summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-02-07classifier-based ACL: refactor + add output ACLAndrew Yourtchenko21-502/+719
For implementation of MACIP ACLs enhancement (VPP-1088), an outbound classifier-based ACL would be needed. There was an existing incomplete code for outbound ACLs, it looked almost exact copy of input ACLs, minus the various enhancements, trying to sync that code seemed error-prone and cumbersome to maintain in the longer run. This change refactors the input+output ACLs processing into a unified routine (thus any changes will have effect on both), and also adds the API to set the output interface ACL, with the same format and semantics as the existing input one (except working on output ACL of course). WARNING: IP outbound ACL in L3 mode clobbers the ip.* fields in the vnet_buffer_opaque_t, since the code is using l2_classify.* The net_buffer (p0)->ip.save_rewrite_length is rescued into l2_classify.pad.l2_len, and used to rewind the header in case of drop, so that ipX_drop prints something sensible. Change-Id: I62f814f1e3650e504474a3a5359edb8a0a8836ed Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-02-07Refactor vlib_buffer flagsDamjan Marion17-169/+152
Change-Id: I853386aebfe488ebb10328435b81b6e3403c5dd0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-07SCTP: address coverity-scan warningsMarco Varlese2-19/+10
Change-Id: Iba7c398a398e24b96eb536bbcefa841bd153a205 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-07libmemif: cleanup queue info while memif connectingChun Li2-1/+5
Change-Id: I4265fd0606f87f80f43f7f59ced1c3a73de82776 Signed-off-by: Chun Li <chunl2@cisco.com>
2018-02-06Fix clang -Wvarargs compile errorsDamjan Marion3-5/+5
error: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Werror,-Wvarargs] Change-Id: Id342beea916ec73e29e399087532caecfa19055f Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-06Fix clang implicit conversion errorsDamjan Marion2-14/+16
Change-Id: I1771a1cca2a4bc394677b2a18f14c47f0633fa77 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-06vlib: epoll on worker threadsDamjan Marion12-42/+204
This patch teaches worer threads to sleep and to be waken up by kernel if there is activity on file desctiptors assigned to that thread. It also adds counters to epoll file descriptors and new debug cli 'show unix file'. Change-Id: Iaf67869f4aa88ff5b0a08982e1c08474013107c4 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-06SCTP: handling of heartbeating and max-retransmitsMarco Varlese4-57/+164
This patch address the need to send/receive heartbeats between peers. At the same time, the number of unacked heartbeats is tracked and when the peer requests to send DATA to the remote-peer the value of unacked heartbeats needs to be checked against the maximum value allowed for retransmissions. If the unacked heartbeats value is higher then the remote-peer is considered unreachable and the connetion needs to be shutdown. Change-Id: I2b1a21c26775e734dbe82486f40982ed5702dc63 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-06make test: don't test/set parameters in dockerKlement Sekera1-0/+11
Do not set UDS related system parameters if DOCKER_TEST is set to "True" as docker environment doesn't contain the necessary /proc/... entries. Change-Id: Id85e4512c7bba6b3feb6e6fd1fbe1e05aa10a341 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-06BIER: fix support for longer bit-string lengthsNeale Ranns17-259/+391
Change-Id: I2421197b76be58099e5f8ed5554410adff202109 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-06VCL: Fix type in trace output.Dave Wallace1-2/+2
Change-Id: I7834e676c23a697a12a6e06111c68450ba787fc9 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-06SCTP: missing spinlock init when multiple threadsMarco Varlese1-2/+5
When the number of threads results being more than 1, the spinlock structure requires to be initialized otherwise subsequent calls to the "lock" API (clib_spinlock_lock_if_init) would result in a void operation. Change-Id: Ia268c4687252e41962bb3f1217f0a849d8c40385 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-06Reflexive ACL support on ICMPSteve Shin1-25/+113
