summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-05-16Drop IPsec packets when interface is downMatthew Smith1-10/+32
Packets arriving on an IPsec tunnel interface are decrypted and forwarded even if the interface is down. Check interface flags. If the interface is down, cause packet to be dropped and increment the counters for drops. Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-16make test: unify packet checksum verificationsKlement Sekera3-256/+151
Change-Id: If9cc7c5e32ebecff398fd38b39e8f485754a4ad4 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-16Fix broken compilation for non-numa aware platformsSachin Saxena4-1/+6
- The dpdk plugin always looks for libnuma library during compilation. For non-numa aware platforms compilation breaks, if third party libnuma lib is not available. - Issue is more severe with Cross Compilation scenario where one has to download and cross compile libnuma-dev package even when target platofrom is NUMA disabled. Like when cross compiling for ARM platforms, Linaro tool-chain doesn't have libnuma by default. Change-Id: Ib85b3188b787c23ba33b47e3f6123c74fd37190e Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-16echo client: used fixed pool for preallocated sessionsFlorin Coras2-14/+9
Change-Id: I9e2cf74ebe3e8750fa8d03930d2d72f4cae453c2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-15Update ipfix documentationDave Barach1-195/+180
Change-Id: Ie942efab86d24a953fe34754e3d50df54b560dc0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-15No overlapping sub-nets on any interface in the same table/VRF (VPP-943)Neale Ranns4-26/+91
DBGvpp# set int ip addr loop0 10.10.10.10/24 DBGvpp# set int ip addr loop0 10.10.10.11/24 set interface ip address: failed to add 10.10.10.11/24 which conflicts with 10.10.10.10/24 for interface loop0 Change-Id: Iba63ffafbd36b6146ce86adb78139da9d55b40ba Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-05-15VOM: nat-binding populate handle errorsNeale Ranns1-9/+25
Change-Id: I8f41c659c6f50efd679a56878c6fdcf426ac9410 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-05-14proxy: fix active open connection cleanupFlorin Coras1-2/+2
Thanks to DucTM for spotting the issue. Change-Id: I7985560f224c99cf0fdeea0c8457a3ac6f10b03c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-14vom: fix interface admin up/downMohsin Kazmi1-1/+1
Change-Id: I7b9d28a940e0d7c4a4acda3f4048261c67bf49ff Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-05-14Rework CP and DP communication in IPv6 RD (VPP-1256)Juraj Sloboda4-359/+163
Replace binary API communication between CP and DP with direct communication using function calls and callbacks. Change-Id: Ib54f09062217c028e5ee0e96ae2449cf7e9224e3 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-05-14NAT44: delete closed TCP session (VPP-1274)Matus Fabian4-25/+71
Change-Id: Id25b447bddccb7b321123e4abc4134e7261a0807 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-13Improve ipfix template packet rewrite constructionDave Barach9-28/+180
Instead of repeatedly cutting, pasting, and hacking to create a new callback, use vnet_flow_rewrite_generic_callback(). Add three arguments to the flow rewrite callback: (in) pointer to an array of report elements, (in) length of array, (out) pointer to the stream index Change existing code prototypes. Code owners encouraged to evaluate whether they can use the generic callback or not, at leisure. /* ipfix field definitions for a particular report */ typedef struct { u32 info_element; u32 size; } ipfix_report_element_t; Best generated like so: _(sourceIPv4Address, 4) \ _(destinationIPv4Address, 4) \ _(sourceTransportPort, 2) \ _(destinationTransportPort, 2) \ _(protocolIdentifier, 1) \ _(flowStartMicroseconds, 8) \ _(flowEndMicroseconds, 8) static ipfix_report_element_t simple_report_elements[] = { foreach_simple_report_ipfix_element }; ... /* Set up the ipfix report */ memset (&a, 0, sizeof (a)); a.is_add = 1 /* to enable the report */ ; a.domain_id = 1 /* pick a domain ID */ ; a.src_port = UDP_DST_PORT_ipfix /* src port for reports */ ; a.rewrite_callback = vnet_flow_rewrite_generic_callback; a.report_elements = simple_report_elements; a.n_report_elements = ARRAY_LEN (simple_report_elements); a.stream_indexp = &jim->stream_index; a.flow_data_callback = simple_flow_data_callback; /* Create the report */ rv = vnet_flow_report_add_del (frm, &a, &template_id); if (rv) return rv; ... Change-Id: If6131e6821d3a37a29269c0d58040cdf18ff05e4 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-13session: improve app verbose format functionFlorin Coras1-5/+6
Change-Id: Idae4ecb60351f2e74bad2f2a33c073de8412fcb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-13session: alloc one frame per output node dispatchFlorin Coras5-54/+94
Change-Id: I1f7877af61f3726cfb7b93ce7893f6df23e866a6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-12dpdk: Add constants for failsafe PMDRui Cai2-2/+13
