aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2019-11-27nat: fix dhcp client on outside interface with output featureAlexander Chernavin3-0/+87
When a DHCP client is configured on a NAT outside interface with output feature enabled, DHCP packets will reach the NAT in2out-output node and will be dropped with "out of ports" reason. With this commit, allow locally originated DHCP packets to be sent from a NAT outside interface with output feature enabled. Type: fix Change-Id: I47d76b22587f2bf0c7b0b9dfda41c89f8f61d0b4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-11-27misc: add address sanitizer heap instrumentationBenoît Ganne2-4/+6
Introduce AddressSanitizer support: https://github.com/google/sanitizers/ This starts with heap instrumentation. vlib_buffer, bihash and stack instrumentation should follow. Type: feature Change-Id: I7f20e235b2f79db72efd0e756f22c75f717a9884 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-26map: Fix inverted 'map security check enable' CLI flag.Jon Loeliger1-2/+2
Type: fix Fixes: 5a2e278a09726be627b8310e03f0522d60aafedf Change-Id: Ibdc2f0be44e382bfa4a8f3e16be8d6239d7a0ec1 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-26quic: Refactor for crypto contextsNathan Skrzypczak5-165/+182
Type: refactor Change-Id: I5ec7079d34826edd7a3048ae1d44037386f5d3ff Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-26flow: fix several crash issuesChenmin Sun1-2/+0
Type: fix This patch fixes crash issues(marked in brackets) in the below test cases test flow enable index 0 1/1 -> [crash] test flow disable index 0 1/1 -> [crash] test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8 test flow enable index 0 1/1 test flow disable index 0 1/1 - [crash] test flow add src-ip 192.168.8.8 proto udp redirect-to-queue 8 test flow enable index 0 1/1 test flow enable index 0 1/2 test flow del index 0 -> [crash] Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I84bc6faa3d93a2cab4c82e8a876a8b1067257b62
2019-11-26lb: lb_add_del_vip and lb_add_del_as doesn't work.Hongjun Ni2-4/+14
Ticket: FDIO-753 Type: fix Change-Id: I4a8cf06970b658dfa15768459a3ff76571d6dfff Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2019-11-26fib: Table ReplaceNeale Ranns1-13/+16
Type: feature from the API doc, a table replace is: " The use-case is that, for some unspecified reason, the control plane has a very different set of entries it wants in the table than VPP currently has. The CP would thus like to 'replace' VPP's current table only by specifying what the new set of entries shall be, i.e. it is not going to delete anything that already eixts. the CP delcartes the start of this procedure with this begin_replace API Call, and when it has populated all the entries it wants, it calls the below end_replace API. From this point on it is of coursce free to add and delete entries as usual. The underlying mechanism by which VPP implements this replace is purposefully left unspecified. " In the FIB, the algorithm is implemented using mark and sweep. Algorithm goes: 1) replace_begin: this marks all the entries in that table as 'stale' 2) download all the entries that should be in this table - this clears the stale flag on those entries 3) signal the table converged: ip_table_replace_end - this removes all entries that are still stale this procedure can be used when an agent first connects to VPP, as an alternative to dump and diff state reconciliation. Change-Id: I168edec10cf7670866076b129ebfe6149ea8222e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-24vppapigen: clean up typos in c generated codePaul Vinciguerra1-1/+1
Type: style Change-Id: Ib8febf8ea83f7ce1aeb93f227d00d3111fbef4ab Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-22quic: Refactor quic rx callback for offloadNathan Skrzypczak2-111/+147
Type: refactor Change-Id: I1d90c8807e7eea4a77403bafc0628ec0d393c572 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-22hsa: Improve for mq-intensiveNathan Skrzypczak5-46/+31
