summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2019-04-17IPSEC: support GCM in ESPNeale Ranns1-2/+6
Change-Id: Id2ddb77b4ec3dd543d6e638bc882923f2bac011d Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 47feb1146ec3b0e1cf2ebd83cd5211e1df261194)
2019-04-16crypto: add more AES-GCM test casesFilip Tehlar2-3/+313
Change-Id: Ibb3e2f3ba5f31482fc2f0dce53d68f8476608f4b Signed-off-by: Filip Tehlar <ftehlar@cisco.com> (cherry picked from commit 11a73973c98a5a10b78f7200e5681859354bb29a)
2019-04-16crypto: openssl - IV len not passed by caller. Callee knows from algo typeNeale Ranns1-2/+2
Change-Id: Ib80e9bfb19a79e1adc79aef90371a15954daa993 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 45df934daf89391a399651f171278a4c0cad30f7)
2019-04-16crypto-openssl-gcm: account for failed decryptsNeale Ranns1-3/+6
Change-Id: I749c5a9d58128fd6d0fb8284e56b8f89cf91c609 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 1b1d1e9e84b007721a0c2ae2092df7cea662e09d)
2019-04-15LB crash when receving packets with right dst IP and wrong dst port VPP-1643Hongjun Ni1-0/+7
Change-Id: Ifb322118349674b8ebee45d7644212ab5174a2ec Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2019-04-15crypto: fix coverity warningsFilip Tehlar2-2/+7
Change-Id: Id9dfd912517c44cf812953bd05ac04c9e172a2b7 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-04-14IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns2-14/+57
hard code IV and key lengths based on cipher. Init IV from random data, use AES instruction to rotate. Change-Id: I13a6507d12267b823c528660a903787baeba47a0 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 21ada3bd7e9bc5cca7c2c8399adcbaa044bf8103)
2019-04-10crypto: Intel IPSEC-MB engineNeale Ranns2-0/+416
A plugin to use Intel IPSec MB library as a VPP crypto engine This changes uses concepts from: https://gerrit.fd.io/r/#/c/17301/ hence that author's work is acknowledge below Change-Id: I2bf3beeb10f3c9706fa5efbdc9bc023e310f5a92 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-10API: Fix shared memory only action handlers.Ole Troan8-212/+104
Some API action handlers called vl_msg_ai_send_shmem() directly. That breaks Unix domain socket API transport. A couple (bond / vhost) also tried to send a sw_interface_event directly, but did not send the message to all that had registred interest. That scheme never worked correctly. Refactored and improved the interface event code. Change-Id: Idb90edfd8703c6ae593b36b4eeb4d3ed7da5c808 Signed-off-by: Ole Troan <ot@cisco.com>
2019-04-10quic: add dummy accepted cbFlorin Coras2-2/+9
Add dummy function to avoid session layer warning. Also, decrease default debug level to avoid startup quic init notifications. Change-Id: I2964fc15a8d93d78c976ed7c333e0cc5746c069e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-09rdma: add multiqueue supportBenoît Ganne4-76/+170
Add support for multiqueue for RDMA devices. Change-Id: I78a2481cec6747494c670cc776475828be3af55b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-09nat: initialize fq_in2out_output_indexMatthew Smith1-0/+1
When using the output feature ('postrouting') outbound translation, no packets are passed when using worker threads. The frame queue for in2out packets to be handed off between threads is never allocated. This is because that allocation only happens if the value of fq_in2out_output_index == ~0, but fq_in2out_output_index is never initialized prior to checking that. Initialize fq_in2out_output_index to ~0 so a frame queue will be allocated when there are worker threads. Change-Id: I0836685eb611348643c11ac7e4d0cab935a29384 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-08GBP: drop and contract countersNeale Ranns2-16/+126
Change-Id: Ib436512a26e53f70f7b5e47bf34224ab73e5244e Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-08fixing typosJim Thompson2-7/+7
Change-Id: I215e1e0208a073db80ec6f87695d734cf40fabe3 Signed-off-by: Jim Thompson <jim@netgate.com>
2019-04-08rdma: fix DPDK MLX driver conflictBenoît Ganne1-5/+1
