summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2019-07-24ipsec: GCM, Anti-replay and ESN fixessNeale Ranns2-3/+5
Type: fix Several Fixes: 1 - Anti-replay did not work with GCM becuase it overwrote the sequence number in the ESP header. To fix i added the seq num to the per-packet data so it is preserved 2 - The high sequence number was not byte swapped during ESP encrypt. 3 - openssl engine was the only one to return FAIL_DECRYPT for bad GCM the others return BAD_HMAC. removed the former 4 - improved tracing to show the low and high seq numbers 5 - documented the anti-replay window checks 6 - fixed scapy patch for ESN support for GCM 7 - tests for anti-reply (w/ and w/o ESN) for each crypto algo Change-Id: Id65d96b6d1d4dd821b2ab557e87468fff6d70e5b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-24vppinfra: add mapped pcap file supportGary Boon2-0/+261
Type: feature Change-Id: Ic720d56a6f8901efde2a58519bc9aa553205a9a6 Signed-off-by: Gary Boon <gboon@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23api: binary api cleanupDave Barach8-12/+19
Multiple API message handlers call vnet_get_sup_hw_interface(...) without checking the inbound sw_if_index. This can cause a pool_elt_at_index ASSERT in a debug image, and major disorder in a production image. Given that a number of places are coded as follows, add an "api_visible_or_null" variant of vnet_get_sup_hw_interface, which returns NULL given an invalid sw_if_index, or a hidden sw interface: - hw = vnet_get_sup_hw_interface (vnm, sw_if_index); + hw = vnet_get_sup_hw_interface_api_visible_or_null (vnm, sw_if_index); if (hw == NULL || memif_device_class.index != hw->dev_class_index) return clib_error_return (0, "not a memif interface"); Rename two existing xxx_safe functions -> xxx_or_null to make it obvious what they return. Type: fix Change-Id: I29996e8d0768fd9e0c5495bd91ff8bedcf2c5697 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23quic: Refactor connections closing and deletionAloys Augustin2-21/+81
This code should handle the 3 following cases: - Active close quic_proto_on_close sets state to ACTIVE_CLOSING send packets eventually returns an error, calling quic_connection_closed which deletes the connection - Passive close quic_on_closed_by_peer -> set state to PASSIVE_CLOSING "race" between app confirmation (calling quic_proto_on_close) and quicly signalling that it's done (triggers call to quic_connection_closed). If quic_connection_closed is called first, it sets the state to PASSIVE CLOSING QUIC CLOSED, then when quic_proto_on_close is called it frees the connection. If quic_proto_on_close is called first, it sets the state to PASSIVE CLOSING APP CLOSED, then when quic_connection_closed is called it frees the connection - Error close (reset) quic_connection_closed is called in state READY. This means a timeout or protocol error happened. This calls session_transport_reset_notify, the app should confirm the deletion and quic_proto_on_close will be called to delete the connection. Change-Id: I3acbf9b079ed2439bdbb447197c428c78915d8c0 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-23vlib: address vlib_error_t scaling issueDave Barach1-1/+1
Encoding the vpp node index into the vlib_error_t as a 10-bit quantity limits us to 1K graph nodes. Unfortunately, a few nodes need 6 bit per-node error codes. Only a very few nodes have so many counters. It turns out that there are about 2K total error counters in the system, which is (approximately) the maximum error heap index. The current (index,code) encoding limits the number of interfaces to around 250, since each interface has two associated graph nodes and we have about 500 "normal, interior" graph node This patch adds an error-index to node-index map, so we can store error heap indices directly in the vlib_buffer_t. Type: refactor Change-Id: I28101cad3d8750819e27b8785fc0cf71ff54f79a Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-23nat: fixed handoff in2out lookup of static mappings by external addressFilip Varga1-2/+2
Type: fix Change-Id: Ie5befde2f23caffb033b3b9f35ac1535c1224925 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-22bonding: fix create bond CLIZhiyong Yang1-1/+1
1. "numa-only" is optional and is disabled by default for lacp mode. 2. update lacp doc. Type: fix Change-Id: I6a3a8423ef31ad9980353a796957693cd6205d73 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-22quic: update quicly libraryAloys Augustin1-4/+4
Update quicly to latest version that includes our upstreamed patch. Change-Id: I0b26c72e49bce81daf4fb069b5818defd6cf25b9 Type: feature Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-22gtpu: fix missing trace issueZhiyong Yang1-0/+16