Type: feature * Remove the retry mechanism in case of failed connect * Limit the number of simultaneous connects (default to mqsize / 2) Change-Id: I7a0ed2e349ee3e8ca71639c2a2ec4cdf84f5c13e Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-22quic: Remove qctx opening poolNathan Skrzypczak2-34/+15
Type: fix We don't need the pool anymore as we store the ctx index in the underlying UDP session opaque Change-Id: Iec9be9c84a1f929d94b084176a143d304b0acb83 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-22crypto-ipsecmb: use single GCM APIFan Zhang1-6/+4
Type: refactor Use ipsecmb single GCM enc/dec API to furthuer improve single buffer performance for small packets. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I2d34ff50d34b09f194fc0c88b6e9a3928a86fc33
2019-11-22ikev2: install/remove ipsec tunnels from main threadFilip Tehlar2-68/+157
Type: fix Change-Id: I5ad27b05c34494c5a2ea28706130612b547aaf67 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-20session tcp: support pacer idle timeoutsFlorin Coras1-1/+1
Type: feature To avoid excessive bursts, pacer must be provided with an estimated rtt for the connection. That's used to compute an idle timeout, i.e., time after which the bucket is reset to 1 mtu due to inactivity. For now, idle timeout is computed as 5% of the rtt. Change-Id: Ia0b752fe7b4ad0ce97b477fb886b0133a2321541 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-20vlib: improve code coverage, part deuxDave Barach1-1/+62
Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If31f4b50da7a6e4a9704ceb3415c582143c08355
2019-11-20ikev2: fix memory leak in child SAFilip Tehlar1-16/+15
traffic selector vector isn't freed when freeing child SA Type: fix Change-Id: Icf6c240db5093f45d141451bad6f6627a61821cf Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-20misc: fix 4 coverity warnings in srv6-mobileDave Barach4-4/+4
Type: fix Ticket: VPP-1771 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I48854befbd3d1514ad8b41ac5b194259c2a577a4
2019-11-20flow: Add GTP supportChenmin Sun1-28/+260
Type: feature Adding: VNET_FLOW_TYPE_IP4_GTPC VNET_FLOW_TYPE_IP4_GTPU VNET_FLOW_TYPE_IP4_GTPU_IP4 VNET_FLOW_TYPE_IP4_GTPU_IP6 VNET_FLOW_TYPE_IP6_GTPC VNET_FLOW_TYPE_IP6_GTPU VNET_FLOW_TYPE_IP6_GTPU_IP4 VNET_FLOW_TYPE_IP6_GTPU_IP6 in this patch Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I4ad53895b5ac0771432bb039b8c79e48e3c19f25
2019-11-20quic: Increase loggingNathan Skrzypczak1-29/+40
Type: fix Change-Id: I689649ad163e76fecdabe96a8c2be5be3068ffde Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-20session: fix transport proto unformatFlorin Coras1-3/+12
Type: fix Change-Id: I38a5cbd53b278c21142bac4ee1bbe5dc8bcaaac9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-19quic: handle duplicate packet from quiclyDave Wallace1-2/+15
Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ia4b1eb3c704374e27b260d88ae6ab628754468d3
2019-11-19srv6-mobile: fix yamllint failure in FEATURE.yamlDave Wallace1-0/+1
Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ia28cf193f7fed2a1702774f3f74f505cc7bad954
2019-11-19dpdk: fix non-NULL terminated stringBenoît Ganne1-1/+1
Type: fix Change-Id: Ic221cd4fcad89aece71239ed96152bf0311f3286 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-19srv6-mobileTetsuya Murakami25-5/+5262
Type: feature Plug-in for IPv6 Segment Routing Mobile This funcion was developed by Signed-off-by: Satoru Matsuchima <satoru.matsushima@gmail.com> Signed-off-by: Filip Varga <filipvarga89@gmail.com> Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ie995adc73d8f8d444339aab71619c3599e69f12d Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2019-11-19map: fix coverity issue 205684Andrew Yourtchenko1-2/+2
