summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-03-24User session counters stay <= per-user limitMatthew Smith3-17/+22
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-03-23acl-plugin: improvements in 'show acl-plugin macip acl' CLIAndrew Yourtchenko2-11/+47
- allow to optionally specify the specific MACIP ACL index: 'show acl-plugin macip acl [index N]' - after showing the MACIP ACL, show the sw_if_index of interface(s) where it is applied. Also, add some executions of this debug commands to the MACIP test case for easy verification. Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23acl-plugin: set ACL heap within the exported functions that might alloc memoryAndrew Yourtchenko3-0/+23
The functions which get called by other plugins need to set the acl plugin heap, such that the other plugins do not have to think about it. Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23NAT44: fix ICMP checksum update crash (VPP-1205)Matus Fabian2-0/+6
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-23IGMP: coverity fixes and remove checks for scapy IGMPv3Neale Ranns2-9/+5
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-22VPP-1204: Fix coverity warningDave Barach1-2/+5
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22Revert "acl-plugin: improvement on 'show acl-plugin' CLI"Damjan Marion2-37/+9
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f. Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-22acl-plugin: implement ACL lookup contexts for "ACL as a service" use by ↵Andrew Yourtchenko14-1148/+2118
other plugins This code implements the functionality required for other plugins wishing to perform ACL lookups in the contexts of their choice, rather than only in the context of the interface in/out. The lookups are the stateless ACLs - there is no concept of "direction" within the context, hence no concept of "connection" either. The plugins need to include the The file acl_lookup_context.md has more info. Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-22gbp: Add the next node lookupMohsin Kazmi1-0/+5
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-22NAT44: interface output feature and dst NAT (VPP-1200)Matus Fabian2-7/+78
Do not translate packet which go out via nat44-in2out-output and was tranlated in nat44-out2in before. On way back forward packet to nat44-in2out node. Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-22memif: version 2Damjan Marion6-486/+558
In version 1 of the protocol sender was always ring producer and receiver was consumer. In version 2 slave is always producer, and in case of master-to-slave rings, slave is responsible for populating ring with empty buffers. As this is major change, we need to bump version number. In addition, descriptor size is reduced to 16 bytes. This change allows zero-copy-slave operation (to be privided in the separate patch). Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-03-21acl-plugin: improvement on 'show acl-plugin' CLISteve Shin2-9/+37
- Show interface on which given MACIP ACL is applied - index is added for show acl-plugin macip acl: ex) show acl-plugin macip acl [index N] Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-21bond: Add bonding driver and LACP protocolSteven24-0/+3994
Add bonding driver to support creation of bond interface which composes of multiple slave interfaces. The slave interfaces could be physical interfaces, or just any virtual interfaces. For example, memif interfaces. The syntax to create a bond interface is create bond mode <lacp | xor | acitve-backup | broadcast | round-robin> To enslave an interface to the bond interface, enslave interface TenGigabitEthernet6/0/0 to BondEthernet0 Please see src/plugins/lacp/lacp_doc.md for more examples and additional options. LACP is a control plane protocol which manages and monitors the status of the slave interfaces. The protocol is part of 802.3ad standard. This patch implements LACPv1. LACPv2 is not supported. To enable LACP on the bond interface, specify "mode lacp" when the bond interface is created. The syntax to enslave a slave interface is the same as other bonding modes. Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c Signed-off-by: Steven <sluong@cisco.com>
2018-03-21IGMP plugin initialises the FIB/MFIB via ip4 moduleNeale Ranns1-1/+4
Change-Id: If9d7b266c4b49d4e7810ebc7d18fa154532d0322 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-21NAT44: fix removal of LB static mappings with same local address and port ↵Matus Fabian1-5/+35
pair (VPP-1199) Change-Id: Iad8c626e83bbc58d5c85b6736f5a3dd5bc9ceafb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-20Fix Allow ARP packets for dot1q interface with MACIP enabledSteve Shin1-50/+169
ARP packets need to be allowed for dot1q interface when MACIP is enabled. Change-Id: I33dd3cb6c6100c49420d57360a277f65c55ac816 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-19IGMP pluginJakub Grajciar14-0/+2755
