summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-06-05ipsec: fix sa counters in esp-encryptDamjan Marion1-4/+7
Type: fix Fixes: c59b9a2 Change-Id: I6021e67196a4d31ab11d4e3cfbda34b678150701 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-06-05ipsec: fix sa counters in esp-decryptDamjan Marion1-6/+7
Type: fix Fixes: b4fff3a Change-Id: I2552cbc0a02e7445825a5a4ce290cde3d10c5f0b Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-06-05Switch atomic release API from __sync to __atomic builtin.Sirshak Das1-1/+1
__sync_lock_release switched to __atomic_store for code consitency, although both generate same instructions with current compilers. Change-Id: I37d320509e43a4c2b8a49af6346dc4a43ca2f535 Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
2019-06-05Switch atomic test and set API from __sync to __atomic builtinSirshak Das1-1/+1
__sync_test_and_set uses full memory barriers for AArch64, __atomic_exchange(ACQUIRE) would use load acquire. Change-Id: Ifdf2481db3b9dde6c5842d75671402862adb6d81 Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Honnappa Nagarahalli <Honnappa.Nagarahalli@arm.com>
2019-06-05avf: enable promiscuous modeSteven Luong3-1/+18
In order to receive multicast packets from the VF interface, promiscuos mode must be enable. Type: fix Fixes: b4ff07a Change-Id: I549bc37a05895d3355f2832c200e9262c95a27b5 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-06-05In ip6_mfib_forward_rpf_node,is_v4 should be 0.mu.duojiao1-1/+1
Change-Id: I9de63cebfcef8898d0ea4c9c2b7451b168b06c2c Signed-off-by: mu.duojiao <mu.duojiao@zte.com.cn>
2019-06-05L3 cross connectNeale Ranns11-4/+1434
- all packets input on interface X are load-balanced over the set of paths provided. Change-Id: Ic27cb88c4cd5d6d3462570632daff7a43d5a652d Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-05IPSEC: some CLI fixesNeale Ranns6-10/+44
Change-Id: I45618347e37440263270baf07b2f82f653f754a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04Tests: simple refactor in vpp_pg_interface.Paul Vinciguerra1-25/+23
Pull common code into a single method. Type: refactor Change-Id: Ic540d23eebbd17f838ed7a1a9dee80815a27847c Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-06-04elog: make elog_string() multi-thread safeSteven Luong1-0/+2
elog is supposed to be thread safe. Yet elog_string() is not. To fulfill that promise, let's make elog_string() thread safe to avoid surprises. Change-Id: Iab82faa7cb6719777a66c3ff14775e59a6a68a20 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-06-04punt: fix the set_punt API/CLI which was rejecting valid portsNeale Ranns2-12/+31
add a UT for the API Change-Id: I93fb6ec2c5f74b991bf7f229250a30c0395b8e24 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04features will register udp ports once configuredJakub Grajciar4-18/+38
plugins: - ipfixcollector vnet: - geneve - vxlan_gpe - vxlan Change-Id: I69a8b4017ee6990f2b4874fe3e94c4520bde7101 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2019-06-04Fix: bug prevented IPsec ipv4 SPDs to show correctlyGuillaume Solignac1-4/+9
Because of the initialisation of the end of the range, the command show ipsec spd on an ipv4 SPD didn't work correctly. Change-Id: I3582382197bb6edef4fb077aac1e927ef4581cbf Signed-off-by: Guillaume Solignac <gsoligna@cisco.com>
2019-06-04sort worker-thread init functions in advanceDave Barach5-12/+71
Otherwise, all N worker threads try to sort the list at the same time: a good way to have a bad day. This approach performs *far* better than maintaing order by adding a spin-lock. By direct measurement w/ elog + g2: 11 threads execute the per-thread init function list in 22us, vs. 50ms with a CLIB_PAUSE() enabled spin-lock. Change-Id: I1745f2a213c0561260139a60114dcb981e0c64e5 Signed-off-by: Dave Barach <dave@barachs.net>
2019-06-04stats: removing empty object in stats vectorOle Troan2-2/+4
Type: fix Change-Id: I9b6bdacdb9a0750834de9a93d8c3f7ed827ce3c8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-06-04Punt: specify packets by IP protocol TypeNeale Ranns12-41/+442
Change-Id: I0c2d6fccd95146e52bb88ca4a6e84554d5d6b2ed Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-04mactime: upstream new featuresDave Barach6-25/+161
Add per mac address data quotas (simple version) Add mini-ACLs to turf "call home" traffic from a certain species of security DVR. Add FEATURE.yaml Update the API version number Type: feature Feature-name: mactime Change-Id: Ida6945f7791ab43909afa68dcf2f652b20c53afd Signed-off-by: Dave Barach <dave@barachs.net>
2019-06-04dpdk: rework extended statsFilip Tehlar4-47/+33