ip4_map_get_domain returns d0 = 0 in case of no domain, and sets error MAP_ERROR_NO_DOMAIN. Rearrange the clauses in the logical check that relies on dereferencing d0 such that boolean shortcutting takes care of not referencing the null pointer. Change-Id: I378adc120836ea920fc530808ac3c1f98ab8d593 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-11-19nat: respect arc features (multi worker)Filip Varga7-419/+887
Type: fix Ticket: VPP-1747 Change-Id: If282aae3e584d7017c200f897b99c8a37eb1b2e5 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-11-19map: Fix TCP MSS clamping for MAP-E traffic.Jon Loeliger2-2/+84
Original MSS clamp patch by Vladimir Ratnikov. Modified to apply only to TCP packets. Type: fix Test: Wrote new unit test to ensure MAP-E TCP MSS clamping. Change-Id: I77c69714a2e3cc3b7473aa12b645243bb595c2a2 Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-11-18vlib: improve code coverage in src/vlibDave Barach2-8/+146
Type: test Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I2dc4c09730f77931a2b484a6dd5dc669068f8e57
2019-11-17nsim: add FEATURE.yamlDave Barach1-0/+8
Type: docs Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I75d1efc503135bdc224f563b4e02b449904bfa08
2019-11-15tests: Remove the unrequired VPP IP address/prefix class wrappersNeale Ranns6-258/+261
Type: refactor Change-Id: I204f3f8eebc5f5d5a377e91262f91c615fd00168 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-14ikev2: add definitions for libsslAleksander Djuric1-0/+6
Type: fix Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com> Change-Id: I2fe36e2e4e8ce2906a6573301c7fca3cbab571c3
2019-11-14ikev2: correct byte order in api handlersAleksander Djuric1-10/+21
Type: fix Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com> Change-Id: I186286b8959ae138528a5171c22d3e1b00f46baf Signed-off-by: Aleksander Djuric <aleksander.djuric@gmail.com>
2019-11-14dpdk: Enable bnxt PMDAndy Gospodarek3-1/+20
This adds support to compile the bnxt PMD that supports Broadcom's 10/25/40/50/100/200 Gbps NICs. Tested with modified DPDK driver on x86_64 and aarch64 targets that is pending upstream acceptance, but should compile just fine today. Type: feature Signed-off-by: Andy Gospodarek <gospo@broadcom.com> Change-Id: I735a991c4cae4fa77e5605094facea54b781a1db
2019-11-13dhcp: option 61 add missing type fieldDave Barach2-3/+6
Apparently some dhcp servers care about it. Also fixed the unit-test. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: If0af70d624f4122b0339f20f84be047053776fe8
2019-11-13gtpu: check packet has enough data for gtpu headerBenoît Ganne2-106/+60
Type: fix Change-Id: I604e4dd2b29962bfcd8e950a0074637dab53c79e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-12ip: IP address and prefix types (moved from LISP)Neale Ranns1-20/+20
Type: refactor Change-Id: I2c6b59013bfd21136a2955442c779685f951932b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-11-12tls: fix picotls coverity warningsFlorin Coras1-13/+13
Type: fix Change-Id: Ib5c9de9c9053b8339f514ff648a75c3b56b55215 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-11ip: functional interface to ip fragmentationOle Troan5-214/+148
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-11-10dhcp: ipv6 prefix delegation improvementsDave Barach3-13/+99
Autoconfigure router advertisements for delegated prefixes. Clean up a longstanding issue. If vpp receives a dhcpv6 renew reply, do NOT reset per-delegated-prefix timers. That prevented vpp from sending a solicit to renew the delegation on time. That, in turn caused the RA code to send advertisements with valid_time = preferred_time = 0. That causes almost any downstream client to throw away its delegated address. Miscellaneous changes o src/vnet/ip/ip6_neighbor.c - always memset elements allocated from pools to zero. DGMS. o Remove debug spew from the ipv6 connection-tracker plugin Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I428feccdc47efdc413898600e0d62916928a6eb7
2019-11-10tls: picotls engine basic enabling for TLSSimon Zhang5-0/+878
