aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-03-13nat: timed out session scavenging upgradeFilip Varga11-293/+615
Patch changes the behavior of session scavenging and fixes multiple nat issues. Allows proper session clearing and removes issue with lingering sessions in session db. Patch also updates and fixes CLI/API calls for better readability of session state metrics. Fixes security issue that would allow attacker to reuse timed out session in both directions (in2out/out2in). Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I78897585a2a57291fad5db6d457941aa0a0457bd
2020-03-13dpdk-ipsec: Fix for multipoint IPSECNeale Ranns1-4/+4
Type: fix fetch the sa_index from the correct location Change-Id: I351035ee0226c47585995ff9122320fd5c73ec53 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-03-12vppinfra: refactor clib_timebase_tDave Barach5-6/+11
Add a clib_time_t * argument to clib_timebase_init(...), to encourage client code to share the vlib_main_t's clib_time_t object. Display the current day / date in GMT via the "show time" debug CLI. Fix the test framework so it processes the new "show time" output format. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I5e52d57eb164b7cdb6355362d520df6928491711
2020-03-12dpdk: tx/rx burst function description refactorChenmin Sun1-6/+31
DPDK provides two new APIs to retrieve information about the Tx/Rx packet burst mode: rte_eth_tx_burst_mode_get rte_eth_rx_burst_mode_get This patch leverages these two APIs to describe the tx/rx mode. Currently, Intel X710/E810 and Mellanox Mlx5 support the new APIs. For NICs that don't support the new APIs, still use the original way to print their tx/rx function name Type: refactor Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ibe47f5debe3b3f17f462fbf9834394e22845cc08
2020-03-12vrrp: unit tests do not run by defaultMatthew Smith1-1/+3
Type: fix Fixes: 39e9428b90 VRRP unit tests fail sometimes for changes which have not touched any code related to VRRP. There were some timing-related changes recently which probably made the VRRP tests, which rely on a VR changing state within a certain amount of time, start failing. Set the VRRP tests to only run with the extended tests rather than running by default. This is temporary so VRRP will not cause spurious build failures while a proper solution is figured out. Change-Id: I5826ea39b944dfb9b0ca4bdfa2ebbe86d269f935 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-03-12ikev2: fix udp encapFilip Tehlar1-3/+3
Type: fix Change-Id: I2c89accddf2307fa975b71e974d4091499f104ed Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-12sr: SRv6 uN behaviorPablo Camarillo5-3/+578
Implements the uN behavior Type: feature Change-Id: Icb5efc560e09052cd183b468772cf7f799f81194 Signed-off-by: pcamaril <pcamaril@cisco.com>
2020-03-11nat: dslite plugin separationFilip Varga15-84/+213
Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I81546423200cc7f8a06b527dac8ead191a9e0519
2020-03-10lb: fix coverity warningDave Barach1-1/+1
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I357eb72d478d8175ab9c7cf502d312ab3112213e
2020-03-07tls: refactor ctx_write function to avoid allocate new memory every timeSimon Zhang2-14/+46
Type: refactor Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Ic34729d58a4218046afacaffc765649beb056a24
2020-03-06crypto: align per thread data to cache lineFilip Tehlar2-1/+4
Type: improvement Change-Id: I6bad46403c07b211dfda7229aed1b5e19342865f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-06ikev2: align per thread data to cache lineFilip Tehlar2-1/+4
Type: improvement Change-Id: Id8fc6750e856862157917587234a6b7b03531b13 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-05session: API cleanupJakub Grajciar2-25/+28
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ib752a3425c076eb53bc5255a48039cbb74b1fcce Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-03-04map: fix map port calculation for ICMPVladimir Isaev4-14/+78
type should be used to get ICMP type instead of code. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: Iabf4ae38befde18309caff8efd9e1d956a2fde82
2020-03-04flow: add vlan tagged types for IPv4/IPv6 5-tuple flowsChenmin Sun1-3/+6
Add new flow type IP4_N_TUPLE_TAGGED and IP6_N_TUPLE_TAGGED for vlan tag sensitive flows The original IP4_N_TUPLE and IP6_N_TUPLE will not match VLAN anymore Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie511e9a64126440fe81f29665a56ca060061662d
2020-03-04ikev2: make integ algo optionalFilip Tehlar2-21/+40
