aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-06-11ikev2: don't add DH group in ESP transform proposalsFilip Tehlar2-10/+10
Type: fix Anouncing DH group in esp transform proposals will enable PFS which is not suppored now. This fixes issue during rekey when using strongswan as responder. Change-Id: Ib9f586113ae0ab9dc67e6ceadff43f8aac463820 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-11nat: properly scale out2in-ed hash on initKlement Sekera1-1/+3
Type: fix Fixes: a1018c166a468f7692ab621c743503914266f508 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I86592f73a60fd146d3764e474f975881e940c244
2020-06-11nat: simplify bihash buckets/mem configKlement Sekera8-31/+95
Derive reasonable values from max translations/max users. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I41a96ab63ab138b4160cd60bd6df24fc73791c86
2020-06-10nat: optimize prefetchingKlement Sekera6-18/+18
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Iea1748e8e39d213fcb3f3b52379bd37a6dd6aa3d
2020-06-08nat: more long read after short write optimizationKlement Sekera15-1060/+1051
Replace whitespread (mis)use of snat_session_key_t by proper function arguments where applicable and inline functions to calculate hash keys instead of using structs for that. Make all hash tables use same network byte order port so that there is no longer a discrepancy between static mappings using host byte order while in2out/out2in tables using network byte order. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I80786d2f947c67824c101a13bb608f1fe1080f34
2020-06-07mactime: print error if feature not enabledDave Barach1-1/+8
Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I8fbc4baefecf512573126c5085ed7a6e2e360fbe
2020-06-04nat: fix coverity warningKlement Sekera1-1/+1
Type: fix Change-Id: I0e87021b11009a955f5839bdb68af897145816c1 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-06-04ikev2: session cleanup after profile is deletedFilip Tehlar2-52/+119
Type: fix Change-Id: I3198461f3dfc13cd3cedf2b8611dc80bb6f959c8 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-04dpdk: cleanup, add rx queue structDamjan Marion5-59/+31
Type: improvement Change-Id: I3defde103ab245404de42d2be7abcb2c43d49a60 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-06-04nat: fixed input validationFilip Varga7-21/+22
Ticket: VPP-1887 Type: fix Change-Id: I341ac7b455926a106d736f4de6771aae655db82e Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-06-04nat: add tracing for nat44-hairpinningKlement Sekera3-15/+84
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ife437f959e29d3de88bd7ee77221ada86fb03e80
2020-06-03nat: refactor mss_clamping to not depend on snat_main_tOle Troan9-68/+83
Type: refactor Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I1110e425859a4f1f07952c91b50f263cb7323836
2020-06-02ikev2: remove unused hash computationFilip Tehlar1-4/+1
Type: improvement Change-Id: I99c2383dd0d30efd1837f3d10ff2e4cf3a784283 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-01nat: update ip4-udp src port for checksum == 0 pktsDave Barach1-3/+6
Otherwise, the out2in path will discard return-path traffic with probability 1.0. Type: fix Fixes: gerrit 23963 / f126e746fc01c75bc99329d10ce9127b26b23814 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I621ed99329c04ef358035747dde599c0016b58f5
2020-05-28dhcp: use per-thread vlib main instead of global oneBenoît Ganne1-2/+2
Type: fix Change-Id: I8890aa5cc3c576fc9fb68735549dfab721714310 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-05-27dhcp: vat support for the dhcp_client_dump APIDave Barach2-4/+33
Also: permanently solve ordering issues with the vpp builtin vat plugin loader, by explicitly loading vat plugins once we're sure that all data plane plugins have registered their APIs / API message handlers. Fix compilation / link errors when the vpp builtin vat plugin loader is disbled by cmake configuration. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id553c63ae860ebfc196c5ad4b55c19e08fec2c9e Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-27ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)John Lo3-39/+68
Fix and optimize DMAC check in ethernet-input node to utilize NIC or driver which support L3 DMAC-filtering mode so that DMAC check can be bypassed safely for interfaces/sub-interfaces in L3 mode. Checking of interface in L3-DMAC-filtering state to avoid DMAC check require the following: a) Fix interface driver init sequence for devices which supports L3 DMAC-filtering to indicate its capability and initialize interface to L3 DMAC-filtering state. b) Fix ethernet_set_flags() function and its associated callback flags_change() functions registered by various drivers in interface infra to provide proper L3 DMAC filtering status. Maintain interface/sub-interface L3 config count so DMAC checks can be bypassed if L3 forwarding is not setup on any main/sub-interfaces. Type: fix Ticket: VPP-1868 Signed-off-by: John Lo <loj@cisco.com> Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
2020-05-27dpdk: bump to DPDK v20.05Damjan Marion1-0/+7
Type: improvement Change-Id: I5f89fc3d994bd85d2c5138069ea2c58661814228 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-05-27nat: fix regarding vm arg for vlib_time_now callElias Rudberg1-1/+2
Change in snat_ipfix_header_create() to use thread-specific vlib_main_t *vm pointer to avoid problems with different threads accessing the same vlib_main_t data structure. This avoids assertion failure when vlib_time_now() is called with a vm corresponding to a different thread. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I2096c1debb5688d3b97e5ed9a0ea78d94053d8b7
2020-05-27api: make vpp api handlers endian independentOle Troan1-4/+7
Add a new boolean to signal that the API infrastructure should performan any required endian conversions for the API handler. am->is_autoendian[mm->msg_id_base + VL_API_MAP_ADD_DOMAIN] = 1; Similarly add new REPLY_ macros that perform endian conversion. These changes do not change the on-the-wire encoding of the API messages, and therefore the API CRC is not changed. Type: feature Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I7588f8ccb38b2d1e8d85ea17be99bac43f756267 Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-26ipsec: DES/3DES fixing the iv_len for openssl cryptoRajesh Goel1-1/+2
Type: fix Signed-off-by: Rajesh Goel <rajegoel@cisco.com> Change-Id: I8d128598b4c872f19b64c779c19b5908ba2f2c08
2020-05-25tcp: fix sack block validation on wrapFlorin Coras1-0/+26
Type: fix Fixes: 487507f Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia9813ae09d14111dc8edac0fa6ab082e13ab6e2e
2020-05-25api: add new stream message conventionOle Troan3-30/+122
Instead of having to wrap dump/detail calls in control ping, send details messages in between a normal reply / request pair. As expressed in the below service statement. Example: service { rpc map_domains_gets returns map_domains_get_reply stream map_domain_details; }; define map_domains_get { u32 client_index; u32 context; u32 cursor; }; define map_domains_get_reply { u32 context; i32 retval; u32 cursor; }; To avoid blocking the main thread for too long, the replies are now sent in client message queue size chunks. The reply message returns VNET_API_ERROR_EAGAIN when there is more to read. The API handler must also include a "cursor" that is used to the next call to the get function. API handler example: REPLY_AND_DETAILS_MACRO (VL_API_MAP_DOMAINS_GET_REPLY, mm->domains, ({ send_domain_details (cursor, rp, mp->context); })); The macro starts from cursor and iterates through the pool until vl_api_process_may_suspend() returns true or the iteration reaches the end of the list. Client Example: cursor = 0 d = [] while True: rv, details = map_domains_get(cursor=cursor) d += details if rv.retval == 0 or rv.retval != -165: break cursor = rv.cursor or the convenience iterator: for x in vpp.details_iter(vpp.api.map_domains_get): pass or list(details_iter(map_domains_get)) Change-Id: Iad9f6b41b0ef886adb584c97708dd91cf552749e Type: feature Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-24dpdk: del warnings that duplicate counters in espAlexander Chernavin2-12/+0
Type: improvement Change-Id: I51cbe5c76a88d7fa65fa24dc1528e4f991eba534 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-05-22avf: interrupt mode, support for WB_ON_ITRDamjan Marion2-57/+103
Type: improvement Change-Id: I5c944c3f82e0f278b64f28e09a74f24514c029f0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-05-22avf: improve link speed handlingDamjan Marion1-34/+36
Support VIRTCHNL_VF_CAP_ADV_LINK_SPEED. Type: improvement Change-Id: Ie45c9d557d0369464cbb6881ee1259ef3807d7d5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-05-22nat: fix dslite session port allocationVladimir Ratnikov1-4/+4
Fix allocation of port per dslite session. After each session is created per protocol, when new one should be created with new port, instead it's trying to create with the same port and while(1) loop is executed forever and VPP does not response Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ic91b8b07253498ef9846ca60bcd4c4c76a5fac91
2020-05-22nat: output fib index fixFilip Varga1-69/+47
Type: fix Change-Id: I7cb7e3716aee865b12235865009e39ed6ad16680 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-20srv6-mobile: Update the doc for gtp4.dt and gtp6.dt funcitons.Satoru Matsushima1-5/+64
Document update to reflect merged SRv6 functions of lookup and forwarding for inner IP packet encapsulated with outer IP and GTP-U headers. Type: docs Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com> Change-Id: I85c9ddf6bf9fa63f2b8b6e03eff3ecec1e7615ab
2020-05-19vppinfra: refactor mpcap.hDave Barach1-1/+1
vppinfra source files MUST NOT #include <vlib/vlib.h>, <vnet/vnet.h> or similar. Move mpcap_add_packet(...), mpcap_add_buffer(...) to a new file: src/vnet/mpcap.h. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Id517aef6fe49b618f853ce32940b91ba45a1e60d
2020-05-19dpdk: change netvsc device port typeMatthew Smith1-1/+1
Netvsc devices have the port type determined from their link speed. The link speed between reboots of an Azure VM does not always end up at the same value, so an interface that was FortyGigabitEthernet0 earlier may be FiftyGigabitEthernet0 now. That makes it difficult to maintain a persistent store of configurations and apply those at startup. Change the port type to be VF so the name will always be generated as VirtualFunctionEthernetX. Type: improvement Change-Id: I58cab852b87c0bcd9f73afe239803f38dab5c159 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-05-19dpdk: fix pktmbuf pool private data initBenoît Ganne1-0/+1
Type: fix Change-Id: I7349840af48eec209532dab43a8ad0bd68993268 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-05-15misc: removed executable bits from source filesRay Kinsella6-0/+0
Identified and removed executable bit from source files in the tree. find . -perm 755 -name *.[ch] -exec chmod a-x {} \; Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I00710d59fcc46ce5be5233109af4c8077daff74b
2020-05-15ikev2: add support for NAT traversalFilip Tehlar4-82/+286
Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14nat: unhide testsKlement Sekera1-5/+5
Parallel merges introduced two test clasess with a same name. Rename latter, so that former is seen (and run) by test runner again. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I47772b41bb940bfdda4536cdd1f9b5e3768ca18b
2020-05-14nat: "users" dump for ED-NATKlement Sekera3-0/+170
Since the removal of "users" concept in ED-NAT nat44_user_dump API returns empty array. This brings back previous behaviour at a considerable runtime cost until a better API is introduced. Type: improvement Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-05-14ikev2: use u32 in unformatFilip Tehlar1-1/+1
Type: fix Change-Id: If240bd8b3579678c0a6b5ea723946a35b53e5c31 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14dpdk: fix crash with chelsio pmdBenoît Ganne1-6/+12
cxgbe PMD initializes its control channel as part of dev_configure(), and trying to get link status prior to it will lead to a crash. DPDK documentation loosely hints that we should not call any device function before dev_start(), call link_state() only for the relevant PMDs. From DPDK API documentation: The functions exported by the application Ethernet API to setup a device designated by its port identifier must be invoked in the following order: rte_eth_dev_configure() rte_eth_tx_queue_setup() rte_eth_rx_queue_setup() rte_eth_dev_start() Then, the network application can invoke, in any order, the functions exported by the Ethernet API to get the MAC address of a given device, to get the speed and the status of a device physical link, to receive/transmit [burst of] packets, and so on. Type: fix Change-Id: I12d2ab4d84e6bd72a9f695447e86f3222929c804 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-05-14memif: 14 bytes extra overhead issue fixed.Mrityunjay Kumar1-2/+2
Type: fix Signed-off-by: Mrityunjay Kumar <kumarnitp@gmail.com> Change-Id: I31cc5e853b57e285064647503231b251e5152d3f
2020-05-14nat: remove unused codeKlement Sekera2-3/+0
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I95286d6723fd1860bf6bb0e81c474d732ab25121
2020-05-14nat: ED: store both thread&session idx in hashKlement Sekera9-197/+315
By storing thread and session index in hash table we are able to skip multiple hash lookups in multi-worker scenario, which were used for handoff before. Also, by storing sesion index in vnet_buffer2, we can avoid repeating the lookup after handoff. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
2020-05-14nat: fix segv if out of ports in ed modeAlexander Chernavin2-1/+47
Type: fix Change-Id: Ife726d2f6baaa3516c209011183f39670cf6a55d Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-05-13sr: fix srv6/srv6-ad/srv6-as promisc mode switchJohn Lo2-6/+22
Calling ethernet_set_flags() to switch interface to/from promiscuous mode must use use hw_if_index instead of sw_if_index. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
2020-05-13nat: fix broken buildKlement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2a70db3a25450e014adaed84989f4da9bb77b14d
2020-05-13nat: fix LRU blocked by inactive sessionKlement Sekera10-161/+391
This fixes a situation where long-lived inactive session blocks LRU list. Solution is to have multiple LRU lists based on session type. This helps because session timeout is same for all sessions of same type. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
2020-05-13nat: perf improvement - replace branchy codeKlement Sekera32-451/+401
Use a lookup table instead. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
2020-05-13nat: handoff next node feature fixFilip Varga7-47/+159
Type: fix Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-13ikev2: fix removing of expired SAsFilip Tehlar1-1/+1
Type: fix Change-Id: Idf9b0ffb4e3a0113bece80d1195192bdf46feb89 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-12lacp: missing endian conversions for trace packet formatSteven Luong1-2/+2
Fix a couple endian conversions for displaying Marker Protocol packet in the trace Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I746a67fb6143b5ad52bc4af9604ff8760dbdec9b
2020-05-11crypto-native: properly deal with broken or outdated toolchainsDamjan Marion5-42/+54
Avoids crash due to missing symbol, when build system detects toolchain which is not able to produce binaries for all targets we need.... Type: fix Change-Id: I77ee63cb8dca3c9e4e83a6235c60f1439a472444 Signed-off-by: Damjan Marion <damarion@cisco.com>