Change-Id: I421192e1921d4c9c5486a6dcca745582aebf4e3e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-06-04startup: remove dpdk linking bonding configurationZhiyong Yang1-10/+0
As dpdk linking bonding code has been removed by the patch https://gerrit.fd.io/r/#/c/19867/, corresponding configuration info should be removed. Change-Id: I048ae068619c83190252a75284bd5306ce61611e Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-06-04srp: leverage vlib_buffer_get_currentZhiyong Yang1-3/+3
Change-Id: I8e4592734cd8343cd95b32ad8617fed4aec3f590 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-06-04vom: Add bridge domain unknown unicast flooding flagMohsin Kazmi4-5/+54
UU flood can be disabled or enabled using this flag in a bd. Change-Id: I799be2742b599783eec019b5fd295c3b940eb3e8 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-06-03GBP: add subnet cli commandBenoît Ganne1-2/+85
Change-Id: I0f631da9d13df2d9c32bad879b2a6034cb847378 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-06-03ARP: add feature arcNeale Ranns7-168/+508
- arp-input, registered with the ethernet protocol dispatcher, performs basic checks and starts the arc - arp-reply; first feature on the arc replies to requests and learns from responses (no functional change) - arp-proxy; checks against the proxy DB arp-reply and arp-proxy are enabled when the interface is appropriately configured. Change-Id: I7d1bbabdb8c8b8187cac75e663daa4a5a7ce382a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-03crypto_ia32: native AES-GCM implementationDamjan Marion5-1/+1046
Change-Id: I006a150577e897731649f21908b4789e2eb485c3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-06-03vom: Add bridge domain arp unicast forwarding flagMohsin Kazmi4-3/+48
Change-Id: Iede47e8d9e168125bcd938cca6182c9270dcb5c4 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-06-02IPSec: memcpy of integ key borkNeale Ranns1-1/+1
Change-Id: Icd76769d841792eb2d59ffc23c557dcca9ddc580 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-31VPP-1692: move NULL pointer checkDave Barach1-5/+5
TBH, this looks like merge damage or some such. Perfectly fine NULL pointer check, about three lines after it was needed. Change-Id: I52831062e30533a59fb76b644ee5ae389676d2ae Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-31tools: FEATURE.yaml meta-data infrastructureOle Troan6-3/+191
Add tooling for feature metadata configuration files. The main tool is in src/scripts/fts.py make checkfeaturelist to validate against schema. make featurelist to dump all feature lists to stdout. Example feature definition: name: IP in IP tunnelling maintainer: Ole Troan <ot@cisco.com> features: - IPv4/IPv6 over IPv4/IPv6 encapsulation: - Fragmentation and Reassembly - Configurable MTU - Inner to outer Traffic Class / TOS copy - Configurable Traffic Class / TOS - ICMPv4 / ICMPv6 proxying - 6RD (RFC5969): - Border Relay description: "Implements IP{v4,v6} over IP{v4,v6} tunnelling as described in RFC2473. This module also implement the border relay of 6RD (RFC5969)." state: production properties: [API, CLI, STATS, MULTITHREAD] missing: - Tunnel PMTUD - Tracking of FIB state for tunnel state - IPv6 extension headers (Tunnel encapsulation limit option) JSON schema is embedded in fts.py Example markdown: https://github.com/otroan/scratch/blob/master/features.md Change-Id: I903b4ee6b316a9378c259e86dc937092e5d4b7da Type: make Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-31VPP-1640 - Missing rules in vpp-selinux-policyBilly McFall1-1/+2
SELinux exceptions occurring for host interfaces and with the vmxnet3 driver. Change-Id: Ia22bd82572acfa07ae287a755830abe1413f9939 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-05-31VPP-1679 - SElinux rules are not set accordinglyBilly McFall1-2/+4
Updates to the VPP SELinux policy to support the MLX5 DPDK driver. Change-Id: I089ede88a5e9c4152178f8cf9be5ee14d8a9130f Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-05-31VPP-1640 - Missing rules in vpp-selinux-policyBilly McFall1-0/+212
Add additional section to the SELinux documentation to describe how to collect debug information when SELinux issues are encountered. This is purely a documentation change. Note: Merged seperate from SELinux Policy change in case policy change needs to be cherry-picked to older releases. Change-Id: I7ba3d3c7d84171b503d956eb01e13a680b4d53fc Signed-off-by: Billy McFall <bmcfall@redhat.com>
2019-05-31crypo_ia32: don't optimize debug buildsDamjan Marion2-1/+5
Type: fix Fixes: d5023a72 Change-Id: I17cf7887d1274cf3ca9301ec87b8c8f539359456 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-05-31Update vnet hardware flags if link state changesDave Barach1-1/+9