Normally session keys are generated by mirroring the packets sent. ICMP message type should be used and inverted for the stateful ACL. Supported ICMP messages with this patch: - ICMPv4: Echo/Timestamp/Information/Address Mask requests - ICMPv6: Echo request/Node Information Queury The invmap & valid_new tables can be modified to make any other ICMP messages to be reflexive ACL. Change-Id: Ia47b08b79fe0a5b1f7a995af78de3763d275dbd9 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-02-06Provide page-aligned length to ftruncate.Igor Mikhailov (imichail)1-1/+1
For some files such as hugepages files, ftruncate() fails with the error "Invalid argument" if the 'length' parameter is not on a page boundary. Change-Id: I42a9cde98707da15e3c5d1653046e2277fc7a424 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2018-02-05session: segment manager refactorFlorin Coras21-620/+878
- use valloc as a 'central' segment baseva manager - use per segment manager segment pools and use rwlocks to guard them - add session test that exercises segment creation - embed segment manager properties into application since they're shared - fix rw locks Change-Id: I761164c147275d9e8a926f1eda395e090d231f9a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-05NAT64: Run nat64-expire-worker-walk only when NAT64 is configured (VPP-1162)Matus Fabian2-4/+48
Change-Id: Ic5e8d74bf5ac84cce5661de44778c89541c67636 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-02-05Fix ip4/6_reass_main.ip4/6_reass_expire_node_idx used before setDave Barach3-8/+17
Add an ASSERT to vlib_process_signal_event_helper to catch future instances of passing node_index = 0 to vlib_process_signal_event(). Change-Id: Iec896fc7c3917feb2fd3198cea42851ba88e64e5 Signed-off-by: Dave Barach <dave@barachs.net>
2018-02-05SCTP: calculate RTO / RTT and RTTVAR as per RFCMarco Varlese4-47/+122
This patch addresses the need to calculate the RTO / RTT and RTTVAR according to the rules depicted by the RFC4960 at section 6.3.1 Change-Id: I1d346f3c67610070b3f602f32c7738d58b99ffed Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-05vhost_user: code cleanupHaiyang Tan1-4/+4
1. Replace the magic number '-1' with MAP_FAILED 2. On x86 platform, QEMU uses vhostuser required the memory back-end is file based, the file could be tmpfs(4K page size) or hugetlbfs(2M or 1G page size) Change-Id: If1818cb6833728d641f68e4d4a3bc645e70f2ee6 Signed-off-by: Haiyang Tan <haiyang.tan.dev@gmail.com>
2018-02-03IP reassembly: workaround coverity warningsKlement Sekera2-0/+2
Change-Id: Ide577f036d9d8dcedd99cdb4666a0eaf8a19b92e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-02Clean up for vcl.am, making vppcom.h C++ awareKeith Burns (alagalah)2-10/+22
Change-Id: I2548ebd37e16bed50b5c8046b728415a341413e3 Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
2018-02-02lisp-cp: fix handling of ndp without source link addr VPP-1159Florin Coras1-4/+21
Change-Id: Idddb60bbc7fcc701d39212f6422a6b2f6dc75221 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit cba3675fabe618194bf80a9de0e9c53b89a541ca)
2018-02-02make test: use random seedKlement Sekera1-1/+1
This fixes a constant setting of random seed forgotten from testing. Change-Id: Ie3c4db8bb2b4b73ba33de1ffc02cb563391fd31c Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-02VOM: route-domain find() fixNeale Ranns3-24/+5
Change-Id: I5b7117f3568e3ba979baa15521b2cfc180abb682 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-02vlmemory/svm: fix client detach from svm regionFlorin Coras6-13/+59
Clients cannot know at svm region detach time if the shm backing files have been recreated (e.g., if vpp restarts) and therefore should not try to unlink them. Otherwise, terminating clients attached to previous instantiations of a re-allocated region end up making the new instance un-mappable by removing its backing file. Change-Id: Idcd0cab776e63fd75b821bc9f0fac58217b9ccbe Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-02Add link to 18.01 test framework documentation.Dave Wallace1-0/+1
Change-Id: I030602391ea3b612ac9a6780399cc30b427cc3a5 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 92b15bcea4c6c5e62415a8207463eb9a897630c6)
2018-02-02Update 18.01 Release NotesDave Wallace1-0/+1
Change-Id: Id2f13c59c6f4e7bc79f6e77d6dab752bf6dfb06a Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit a1a382bb2bc2fbf6bf947a24a263fefbe32497e7)
2018-02-02vlib_buffer_clone: allow client to request the maximum number of clones; 256Neale Ranns1-12/+50
Change-Id: Id96dc5d86719546268b50a9999a06387d2d9075c Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-02-02Add L3DSR feature in LB pluginHongjun Ni9-96/+282
L3DSR is used to overcome Layer 2 limitations of Direct Server Return Load Balancing. It maps VIP to DSCP bits, and reuse TOS bits to transfer it to server, and then server will get VIP from DSCP-to-VIP mapping. Please refer to https://www.nanog.org/meetings/nanog51/presentations/Monday/NANOG51.Talk45.nanog51-Schaumann.pdf Change-Id: I403ffeadfb04ed0265086eb2dc41f2e17f8f34cb Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-02-01Out-of-order data chunks handling and moreMarco Varlese4-69/+235
This patch addresses the need to handle out-of-order data chunks received by a peer. To do that effectively, we had to add the handling of data chunks flags (E/B/U bit) to understand whether the stream is fragmenting user-message data and in that case if a fragment is the FIRST/MIDDLE/LAST one of a transmission. The same patch also addresses the security requirement to have a HMAC calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The algorithm used is the HMAC-SHA1. Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-01IPv4/6 reassemblyKlement Sekera35-66/+4322
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-01vxlan: Lookup FIB in either IPv4 or IPv6 families.Jon Loeliger1-4/+5
Prior to this commit, the VXLAN "create" API assumed the vrf_id belonged to only the IPv4 FIB tables space. With this commit, the FIB table is found in either the IPv4 or IPv6 table as determined by the is_ipv6 flag. This follows the same pattern that was already being done in the CLI code for the VXLAN "create" command. Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01FIB: Consolidate several copies of fib_ip_proto() into one.Jon Loeliger5-24/+11
Rather than having multiple copies of the same function scattered around, promote the function into the FIB PROTOCOL definitions in fib_types.h. Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01tcp: tcp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is enabledSteven1-1/+1
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro VLIB_BUFFER_TRACE_TRAJECTORY is enabled. Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59 Signed-off-by: Steven <sluong@cisco.com>
2018-02-01dpdk:fix typo in prefetch sequenceEyal Bari1-2/+2
Change-Id: I7110436626352d45ffe0ca71fb88dea2c77ab639 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-01Add flowhash hash table to vppinfraPierre Pfister5-0/+1009
This hash table intends to provide an alternative to the widely used bihash table in places where either: - Hash entry timeout is required - The hash table data does not fit in CPU cache Although the bihash table is very fast, each lookup requires accessing two cache lines in a serialized fashion. It works fine when the hash table is in cache, but hits a wall when it does not. The 'flowhash' table uses a simplified design (at the cost of a less good bucket auto-scaling) where each access only requires a single memory lookup (in the absence of collision). The hash table also uses a reduced number of registers. In practice, a VPP node implementing a stateful feature would typically: - prefetch buffer metadata (in-cache) - prefetch packet header (in-cache) - compute hash & prefetch hash bucket (possibly in RAM) - read/write key and value from bucket Using this hash table, it is possible to pipeline accesses in a way that does not exhaust CPU's line field buffers, even when the requested value is located in RAM (i.e. not in cache). Measurements showed it was possible to scale to tens of millions of flows (with a full 5-tuple matching and 32B value, i.e. 1 cache line per flow) with no performance degradation when the hash table grows to the point it doesn't fit in cache anymore. I have used this table in a couple of non-open-sourced projects, but think it might be useful to lb, nat, and possibly other VPP subsystems. More information in the .h file. Change-Id: I2b13dde0eabd868b75da1cedbfca0bf74d705102 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-02-01srv6-ad: fixing coverity issuesFrancois Clad1-8/+32
Change-Id: Ica6d8dd773bb3b478f1c7e40d59dfbdd4b588b85 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-02-01srv6-as: fixing coverity issuesFrancois Clad1-8/+32
Change-Id: I911e09aadd3df1123634fd97098920f107f9a2fc Signed-off-by: Francois Clad <fclad@cisco.com>
2018-01-31Fix VNET_BUFFER_F_SPAN_CLONE flagDamjan Marion1-1/+1