Type: feature Change-Id: I700d999771d837604dd0571741f4f0bcbec82403 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-11-09dhcp: fix dhcpv6 client and dhcpv6 prefix delegationDave Barach3-37/+19
Keep trying even if the interface in question is not "admin-up, link-up." In real life, it's normal for link autonegotiation to take a good fraction of a second. The driver layer takes care of packets sent to an interface which can't transmit at the moment. Renew address leases at the preferred renewal time, not at the expiration time. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I68ec1c52cc1f4a8aa256185820748b845e92f7c1
2019-11-09build: Fix typo introduced in src/plugins/mdata/FEATURE.yamlPaul Vinciguerra1-1/+1
Type: fix Fixes: Ide0bb276659119c59bdbbc8b8155e37562a648b8 Change-Id: I4db18508910d5fe5f5df4d902e15cf19b10c0621 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-11-08rdma: fix next node rx redirectBenoît Ganne1-8/+2
Type: fix Change-Id: I694db40c3a0361852d01b84c7a45e32e39e9f4af Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-08rdma: fix name auto-generation on createBenoît Ganne1-1/+5
When creating rdma interface without specifying a name, we need to generate one instead of NULL. Type: fix Change-Id: If41870691dec47e8e673d48ac4b4ddffd2385a03 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-08tests: python3 use byte strings in raw()Ole Troan6-135/+135
Raw('\xaf) and Raw(b'\xaf) are two quite different things in python 2 versus 3. In most cases this didn't make a difference, apart from those cases where length of payload actually mattered. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I3cba5c1486e436a3ca8aa10a7b393da75aa9f6b9
2019-11-07crypto-ipsecmb: improve gcm performance using dedicated API.Fan Zhang1-88/+54
This patch improves the GCM encrypt and decrypt performance using the dedicated API provided by intel-ipsec-mb library. This helps remove the overhead caused by the JOB API. Type: feature Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I00c9ab3ed9f2660093fb2584feb8bca4979acee8
2019-11-07dpdk: ipsec gcm fixesChristian Hopps3-25/+14
- Fix AAD initialization. With use-esn the aad data consists of the SPI and the 64-bit sequence number in big-endian order. Fix the u32 swapped code. - Remove salt-reinitialization. The GCM code seems inspired by the GCM RFCs recommendations on IKE keydata and how to produce a salt value (create an extra 4 octets of keying material). This is not IKE code though and the SA already holds the configured salt value which this code is blowing away. Use the configured value instead. Type: fix Change-Id: I5e75518aa7c1d91037bb24b2a40fe4fc90bdfdb0 Signed-off-by: Christian Hopps <chopps@labn.net>
2019-11-07crypto: fix crypto perf unittest crashFan Zhang1-1/+33
Type: fix crypto perf test crashes for key size different than 16 bytes. This patch fixes the issue Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ic8a8ca83ca189c879815dc5d065b8c6f7826cd41
2019-11-07hsa: Add ckpair & crypto engine in vpp_echoNathan Skrzypczak6-78/+80
Type: feature * vpp echo adds and dels a cert and key pair for each run * it passes the crypto engine to be used (openssl, picotls, vpp, mbedtls) Change-Id: Iaba1de2e6abb510e6c4edbe84b2324b2f4843f26 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-11-07quic: Add support for ckpair & crypto engineNathan Skrzypczak2-20/+49
quic choice used ckpair is now the one passed to connect or listen via mq. The crypto engine is chosen with the value passed to connect or listen via mq: * If NONE(0) is provided, we default to quic_main. default_crypto_engine (picotls at init, can be changed via debug cli : quic set crypto api [crypto engine]) * If PICTOLS/VPP is provided, use this one * Other values return an error Type: feature Change-Id: Ifab893d6d03c83f202e6c7e7a9936f546a4b1530 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>