- host mode: igmp_listen - API to signal that the host has joined an (S,G) - route mode: igmp_enable - API to enable the reception of host IGMP messages igmp_event - API to report the host join/leave from an (S,G) Change-Id: Id180ec27dee617d33ab3088f5dcf6125d3aa9c8f Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-03-16QoS recording and markingNeale Ranns2-6/+0
Change-Id: Ie5a50def4ec1e4a3b3404a8b6ab9ec248bc16744 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-15tls: add openssl engineFlorin Coras4-28/+823
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-14vlib: internal buffer manager reworkDamjan Marion1-30/+18
- buffer_main is no longer part of vlib_main_t - pool of free lists is still part of vlib_main_t - mheap is not used anymore for buffer allocation - simple bitmap bassed buffer alloc scheme is introduced Change-Id: I3e1e6d00e2c8122293ed0a741245eb841315a1ff Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-14Prevent calling rte_eth_xstats_get not initialized devSzymon Sliwa1-0/+2
DPDK API forbids calling rte_eth_xstats_get on a port which has not been setup up yet. Citing the DPDK docs (reformated): " The functions exported by the application Ethernet API to setup a device designated by its port identifier must be invoked in the following order: rte_eth_dev_configure() rte_eth_tx_queue_setup() rte_eth_rx_queue_setup() rte_eth_dev_start() Then, the network application can invoke, in any order, the functions exported by the Ethernet API to get the MAC address of a given device, to get the speed and the status of a device physical link, to receive/transmit [burst of] packets, and so on. " original can be found here: http://dpdk.org/doc/api/rte__ethdev_8h.html#a36ba70a5a6fce2c2c1f774828ba78f8d Change-Id: I91854b8b0dd12dd028b4b36665cca49f16eac24c Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-03-14IPIP: Add IP{v4,v6} over IP{v4,v6} configured tunnel support.Ole Troan8-1182/+0
Change-Id: I166301c9e2388bae5f70ec0179d663a2703e27f5 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-14srv6-plugins: fixing documentationFrancois Clad3-201/+247
Change-Id: I72439df585e56b3cbb7051f056fc35cddf0c864b Signed-off-by: Francois Clad <fclad@cisco.com>
2018-03-12NAT44: fix nat_not_translate_output_feature in dual loop (VPP-1194)Matus Fabian1-2/+2
Change-Id: Icb858414145db0e5fef495e155903b3b935e50ba Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-12NAT44: fix nat_not_translate_output_feature for ICMP (VPP-1191)Matus Fabian1-8/+7
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-11dpdk-input node packet trace intermittent on IP forwading pathJohn Lo1-36/+37
Packet trace initiated by dpdk-input node would occasionally not fully function if next node is ip4-input. Change packet trace saving order in the quad-loop so "sho trace" will display trace in packet receive order. Fold calling of vlib_trace_buffer() into dpdk_add_trace(). Change-Id: I9d7a9bf3b9391f95590e66150b26b0b15912d803 Signed-off-by: John Lo <loj@cisco.com>
2018-03-10Move the vnet cdp protocol implementation to a pluginDave Barach13-0/+2112
Add a binary API and debug cli to enable/disable cdp. cdp is disabled by default. Change-Id: I307c7e38dfda38e36ff3325f65de7036c34d89b1 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-09Coordinate known Ethernet speeds with Linux kernel and DPDKLee Roberts3-0/+43
Linux kernel and DPDK recognize the following Ethernet speeds: 10M, 100M, 1G, 2.5G, 5G, 10G, 20G, 25G, 40G, 50G, 56G and 100G. Add consistent Ethernet speeds to VPP. Change-Id: I4cfcf378fb34425c1206db5aa2f6bdcc66e0a6ab Signed-off-by: Lee Roberts <lee.roberts@hpe.com>
2018-03-09dpdk: move DPDK vfio hack to dpdk pluginDamjan Marion1-2/+67
Change-Id: I806cbf8c6c49643fe6c317bcceab93c1b9d441ab Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-09when exceed max reass,ahdj0071-6/+12
frag packet can't get reass. adding bihash,it can rewrite new hash value. so need to delete hash after compare hash value. Change-Id: I83b5c47890110e9a598b78cfbe8fcd27bbe291bb Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
2018-03-09ACL: Fix the detail for ethertype whitelistMohsin Kazmi2-3/+3
Change-Id: Ie8b4effbd25e1e26b625d451ec059bac58a5a5a1 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-08tls: make tls engines pluggableFlorin Coras3-0/+573
- add infra for pluggable tls "engines" - makes mbedtls specific code a plugin Change-Id: I2c5b099e2b69d2be0038e3ef02b208ff907727e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-08acl-plugin: add the support for dumping the ethertype whitelist (VPP-1163)Andrew Yourtchenko3-1/+180
The gerrit 10434 which added the support for whitelist model on ethertypes, did not include the support to dump the current state. This patch fills that gap. Change-Id: I3222078ccb1839dc366140fa5f6b8999b2926fd2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-07NAT44: allow to configure one interface only as output or input feature ↵Matus Fabian1-0/+12
