summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2021-01-18nat: deal with flows instead of sessionsKlement Sekera14-1960/+1860
This change introduces flow concept to endpoint-dependent NAT. Instead of having a session and a plethora of special cases in code for e.g. hairpinning, twice-nat and others, figure all this out and store it in flow logic. Every flow has a match and a rewrite part. This unifies all the NAT packet processing cases into one - match a flow and rewrite the packet based on that flow. It also provides a cure for hairpinning dilemma where one part of the flow is on one worker and another on a different one. These cases are also sped up by not requiring destination adress lookup every single time to be able to rewrite source nat as this is now part of flow rewrite logic. Type: improvement Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns1-13/+6
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
2021-01-18tls: make picotls engine able to initial connection as clientSimon Zhang2-16/+74
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Idd14dc11e92e0851c64f83e280b52f12e32ae48d
2021-01-13ikev2: remove assert conditionFilip Tehlar1-19/+36
Remove assert condition ensuring that a packet was punted with reason spi=0. We can't rely on data in punt_reason because it is defind in an union. This patch adds a new IKE node that handles punted IKE packets separately. Type: fix Change-Id: I2e1b44922e53e049bd8512fa5cb85cee6a2b8aa7 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-12crypto-openssl: chacha support in openssl versionRay Kinsella1-8/+8
Fix build errors related to chachapoly when the system openssl version is < 0x10100000. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I62283fcc44c952ddd4d6a9f621c18e8be1af8af1
2021-01-11dpdk: allow configure individual VMBUS devicesVladimir Ratnikov3-48/+220
now startup.conf supports confuguration for VMBUS devices as for PCI devices for whitelisting/blacklisting dpdk { dev fa5a6e7a-cf3a-4b98-9569-addb479b84bc } with sub-configuration as for PCI devices dpdk { blacklist fa5a6e7a-cf3a-4b98-9569-addb479b84bc } where fa5a6e7a-cf3a-4b98-9569-addb479b84bc - example of UUID struct vlib_vmbus_addr_t changed to union with UUID described fields Added device_config_index_by_vmbus_addr blacklist_by_vmbus_addr to enumerate available device configs hash_key is as_u32[0] field(last 4 bytes of UUID) Lost of precision against full UUID, but 2^32 is enough to handle all the devices available Added is_blacklisted check while creating vnet devices in order to supress creation of dev if it's blacklisted Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Id82611e54fed082190e488c7e5fbe14ecbe5b2ab
2021-01-11acl: fix tag C-string overflowBenoît Ganne1-5/+14
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-11nat: refactor and split fo EI/ED features p.2Filip Varga8-351/+1216
Patch n. 2 aimed at moving EI features out of NAT44 plugin & split of EI/ED functions. Type: refactor Change-Id: Ida20c1c084449b146344b6c3d8442f49efb6f3fa Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-01-08ikev2: fix lookup in wrong ip tableFilip Tehlar1-4/+6
In responder mode we need to remember interface index from which IKE session was initiated. Otherwise when sending keep alive packets to the initiator, the default ip table is always used for lookup instead of the one associated with the interface. Type: fix Change-Id: Iade3fc3a490b7ae83c3f6e9014d1f4204e476ac1 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-07vcl session: switch to generic cert key apisFlorin Coras8-74/+124
Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
2021-01-06acl: fix cli tag parsingBenoît Ganne1-1/+5
- tag is expected to be 64-bytes - when specifying tag on cli, a vector is allocated. Make sure it is freed Type: fix Change-Id: Id1741fe406819ca9f71edb081d4483f52cae547d Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-05nat: refactor and split fo EI/ED featuresFilip Varga17-1026/+999
This patch is aimed at moving EI features out of NAT44 plugin & split of EI/ED functions. Type: refactor Change-Id: I63cf70a264ed2512708fe92665d64f04690783d0 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-12-30svm: fifo segment sptr for fifo hdr free listFlorin Coras1-3/+3
With this there are no more pointers in data structures allocated on fifo segments. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ibe584b7b6809fa360a105974655a91674db69ab6
2020-12-29svm vcl: allow random offsets for fifo segments in appsFlorin Coras1-10/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1658a9c19d8eae4c9a42c0a111d4ad343b8eb8a4
2020-12-29svm: allow mq attachments at random offsetsFlorin Coras6-36/+77
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic373cd2c11272da539eb4b0db27227f36f2f9688
2020-12-26svm: change fifo pointers to offsetsFlorin Coras2-11/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I113a630d6db4741f54e508f7e0ed77be139df0e4
2020-12-24svm: split fifo into private and shared structsFlorin Coras9-102/+124
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id8e77e8b2623be719fd43a95e181eaa5b7df2b6e
2020-12-23hsa: detach fifo segments in echo appFlorin Coras3-38/+60
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6a982f4aa3c1816160ff1c0a663ec6df6ec4cf0a
2020-12-23vppinfra: mem bulk testFlorin Coras2-0/+146
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icd44ede9604c29839af250a2be93ecf467467aa0
