 7.3). Adding 'net_admin' to SELinux capabilities for VPP solves the issue. Change-Id: Icd0529b49adb86e7b371283a6f39af03816951c5 Signed-off-by: Victor Nguyen <victong2@cisco.com>
2018-02-28SCTP: handle COOKIE while in SHUTDOWN phaseMarco Varlese3-20/+40
This patch address the requirement to handle a COOKIE chunk whilst in SHUTDOWN phase. The COOKIE shouldn't just be dropped but an OPERATION ERROR chunk shall be sent to the peer to inform about the current situation. Change-Id: I1a47652402d49cfee3b0c810304d7902f3a62f40 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-27vnet/interface: vnet_(put|get)frame_to_sw_interface is not worker thread awareSteven1-2/+2
When heavy traffic is running using worker threads, it may crash here DBGvpp# 0: /home/sluong/vpp3/vpp/build-data/../src/vlib/main.c:1128 (dispatch_pending_node) assertion `f->flags & VLIB_FRAME_PENDING' fails Thread 1 "vpp_main" received signal SIGABRT, Aborted. 0x00007ffff5d50428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) No crash was observed if only main thread was used. Change-Id: I96f8b02ec23accc85c0f1ddecfeff6043b5e3c2b Signed-off-by: Steven <sluong@cisco.com>
2018-02-27memif: Fix a message initialization problem in VATJon Loeliger1-3/+2
The VAT calls to MEMIF_SOCKET_FILENAME_ADD_DEL erroneously cleared the message memory after the M() macro call and thus lost their message id. Don't do that. While in the neighborhood, prevent a string copy from referencing data that doesn't belong to the filename string. Change-Id: Ib4309608ed617ef4f193880ecf4a0b35fda65e51 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-27sctp: sctp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is ↵Steven1-1/+1
enabled Fixed a typo in sctp_push_header(). It was inherited from tcp_output.c Change-Id: I810fcb4c24cfd3d54f15da72a5184cfc4df24592 Signed-off-by: Steven <sluong@cisco.com>
2018-02-27VOM: interface: Fix the vhost user interfaceMohsin Kazmi2-1/+5
Change-Id: I38904dafb4110322ec0138f7a5b3a65c96426b2b Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-02-27make test: refactor vcl test casesDave Wallace2-89/+81
- Reduce replicated code in test cases - Configure separate namespace secrets for thru hoststack test case to validate namespace secret functionality. - Pass per-instance environment variables to Worker class init function. Change-Id: I3cd5d4538f105cbfb09671c4d761541b40714b8f Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-27SRv6: API uses table-IDs not FIB indiciesNeale Ranns1-3/+3
Change-Id: Iacbf7593ef9c03000db502e68335ac3ae18995d7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-26Added u8x16,u32x4,u64x2 variants of _zero_byte_mask(x) for ARM/NEON ↵Adrian Oanca2-8/+24
platform. VPP-1129 Change-Id: I954acb56d901e42976e71534317f38d7c4359bcf Signed-off-by: Adrian Oanca <adrian.oanca@enea.com>
2018-02-26SCTP: Handle a COOKIE ECHO/ACK when a TCB ExistsMarco Varlese4-17/+146
This patch addresses the requirements depicted in section 5.2.4 of the RFC 4960. It also takes care of handling the ERROR chunk and obviously the STALE COOKIE error. Change-Id: I6b88a9371546b18a52abac22f7c593a5f16be838 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-26SCTP: handle INIT corner-case handlingMarco Varlese4-5/+215
As per RFC4960 the INIT chunk could be received in unexpected scenarios and - depending on the state of the internal state-machine - the INIT chunk requires different treatment. This patch addresses section 5.2.1 and 5.2.2 of the RFC4960. Change-Id: Ib23ef490c6a5ca3da6c46a9584b75e7577cb7042 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-26Fix current data offset to use vlib_buffer_get_current in input/output ACLSteve Shin1-5/+5
vlib_buffer_get_current() should be used for current data offset in ACL. This is required for output ACL where packets are decoded through a vxlan tunnel rx node. Change-Id: I6f739f251c3eb0d59ee4ae0da97aa04ddf667468 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-26vlib: use vfio fd for accessing PCI config spaceDamjan Marion1-32/+29
Change-Id: Id5c76a529ab9969334207790babcdc420a9c58ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-26Python: addressing PEP8 deprecationMarco Varlese1-2/+2
PEP8 has been deprecated and python users are being asked to migrate to pycodestyle. Change-Id: I52d5f7b2bf72156216a9966e8322ec58763f24d4 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-26update BIER scapy patch to match the scapy repo PRNeale Ranns1-4/+2
Change-Id: I4953b8444b49d1ad445c98a199ae8fd1635e24a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-26IPv6 MLD; pointer address used as hash keyNeale Ranns1-3/+3
Change-Id: I7b2f52b2b2ce13f27bddc8750b8fc564bf6ab73e Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-02-26vnet: add 25G interface speed flagDamjan Marion2-2/+10
Change-Id: I1d3ede2b043e1fd4abc54f540bb1d3ac9863016e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-26vlib: add vlib_buffer_free_from_ringDamjan Marion1-0/+26
Change-Id: I63f7b14cd63eac9e64cace5d941190096ad148dc Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-26vnet: add vnet_device_input_have_features functionDamjan Marion1-0/+7
Change-Id: I28cfa7f7f5e4938146478c4a5cc5ad18612aadaa Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-26vlib: fix formatting in pci_config.hDamjan Marion1-103/+111
Change-Id: I5ce40f82e42be19f0f4d882ab194e5a25980adc1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-25Fix bug in dpdk_crypto_session_disposal()Matthew Smith1-0/+2
The expression to determine whether to delete a session from the disposal list only evaluates true if some, but not all, of the sessions in the list were freed. When all sessions in the list are freed, it evaluates false and the sessions are left in the list to be freed again later, which can result in a session pool element that was reallocated to a different SA being freed, breaking crypto for the newer SA. Add an 'else' that handles the case where all sessions were freed. Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-25vapi: handle more magicKlement Sekera1-3/+15
Change-Id: I25cbf947d6aabadbf637387497104cb301762def Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-25SCTP: fix connection memory corruptionMarco Varlese5-16/+26
A bug was found when multiple SCTP connections were being opened to the same SCTP server. This patch addresses that problem, removing the use of the 'parent' pointer approach for sub-connection and saving instead within the sub-connection itself the ID representing its position. That facilitates pointer-arithmetic to be computed in the get_connection_from_transport(). Change-Id: Iaa1f4efc501590be1c93e42fd6fe3d6e02f635eb Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-24dpdk: Add option to specify cache line size for dpdk buildDamjan Marion1-0/+2
Change-Id: Ib3361eded05babfc17ead28af7d252e7503ce141 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-24Fix crypto session deletion crashMatthew Smith1-6/+9
When using a DPDK cryptodev with IPsec, deleting a session often results in a SEGV. A bad pointer is being passed to rte_cryptodev_sym_session_free(). Put the correct value on the crypto disposal list and add a check to determine whether the call to free the session is going to result in a crash before doing it. Change-Id: I8a6b0a594585ebcfa56b555ede7ef7d67e5e2b33 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-24LDP: Refactor epoll_ctl wrapper.Dave Wallace5-50/+350
- Add AF_UNIX transaction to sock_test_client/server echo test to verify mixed epoll ldp implementation. - Misc cleanup / refactoring of ldp code. - Fix LDP_DEBUG in test/socket_test.sh Change-Id: Ib524c824728f109007d8c4d07d74603b6c687902 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-24u8x16_compare_byte_mask - optimize to use 128bit registers as suggested by ↵Adrian Oanca1-24/+9
Nintin Change-Id: I88aabd34ef385d620695ac17ec3fe2f4a5177ada Signed-off-by: Adrian Oanca <adrian.oanca@enea.com>
2018-02-23VXLAN: Instance numbers now properly freed upon delete.Jon Loeliger1-1/+1
Fixes a small bookkeeping oversight where the VXLAN instance numbers were being freed erroneously by their device_instance number rather than the correct user_instance number. Change-Id: I08f6b2089c7a14cc8a8cb91f04f850f60ecec43b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-23VCL/LDP: Suppress trace output unless debug is enabled.Dave Wallace2-26/+32
Change-Id: Iaef2fe4b8c6b57d54ef6309423c9a0acba8a2f89 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-23Convert a pcap file to a set of C initializersDave Barach3-2/+148
Change-Id: Ieb6b7a75fa23c8142ae15f42cd3a703253f39e10 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-23DPDK: disabling DPAA since broken for 18.02Marco Varlese1-0/+6
Change-Id: I1e0cea8e7ea6d8a777ca38abb61f4c093f29c722 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-23Disable scatter-gather for ENAMatthew Smith1-0/+1
ENA doesn't support scatter-gather. The PMD started failing rte_eth_dev_rx_queue_config() in DPDK 18.02 if the flag to enable it is set. Turn the flag off in dpdk_lib_init(). Change-Id: Ifdd9f188c89b46efe82412c75fb935a92436da1c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-23Add prefetch inlines, update bi-hash doc tagsDave Barach2-12/+90
Change-Id: I2e9d01ccba5288e89b886464436097d3cb7d2d18 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-22VOM: vhost-use interfacesNeale Ranns8-16/+332
Change-Id: Iee1574d1f0f081ccc4a90fd9825a0b5e254aa642 Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-02-22make test: tidy worker subprocess outputKlement Sekera1-1/+1
Change-Id: I362765a67762a59775863af12b712abb47445b3a Signed-off-by: Klement Sekera <ksekera@cisco.com>