(VPP-1192) following is not possible: set interface nat44 out GigabitEthernet0/3/0 output-feature set interface nat44 out GigabitEthernet0/3/0 Change-Id: I1592cc18390881fda66f98316700886b8f5295f0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-07GBP: fix the runs before statement against the ACL nodeNeale Ranns1-2/+2
Change-Id: I0ff13962ab6855663b9aec31c95e4a88cc809ff0 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-06LB plugin: Fix Layer-4 checksum error in L3DSR.Yusuke Tatsumi1-0/+5
Though dst-IP address would be change in LB plugin with L3DSR method, layer-4 checksum would not be recomputed after this change. Related changes: - L3DSR: https://gerrit.fd.io/r/#/c/10203/ Change-Id: I98de7b8d80186ac77608a68050208c08d90b7c3b Signed-off-by: Yusuke Tatsumi <ytatsumi@yahoo-corp.jp>
2018-03-06when lb tcp in2out flow,ahdj0071-0/+1
in2out and out2in protocol are not same Change-Id: I4ce680ad1f088cb079e1f2aeb15ca59225fca0d1 Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
2018-03-06reass frag_n should to be inited to 0ahdj0071-0/+1
Change-Id: I8a4a7a85e86acbfe411e6dfa22e3976d7d4c903b Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
2018-03-05Set DPDK_MLX4_PMD and DPDK_MLX5_PMD compile with default dlopen linksAmir Zeidner1-3/+0
dlopen linkage allow more transparent use for Mellanox nics. Mellanox shared library librte_pmd_mlx5/4_glue.so* placed in LD_LIBRARY_PATH At run time Mellanox code will be loaded only when Mellanox nics explicty used. i.e if VPP is used with other vendor Mellanox code is not loaded. Change-Id: Ib05bdbfc4cbb6e447c67186c98361f9c5b447140 Signed-off-by: Amir Zeidner <amirzei@mellanox.com>
2018-03-05vlib: vfio code reworkDamjan Marion1-1/+3
Change-Id: I99cf3e7cc991aa7d32385a155c707a6516516117 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-05NAT44 - unknown protocols work with forwardingMatthew Smith1-6/+9
If forwarding is enabled, inbound packets on an outside interface should not be dropped and instead pass on to the FIB lookup. This works for TCP and UDP but not other IP protocols. Enable it for unknown protocols. Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-03-04vlib: map pci region by using vfio FD when vfio is usedDamjan Marion1-1/+1
Change-Id: Ib94e9e9e9fcdad9cdb0e3402b3de7d78bd644abe Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-02NAT44: interface output feature and service host direct access (VPP-1176)Matus Fabian2-6/+117
forwarding mode: session initiaded from service host - translate session initiaded from remote host - do not translate Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-016RD: Rewritten 6RD RFC5969 support.Ole Troan10-721/+904
Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-01STN: Fix stn_rules_dump/details to follow API conventionOle Troan3-8/+8
Change-Id: I94f6c35bf751d25ca7fe7c67054e676a3ad2241b Signed-off-by: Ole Troan <ot@cisco.com>
2018-02-27memif: Fix a message initialization problem in VATJon Loeliger1-3/+2
The VAT calls to MEMIF_SOCKET_FILENAME_ADD_DEL erroneously cleared the message memory after the M() macro call and thus lost their message id. Don't do that. While in the neighborhood, prevent a string copy from referencing data that doesn't belong to the filename string. Change-Id: Ib4309608ed617ef4f193880ecf4a0b35fda65e51 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-26vnet: add 25G interface speed flagDamjan Marion1-0/+6
Change-Id: I1d3ede2b043e1fd4abc54f540bb1d3ac9863016e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-25Fix bug in dpdk_crypto_session_disposal()Matthew Smith1-0/+2
The expression to determine whether to delete a session from the disposal list only evaluates true if some, but not all, of the sessions in the list were freed. When all sessions in the list are freed, it evaluates false and the sessions are left in the list to be freed again later, which can result in a session pool element that was reallocated to a different SA being freed, breaking crypto for the newer SA. Add an 'else' that handles the case where all sessions were freed. Change-Id: I3ae54d5b3bfc3658bf406caa50646924baaae589 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-24Fix crypto session deletion crashMatthew Smith1-6/+9
When using a DPDK cryptodev with IPsec, deleting a session often results in a SEGV. A bad pointer is being passed to rte_cryptodev_sym_session_free(). Put the correct value on the crypto disposal list and add a check to determine whether the call to free the session is going to result in a crash before doing it. Change-Id: I8a6b0a594585ebcfa56b555ede7ef7d67e5e2b33 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-23Disable scatter-gather for ENAMatthew Smith1-0/+1
ENA doesn't support scatter-gather. The PMD started failing rte_eth_dev_rx_queue_config() in DPDK 18.02 if the flag to enable it is set. Turn the flag off in dpdk_lib_init(). Change-Id: Ifdd9f188c89b46efe82412c75fb935a92436da1c Signed-off-by: Matthew Smith <mgsmith@netgate.com>