2020-12-23svm: separate private from shared fifo segment ptrsFlorin Coras1-6/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idcc8d862b98dba4a67f829c1778377f35ad47b00
2020-12-23svm: remove fifo segment heapFlorin Coras2-21/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I518e096fe13847759806ff62009e73fd8f7451b7
2020-12-20tls: use fifo segments instead of chunksFlorin Coras1-33/+26
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id67cf8a3e1c5c9b4160689fde5de9ce7ed8a2ee3
2020-12-19avf: fix gcc compiling warning on ArmJieqiang Wang1-4/+4
Initializing struct avf_ip6_psh by {0} using gcc with O2 optimize option will trigger the -Werror=maybe-uninitialized compiling warning on Arm because gcc compiler will think some members of the struct avf_ip6_psh may not be initialized, which probably is a false positive in this case. The compiling error log is shown as below. Avoid this compiling warning by explicitly declaring the IPv6 src and dst ip in avf_ip6_psh as ip6_address_t. ccache /usr/lib/ccache/gcc-10 -DHAVE_FCNTL64 -DHAVE_GETCPU -DHAVE_MEMFD_CREATE -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src -I. -Iinclude -I/home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins -Iplugins -Iplugins/avf -Wno-address-of-packed-member -g -fPIC -Werror -Wall -march=armv8-a+crc -O2 -fstack-protector -DFORTIFY_SOURCE=2 -fno-common -fPIC -DCLIB_MARCH_VARIANT=cortexa72 -march=armv8-a+crc+crypto -mtune=cortex-a72 -DCLIB_N_PREFETCHES=6 -MD -MT plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -MF plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o.d -o plugins/avf/CMakeFiles/avf_plugin_cortexa72.dir/output.c.o -c /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c In file included from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector_funcs.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vector.h:196, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/string.h:48, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/mem.h:49, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/vec.h:42, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/format.h:44, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/elf_clib.h:41, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vlib/vlib.h:44, from /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:18: /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c: In function ‘avf_device_class_tx_fn_cortexa72’: /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/vppinfra/byte_order.h:59:10: error: ‘*((void *)&psh+32)’ may be used uninitialized in this function [-Werror=maybe-uninitialized] 59 | return __builtin_bswap16 (x); | ^~~~~~~~~~~~~~~~~~~~~ /home/snowball/tasks/test_vpp_build/test-patch-9/vpp/src/plugins/avf/output.c:115:23: note: ‘*((void *)&psh+32)’ was declared here 115 | struct avf_ip6_psh psh = { 0 }; | ^~~ Type: fix Change-Id: I2684b101b07823dfacc4a56cc29d152828d0cf37 Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
2020-12-18tls: add custom openssl bioFlorin Coras5-184/+244
The bio interacts directly with the session so it avoids using an intermediary mem bio and, implicitly, higher memory consumption and an extra memcpy. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifb675cfd12df86396a7a738a6cd4d0882c69ad2f
2020-12-18perfmon: new perfmon pluginDamjan Marion15-0/+2246
Type: feature Change-Id: I2c14f82393d11fc05c6d229f5c58603ab5c0f14d Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-18misc: deprecate old perfmonDamjan Marion25-25549/+0
Type: refactor Change-Id: I1303219f9f2a25d821737665903b0264edd3de32 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-18dpdk: rebase cryptodev engine for dpdk 20.11Fan Zhang2-121/+127
Type: feature This patch rebase cryptodev engine for the new cryptodev raw APIs introduced in DPDK 20.11. Signed-off-by: Piotr Bronowski <PiotrX.Bronowski@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I4da335379c5dfeb358017092086d305a01b652dc
2020-12-18avf: optimized with NEON SIMD instructionLijian.Zhang1-1/+27
Optimize avf-input node processing function with NEON SIMD instruction. Type: improvement Change-Id: I3dd76ac659686209dda9b176fc426aeae639e99b Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2020-12-17hsa: http server: memset after pool_put will cause ASAN issuejiangxiaoming1-1/+2
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I3783f72ff93c362589e859f389d94eadd2aadddb
2020-12-17hsa: http server: fix http response format type errorjiangxiaoming1-1/+1
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I15e43ded1ccd1b06a5ce1822a260fd2dd7edf95f
2020-12-16nat: refactor & MW support for NAT testsFilip Varga3-3598/+3662
Split ED and EI nat44 test cases. Added multi worker support for ED test cases. Type: refactor Change-Id: Ibcc2f62b94cacff69ed35c5d914b55f9fdbcf882 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-12-15nat: set out2in-dpo during plugin enablingAlexander Chernavin1-0/+1
Type: fix Change-Id: Ie41e2fb9393bf63099519150bb158b830d2c0d87 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-12-15classify: add pcap/trace classfier mgmt API callsJon Loeliger1-10/+0