Type: improvement This patch makes configuring integration algorithm optional. This is useful when using AEAD cipher (in fact when using such cipher, integ algo is ignored anyway). Change-Id: I5891db5c0433afb85ae2d9084d45b89ec1133178 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-03-03geneve gtpu vxlan vxlan-gpe: VRF-aware bypass nodeNick Zavaritsky3-90/+30
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
2020-03-02rdma: improve rx loopDamjan Marion1-38/+16
Type: improvement Change-Id: If81847bc0c92d167ce03e1e94a2f8e18f8154af2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-02rdma: improve refillDamjan Marion1-65/+57
Type: improvement Change-Id: Ib9921718ec88e6dc56a38e40a140f16f86ed2e44 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-02rdma: use per-thread buffer templateDamjan Marion3-5/+25
Type: improvement Change-Id: Ie6f2c79e0a769f70eab079c75a500b9308dd51e6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-03-02ikev2: make UDP encap flag configurableFilip Tehlar7-0/+114
Type: improvement Change-Id: I081dec2dc0c2bd0845dd4638b7b2f12806594112 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-29tls: reduce bio bufferingFlorin Coras1-2/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0895eb54a8c31bfa545d30287bb0783876483d21
2020-02-29svm: fix slice locking on fifo allocFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1fef115ffc2277ad6e0673b49be137147808891c
2020-02-28vrrp: fix api-related coverity warningsDave Barach2-1/+11
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I13c0e4771defaebccc976a6f6703493de29434dd
2020-02-28ikev2: fix incorrect reply messagesFilip Tehlar1-2/+2
Type: fix Change-Id: Idd679885f42de45429a1dcbf3b0af1037dc54d2b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-27ikev2: fix non-matching SPIs during rekeyFilip Tehlar1-0/+2
Type:fix Change-Id: I01ac57f6186b20d8ab4070b7259a82a150f0ae9a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-26lb: Fix generating illegal key in per-port vipYasuhiro Nakamura1-0/+2
VIP prefix index becomes always 0 when adding a VIP which is already registered different port, causing LB config crash. This change assigns the same VIP prefix index to the same VIP. Ticket: https://jira.fd.io/browse/VPP-1834 Type: fix Signed-off-by: Yasuhiro Nakamura <yanakamu@yahoo-corp.jp> Change-Id: Ib63b3e58db9bd85714d68cd1292aadd0c8580da8
2020-02-26tls: fix bulk bio read/writeFlorin Coras1-47/+29
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1f981e909c45f1731ce4bdfa959b41d349e22ef1
2020-02-26tls session: fix unlistenFlorin Coras1-4/+0
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie3bc31fc3df662e087f7931de6c274eb3608a2d8
2020-02-26tls: fix picotls dbgFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5ca8aee973776e73f1376b6be538785398ba9b3d
2020-02-26map: handle IPv6 extension headers for TCP/UDPVladimir Isaev1-2/+2
Without this patch offset for TCP/UDP headers was not calculated correctly if there is one or more IPv6 extension headers. Type: fix Signed-off-by: Vladimir Isaev <visaev@netgate.com> Change-Id: I04d6f5e42f8f072987192d6236085afbd74a4420
2020-02-26srv6-mobile: Cherry-pick the update document from stable/2001Satoru Matsushima9-351/+247
Updating the document of srv6-mobile plugin code. This commit also fixes the following issues: - Doxygen build structure - No binary file included Type: docs Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com> Change-Id: I376386ef6fc9584ab945db7358e3c4a698471e9b Signed-off-by: Satoru Matsushima <satoru.matsushima@gmail.com>
2020-02-26api: improve api string safetyJakub Grajciar4-14/+8
- Remove vl_api_from_api_string to prevent use of not nul-terminated strings. - Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec to imply a new vector is created. NOT nul terminated. - Add vl_api_from_api_to_new_c_string. Returns nul terminated string in a new vector. - Add vl_api_c_string_to_api_string. Convert nul terminated string to vl_api_string_t - Add vl_api_vec_to_api_string. Convert NON nul terminated vector to vl_api_string_t Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-26svm: support multi-chunk fifo chunk allocFlorin Coras1-4/+4
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id601cd241a2d124d3189057edab4299ffde7ee32
2020-02-25avf: Handle chain buffer in TX properlySteven Luong2-7/+140
For chain buffer, need to traverse b->next_buffer to transmit all buffers in the chain. Only set EOP at the last descriptor in the chain to signal this is a chain descriptor. Introduce slow path to handle ring wrap. This is needed because chain buffer may consist of multiple pieces and it may span from near the end of the ring to the beginning of the ring. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508
