summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2019-05-14IPsec: increment tunnel intf tx countersMatthew Smith1-0/+9
Recent changes removed the function that was incrementing the tx counters. Increment them in the esp_encrypt functions. Change-Id: I446333a23ccf66e34893adb2aa49af562cf35507 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-05-14rdma: update MAINTAINERS and add docBenoît Ganne1-0/+51
Change-Id: Ida681d299fd57eba66338444b99d2476bdb3c695 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-05-10Fix typo in nat44_cli.c:nat_ha_failover_command_fn.Paul Vinciguerra1-3/+3
Change-Id: Icdf531b3c688c4da6be732ff178316e3757aebb5 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-09add mactime plugin unit / code coverage testsDave Barach3-5/+184
The unit and code coverage tests are boring. The rest of the patch involves test and packet-generator infra cleanups. Teach the "make test-xxx" family of targets to set the api test plugin path correctly, to make "binary-api <api-message-name> <args>" debug CLI commands work correctly in the "make test" environment. Unfortunately involves both the top-level and test Makefiles. Add a minor pg cli feature, a CLI to manually set s->sw_if_index[VLIB_TX]. Consider the case where one configures an interface with both a device-input and an output feature. To test the output feature using the pg, it's necessary to inject packets into the interface output node with both b->sw_if_index[VLIB_TX] and b->sw_if_index[VLIB_RX] set correctly. For example: packet-generator new { name tx limit 15 size 128-128 interface local0 # rx: device input feature not configured on local0 tx-interface loop0 # tx: output node requires b->sw_if_index[VLIB_TX] node loop0-output data { hex 0x01005e7ffffa000dead0000008000102030405060708090a0b0c0d0e0f0102030405 } } Fix a longstanding bug in the packet generator stream setup. Remove kludges which set b->sw_if_index[VLIB_TX] to ~0 [in multiple places] instead of using the stream value s->sw_if_index[VLIB_TX], and setting THAT datum correctly. Change-Id: I1097a18e8db73661ded6b822c1d718f7e5cf36ed Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-09dpdk: fix return variable sizeZhiyong Yang1-2/+2
The function dpdk_ol_flags_extract should return u16 instead of u8. Change-Id: Id0b08b04c93598818f9a2eee5a88733900320dfa Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-09NAT: VPP-1665 coverity scan issue fixFilip Varga1-2/+9
Change-Id: I092a9f8237a895f907590772f2ea213a86502fb4 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-05-08session: send tx events when data is dequeuedFlorin Coras1-0/+3
Change-Id: Ib8cb19361c42e38e3f68d7147358378fff161eb1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-07svm: decouple fifo and default chunk allocationFlorin Coras1-13/+29
Default chunk is no longer embedded into the fifo and on free is returned to its respective chunk list. Change-Id: Ifc5d214eaa6eca44356eb79dd75650fb8569113f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-07Add bihash statistics hookDave Barach1-1/+67
Example / unit-test in .../src/plugins/unittest/bihash_test.c Change-Id: I23fd0ba742d65291667a755965aee1a3d3477ca2 Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-07ipsec-mb: fix the "make test" on non-AESNI platformsAndrew Yourtchenko1-0/+3
"make test" fails with invalid instruction on non-AESNI platform, so do not register the ipsec-mb crypto backend in this case. Change-Id: I61887e40ce3d39880e7da534b9dee00fd677d8fd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-05-06Remove target option when IPSecMB disabledNathan Skrzypczak1-2/+1
Change-Id: I2313932bdc41a4702585aa338f22df3f6e4e23d7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-06Add QUIC multistream supportNathan Skrzypczak2-290/+696
Change-Id: I9dc746b8c62c3e7ee2f65e34a1a1dca243ed4bd9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-06NAT64: Fix port byte order in nat64_free_out_addr_and_portFaicker Mo1-1/+1
Change-Id: Idc050e469a5b697ca5587ddd4e87ac2d48d15658 Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn>
2019-05-06NAT66:assgin a error value for clib_bihash_kv_48_8_t kvlijianpeng1-2/+3
Change-Id: Iac0c8218abc8d144d93a955e948a48a732b63107 Signed-off-by: lijianpeng <li.jianpeng@zte.com.cn>
2019-05-03session/svm: apis for fifo shrinkingFlorin Coras1-0/+75
Change-Id: Ie519683bb90aae6fb95f2a09e251cded1890ed41 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-03svm: basic support for fifo shrinkingFlorin Coras1-0/+400