Explains a variety of hard-to-diagnose problems with certain Atom and Denverton NIC types. I finally tripped over a highly-repeatable failure: home gateway use-case bitten by refusal to negotiate a DHCP lease for the trunk port. The dhcp client won't send pkts unless VNET_HW_INTERFACE_FLAG_LINK_UP is set on the tx hw interface: /* Interface(s) down? */ if ((hw->flags & VNET_HW_INTERFACE_FLAG_LINK_UP) == 0) return; Change-Id: I17ef2ba7b39078555fa27d2d874a60c67e1530ee Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-31bonding: add support for numa awarenessZhiyong Yang4-12/+90
This patch enables bonding numa awareness on multi-socket server working in active-backeup mode. The VPP adds capability for automatically preferring slave with local numa node in order to reduces the load on the QPI-bus and improve system overall performance in multi-socket use cases. Users doesn't need to add any extra operation as usual. Change-Id: Iec267375fc399a9a0c0a7dca649fadb994d36671 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-30nat44: fix CLI doc errorjackiechen19851-2/+2
Change-Id: Iac6bd29389839c9eb8c1ff2105b4da69b6e1ce3e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-30IP load-balance; perf improvement using the usual reciepeNeale Ranns2-305/+233
before and after: ip4-load-balance 1.54e1 ip4-load-balance 1.36e1 p.s. Quad loops were not beneficial Change-Id: I7bc01fc26288f0490af74db2b1b7993526c3d982 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-30FIB: correctly report IPv6 FIB Unicast and Multicast memory usage (VPP-1578)"Neale Ranns9-18/+320
and document scaling Change-Id: I65d8999e65616d77e525963c770d91e9b0d5e593 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-3019.04.1 Release NotesDave Wallace1-7/+16
Change-Id: I2a69b29b9ecea2bfdf1832c184c7e63058a33b94 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-05-30lisp-cp: start lisp retry service on demandFlorin Coras2-8/+18
Change-Id: I07681d94301e19389dda0caacd5a93b21d9aff1f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-30sample-plugin: refactor .api to use explicit typesOle Troan1-8/+9
Use explicit types in .api definition. Change-Id: Ib4c3c4ab6282a6d443e3d19af029dc091b462dac Type: refactor Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-30ipip: refactor ipip.api with explicit typesOle Troan4-61/+84
Use explicit types vl_api_address/prefix in ipip.api. Change-Id: Ib3133cebdbe4437742924efd49cde4009c4cc31b Type: refactor Signed-off-by: Ole Troan <ot@cisco.com>
2019-05-30dpdk: remove bonding codeDamjan Marion7-252/+12
We have native implementation and we should not maintain both.... Change-Id: Ic09ebffda52cdc733b3cfeff06690e0d3cc08084 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-05-30dpdk: bump to 19.05Damjan Marion2-1/+4
Change-Id: I738ff20a1ebb1cc70fb6ddb40791b6747cada372 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-05-30NAT: create bypass in correct thread if workers>1Alexander Chernavin1-9/+40
Change-Id: I70817579a09a7026f5fa7c8e71babded891ea285 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-05-30Start the dns resolver process on demandDave Barach3-8/+19
Change-Id: Iab27b405fb3ca7aed94ae974d57c286c41298c3a Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-30IPsec: modify post-decrypt buf len calculationMatthew G Smith1-2/+2
For tunnel mode, after decryption the buffer length was being adjusted by adding (iv length + esp header size). Subtract it instead. Required for BFD to work on an IPsec tunnel interface. BFD verifies that the amount of received data is the expected size. It drops the packet if the buffer metadata says that the packet buffer contains more data than the packet headers say it should. Change-Id: I3146d5c3cbf1cceccc9989eefbc9a59e604e9975 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-05-30mpls: leverage vlib_buffer_advanceZhiyong Yang1-7/+4
Change-Id: I363a4444f4d296f04371acd65c702b1a1ce70913 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-30osi_input: leverage vlib_buffer_get_currentZhiyong Yang1-3/+3
Change-Id: Ib9297b712ff7d08bf085fb0b6c9e6ffd83c5fa57 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-29gtpu: unit-test check udp portsJakub Grajciar1-0/+87
Change-Id: I3efbbb1aefb43ecdf7016541b97343f9ca41f842 Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2019-05-29ipsec: fix perf issue in esp_aad_fillDamjan Marion1-4/+7
Type: fix Fixes: 47feb11 Change-Id: I6b3b97cd361eef19c910c14fd06edb001a4c191b Signed-off-by: Damjan Marion <damarion@cisco.com>