summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-07-28ikev2: fix session re-initiate after SA expiresFilip Tehlar2-1/+3
Type: fix Change-Id: Ie3d24b3df02d08fbb74d97f4e5ab0d79c35b0c0d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-28nat: limit resource consumption when out of portsKlement Sekera1-2/+7
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I83f44711264376389989152666f3c71216146bdd
2020-07-24lacp: fix vector overflowBenoît Ganne1-2/+2
Type: fix Change-Id: I8f776ce10ee8c29689db5ceef70df42dfb6b747c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-24ikev2: add SA dump APIjan_cavojsky5-6/+907
Type: feature Ticket: VPP-1897 Change-Id: I0245aceeb344efd29b1f9217c35889a8bbe1f744 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-23dpdk: device_id sorted order for cryptodevVladimir Ratnikov1-0/+16
By default, VPP automatically assignes for each tunnel next available QAT device by order dev_id-que-pair. In most cases we have more than one device and it can greatly increase ipsec perfomance without any actions with configuration from user if we use all the devices first and first que-pairs Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Iac9fe74768775459e22f69bb3706b542090a9375
2020-07-23acl: correct acl vat help messageLijian.Zhang1-2/+2
"ipv4"/"ipv6" option is not supported in acl_add_replace and macip_acl_add_replace vat api. Update its help message per actual api usage. Type: fix Change-Id: I8d34fac5f98bd78a46a5e98df05cd35182988dd8 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com> Reviewed-by: Jieqiang Wang <Jieqiang.Wang@arm.com> Reviewed-by: Govindarajan Mohandoss <Govindarajan.Mohandoss@arm.com>
2020-07-23hsa: proxy session cleanup fixesFlorin Coras2-95/+188
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I96673c984077876e69b18b4126b55e70dc07b50f
2020-07-23nat: fix port number selectionElias Rudberg2-6/+6
Change the port number selection for new NAT sessions so that it matches how the thread index is calculated from the port number for out2in packets. Before this change there was a problem when the largest port number in the range was used, that resulted in the wrong thread index being selected when out2in packets arrive for that session. Type: fix Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net> Change-Id: I936c389eb0d5df6168e18e5e44754de1cdad6ad1 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-07-23ikev2: add global message length checkBenoît Ganne1-96/+89
Type: fix Change-Id: I3eb51ea4f6c29005b0315cf488fcabb8543dfcd1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-21crypto: bails out early for unsupported key typeBenoît Ganne2-8/+8
Do not access data structures based on uninitialized key->alg. Type: fix Fixes: f539578bac8b64886b57c460c9d74273e6613f8b Change-Id: I6bfb7e7a51af2c131b8bdf3bca6a38fcf1094760 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-20ikev2: refactor and test profile dump APIFilip Tehlar9-129/+340
Type: refactor Change-Id: I6b8dc68e5d4a452776fbaf5a69fbd7f53a8abb75 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-19api: call api reaper callbacks for socket clientsDave Barach2-0/+51
Add a callback to clear the per-client packet trace buffer cache. Save the packet trace dump pg setup script. Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I252be911b5f937ece0da5dca152263ece3d52963
2020-07-19unittest: keep ASAN happy for non-terminated string testsBenoît Ganne1-0/+2
Type: fix Change-Id: Iae9e84d4297acd54c909d3a8a39adafcd86b0a91 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-17abf: mark API as in-progressAndrew Yourtchenko1-0/+8
As requested by Neale, mark the ABF API as in-progress Change-Id: I109a32fa54b1f2a882695d9fd71b235fa46bc6f3 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-07-17gbp: mark APIs as in-progressAndrew Yourtchenko1-0/+35
As per request from Neale, mark the GBP plugin APIs as in-progress. Type: fix Change-Id: I679943edcfff0742ee32c45cd8f97f482c353b9f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-07-17l2e: mark API as in-progressAndrew Yourtchenko1-0/+1
As requested by Neale, mark the API as in-progress. Change-Id: Id92cad65c66435e179583507f077816e09e4205b Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-07-17pppoe: fix uninitialized memory bugTimotheeChauvin3-1/+7
In pppoe_cp_node.c, node->errors[error0] was accessed without node->errors being initialized. Found with AFL + ASAN. Type: fix Signed-off-by: TimotheeChauvin <timchauv@cisco.com> Change-Id: Ide8a60021b2d47b5e2fce7062d8f12c7f4d225f7
2020-07-16misc: add callback hooks and refactor pmcTom Seidenberg9-164/+326
Callbacks for monitoring and performance measurement: - Add new callback list type, with context - Add callbacks for API, CLI, and barrier sync - Modify node dispatch callback to pass plugin-specific context - Modify perfmon plugin to keep PMC samples local to the plugin - Include process nodes in dispatch callback - Pass dispatch function return value to callback Type: refactor Signed-off-by: Tom Seidenberg <tseidenb@cisco.com> Change-Id: I28b06c58490611e08d76ff5b01b2347ba2109b22
2020-07-16dpdk: fix coverity warning in the flow codeChenmin Sun1-1/+1
CID 211153 Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ic4d518d047c3ff36d9a7b72477c3efcb554d05bb
2020-07-16crypto: fix coverity issue for cryptodevFan Zhang1-65/+103
- Fixes coverity issue #210160. - Fixes the possible issue in cryptodev when input node does not update mbuf, such as avf-input. - Fixes GCM ESN packet incorrect tag. - Code clean up to reduce binary size. Type: fix Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com> Change-Id: Ic05ae29855ac1f7a62e4af5831a4ed9faa8f561a
2020-07-16vppinfra: fix format_c_identifier vector overflowBenoît Ganne1-4/+2
In case of vector, we must check length before trying to access element. Also fix wrong DPDK plugin workaround. Type: fix Change-Id: I2ecef1c88ebef2362f48cab0d462699aa43cd4b9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-16misc: add tracedump API pluginDave Barach5-0/+571
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I586547508003b95eaa74e18e4a5ac6f72986822c
2020-07-16adl: move allow/deny list function to pluginDave Barach13-2/+2044
Provide binary API compatibility support for the "cop" APIs until vpp 21.01. Change the deprecation date in map.api to vpp 21.01. Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0e60d96de4ae9ae4448f134cf257934126f3b760
2020-07-16ikev2: fix race condition in child_sa updateBenoît Ganne1-0/+3
Type: fix Change-Id: I864d49a641b45337c0a45a0af7d996cad75f6629 Signed-off-by: Benoît Ganne <bganne@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-15nat: add prefetching to in2out_ed/out2in_edKlement Sekera2-2/+27
This saves about 20 clocks/packet in both code paths. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib559c74bf8168e3ddd764d51b7e5bcd2a557f591
2020-07-15ikev2: add support for AES-GCM cipher in IKEFilip Tehlar6-120/+345
Type: feature Ticket: VPP-1920 Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-14ikev2: API downgrade due to lack of ikev2 testsFilip Tehlar1-19/+17
Type: refactor Change-Id: Ic7ddad20088e069887f81721cceb21f4902e8907 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-13hsa: set connected mode for echo_server app in udp mode.jiangxiaoming1-7/+20
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I85a53ee049a9af371d929364400fe166cf71d53f
2020-07-13session: reduce verbosity on fifo alloc failureFlorin Coras1-3/+14
Also fix session test app name registrations Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7d365154ab9af83b17b026762ab4f0aea85ce486
2020-07-09dpdk: add txq struct and fix dpdk tx lockBenoît Ganne4-19/+23
This introduces a txq structure mirroring the rxq structure. This fixes the case when #txq > #rxq, because lock must be per txq. Type: fix Fixes: dfb19cabe20ccf1cbd1aa714f493ccd322839b91 Change-Id: Ic1bce64d2b08b9a98c8242a1ba1bfcdbda322bec Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-07-07ikev2: per thread usage of openssl contextFilip Tehlar3-77/+47
Type: refactor Change-Id: I04af90b4d86c00092ce1732aeb3c0517af1808e0 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-06ikev2: add profile dump APIJan Cavojsky6-0/+436
Type: feature Signed-off-by: Jan Cavojsky <Jan.Cavojsky@pantheon.tech> Change-Id: I84776a50b520134e8a3ca6ae41b4cc29009e6319
2020-07-06ikev2: add more ikev2 testsFilip Tehlar1-18/+135
Tests for AES-GCM and AES-CBC with different key lengths Type: test Change-Id: Ie7eeebb0f7e8331a717866475cb4ee00042857ce Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-02vrrp: fix feature declaration for v6 accept-modeMatthew Smith1-1/+1
