aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-04-24lacp: deleting the bond subinterface may cause lacp to lose the partner ↵Steven2-15/+8
[VPP-1251] Problem: When the bond subinterface is removed, it was observed that we lost the lacp partner. Show hardware shows rx counter goes up, but show interface does not for the slave interfaces. Cause: We reset the interface promiscuous mode when the bond subinterface is deleted. This causes dpdk not to accept any packet. Leave the interface in promiscuous mode fixes the problem. Other fixes: There are few places we use hw_if_index as if they are sw_if_index. But they don't necessarily have the same value. As soon as a subinterface is created, they start to diverge. The fix is to use the correct API for the hw_if_index and sw_if_index. Change-Id: I1e6b8bca0a4aae396d217a141271cbf968500c91 Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit 42c6599bf3057a7e8f4f00f5b6a9dd72af48d283)
2018-04-24NAT44: one-armed NAT and identity mapping (VPP-1212)Matus Fabian1-3/+10
Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-23lacp: partner may time us out if fast-rate is configured [VPP-1247]Steven5-8/+14
We should be sending LACP PDU every second if the partner has LACP_TIMEOUT flag set which means it will time us out in 3 seconds. Add interface name for lacp trace Change-Id: If7d816c062d03e80cc0dd7d10dba0b76ace0664a Signed-off-by: Steven <sluong@cisco.com>
2018-04-19Add special Twice-NAT feature (VPP-1221)Juraj Sloboda7-30/+94
When enabled then Twice-NAT is applied only when source IP equals destination IP after DNAT Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-18dpdk: improve loggingDamjan Marion4-35/+187
- use of vlib_log for non-dataplane logging - redirect of dpdk logs trough unix pipe into vlib_log - "show dpdk physmem" cli Change-Id: I5da70f9c130273072a8cc80d169df31fc216b2c2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-18NAT44: recycle old sessions for forwarding bypass (VPP-1240)Matus Fabian4-17/+98
Change-Id: I7e6b0e7e91cc032b1685f35de5d84363a85158a5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-18dpdk: resurrect removed code [VPP-1245]Steven1-0/+4
https://gerrit.fd.io/r/#/c/7701/ accidentally removed 3 lines of code in dpdk/device/init.c which were added by https://gerrit.fd.io/r/#/c/7826/ case VNET_DPDK_PMD_VHOST_ETHER: xd->port_type = VNET_DPDK_PORT_TYPE_VHOST_ETHER; break; Those lines were needed to recognize vhost-user interface which is created via vdev command in dpdk and display VhostEthernet. Without them, UnknownEthernet is displayed. Change-Id: I6d7ee6aecc6a415fbb7308595d515649475bcd5f Signed-off-by: Steven <sluong@cisco.com>
2018-04-17dpdk: add additional fields to rte_mbuf trace printDamjan Marion1-2/+5
Change-Id: I3792c524323ce9e300648abe85454cff5d19aba7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-17dpdk: print device flags in the 'show hardware' outputDamjan Marion2-11/+37
Change-Id: I0d10f13a56420b119fdfad97dcc135b245c269e1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-17ACL based forwardingAndrew Yourtchenko11-0/+1997
A poor man's flow switching or policy based rounting. An ACL is used to match packets and is associated with a [set of] forwarding paths that determine how to forward matched packets - collectively this association is a 'policy'. Policies are then 'attached', in a priority order, to an interface when thaey are encountered as an input feature. If a packet matches no policies it is forwarded normally in the IP FIB. This commit is used to test the "ACL-as-a-service" functionality, which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes. Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-17acl-plugin: VPP-1241: fix the "show acl-plugin tables applied" outputAndrew Yourtchenko2-45/+20
It is a relatively rarely used low level command for code that didn't change, but due to infra changes it did not survive. Having it working may be very useful for corner-case debugging. So, fix it for working with the acl-as-a-service infra. Change-Id: I11b60e0c78591cc340b043ec240f0311ea1eb2f9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 18bde8a579960aa46f43ffbe5c2905774bd81a35)
2018-04-17igmp: fix debug macroJakub Grajciar3-13/+13
Change-Id: I071d4cfcf6ea9763dd4842a3594c486a8e400e8c Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-04-13Revert "MTU: Setting of MTU on software interface (instead of hardware ↵Damjan Marion1-14/+14
interface)" This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa. Reverting as this patch is causing following crash: 0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails Aborted Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-13acl-plugin: VPP-1239: acl-as-a-service does not match IPv6 packets, works ↵Andrew Yourtchenko2-4/+5
only in lookup context 0 In process of extracting the matching out of the ACL plugin internals, a couple of pieces setting the miscellaneout fields in the 5tuple structure did not make it, so they are initialized to zeroes. Move the assignments to the right place to make both traffic acls and acl-as-a-service working. Change-Id: I66a7540a13b05113b599f0541999a18fad60385d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit d3b96ef0d75889f09dc51efb89e5123cdbe7ffe8)
2018-04-13NAT66: Do not translate if packet not aimed at outside interfaceJuraj Sloboda3-0/+55
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-13MTU: Setting of MTU on software interface (instead of hardware interface)Ole Troan1-14/+14
Change-Id: I98bd454a761a1032738a21edeb0fe847e801f901 Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-13GBP V2Neale Ranns25-886/+3720
update the GBP plugin to implement the full NAT feature set of opflex agent Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-12Fixes for 'make UNATTENDED=yes CC=clang CXX=clang verify'Neale Ranns5-10/+9
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-12NAT: disable CLI/API not supported in active mode (VPP-1234)Juraj Sloboda2-3/+215
When in deterministic mode disable nondeterministic CLI/API. When not in deterministic mode disable deterministic CLI/API. Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-12Handle DHCP replies with NAT44 forwarding enabledMatthew Smith1-48/+57
When NAT44 forwarding is disabled, if a DHCP server-to- client packet arrives on an outside interface, it is handled correctly by setting the next node to the next feature on the ip4-unicast feature arc, where it can be processed. When NAT44 forwarding is enabled, if a DHCP server-to- client packet arrives, it is not handled any differently than other packets and ends up going to ip4-lookup which results in the packet being dropped. Move the check for DHCP server-to-client packets outside of the block that is executed if forwarding is disabled so DHCP replies will be processed in either case. Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-11NAT44: fix setting of flag SNAT_SESSION_FLAG_LOAD_BALANCING (VPP-1235)Matus Fabian4-24/+36
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-11acl-plugin: VPP-1231: add error checking to acl_plugin_set_acl_vec_for_contextAndrew Yourtchenko1-1/+26
The users of ACL lookup contexts might not check the data they supply, so do it on their behalf in this function, and return an error if an ACL does not exist or if they attempt to apply the same ACL twice. Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
2018-04-11acl-plugin: VPP-1230: fix the "undefined symbol" error for acl_main when ↵Andrew Yourtchenko3-9/+31
using the inline functions The acl_main struct, which is defined in the acl_plugin, is not visible when the ACL plugin inline code is being compiled within the context of other plugins. Fix that by using the global pointer variable, which exists in both the ACL plugin context and is set in the context of the external plugins using ACL plugin. Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
2018-04-11dpdk: fail in early init if we cannot alloc hugepagesDamjan Marion1-4/+19
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-10when deleting l3 static mapping with addr_only,ahdj0071-1/+4
lb session with the same user maybe deleted. Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
2018-04-10CSIT-895 dpdk/ipsec: add locks on session data hash updatesRadu Nicolau2-33/+40
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-04-10srv6-ad: fixing cache size issueFrancois Clad3-11/+18
Change-Id: Iaadfbc75832e37ae52511b25448da14116214fc1 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-04-09plugins: unload plugin if early init failsDamjan Marion1-0/+43
Change-Id: I32f68e2ee8f5d32962acdefb0193583f71d342b3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-09NAT44: don't add static mapping to resolution vector if failed (VPP-1225)Matus Fabian1-3/+27
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-05memif: bug fixesDamjan Marion2-22/+74
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-05DSLite: Implement new API call DSLITE_ADDRESS_DUMP.Jon Loeliger2-0/+67
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-04-04Doc updates prior to branchChris Luke3-11/+23
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-04memif: zero copy slaveDamjan Marion6-145/+653
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-04NAT added FIB entries have a preference lower than API/CLINeale Ranns1-6/+6
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-04NAT44: prohibit multiple static mappings for a single local address (VPP-1224)Matus Fabian1-0/+11
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04NAT44: fix static mapping for DHCP addressed interface deleting (VPP-1223)Matus Fabian1-4/+92
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04dpdk:fix checksum handling of l2 interfacesEyal Bari1-17/+19
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-30acl-plugin: implement an optional session reclassification when ACL is ↵Andrew Yourtchenko4-10/+128
(re-)applied There were several discussions in which users would expect the sessions to be deleted if the new policy after the change does not permit them. There is no right or wrong answer to this question - it is a policy decision. This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to an interface, this counter increments. The newly created connections inherit the current policy epoch in a given direction. Likewise, this counter increments if anyone updates an ACL applied to an interface. There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]" (with default being 0) which allows to enable the checking of the existing sessions against the current policy epoch in a given direction. The session is not verified unless there is traffic hitting that session *in the direction of the policy creation* - if the epoch has changed, the session is deleted and within the same processing cycle is evaluated against the ACL rule base and recreated - thus, it should allow traffic-driven session state refresh without affecting the connectivity for the existing sessions. If the packet is coming in the direction opposite to which the session was initially created, the state adjustment is never done, because doing so generically is not really possible without diving too deep into the special cases, which may or may not work. Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-30Add missing stdint.hChris Luke1-0/+1
Coverity has started whining about uint32_t missing in this .h Change-Id: I57992121c0593d6a0ada35917802d0300cf91259 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-30lacp: faster convergence for slow-rate config optionSteven6-18/+29
Do fast-rate if we are not yet synchronized with the partner. Stop sending LACP updates as a flash in the worker thread. Just expire the timer and let the lacp_process handle sending LACP PDU. Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1 Signed-off-by: Steven <sluong@cisco.com>
2018-03-30dpdk: fix crash due to incorrect xd->flags value with slave's link togglingSteve Shin1-2/+5
xd->flags is set incorrectly when a slave link is down in bonded interface mode. This can result in VPP crash when data traffic flows to the interface. Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-28NAT44: make 1:1NAT for DHCP addressed interface persistentMatus Fabian1-22/+53
Static mapping is not deleted from resolution vector after address is set on interface. Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-28avf: keep input node in disabled state unless neededDamjan Marion1-1/+1
Change-Id: I9a0105aa2373bd4db218851b1bbee50c6b6dfc7d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-28NAT44: fix nat44_user_session_dump and nat44_del_session crash with one ↵Matus Fabian2-2/+2
worker (VPP-1213) Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-27acl-plugin: autosize the ACL plugin heap and fix the heap size types and parsingAndrew Yourtchenko3-9/+43
- autosize the ACL plugin heap size based on the number of workers - for manual heap size setting, use the proper types (uword), and proper format/unformat functions (unformat_memory_size) Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-27memif: add private header size fieldDamjan Marion2-0/+5
private header size allows to reserve firs X bytes of payload to be considered as private metadata. For now we just support value 0 but adding this field to address future needs without changing protocol version. Change-Id: Id77336584c0194a303b20210aff584c7372cba01 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-26plugins: dpdk: ipsec: fix l3 offsetSzymon Sliwa1-2/+1
Changes the source of the l3 offset to a more proper one, same as I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d. Change-Id: I5ff05d7d89507ecb378a2bd62f5b149189ca9e99 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-03-26acl-plugin: defer the ACL plugin user module registration with ACL lookup ↵Andrew Yourtchenko1-3/+5
until it is needed Registering ACL plugin user module within the "ACL as a service" infra during the plugin init causes an unnecesary ACL heap allocation and prevents the changing of the ACL heap size from the startup config. Defer this registration until just before it is needed - i.e. when applying an ACL to an interface. Change-Id: Ied79967596b3b76d6630f136c998e59f8cdad962 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-26Intel Adaptive Virtual Function native device driver pluginDamjan Marion11-0/+3007
Change-Id: If168a9c54baaa516ecbe78de2141f11c17aa2f53 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-24User session counters stay <= per-user limitMatthew Smith3-17/+22
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>