Type: fix Change-Id: I1e1c39452edd94712455d102a6faad58bc7f66ff Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-07-19fib: FIB Entry trackingNeale Ranns1-13/+4
Instead of all clients directly RR sourcing the entry they are tracking, use a deidcated 'tracker' object. This tracker object is a entry delegate and a child of the entry. The clients are then children of the tracker. The benefit of this aproach is that each time a new client tracks the entry it doesn't RR source it. When an entry is sourced all its children are updated. Thus, new clients tracking an entry is O(n^2). With the tracker as indirection, the entry is sourced only once. Type: feature Change-Id: I5b80bdda6c02057152e5f721e580e786cd840a3b Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-19session: Use parent_handle instead of transport_optsNathan Skrzypczak2-13/+14
Type: feature This is mostly used for quic in the case of a stream creation (i.e. connect on an already established QUIC session). We want do default parent_handle to INVALID to be able to distinguish it from parent_handle = 0 Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-18vcl: add QUIC supportNathan Skrzypczak3-69/+223
Type: feature * Adds the concept of a "connectable listener" : a session that can be both connected and accepted on. * vppcom_session_is_connectable_listener (fd) that tells if the fd is a connectable listener * vppcom_session_listener (fd) that gives you the listener's fd that accepted the session (if any) * vppcom_session_n_accepted (fd) that gives the number of sessions a listener accepted. Change-Id: Id89d67d8339fb15a7cf7e00a9c5448175eca04fc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-18session: Refactor invalid session idx/handleNathan Skrzypczak1-3/+0
Type: refactor Change-Id: I885d9d2af1674f705339e3e96f87ff766965c9e5 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-18vlib: convert frame_index into real pointersAndreas Schultz4-4/+4
The fast path almost always has to deal with the real pointers. Deriving the frame pointer from a frame_index requires a load of the 32bit frame_index from memory, another 64bit load of the heap base pointer and some calculations. Lets store the full pointer instead and do a single 64bit load only. This helps avoiding problems when the heap is grown and frames are allocated below vm->heap_aligned_base. Type: refactor Change-Id: Ifa6e6e984aafe1e2755bff80f0a4dfcddee3623c Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-18lb: update api.c to use scaffolding from latest skelPaul Vinciguerra4-43/+112
Type: refactor Change-Id: I01329385684f4a4f477cb046079b554ae3024ded Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-17quic: Add back stream connect conditionNathan Skrzypczak1-1/+1
Type: fix This is needed for VCL patch in the case the Qsession handle we connect to is 0. A better way to do this would be to add a u16 header to the transport_opts, as session_handles are : <u16 unused><u16 thread_id><u32 session_index> But this requires modifying all clients. Change-Id: If171bcf982eba3bd705b586c9fd4a6c2ad0e114b Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-16gbp: fix contracts dpo ACL matchBenoît Ganne1-3/+3
Type: fix Fixes: 1d6d9f021c5a169dedca55b46451ab54728e3ee8 Change-Id: I3912c8bb78d678170bdd86821d2ead3ae0396841 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-15quic: integrate vpp crypto api for quic packets encryptionMathias Raoul4-0/+403
Type: feature Change-Id: I740f15a5ef959d31e94e59d652aa9f691db1f289 Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2019-07-13vppinfra: add doubly linked listFlorin Coras2-0/+354
Type: feature Change-Id: I21511c1abea703da67f1a491e73342496275c498 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-12nsim: cross-connect mode crash at interface output nodeJohn Lo2-6/+6
Type: fix Change-Id: If99c1d8a7ec97a726430a927eab0d3b57222af1f Signed-off-by: John Lo <loj@cisco.com>
2019-07-12quic: fix show session verboseAloys Augustin1-29/+23
Proprely display quic connections in show session verbose, and add a small fix for UDPC listeners and UDP sessions formatting. Change-Id: I33f83e77bf357347623d87ad23c483aba60a9bb2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-12tls quic: reduce default segment sizesAloys Augustin1-2/+2
This reduces the memory required by tls and quic, allowing to run them (and their tests) in more constrained environments by default. Change-Id: I954081c725fb4f5f173db1f8e76922d957c5b0a2 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: fix
2019-07-12session: add thread index to all formattersAloys Augustin2-2/+6
Add a thread_index argument to half-open and listener session formatters because QUIC can have listeners and half-open sessions in any thread. Change-Id: I1de60e35ece4c68ba8cfdd6b63f211bc620d687b Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Type: feature
2019-07-12vcl: fix tsock 0-ing in test clientBenoît Ganne1-2/+3
Type: fix Fixes: d48e9763bfc39106eca954a28223b72261bf1aeb Change-Id: I9af222f4083a82592058fd42950db1c97caf647e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-12nat: added handoff trace index for easier trace matchFilip Varga1-2/+4
Type: feature Change-Id: Id818f86164acabcb732e9a65d0e284d68e747a7b Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-07-12ipsec: Reference count the SAsNeale Ranns1-1/+3
- this remove the need to iterate through all state when deleting an SA - and ensures that if the SA is deleted by the client is remains for use in any state until that state is also removed. Type: feature Change-Id: I438cb67588cb65c701e49a7a9518f88641925419 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-12nat: fix net44 lb static APIBenoît Ganne1-1/+1
tag should be added at the end of the reply message instead of overwriting the original data. Type: fix Fixed: dd1e3e780c Change-Id: I4b31cf3a4a41b49ea9039a9398114dbf49a53e57 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-11gbp: An Endpoint can change sclassNeale Ranns3-17/+38
Type: feature Change-Id: I9d3a73a6a6048fa0189f7fa6306a638279977fcd Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-11avf: add more link speedsDamjan Marion2-1/+7
Type: feature Change-Id: I6f94f7ef5ffbd938457c9356a5a11f3d1afeb0a2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-07-11quic: Fix quic_echo event flagsNathan Skrzypczak1-9/+9
Type: fix Change-Id: Ibaa272b57f36b092897a99a65ca28f9d4caf29a7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-10tcp: improve rate estimateFlorin Coras1-10/+13
Type:feature - sample rtt estimation - report acked+sacked - report last lost bytes - use snd_una == snd_nxt to detect 0 bytes in flight Change-Id: I83181261fdb375c7e33d24b7a82343561e6a905f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-10quic: Improve timing interface for quic_echoNathan Skrzypczak1-100/+202
Type: feature Change-Id: I7a99b72276878625017c73dff8402f3e7fa7c33f Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-09acl: perform the ACL-as-a-service user registrations in global heapAndrew Yourtchenko2-10/+14
Some users tend to call registration routine long before they need that service - which triggers an immediate initialization of the ACL heap, which is rather big. This commit defers this process by keeping the registrations in the global heap. Change-Id: I5825871bd836851942b55184b6ee2657c7a9cc33 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-07-09quic: echo thread can handle multiple sessionsNathan Skrzypczak2-129/+278
Type: feature Change-Id: Ibb60d5b46aafe109a81a8604712a917f6e246eaf Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-09gbp: Ownership of dynamically created vxlan-gbp tunnels managed via gbp_itfNeale Ranns20-396/+694
Type: fix This solves the ownership of vxlan-gbp tunnels. When the last reference of these goes away they need to be deleted. Currently there are two owners; gbp_itf via gef_itf and the lock held by the gbp_endpoint_location_t. The problem is that the loc removes its reference whilst the fwd still holds the gbp_itf, and things go wrong. This change moves the lifecycle management of the vxlan-gbp tunnel to the gbp_itf. When the last lock of the gbp_itf goes, so does the tunnel. now both the EP's loc and fwd can hold a lock on the gbp_itf and it's only removed when required. The other change is the management of the 'user' of the gbp_itf. Since each user can enable and disable different features, it's the job of the gbp_itf to apply the combined set. determining a unique 'uesr' from the caller was near impossible, so I moved that to the gbp_itf, and return the allocated user, hence the 'handle' that encodes both user and interface. The hash table maps from sw_if_index to pool index. Change-Id: I4c7bf4c0e5dcf33d1c545f262365e69151febcf4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-09vat: unload unused vat pluginsDave Barach20-287/+68
If the corresponding vpp plugin is absent, return a non-zero clib_error_t * from vat_plugin_register ("xxx plugin not loaded"). The vat plugin calls dlclose on the vat plugin, and it disappears. Depending on the plugin configuration, this can reduce the vpp virtual size by several gigabytes. Added a VAT_PLUGIN(<plugin-name>) macro to vat_helper_macros, clean up boilerplate vat_plugin_register() implementations. Fixed a number of non-standard vat_plugin_register methods. Type: refactor Change-Id: Iac908e5af7d5497c78d6aa9c3c51cdae08374045 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-09quic: fix passive disconnect handling & refactorNathan Skrzypczak3-541/+740
Type: refactor Change-Id: Ie54a77252e9f58a90f9e1f9595b9ede354952f70 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-07-08map gbp papi: match endianess of f64Paul Vinciguerra2-6/+6
clib_net_to_host_f64, clib_host_to_net_f64 are now implemented as '=', https://gerrit.fd.io/r/#/c/20406/ set papi to match. - all f64 api references are now wrapped with clib_net_to_host_f64 or clib_host_to_net_f64. IEEE f64 endianess is not defined. If clib_net_to_host_f64 and clib_host_to_net_f64 are later defined in VPP as big-endian, it is a single character change in the papi vpp_serializer. Note: This breaks the api in a manner that would not be detected by the flag day initiative. The scope is small. This only impacts map.api, which applied the u64 transformation, while the gbp api uses '='. The implementation of "=" raises issues for the papi socket implementation if used between systems of differing endianess. See Vratko's comments. - Added get_f64_endian_value() to api to allow client to verify endianess of f64's. Type: fix Depends-on: https://gerrit.fd.io/r/#/c/20484/ Change-Id: I00fc64a6557ba0190398df211aa0ea5c7eb101df Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-07-08gbp: More unit testsNeale Ranns1-0/+1
Type: test Change-Id: I0a58cc19bdfb73eabadbf6eb49b57e8db96959b5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-08gbp: refactor policy nodesBenoît Ganne8-406/+301
Refactor both policy and policy-dpo nodes so they share the same code for contract & acl lookup and for tracing. This should help to implement new policy schemes. Type: refactor Change-Id: If5704bda708838eb01516dd39473d9bf248cfdf6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-05sctp: move to plugins, disabled by defaultFlorin Coras16-0/+8625
Removed sctp buffer metadata from vnet/buffer.h, added it to the plugin. Add registration APIs for plugin-based vlib_buffer_opaque / opaque2 decoders, used by "pcap dispatch trace ..." for display in the wireshark dissector. Type:refactor Not actively maintained. Change-Id: Ie4cb6ba66f68b3b3a7d7d2c63c917fdccf994371 Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-05gbp: use bd index at ext-itf creation instead of bd idBenoît Ganne1-1/+3
Type: fix Fixes: cfc7a107e6cb8be6e7c53a08e23a146c431c8e90 Change-Id: I341cbc94271ab89c3c643756a9c04b790cef8591 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-05gbp: update gbp-ext-itf APIBenoît Ganne5-107/+49
Change gbp-ext-itf API to create anonymous ext-itf through the same API as non-anonymous instead of a new API Type: refactor Change-Id: I381ff2a5bcd55276793df78ca891334c28946cd0 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-07-04hsa: clean up quic_echoDave Wallace1-11/+11
- Fix typo - Use same prefix on all error messages - Fix time arg parsing Type: fix Change-Id: I27334ada47d8512d2b43ce770a55f87081af2a1e Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-07-03misc: fix coverity warningsDave Barach2-2/+3
Type: fix Ticket: VPP-1649 Change-Id: I93a393eca80065c379035478500e75e855f39b12 Signed-off-by: Dave Barach <dave@barachs.net>
2019-07-03quic: fifo notifications fixAloys Augustin1-0/+5
Add SESSION_IO_EVT_RX handling in session_send_evt_to_thread to allow internal apps to send rx events ("tx notifications") to quic. Add a call to quic_send_packets in quic_custom_app_rx_callback to ensure QUIC ACKs are sent if there is no other activity on the connection. Type: fix Change-Id: I885e01e6475e5b0274f274e9dd34d4a771719e69 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-07-03gbp: Consider data-plane learnt source better than control-planeNeale Ranns3-4/+16
Type: feature Change-Id: Ice8fc0da6450d2aa8ba63ca1277393ac3605aa2c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-03gbp: improve contract formattingNeale Ranns1-8/+12
Type: feature Change-Id: I04be003bd86f828ec387dd0309bebcbf0a041e3a Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-07-03svm: fix multi-chunk fifo alloc and add more testsFlorin Coras1-11/+148
Type: fix - make sure that chunks and the rbtree are initialized if fifo segment allocates multiple chunks for the fifo. - ensure head/tail chunks are updated on all enqueue/dequeue events, including when dropping data. - more unit tests Also fixes dequeue drop updates of head chunk. Change-Id: I77f3550bc4e8b4e077f80ea87fe82b83ed013aeb Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-02gbp: add anonymous l3-out subnetsBenoît Ganne4-22/+63
An anonymous l3-out subnet is a locally attached l3-out subnet, and differs from regular l3-out subnets in the way adjacencies are managed. It is required for the anonymous l3-out external interfaces to correctly classify locally attached l3-out hosts. Type: feature Change-Id: Ie7bc88b1f22abc4d0b46db5f3cfbf208bc53ba5f Signed-off-by: Benoît Ganne <bganne@cisco.com>