As opposed to growing, this is not a bulk operation, instead dependent on how the producer/consumer advance head and tail, the fifo will shrink in one or multiple steps. Only once the fifo's nitems and size are reduced to their appropriate values, equal or larger to what was requested, can the fifo chunks be collected by the owner. Chunk collection must be done with the segment heap pushed. Change-Id: Iae407ccf48d85320aa3c1e0304df56c5972c88c1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-03svm: store normalized head/tail for fifoFlorin Coras1-2/+7
If head/tail are stored as "absolute" values that are normalized to [0, fifo_size] interval, when fifo is shrunk/grown the consumer and producer have to independently update to the new fifo size and fix head and tail, respectively. If the head and tail are stored as normalized values, under the right conditions, they don't need to be fixed when fifo size changes. This reverts one of the changes in gerrit 18223. Change-Id: I55a908828afe90925cf7c20186a940b25e5805f9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-03plugins: clean up plugin descriptionsDave Wallace37-36/+37
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-05-01Add node, frame to vlib main loop perf analysis callback argumentsDave Barach1-1/+3
Change-Id: Iaa5cd89791b0dfdb56a75009c564581d10696d83 Signed-off-by: Dave Barach <dave@barachs.net>
2019-04-30svm: more fifo refactor/cleanupFlorin Coras4-91/+91
Change-Id: Ie76c69641c8598164d0d00fd498018037258fd86 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-27svm: fix fifo tail/head/ooo logic for u32 wrapFlorin Coras1-12/+279
These were introduced with the switch to unbound tail/head size, so they only affect master. Added unit tests to avoid future surprises. Change-Id: I83b6c9efbe31d8092ba59b8e2ed46f4da97f35db Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion2-54/+17
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-26nat: fix ED mode unknown proto session managementMatthew Smith3-8/+24
In endpoint dependent mode, when a session at the head of a user LRU is reused, if the IP protocol for that session was unknown (any other than tcp, udp, or icmp), the attempt to delete the session mapping from the in2out bihash was not using the same key that was used when the mapping was added. This would cause the deletion of the mapping to fail. If packets arrive later which match the original session, the search for the session key would succeed when it should have failed and the session, which is now associated with a different pair of endpoints, may end up being updated when it should not be. Update the key generation when reallocating an existing session to do the right thing if the session is for an unknown protocol. Also update format_nat_session() for unknown protocols so that 'vppctl show nat44 session detail' will display the protocol correctly. In endpoint dependent mode, the IP protocol is stored in the port field on a session if the protocol is unknown. The value is stored in host byte order, but the format function was swapping the bytes before writing the protocol. Change-Id: I9e8daadd4569cb2610532dab4e4f41d1567cf3d1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-26nat: prevent creation when-resolved static mappings on errorsAlexander Chernavin1-1/+1
When you create two identical NAT44 static mappings using interface name as external address and only local or ext port is different, VALUE_EXIST will be raised but when-resolved static mapping will remain. vpp# nat44 add static mapping tcp local 10.128.0.129 443 external GigabitEthernet0/8/0 8443 vpp# nat44 add static mapping tcp local 10.128.0.129 80 external GigabitEthernet0/8/0 8443 nat44 add static mapping: Mapping already exist. vpp# show nat44 static mappings NAT44 static mappings: tcp local 10.128.0.129:443 external 2.2.2.2:8443 vrf 0 tcp local 10.128.0.129:443 external GigabitEthernet0/8/0:8443 vrf -1 tcp local 10.128.0.129:80 external GigabitEthernet0/8/0:8443 vrf -1 With this commit, when-resolved static mapping is not created if the translation only differs in local or ext port. Change-Id: Ifc960b9dc1371caa2a8d3206a80a0ffd10d293e4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26svm: fifo segment support for chunk allocationFlorin Coras1-5/+93
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto_ia32: minor change logicallyZhiyong Yang1-2/+1
"break;" will never be run after "return;" Change-Id: I4fdfd10406fdf61897078746d28fa1ee32fb0081 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-04-25crypto: AES GCM IV length is always 12Damjan Marion2-3/+1
... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25Clean up redirectsDave Barach1-21/+50
Both firefox and chrome seem happy to browse a hugo-generated site Change-Id: Id216ad9c781643df42ac4fbce598eb2afa600f4d Signed-off-by: Dave Barach <dave@barachs.net>