Add lookup/get/set API calls to manage both PCAP and Trace filtering Classifier tables. The "lookup" call may be used to identify a Classifier table within a chain of tables taht matches a particular mask vector. For efficiency, this call should be used to determine to which table a match vector should be added. The "get" calls return the first table within a chain (either a PCAP or the Trace) set of tables. The "set" call may be used to add a new table to one such chain. If the "sort_masks" flag is set, the tables within the chain are ordered such that the most-specific mask is first, and the least-specific mask is last. A call that "sets" a chain to ~0 will delete and free all the tables with a chain. The PCAP filters are per-interface, with "local0", (that is, sw_if_index == 0) holding the system-wide PCAP filter. The Classifier used a reference-counted "set" for each PCAP or trace filter that it stored. The ref counts were not used, and the vector of tables was only used temporarily to establish a sorted order for tables based on masks. None of that complexity was actually warranted, and where it was used, the same could be achieved more simply. Type: refactor Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
2020-12-14ikev2: add reason for deleted sa debug logBenoît Ganne1-5/+5
Type: improvement Change-Id: If991165406d10d877aa6c7b2a03b4b741272928c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14ikev2: fix show ikev2 profileBenoît Ganne1-38/+18
format_ip_address() to display {local,remote}_id does not work because we do not store ip_address_t but ip{4,6}_address_t, hence we lack the ip_address_family_t version field. Update format_ikev2_id_type_and_data() to support all types and use it instead. Type: fix Change-Id: I7a81beb0b22fcf1c5d1bf03a32a6cc4f030f4361 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion8-30/+30
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion112-825/+784
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14vppinfra: simpler and faster pool_foreachDamjan Marion1-1/+1
- reduces number of instructions generated 4 times compared to old code - adds pool_foreach2 which is more friendly to clang-format Type: improvement Change-Id: I51e9c7fb09655c60d883987dadf5b2666c12b3f7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra3-2/+4
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-13nat: revert 'fix byte order on ipfix message fields'Damjan Marion1-6/+3
This reverts commit bfba2d555331ce67f707e608877e96dbd2aacd80. Reason for revert: breaks test test_nat44.TestNAT44.test_ipfix_max_sessions Change-Id: I6eed4d02835ab792e7e3491fc14240cc88a86710 Type: fix Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-11dpdk: bump to dpdk 20.11Fan Zhang5-10/+28
Type: feature This patch bumps DPDK to 20.11. In addtion a few changes are made: - Changed dynamic rx offload flag display. - Updated deprecating options. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I6e4399d551a7eb8e1a9fc9ef6e39e74266450ad4
2020-12-11pppoe: fix VLIB_RX into the pppoe-input nodeStanislav Zaikin3-0/+15
Previously, RX interface for PPPoE packets was set as the original interface. Now it is set as corresponding PPPoE interface in the "pppoe-input" node. We need to do it because otherwise IP or other settings won't be working onto the PPPoE interface (only on original rx interface). Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: If9cc37608aa5fe685b8278dd99b819b7eddc6c38
2020-12-11nat: fix byte order on ipfix message fieldsMatthew Smith1-3/+6
Type: fix The code for quota exceeded events is a u32 and was being copied into ipfix packets in host byte order. Same for the limit field. Swap the order before copying into packet buffer. Change-Id: I881766e1c52acc9bebde38d85228fa492214ee21 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-12-11fib: Remove unused BIER variablesNeale Ranns1-3/+0
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Idf17c3c02fb77fcadf69a9164abd4da35289aaed
2020-12-11srv6-mobile: Fix the position of QFITetsuya Murakami2-34/+31
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ica02435c4bc198fb6c4b9e4b62a287e47689ae7a Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2020-12-10hsa: http proxy connected callback fixesnandfan1-3/+0
svm_fifo_init_ooo_lookup has been called by transport Type: fix Signed-off-by: nandfan <fanyufei521@outlook.com> Change-Id: I6626421c9a71212be0f7b8bff953133f760811f6
2020-12-09ikev2: test responder behind NATFilip Tehlar1-29/+49
Type: test Ticket: VPP-1903 Change-Id: I7fab6931833d6e253b7b921172825387302d8f70 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-12-08fib: Source Address SelectionNeale Ranns5-24/+23
Type: feature Use the FIB to provide SAS (in so far as it is today) - Use the glean adjacency as the record of the connected prefixes = there's a glean per-{interface, protocol, connected-prefix} - Keep the glean up to date with whatever the recieve host prefix is (since it can change) Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I0f3dd1edb1f3fc965af1c7c586709028eb9cdeac
2020-12-08nat: avoid hairpinning infinite loop problemElias Rudberg2-0/+100
Fix in nat44 hairpinning code to check if anything was actually changed in the snat_hairpinning() routine, and return 0 if nothing changed. This helps avoid an infinite loop repeating the three nodes nat44-hairpinning-->ip4-lookup-->ip4-local in case there was no change. Also add a corresponding test case. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I95f48476bd002ac4c6789afe504681f1963e5d38 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2020-12-07dpdk: support mlx drivers linked with rdma-coreMohammed Hawari1-3/+9
Change-Id: I8b8e4420f7643df95c27f4a4764809e8ddd2d12e Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement