summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-05-10Change the way IP header pointer is calculated in esp_decrypt nodesSzymon Sliwa1-1/+7
The pointer to IP header was derived from l3_hdr_offset, which would be ok, if l3_hdr_offset was valid. But it does not have to be, so it was a bad solution. Now the previous nodes mark whether it is a IPv6 or IPv4 packet tyle, and in esp_decrypt we count get ip header pointer by substracting the size of the ip header from the pointer to esp header (which lies in front of the ip header). Change-Id: I6d425b90931053711e8ce9126811b77ae6002a16 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-05-10dpdk:fix tx countEyal Bari1-1/+2
Change-Id: I921465ea64b59d42674cc8f19069ed04e3b25026 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-09dpdk: fix free of tx dropped packetsFlorin Coras1-1/+1
Change-Id: I3669068f694614f8555b33bf0b703c41e45363ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-05-09dpdk: tx code reworkDamjan Marion3-261/+158
Change-Id: Ifea9c772e8784642433b92091f5769eb9ec06890 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-09dpdk:fix mbuf index typo'sEyal Bari1-4/+4
Change-Id: I387b22427b3f322969bcf32fcfc189123c8ed6ae Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-05-08NAT44: TCP connection close detection (VPP-1266)Matus Fabian7-13/+131
Change-Id: Iba1cc1179ee80478e29888790a6476571d1904dc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-07dpdk: improve perf of buffer indices calc in the input nodeDamjan Marion1-34/+53
Change-Id: I16557189aa4a763ec496cb4a45f6e12f2d46971f Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-05-04ipsec: allow null/null for crypto/integ algorithms pairRadu Nicolau1-0/+1
Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-05-04Flow: Rename IPFIX exporter.Ole Troan6-7/+7
Change-Id: I9363cf54b73f7cfd8622af6f1cb250438ea0d3b6 Signed-off-by: Ole Troan <ot@cisco.com>
2018-05-04Harmonize vec/pool_get_aligned object sizes and alignment requestsDave Barach10-2/+33
Object sizes must evenly divide alignment requests, or vice versa. Otherwise, only the first object will be aligned as requested. Three choices: add CLIB_CACHE_LINE_ALIGN_MARK(align_me) at the end of structures, manually pad to an even divisor or multiple of the alignment request, or use plain vectors/pools. static assert for enforcement. Change-Id: I41aa6ff1a58267301d32aaf4b9cd24678ac1c147 Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-05-04Fix format for the dst address in the STN traceMilan Lenco1-2/+2
Output string 's' was not assigned the return value of format() for the destination address, which, in case the underlying memory was moved by the realloc, resulted in an invalid memory access by the subsequent invocations of format(). Change-Id: I2b5dfd85db085c553ca5ec0b3257aeeb437c360a Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2018-05-03NAT: fix bin API dump of static mappings.Milan Lenco1-2/+5
Static mappings with equal local and external IPs but different ports were dumped as identity mappings. Change-Id: Ifea7cef5b78aea4c2eb31cf1620185eeef2681e5 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2018-05-03NAT44: fix VAT nat44_user_session_detailsMatus Fabian1-4/+5
Change-Id: If379247f0574fbfcca39e752684bf6c81b95187b Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-05-03NAT44 segv on unknown proto on inside interfaceMatthew Smith1-22/+25
When a packet with an unknown proto arrives on an inside interface and there are no existing sessions for the source address, a segv occurs. snat_in2out_unknown_proto() finds the head of the sessions dlist, fetches the address of the next element using head->next, and then dereferences the next element. On the first packet received from a source address, head->next is ~0, so this results in a segv. Check that the session list is not empty before trying to traverse it. Also removed unnecessary lookup against tsm->user_hash. Prior call to nat_user_get_or_create() already performed that lookup and added a user if one didn't exist. Change-Id: If73e79aa2f8e3962ab7b876ecf55aea40d7a5472 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-30plugins: dpdk: fix check which makes not sense, likely a typoSzymon Sliwa1-1/+1
Change-Id: If33854f9c32736edf571fb66cdfa759db1c9de25 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-04-27A bit of buffer metadata reshuffling to accommodate flow_idDamjan Marion1-1/+1
Change-Id: I2794384557c6272fe217269b14a9db09eda19220 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-26NAT44: disable nat44-hairpinning feature for in-out interface (VPP-1255)Matus Fabian1-10/+20
Change-Id: Icd42abf4e35db550df496592cffce655f1987d68 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-25igmp: disable debug messagesDamjan Marion1-1/+1
Be gentle with people who run VPP in the noisy envirement where not-for-us IGMP messages are flying around... Change-Id: I07e74e29bc12ecdcc83faead9182d861c7ea1add Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-25dpdk: complete rework of the dpdk-input nodeDamjan Marion7-465/+556
Change-Id: If174d189de40e6f9ffae99997bba93a2519d9fda Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-25GBPv6: NAT66 actions for GBPNeale Ranns1-1/+12
Change-Id: I379150a88f2d53d6281be41e8bad6fc4f4e88a71 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-25ABF: remove the inclusion of version.h from abf_policy so it does not ↵Neale Ranns2-8/+6
recompile each time Change-Id: I97ef0ef5f694062e5867e11d434e3b521a57f649 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-25Fix some build warnings about "Old Style VLA"Juraj Sloboda1-3/+3
Change-Id: I69fee1dcf07a4d2eed69a59f0a36e63e3741ed4e Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-25STN: use the punt feature arcsNeale Ranns1-79/+28
Fixes: - the parsing of the packet falsely assume an ethernet header at offset 0 - it causes a frame leak Change-Id: Ib9ac9535173ed216de613baaa06d0e1dea3640ca Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-25ipsec: make crypto_worker_main_t a full cache line in sizeFlorin Coras1-0/+1
Change-Id: I927c9358915e03187cf7d3098c00b85b5ea2f92d Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-25igmp: data structure refactoringJakub Grajciar5-350/+820
Improve igmp membership report performance, introduce group and source specific timers. (side effect compatible with Group-specific query). Change-Id: Ie3dd2c0dabe5f7138c2f8029e6bbbbfcb5e4904f Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-04-24lacp: deleting the bond subinterface may cause lacp to lose the partner ↵Steven2-15/+8
[VPP-1251] Problem: When the bond subinterface is removed, it was observed that we lost the lacp partner. Show hardware shows rx counter goes up, but show interface does not for the slave interfaces. Cause: We reset the interface promiscuous mode when the bond subinterface is deleted. This causes dpdk not to accept any packet. Leave the interface in promiscuous mode fixes the problem. Other fixes: There are few places we use hw_if_index as if they are sw_if_index. But they don't necessarily have the same value. As soon as a subinterface is created, they start to diverge. The fix is to use the correct API for the hw_if_index and sw_if_index. Change-Id: I1e6b8bca0a4aae396d217a141271cbf968500c91 Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit 42c6599bf3057a7e8f4f00f5b6a9dd72af48d283)
2018-04-24NAT44: one-armed NAT and identity mapping (VPP-1212)Matus Fabian1-3/+10
Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-23lacp: partner may time us out if fast-rate is configured [VPP-1247]Steven5-8/+14
We should be sending LACP PDU every second if the partner has LACP_TIMEOUT flag set which means it will time us out in 3 seconds. Add interface name for lacp trace Change-Id: If7d816c062d03e80cc0dd7d10dba0b76ace0664a Signed-off-by: Steven <sluong@cisco.com>
2018-04-19Add special Twice-NAT feature (VPP-1221)Juraj Sloboda7-30/+94
When enabled then Twice-NAT is applied only when source IP equals destination IP after DNAT Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-18dpdk: improve loggingDamjan Marion4-35/+187
- use of vlib_log for non-dataplane logging - redirect of dpdk logs trough unix pipe into vlib_log - "show dpdk physmem" cli Change-Id: I5da70f9c130273072a8cc80d169df31fc216b2c2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-18NAT44: recycle old sessions for forwarding bypass (VPP-1240)Matus Fabian4-17/+98
Change-Id: I7e6b0e7e91cc032b1685f35de5d84363a85158a5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-18dpdk: resurrect removed code [VPP-1245]Steven1-0/+4
https://gerrit.fd.io/r/#/c/7701/ accidentally removed 3 lines of code in dpdk/device/init.c which were added by https://gerrit.fd.io/r/#/c/7826/ case VNET_DPDK_PMD_VHOST_ETHER: xd->port_type = VNET_DPDK_PORT_TYPE_VHOST_ETHER; break; Those lines were needed to recognize vhost-user interface which is created via vdev command in dpdk and display VhostEthernet. Without them, UnknownEthernet is displayed. Change-Id: I6d7ee6aecc6a415fbb7308595d515649475bcd5f Signed-off-by: Steven <sluong@cisco.com>
2018-04-17dpdk: add additional fields to rte_mbuf trace printDamjan Marion1-2/+5
Change-Id: I3792c524323ce9e300648abe85454cff5d19aba7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-17dpdk: print device flags in the 'show hardware' outputDamjan Marion2-11/+37
Change-Id: I0d10f13a56420b119fdfad97dcc135b245c269e1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-17ACL based forwardingAndrew Yourtchenko11-0/+1997
A poor man's flow switching or policy based rounting. An ACL is used to match packets and is associated with a [set of] forwarding paths that determine how to forward matched packets - collectively this association is a 'policy'. Policies are then 'attached', in a priority order, to an interface when thaey are encountered as an input feature. If a packet matches no policies it is forwarded normally in the IP FIB. This commit is used to test the "ACL-as-a-service" functionality, which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes. Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-17acl-plugin: VPP-1241: fix the "show acl-plugin tables applied" outputAndrew Yourtchenko2-45/+20
It is a relatively rarely used low level command for code that didn't change, but due to infra changes it did not survive. Having it working may be very useful for corner-case debugging. So, fix it for working with the acl-as-a-service infra. Change-Id: I11b60e0c78591cc340b043ec240f0311ea1eb2f9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 18bde8a579960aa46f43ffbe5c2905774bd81a35)
2018-04-17igmp: fix debug macroJakub Grajciar3-13/+13
Change-Id: I071d4cfcf6ea9763dd4842a3594c486a8e400e8c Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-04-13Revert "MTU: Setting of MTU on software interface (instead of hardware ↵Damjan Marion1-14/+14
interface)" This reverts commit 70083ee74c3141bbefb185525315f1b34497dcaa. Reverting as this patch is causing following crash: 0: /home/damarion/cisco/vpp3/build-data/../src/vnet/devices/devices.h:131 (vnet_get_device_input_thread_index) assertion `queue_id < vec_len (hw->input_node_thread_index_by_queue)' fails Aborted Change-Id: Ie2a365032110b1f67be7a9d832885b9899813d39 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-13acl-plugin: VPP-1239: acl-as-a-service does not match IPv6 packets, works ↵Andrew Yourtchenko2-4/+5
only in lookup context 0 In process of extracting the matching out of the ACL plugin internals, a couple of pieces setting the miscellaneout fields in the 5tuple structure did not make it, so they are initialized to zeroes. Move the assignments to the right place to make both traffic acls and acl-as-a-service working. Change-Id: I66a7540a13b05113b599f0541999a18fad60385d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit d3b96ef0d75889f09dc51efb89e5123cdbe7ffe8)
2018-04-13NAT66: Do not translate if packet not aimed at outside interfaceJuraj Sloboda3-0/+55
Change-Id: Id5a2a90d81cc9cb87cb6fb89ac2f4ca3cbcb51e2 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-13MTU: Setting of MTU on software interface (instead of hardware interface)Ole Troan1-14/+14
Change-Id: I98bd454a761a1032738a21edeb0fe847e801f901 Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-13GBP V2Neale Ranns25-886/+3720
update the GBP plugin to implement the full NAT feature set of opflex agent Change-Id: Ic06a039c889445ed0b9087fa1f292634192b0f8d Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-12Fixes for 'make UNATTENDED=yes CC=clang CXX=clang verify'Neale Ranns5-10/+9
Change-Id: I994649761fe2e66e12ae0e49a84fb1d0a966ddfb Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-12NAT: disable CLI/API not supported in active mode (VPP-1234)Juraj Sloboda2-3/+215
When in deterministic mode disable nondeterministic CLI/API. When not in deterministic mode disable deterministic CLI/API. Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-04-12Handle DHCP replies with NAT44 forwarding enabledMatthew Smith1-48/+57
When NAT44 forwarding is disabled, if a DHCP server-to- client packet arrives on an outside interface, it is handled correctly by setting the next node to the next feature on the ip4-unicast feature arc, where it can be processed. When NAT44 forwarding is enabled, if a DHCP server-to- client packet arrives, it is not handled any differently than other packets and ends up going to ip4-lookup which results in the packet being dropped. Move the check for DHCP server-to-client packets outside of the block that is executed if forwarding is disabled so DHCP replies will be processed in either case. Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-11NAT44: fix setting of flag SNAT_SESSION_FLAG_LOAD_BALANCING (VPP-1235)Matus Fabian4-24/+36
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-11acl-plugin: VPP-1231: add error checking to acl_plugin_set_acl_vec_for_contextAndrew Yourtchenko1-1/+26
The users of ACL lookup contexts might not check the data they supply, so do it on their behalf in this function, and return an error if an ACL does not exist or if they attempt to apply the same ACL twice. Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
2018-04-11acl-plugin: VPP-1230: fix the "undefined symbol" error for acl_main when ↵Andrew Yourtchenko3-9/+31
using the inline functions The acl_main struct, which is defined in the acl_plugin, is not visible when the ACL plugin inline code is being compiled within the context of other plugins. Fix that by using the global pointer variable, which exists in both the ACL plugin context and is set in the context of the external plugins using ACL plugin. Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
2018-04-11dpdk: fail in early init if we cannot alloc hugepagesDamjan Marion1-4/+19
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-10when deleting l3 static mapping with addr_only,ahdj0071-1/+4
lb session with the same user maybe deleted. Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>