Adding name, enum constants and formatting code for failsafe PMD. This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure(2/4). Change-Id: I4eb0093db9f666e2635f7ddff451e3c9064bd0c4 Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-05-12dpdk: Add build related keywords for failsafe PMDRui Cai4-1/+13
Added build related keywords for TAP, FAILSAFE PMD and also added some missing keywords for mlx4 PMD This is part of initial effort to enable vpp running over dpdk on failsafe PMD in Microsoft Azure (1/4). Change-Id: I2aebf209fbc6db030185f41971b51a593a003a3a Signed-off-by: Rui Cai <rucai@microsoft.com>
2018-05-11dpdk: fix Unknown interface with Mellanox NICSteve Shin1-1/+1
When port_type_from_speed_capa() is called before the port link update isn't completed, xd->port_type becomes VNET_DPDK_PORT_TYPE_UNKNOWN. This happens with Mellanox NIC without lsc interrupt. Calling rte_eth_link_get before getting dev_info will ensure the link state is up-to-date. Change-Id: I83a59654778eb4bf0c65a4a4e225a326227b9641 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-05-11Periodic scan and probe of IP neighbors to maintain neighbor poolsJohn Lo14-14/+651
Scan IPv4 and IPv6 neigbor pool entries once a minute to keep them up to date. The neighbor of an entry is probed if its time-stamp is older than 1 minute. If the neighbor respond, its time-stamp will be updated. If there is no response from a neighbor, its entry will be deleted when the time-stamp of the entry become more than 4 minutes old. Static neighbor entries are not probed nor deleted. Implemented CLI and API to enable and disable priodic scan of IPv4, IPv6 or both types of IP neighbors. CLI is "ip scan-neighbor" and API is "ip_scan_neighbor_enable_disable". Other IP neighbor scan parameters can also be changed from their defaults via the CLI/API. Change-Id: Id1a0a934ace15d03db845aa698bcbb9cdabebfcd Signed-off-by: John Lo <loj@cisco.com>
2018-05-11make test: reorganize ipsec_ah test codeKlement Sekera1-191/+124
Change-Id: Ie0eb0127affd3d771d19bb7c60e79c31858d82cd Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-11VPP-1275 Fix memory leaks in IPsec CLIKlement Sekera2-55/+84
Change-Id: I1f7c634328f25b33580a215af2daeb498cd3b181 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-11Add ipfix exporter coding guideDave Barach1-0/+375
Change-Id: Iaa28f96d613d6fb75bd29958d757de206448eb22 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-11Fix issue with xconnect not working on the main interfaceDamjan Marion1-9/+6
Due to union, l2 sub-interface bits were wrongly set causing sporadic misconfiguration of l2 mode on some interfaces. Change-Id: Id77ee281e3a0030878641a786c22ffe16ce1c759 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10Remove the historical memfd api segment bootstrapDave Barach3-252/+58
Clean up default and vpp_api_test custom private api segment allocator ring configurations. Change-Id: I145b6d64ba0a6315b5ccb07909c8256eeb772146 Signed-off-by: Dave Barach <dave@barachs.net>
2018-05-10vppinfra: use count_trailing_zeros in sparse_vec_indexDamjan Marion8-84/+46
It is much cheaper to use ctzll than to do shift,subtract and mask in likely case when we are looking for 1st set bit in the uword. Change-Id: I31954081571978878c7098bafad0c85a91755fa2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10NAT44: sessions counters per user fix (VPP-1270)Matus Fabian2-6/+31
Change-Id: I6306b81e0e1c3e1c591f929a76bb265c1c1d0859 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-10vnet: device flow offload infraDamjan Marion18-0/+1335
Change-Id: Ibea4a96bdec5e368301a03d8b11a0712fa0265e0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10session: fix proxy app multithreadingFlorin Coras1-15/+50
Change-Id: Ic5304749935f69018eb00183bb4670bb9f16273c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-10Change the way IP header pointer is calculated in esp_decrypt nodesSzymon Sliwa3-4/+18
The pointer to IP header was derived from l3_hdr_offset, which would be ok, if l3_hdr_offset was valid. But it does not have to be, so it was a bad solution. Now the previous nodes mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt we count get ip header pointer by substracting the size of the ip header from the pointer to esp header (which lies in front of the ip header). Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-05-10DHCP4 client process replies when renewing leaseMatthew Smith1-16/+24
When a DHCP client is in the bound state, it wakes up halfway through it's lease (by default) to try and renew the lease. The ip4-dhcp-client-detect is not enabled as a feature at this point, so replies sent from the DHCP server do not get applied to the lease. Eventually the lease expires, the address is removed from the interface, a new discovery is performed and the same address is added back to the interface. Before sending a request to renew in the bound state, enable the feature to process the reply. Change-Id: I95332ee0596f47df6f3c8bf8e3f0698dde9a1fc5 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-05-10vppinfra: use popcnt instruction when availableDamjan Marion1-0/+8
