aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-05-15ikev2: add support for NAT traversalFilip Tehlar4-82/+286
Type: feature * initiator behind NAT supported * tested with static NAT mappings * works only with pre-configured tunnels The pre-configured tunnel has to be defined as follows: initiator (i) side: src=ip(i) dst=ip(r) responder (r) side: src=ip(r) dst=ip(nat) Change-Id: Ia9f79ddbbcc3f7dc8fde6bbeca2a433e3b784e94 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14nat: unhide testsKlement Sekera1-5/+5
Parallel merges introduced two test clasess with a same name. Rename latter, so that former is seen (and run) by test runner again. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I47772b41bb940bfdda4536cdd1f9b5e3768ca18b
2020-05-14nat: "users" dump for ED-NATKlement Sekera3-0/+170
Since the removal of "users" concept in ED-NAT nat44_user_dump API returns empty array. This brings back previous behaviour at a considerable runtime cost until a better API is introduced. Type: improvement Change-Id: I5a45923cfeb6b8ebe6fc906601264d6567386991 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-05-14ikev2: use u32 in unformatFilip Tehlar1-1/+1
Type: fix Change-Id: If240bd8b3579678c0a6b5ea723946a35b53e5c31 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-14dpdk: fix crash with chelsio pmdBenoît Ganne1-6/+12
cxgbe PMD initializes its control channel as part of dev_configure(), and trying to get link status prior to it will lead to a crash. DPDK documentation loosely hints that we should not call any device function before dev_start(), call link_state() only for the relevant PMDs. From DPDK API documentation: The functions exported by the application Ethernet API to setup a device designated by its port identifier must be invoked in the following order: rte_eth_dev_configure() rte_eth_tx_queue_setup() rte_eth_rx_queue_setup() rte_eth_dev_start() Then, the network application can invoke, in any order, the functions exported by the Ethernet API to get the MAC address of a given device, to get the speed and the status of a device physical link, to receive/transmit [burst of] packets, and so on. Type: fix Change-Id: I12d2ab4d84e6bd72a9f695447e86f3222929c804 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-05-14memif: 14 bytes extra overhead issue fixed.Mrityunjay Kumar1-2/+2
Type: fix Signed-off-by: Mrityunjay Kumar <kumarnitp@gmail.com> Change-Id: I31cc5e853b57e285064647503231b251e5152d3f
2020-05-14nat: remove unused codeKlement Sekera2-3/+0
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I95286d6723fd1860bf6bb0e81c474d732ab25121
2020-05-14nat: ED: store both thread&session idx in hashKlement Sekera9-197/+315
By storing thread and session index in hash table we are able to skip multiple hash lookups in multi-worker scenario, which were used for handoff before. Also, by storing sesion index in vnet_buffer2, we can avoid repeating the lookup after handoff. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I406fb12f4e2dd8f4a5ca5d83d59dbc37e1af9abf
2020-05-14nat: fix segv if out of ports in ed modeAlexander Chernavin2-1/+47
Type: fix Change-Id: Ife726d2f6baaa3516c209011183f39670cf6a55d Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-05-13sr: fix srv6/srv6-ad/srv6-as promisc mode switchJohn Lo2-6/+22
Calling ethernet_set_flags() to switch interface to/from promiscuous mode must use use hw_if_index instead of sw_if_index. Type: fix Signed-off-by: John Lo <loj@cisco.com> Change-Id: I72da286b913893227e32193ee11fbbc56e04804d
2020-05-13nat: fix broken buildKlement Sekera1-1/+1
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2a70db3a25450e014adaed84989f4da9bb77b14d
2020-05-13nat: fix LRU blocked by inactive sessionKlement Sekera10-161/+391
This fixes a situation where long-lived inactive session blocks LRU list. Solution is to have multiple LRU lists based on session type. This helps because session timeout is same for all sessions of same type. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I5e54b2aab73b23911d6518d42e8c3f166c69a38c
2020-05-13nat: perf improvement - replace branchy codeKlement Sekera32-451/+401
Use a lookup table instead. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ia8461099828bb8824bf016201f135e6b69c444d1
2020-05-13nat: handoff next node feature fixFilip Varga7-47/+159
Type: fix Change-Id: I14e323e7bb1db7a3d40668212535c07504374e59 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-13ikev2: fix removing of expired SAsFilip Tehlar1-1/+1
Type: fix Change-Id: Idf9b0ffb4e3a0113bece80d1195192bdf46feb89 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-12lacp: missing endian conversions for trace packet formatSteven Luong1-2/+2
Fix a couple endian conversions for displaying Marker Protocol packet in the trace Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I746a67fb6143b5ad52bc4af9604ff8760dbdec9b
2020-05-11crypto-native: properly deal with broken or outdated toolchainsDamjan Marion5-42/+54
Avoids crash due to missing symbol, when build system detects toolchain which is not able to produce binaries for all targets we need.... Type: fix Change-Id: I77ee63cb8dca3c9e4e83a6235c60f1439a472444 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-05-09gtpu: fix coverity issueChenmin Sun1-2/+2
Fix coverity issue #210194 in gtpu-decap Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I5b172c8494527e7117c4e7e7083a8473165aa40f
2020-05-08docs: fix merge damage in nat.hDave Wallace1-4/+0
Type: fix Fixes: b5a575b09 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I22d35159a923075243df9760f1a74e2ca74e30e1
2020-05-08nat: fix per thread data vlib_main_t usage take 2Ole Troan7-42/+32
The original fix access vlib_main before these was initialized. Removed cached vlib_mains structure. Type: fix Fixes: 9bb09afb56b1aa787ca574cc732085272059fd5f Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I686bab9220e27891f66bf60489c1602855786aa8 Signed-off-by: Ole Troan <ot@cisco.com>
2020-05-07nat: remove duplicate line of codeKlement Sekera1-1/+0
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I3c914d5c457df40205280ac589a2d353261343d5
2020-05-07nat: fix per thread data vlib_main_t usageFilip Varga9-75/+97
Type: fix Change-Id: If6784c9eb278f525e05304d10fd1a00641faaaf0 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-07lacp: fix regarding vm arg for vlib_time_now callsElias Rudberg6-43/+26
Use thread-specific vlib_main_t *vm pointers to avoid problems with different threads accessing the same vlib_main_t data structure. This avoids assertion failure when vlib_time_now() is called with a vm corresponding to a different thread. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I359596ecff86e03d57aa8d2330f77bf9a913485f
2020-05-07rdma: fix alignment issueDamjan Marion1-2/+2
Type: fix Change-Id: I0ff7a6f3354066c2252c1ebd0d43ac59db278bf0 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2020-05-06docs: clean up make docs jobPaul Vinciguerra21-42/+70
Type: docs Change-Id: I9b5e5137eb4c1e89f6e8d7a278cd11a0fd496471 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-06crypto: fix coverity issuesFan Zhang1-5/+11
Fix coverity issues in crypto framework and cryptodev engine. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ib261da0163c8182c803600db22c5a6dad5a19999
2020-05-06rdma: fix clang buildBenoît Ganne1-2/+9
Type: fix Change-Id: I9b613f0af484f601dd20a851e2f59ee5e06b5c37 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-05-06nat: ipfix logging vlib_mains[thread_index] bugfixElias Rudberg1-16/+16
Use thread-specific vlib_main_t *vm pointers to avoid problems with different threads accessing the same vlib_main_t data structure. This avoids crashing when ipfix logging is enabled and several threads are used. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: Ic1d3d335919d7666ead14be1153eb8c8c07b7356
2020-05-06nat: enable force session cleanupFilip Varga6-142/+236
Force session cleanup drops NAT db. Also fixing user specific cli/api calls. Type: improvement Change-Id: Ia3e25fcf07fe5fb9a83d55c03fe90aca727b41ac Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-06nat: fix coverity warningKlement Sekera1-19/+5
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I609fef6f96c6a3fc85a4dc07e75244b0e1ba9239
2020-05-05tests: add test description to quic testsDave Wallace1-0/+24
Type: style Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ief894e940a913a4ccf5368a2fdcf5479917f56cb
2020-05-05ipsec: User can choose the UDP source portNeale Ranns1-2/+2
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05ikev2: remove sa from main threadFilip Tehlar1-17/+29
Type: fix Change-Id: Ib73ce48552cfa9e825a6833f5594650783d82f3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-05gtpu: RX offload for IPv6 payload supportingChenmin Sun3-8/+38
this patch adds the offloading capability for the IPv4 GTPU tunnel which the next-node is assigned as IPv6 Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie39cd43058d36514656351dc6e906a19d5de89c0
2020-05-05flow: explicitly convert RSS function types in dpdk_pluginChenmin Sun1-1/+34
explicitly convert RSS function types from vnet_rss_function_t to rte_eth_hash_function to avoid these two types go out of sync in the future... Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ic09f6bb7f2cfbcf7cc4d380e51554b7f2b7a3b90
2020-05-05nat: remove unused codeKlement Sekera1-27/+0
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I33b2b38961b200dc3297b82124a7107b9ecbd0de
2020-05-04session: add option to preallocate fifo headersFlorin Coras2-2/+58
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie47546ef36590b90ed481b14cf812afbecf7981c
2020-05-04ikev2: fix string in apiFilip Tehlar1-1/+1
Type: fix key file name should be a string and not array of u8. Change-Id: I7d280d2397030e73732b374ad9d3146fad0bb19f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-04fib: midchain adjacency optimisationsNeale Ranns2-15/+0
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04misc: binary api fuzz test fixesDave Barach4-5/+207
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-05-04nat: per vrf session limitsFilip Varga9-29/+310
Type: improvement Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-03tests: vpp_interface remove deprecated packed propertiesPaul Vinciguerra2-18/+19
The api no longer requires packed ip addresses. Type: test Change-Id: If67365d86b7c3189f871a58234e99f9c8f875371 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-30hsa: bind af-unix socket only for echo testsFlorin Coras1-60/+77
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6da8cc7c4577d199e9dc0aa52c73b1230a380018
2020-04-30flow: add l2tpv3oip flowChenmin Sun1-9/+45
This patch adds the l2tpv3oip type flow support Have tested on E810 with Intel iAVF driver Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Icb5114b5f70dd7a63f681e7c6ac802fade8b8cf1
2020-04-30crypto: introduce async crypto infraFan Zhang7-9/+1443
Type: feature Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com> Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
2020-04-30ikev2: use thread local vlib_main in vlib_time_nowFilip Tehlar1-13/+9
Type: fix Change-Id: I8e4a47bd16fa8475ef695c09e3487eabf08faabe Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-29misc: switch to clang-9Damjan Marion2-4/+4
Type: improvement Change-Id: Iebf77a63c0c19b130a3fbd26b5293304a9fed4c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-04-29hsa: cleanup ifdefs in sock testsFlorin Coras4-532/+168
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1f03d80c4ee2a555dc6baa262d6df4521c1ae818
2020-04-29flow: explicit rss function enum castFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8c0eb5b5b12ffac1ff5dc89cab10bdb8e4be4322
2020-04-28flow: add RSS supportChenmin Sun4-32/+80
This patch enables the RSS configuration through vnet/flow interface With this RSS feature, users can config the RSS functions for specific flows Currently, it supports: default, toeplitz and symmetric_toeplitz rss function, and ipv4-tcp/ipv4-udp/ipv6-tcp/ipv6-ucp flow types Users can use the following options to combine with above flow types for more specific hash input set selection: l3-src-only, l3-dst-only, l4-src-only, l4-dst-only Command line: test flow add dst-ip any proto udp rss function default rss types ipv4-tcp use l3-dst-only test flow add dst-ip any proto udp rss function toeplitz rss types ipv4-udp use l4-src-only test flow add dst-ip any proto udp rss function symmetric_toeplitz rss types ipv6-udp use l3-src-only and l3-dst-only Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I213efc76dc8af37f2f63605884f353e05b0f5d2a