Type: fix The v6 accept mode input feature was being declared with the node added to ip4-multicast instead of ip6-multicast. Add to the correct arc. Change-Id: I08f6e5e7dde84a37687fa0af750a7a16fe537ea6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-07-02ikev2: use remote proposals when installing tunnelFilip Tehlar1-2/+2
Change-Id: Ib9c5dff6c825f495400a73869d429b9c2df670fc Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-07-02nat: nat66 to pluginOle Troan14-480/+607
Type: refactor Change-Id: I8c1f0c02a4522c1f9e461ddadd59938579ec00c6 Signed-off-by: Ole Troan <ot@cisco.com>
2020-06-30tests: ikev2: add nat traversal & cert based auth testFilip Tehlar6-49/+253
Type: test Change-Id: I3e8e451c5deaf04f519a471369370c383d9cda3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-27vrrp: backup processes priority 255 advertisementMatthew Smith2-1/+381
Type: fix When accept mode is enabled, a backup VR will configure the VR virtual addresses locally and respond to packets sent to those addresses. This did not work when the primary VR is the address owner and sends advertisements using the virtual address as the source address. It also did not work when NAT was configured on the interface with the virtual address as the NAT pool address. In both cases, advertisements from other VRs would arrive and be dropped because they appeared to be spoofed - the source address would be an address that is configured as an interface address on the instance receiving it. When accept mode is enabled for a VR and the VR enters the master state, add an input feature on ip[46]-multicast for the interface which looks for VRRP advertisements, figures out whether they are for a VR which is configured with accept mode and is in the master state and kicks them straight to the VRRP nodes to avoid dropping them. Change-Id: I240ba1ee0b3fd6d693de729698c1181dc71bb08b Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-06-27lacp: add unit testSteven Luong1-0/+364
add test_lacp.py to cover basic lacp unit test Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I6f7f3d801956e54106f3c55cedaca186d81dad25
2020-06-27nat: replace speculative buffer enqueue modelKlement Sekera5-2278/+2107
Replace speculative buffer enqueue coding model with vlib_get_buffers(...)/vlib_buffer_enqueue_to_next(...). Type: improvement Change-Id: I7dbfac2234a7bd754c599857eb1d5b601da5bc7c Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-06-27ikev2: add FEATURE.yamlBenoît Ganne1-0/+17
Type: docs Change-Id: Ie7836543e52bee08d12c565fbb6238d3e82ea3ce Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-06-27flow: add IPSec ESP/AH flowChenmin Sun1-0/+71
This patch adds the IPSec ESP/AH type flow support Have tested on E810 with Intel iAVF driver Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I6ab8e69f67c423cc4e33f3c363881a97cdb98c30
2020-06-27ikev2: remove unused fieldFilip Tehlar1-1/+0
Type: improvement Change-Id: I0893d7cd8b8ab9958f585ac564bd0638bc60e78a Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-25nat: avoid division by zeroKlement Sekera1-1/+8
Return error instead of dividing by zero. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I9f6a942e87ab87e8f1921e744ec1add45884e74a
2020-06-24nat: deterministic: disallow invalid configKlement Sekera2-5/+20
Prevent overflow if input network prefix is too small and crash on packet #1 due to vector not being allocated/initialized. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I3494cc62ce889df48cc59cc9340b5dd70338c3a8
2020-06-23nat: fix broken testKlement Sekera1-2/+14
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I04952865b7e2b447763d0b67d120c3d933177646
2020-06-22nat: set buf error if can't create userKlement Sekera4-27/+9
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I747d78966a7296dcbae54d54b0c165d407c8863d
2020-06-18ikev2: use both local and remote ID for profile lookupFilip Tehlar2-22/+50
Type: fix Ticket: VPP-1890 Change-Id: I9441d5afc38df7dabf6cccaead69dd32646d2a9e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-18tests: add ikev2 test framework with basic test caseFilip Tehlar2-0/+651
Ticket: VPP-1905 Type: test Change-Id: Ie66fbd8e37eb5e69bd61b701ed3449366bee8c84 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-06-19nat: remove unused codeKlement Sekera2-47/+0
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Icc55276c8a4c256049718610cb131a34dc8d0a80