Change-Id: Id02d613b8613a2d448840fe2d6a5e3b168a3c563 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-10tcp: fix jumbo retransmitsFlorin Coras1-42/+42
Change-Id: I1c8a14d4d51aa730f0edcf491e3c4725e2d8bd66 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-10dpdk:fix tx countEyal Bari1-1/+2
Change-Id: I921465ea64b59d42674cc8f19069ed04e3b25026 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-09dpdk: fix free of tx dropped packetsFlorin Coras1-1/+1
Change-Id: I3669068f694614f8555b33bf0b703c41e45363ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-09ipsec: support UDP encap/decap for NAT traversalKlement Sekera13-48/+366
Change-Id: I65c12617ad49e4d5ef242e53988782f0cefa5684 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-05-09session: cleanup session tx functionFlorin Coras9-376/+532
- rework the function to declutter and avoid building more than one tx frame - add dual loop although benefits in my tests seem to be minimal - improve tcp/udp echo external apps. They have slightly better throughput than internal echo apps. - udp bugfixes Change-Id: Iea4a245b1b1bb407a7f403dedcce2664a49f774b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-09dpdk: tx code reworkDamjan Marion4-261/+170
Change-Id: Ifea9c772e8784642433b92091f5769eb9ec06890 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-09dpdk:fix mbuf index typo'sEyal Bari1-4/+4
Change-Id: I387b22427b3f322969bcf32fcfc189123c8ed6ae Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-08NAT44: TCP connection close detection (VPP-1266)Matus Fabian8-57/+364
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-07opensuse: OS_ID field content changed for SUSEMarco Varlese1-1/+1
Change-Id: I4bb582d55b1071d3581155eb158995ca5153ba3c Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-05-07dpdk: improve perf of buffer indices calc in the input nodeDamjan Marion1-34/+53
Change-Id: I16557189aa4a763ec496cb4a45f6e12f2d46971f Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-07fix: AttributeError: module 'os' has no attribute 'cwd'Andrey "Zed" Zaikin1-1/+1
Change-Id: I1c49a12ef7fa7bd0046f1a420b01c1654b6d21ec Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-05-07BFD: Fix format_ip46_address() parameter ordering.Jon Loeliger1-1/+1
Change-Id: I2b50e3fc06b4e905395d4706083f12ebc76826ce Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-05-07vxlan:vxlan.c conform coding styleEyal Bari1-354/+374
Change-Id: I9937912cd760698e39044e8ae022a90b58c8db30 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-05autodetect alignment during _vec_resizeDamjan Marion5-8/+12
Change-Id: I2896dbde78b5d58dc706756f4c76632c303557ae Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-04ipsec: allow null/null for crypto/integ algorithms pairRadu Nicolau4-7/+8
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-05-04Add python lex and yacc to spec file build requirements.Thomas F Herbert1-3/+3
Change-Id: Icf1a30c9df4d3298407c00383020debe99acdbff Signed-off-by: Thomas F Herbert <therbert@redhat.com>
2018-05-04Flow: Rename IPFIX exporter.Ole Troan16-25/+25
Change-Id: I9363cf54b73f7cfd8622af6f1cb250438ea0d3b6 Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-04build-data: Common makefile for NXP DPAA1/DPAA2 platformsSachin Saxena2-66/+87
- Same makefile will be used to support DPAA1 and DPAA2 platforms. - Support added to have both on Host compilation as well as Cross compilation. - If Cross compiling, by default NXP cutomized toolchain "aarch64-fsl-linux" will be used. To use Linaro toolchains, please set env variable CROSS_PREFIX. Like: export CROSS_PREFIX=aarch64-linux-gnu - Added CPU_MTUNE to modify xxx_mtune , if CPU is not A72 which is default. - You may set DPDK_PATH to dpdk installation folder, if wish to use locally compiled DPDK. - In case of Cross compilation, OPENSSL_PATH will be required to include OPENSSL libs. Change-Id: I9057dfc57522b60e306810f684b3085bfccf85e9 Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>
2018-05-04Harmonize vec/pool_get_aligned object sizes and alignment requestsDave Barach49-15/+185
Object sizes must evenly divide alignment requests, or vice versa. Otherwise, only the first object will be aligned as requested. Three choices: add CLIB_CACHE_LINE_ALIGN_MARK(align_me) at the end of structures, manually pad to an even divisor or multiple of the alignment request, or use plain vectors/pools. static assert for enforcement. Change-Id: I41aa6ff1a58267301d32aaf4b9cd24678ac1c147 Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-05-04arm64: Avoid setting march to corei7 when Cross Compiling for ARMSachin Saxena1-3/+3
When Cross-compiling VPP for arm64 target and build machine is x86_64, based on build_cpu value, the march variable is set to corei7 which is an unrecoganized option for ARM tool chain. This breaks the VPP compilation. Change-Id: I4cba5b4990e7cf0bdc1403e90c3d18110900bbef Signed-off-by: Sachin Saxena <sachin.saxena@nxp.com>