2019-04-25Change dpdk thread data flags type to u16 from u8 to get more useful dataSimon Zhang2-6/+7
Change-Id: Idc3763c38f5aa638d4f290f4d4730577601d78b8 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2019-04-25session: cleanup segment manager and fifo segmentFlorin Coras1-73/+73
Change-Id: I984f347fb465c0c405cef668d8690457e81788e2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25unittest: AES GCM test cases cleanupDamjan Marion1-270/+126
This reverts commit 7f2d57b69ea031cc6110b3a1f4c1ef1c35b67181. Change-Id: I23c3b4d2dab6e13cc8fbbf0ac9d0cfd8af3241c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: CBC IV size is always equal to block sizeDamjan Marion1-27/+13
Change-Id: If8b2c8942db17a853883360885def47ce50e7ddd Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25crypto_ipsecmb: use pre-expanded keysDamjan Marion1-218/+207
Change-Id: Ie1d34b7e71554516595e0cd228e2cd54a3b8d629 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25session: use teps in accept/connect notificationsFlorin Coras1-10/+9
Change-Id: I58e713661a38cecbfdebd4609292d9d12e880cd2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25IPSEC; dpdk backend for tunnel interface encryptionNeale Ranns2-4/+75
Change-Id: Ide2a9df18db371c8428855d7f12f246006d7c04c Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion8-40/+143
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25Remove dummy_interface_tx nodes from l2tp l2xcrw and nshJohn Lo1-9/+0
Change-Id: I51e0d4a9ec62514a85bbe4c5f56a48d60ab6f4e4 Signed-off-by: John Lo <loj@cisco.com>
2019-04-24Add get_endpoint in transport vftAloys Augustin1-0/+36
This allows QUIC & TLS specific logic to be implemented, and meaningfull IP/port to be returned when connection is overridden. Change-Id: Id79c59fe4d7b16d36f0e96ad3e281c4026b5fe65 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-04-24dpdk: fix interface namingFlorin Coras1-1/+1
Change-Id: Ia092a93a7ac0cbf9338f9d4a5db8b94b23549a13 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24dpdk: get a rid of "Invalid port_id=" log messageDamjan Marion1-3/+5
Change-Id: I65e7188c6893acca67455ff37f2dfbd0bedd5c09 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-24svm: fifo ooo reads/writes with multiple chunksFlorin Coras1-16/+161
Change-Id: If23a04623a7138c9f6c98ee9ecfa587396618a60 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24svm: move mq test to ut pluginFlorin Coras1-4/+101
Change-Id: Ic4e882b784e5773198e55bd97b1bbd3d6dda888a Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24session: remove unused fifo allo return valueFlorin Coras1-3/+1
Change-Id: I50a6bcc127e4b44becc4b694bdd3018ac9bfab5c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24svm: move fifo tests to ut pluginFlorin Coras1-0/+271
Change-Id: I638facf6e2128334c3d1a5a8494f378505831e1b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-24NAT: VPP-1531 api cleanup & updateFilip Varga4-422/+580
Change-Id: I2492400a67b39a3adbc24ab7cf1ba17a409e95a8 Signed-off-by: Filip Varga <fivarga@cisco.com>
2019-04-23Enable 'test crash' command when running unittest plugin.Paul Vinciguerra1-0/+1
Change-Id: Icf0cff122dfbd260a2865b6c83531f4a8c726132 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-04-23API: Python and Unix domain socket improvementOle Troan2-7/+3
Handle the case where buffer overflows. Then SOCK_SEQPACKET assumption that multiple API messages are not returned by recv() is broken. Use SOCK_STREAM for API exchanges instead. Add support for running tests over sockets. make test SOCKET=1 Change-Id: Ibe5fd69b1bf617de4c7ba6cce0a7c2b3f97a2821 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23Bump to intel-ipsec-mb version 0.52Damjan Marion1-2/+4
Change-Id: Ifeaf93c98e4af92da9409fa5a2114b577e8c0937 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-23Revert "NAT: VPP-1531 api cleanup & update"Ole Trøan4-576/+422
This reverts commit bed1421b9f1b3643d93384084972337b596aec73. /vpp/master3/src/plugins/nat/nat_api.c: In function ‘send_nat_worker_details’: /vpp/master3/src/vppinfra/clib.h:62:33: error: division ‘sizeof (u8 * {aka unsigned char *}) / sizeof (u8 {aka unsigned char})’ does not compute the number of array elements [-Werror=sizeof-pointer-div] #define ARRAY_LEN(x) (sizeof (x)/sizeof (x[0])) ^ /vpp/master3/src/plugins/nat/nat_api.c:205:43: note: in expansion of macro ‘ARRAY_LEN’ rmp = vl_msg_api_alloc (sizeof (*rmp) + ARRAY_LEN (w->name) - 1); ^~~~~~~~~ Change-Id: Ie82672c145fb2f6580827f95e535435307bc7a23 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-23NAT: VPP-1531 api cleanup & updateFilip Varga4-422/+576
Change-Id: I519d7efc8ee3c86381d96be2e2a46017cd948895 Signed-off-by: Filip Varga <fivarga@cisco.com>