2020-02-25unittest: Skip string test case for sizeof (src) > sizeof (dst)Steven Luong1-4/+13
coverity complains that the subject test may cause dst buffer overrun problem and it is right. The problem is when __builtin_constant_p (n) returns true, memcpy_s_inline skips all the errors checking and does the copy blindly. Please see the code in memcpy_s_inline. The fix is to skip the subject test when the aformentioned builtin function returns true. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I50de91cc0c853a134b3bcf3b0cd8d45d7668b092
2020-02-25svm: minimal initial fifoFlorin Coras3-1/+5
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4ee46a6c3c53c58199c275e20702f7fd11b60d9a
2020-02-25session: basic fifo-tuning-logicRyujiro Shibuya2-14/+81
- Allowing application to register custom fifo-tuning-logic. - Adding an example custom fifo-tuning-logic in hs_app/proxy. Type: feature Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2aca14d1f23d5c3c9debb7f4c46aca3a15a8d1b9
2020-02-25session svm: tracking segment memory usageRyujiro Shibuya2-0/+758
1. segment manager would attempt to balance the usages across the segments, when it allocate fifos 2. the memory presure level is determined per fifo-segment 3. updated unit test 4. updated cli output for segments Type: feature Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: I2923f3e0a43dd919196a0cb2cd55e098fde6cf66
2020-02-25svm: refactor fifoFlorin Coras4-925/+900
Type: refactor Switch from a wrapped byte space to a "continuous" one wherein fifo chunks are appended to the fifo as more data is enqueued and chunks are removed as data is dequeued. The fifo is still subject to a maximum size, i.e., maximum number of bytes that can be enqueued, so the max number of chunks associated to the fifo is also constrained. When enqueueing data, which must fit within the available free space, if not enough "supporting" chunk memory is available, the fifo asks the fifo segment for enough chunk memory to ensure that the write can succeed. To avoid allocating large amounts of small chunks due to small writes, if possible, the size of the chunks requested is lower capped by min_alloc. When dequeuing data, all the chunks that have been completely drained, i.e., head moved beyond the chunks’ end bytes, are unlinked from the fifo and returned to the fifo segment. The one exception to this is the last chunk which is never unlinked. Change-Id: I98c1dbd9135fb79650365c7e40c29238b96cd4ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-02-25svm: refactor fifo chunk trackingFlorin Coras1-2/+12
Avoid tracking with rbtrees all of the chunks associated to a fifo. Instead, only track chunks when doing out-of-order operations (peek or ooo enqueue). Type: refactor Change-Id: I9f8bd266211746637d98e6a12ffc4b2d6346950a Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2020-02-25crypto-native: GCM implementation with vector AESNI instructionsDamjan Marion1-4/+479
Introduced on intel IceLake uarch. Type: feature Change-Id: I1514c76c34e53ce0577666caf32a50f95eb6548f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-25vlib: Punt reason allocation listener enable/disable callbackNeale Ranns1-2/+4
Type: improvement allow clients that allocate punt reasons to pass a callback function that is invoked when the first/last client registers to use/listen on that punt reason. This allows the client to perform some necessary configs that might not otherwise be enabled. IPSec uses this callback to register the ESP proto and UDP handling nodes, that would not otherwise be enabled unless a tunnel was present. Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-25crypto: fix coverity warningsFilip Tehlar1-2/+3
Type: fix Change-Id: I89c0923ad6ac1daf65b2d24ad4b6f00b7703e58e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25crypto-openssl: fix coverity warningsFilip Tehlar1-5/+5
Type: fix Change-Id: Ia42ff39a0a33f89901b8333a9e6ca82ca9805cc6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25ikev2: add retry logic for session initiationFilip Tehlar1-0/+27
Type: improvement Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-24crypto-native: introduce aes_gcm_flags_tDamjan Marion1-84/+107
Type: refactor Change-Id: I53b4a9c0b63e6e6c6a13c33c5baa4c3de562584b Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24crypto-native: introduce counter structDamjan Marion1-44/+51
Type: refactor Change-Id: I9ecc18ba3ec5f11622ea225690fb1dc262ea6fc1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24ikev2: proper cleanup of SAs during rekeyFilip Tehlar2-11/+115
Type: fix Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>