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-31RPMS: Also install C.py, JSON.py for vppapipgen.Jon Loeliger1-0/+3
When building plugins outside of the VPP tree, the vppapigen tool requires the use of the C.py / JSON.py code. To that end, install it in /usr/share/vpp as referenced. Change-Id: I457d58e7bde7140c7811fa0a93b4f44d1310784a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-01-31vlib: allocating buffers on thread-x and freeing them on thread-y causesSteven4-25/+17
a crash on debug image (VPP-1151) In debug image, there is extra code to validate the buffer when it is freed. It uses the hash table to lookup the buffer index with spinlock to prevent contention. However, there is one spinlock for each worker thread. So allocating the buffer on thread-x and freeing the same buffer on thread-y causes the validation to fail on thread-y. The fix is to have only one spinlock, stored in vlib_global_main. Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
2018-01-31Improved tracing for the IP[46] not-enabled case.Neale Ranns6-24/+77
now we get 00:00:03:665501: pg-input ... 00:00:03:665681: ethernet-input ... 00:00:03:665691: ip6-input UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665695: ip6-not-enabled UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665706: error-drop ethernet-input: no error Same goes for IPv4 Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-31NAT66 1:1 mapping (VPP-1108)Matus Fabian11-2/+1557
Support the 1:1 translation of source address for IPv6 Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: in2out output feature skip translation for already translated packets ↵Matus Fabian3-15/+173
(VPP-1156) Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: Delete dynamic sessions matching new 1:1NAT (VPP-1158)Matus Fabian2-8/+83
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: nat44_static_mapping_details protocol=0 if addr_only=0 (VPP-1158)Matus Fabian3-13/+22
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31Prep-work patch for congestion-controlMarco Varlese6-450/+670
This patch addresses the missing field in various data-structures to track valuable information to implement the congestion-control algorithms and manage sub-connections states. It adds the possibility to queue up to 2 SACKs chunks when the connection is not gapping. At the same time, it pushes some variable/field renaming for better readibility. Change-Id: Idcc53512983456779600a75e78e21af078e46602 Signed-off-by: Marco Varlese <marco.varlese@suse.de>
2018-01-30Compile valloc.c, install header file, etc.Dave Barach2-1/+8
Change-Id: Ibc252d9ed595be955790ec1c97d8730e43ad89b2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-30VPP-899: Run VPP under SELinuxBilly McFall15-23/+582
Add an SELinux profile such that VPP can run under SELinux on RPM based platforms. The SELinux Policy is currently only implemented for RPM packages, specifically, Fedora, CentOS and RHEL. Doxygen User Documentation has been included (selinux_doc.md). Once some discussion on file locations has completed (see vpp-devlist), updates to the Debug CLI documentation will also need to be updated. Additional changes: Patch Set 2: - Rework selinux_doc.md such that each line is only 80 characters instead of each sentence on a line. Made additonal minor chnages to the text. - Update vHost Debug CLI documentation to reflex new socket location. Cleaned up some text from when I originally wrote it, to better reflex proper use. - Update exec Debug CLI documentation to be more inline with suggested helptext, added text regarding recommended script file location. - For Debian builds, create the /var/log/vpp/ directory. I don't use Debian very much, so please pay extra attention to build-data/platforms.mk and build-root/deb/debian/.gitignore. - Per discussion on VPP call, changed the default log location to /var/log/vpp/vpp.log. - Changed the socket location for vHost in AutoConfig to /var/run/vpp/. Patch Set 3: - Update selinux_doc.md based on comments. Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e Signed-off-by: Billy McFall <bmcfall@redhat.com>
2018-01-30Arm system counter cleanupBrian Brooks2-18/+19
Add some description and cleanup code that uses Arm system counter. Change-Id: Ie1fe00e3e4b5d98867617b7b0184ac526e333c53 Signed-off-by: Brian Brooks <brian.brooks@arm.com>