VPP rdma driver relies on an internal rdma-core not compatible with DPDK MLX driver. Force the use of external rdma-core through RTE_IBVERBS_LINK_DLOPEN DPDK build option and make sure internal rdma-core symbols are not leaked outside of the rdma plugin. Change-Id: I5b2281259f517c4e109d388d172b72eadd69986f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-08vlib-punt: fix error node countingNeale Ranns1-5/+0
Change-Id: I271aa8b8f4917c187ad52db774e4ad26677e2b82 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07GBP: coverity uninitialised variable warningNeale Ranns1-1/+1
Change-Id: Ic6e23f497fd91dcb1441f9f4d88a182712e69d3f Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion9-218/+488
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-07crypto: coverity issuesDamjan Marion2-15/+27
Change-Id: I9db1b74097c9df587b9265b14a969d347bcb731a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-06gbp: Add gbp bd flags unit testMohsin Kazmi1-0/+6
Change-Id: I5b18cb84bec88f5514cacd2df61b5ce3c70abd77 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-06quic: support addition of fifo segmentsFlorin Coras1-1/+2
Change-Id: I8cb03ee832e77d2b21d47aa7a44579c283fb1054 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-05quic: update app ns on connectFlorin Coras1-0/+1
Change-Id: I0aa220b1f5a72d8bbc6d147830766790d7f6d9bf Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-05crypto: fix init dependencyFilip Tehlar1-1/+2
Change-Id: Ie8dcd9fa0d0487b146eaa62113a5ee06bd3e7d3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-04-05rdma: more batching, compile rdma-core in release modeBenoît Ganne3-101/+299
rx: add batching for WC processing and release tx: improve batching for WC submission and processing rdma-core: compile in release mode to remove assert() Change-Id: I5fb8736db36b50f8b758cd688100477b67e72d80 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-04crypto: pass multiple ops to handlerDamjan Marion1-3/+3
Change-Id: I438ef1f50d83560ecc608f898cfc61d7f51e1724 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04GBP: Counters per-contractNeale Ranns4-13/+62
Change-Id: I28bb9e3d3ea3a99a9e24801ef5241a0099186108 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-04Add crypto_ia32 pluginDamjan Marion5-0/+632
Currently this plugin provies AES CBC optimized code. Encryption code supports parallel encryption of 4 buffers with different size and key which improves performance 4x compared to standard serialized aproach. On Skylake Server measured performance is around 0.71 clocks/byte with 256 buffers with size in range between 7000 and 8000 bytes. Measured performance includes overhead of processing crypto ops. Change-Id: I5ec2afee708fcdf16a4234926534dd64ff1155c3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04gbp: Add bd flagsMohsin Kazmi4-11/+38
Add flags for unknown unicast drop, multicast and broadcast drop and arp unicast. Change-Id: I1203137510b8bee0a20ecfe5f2efad8043d4bac6 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-04-03lacp: passive mode support [VPP-1551]Steven Luong7-56/+124
By definition, passive mode means the node does not start sending lacp pdu until it first hears from the partner or remote. - Rename ptx machine's BEGIN state to NO_PERIODIC state. - Put periodic machine in NO_PERIDOIC state when the interface is enabled for lacp. ptx machine will transition out of NO_PERIODIC state when the local node hears from the remote or when the local node is configured for active mode. - Also add send and receive statistics for debugging. Change-Id: I747953b9595ed31328b2f4f3e7a8d15d01e04d7f Signed-off-by: Steven Luong <sluong@cisco.com>
2019-04-03rdma: tx: fix stats and add batchingBenoît Ganne1-61/+88
Tx stats are no longer counted twice. Submit tx packets as a single batch per vector instead of per-packet Change-Id: I26820b21f23842b3a67ace0b939095f3550d3856 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-03GBP: iVXLAN reflection checkNeale Ranns2-12/+42
packets should not egress on an iVXLAN tunnel if they arrived on one. Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-02session: use app cb function wrappersFlorin Coras1-6/+3
Change-Id: I77ad9eb4d4c7699397aa4be6a973ef37c60db4c5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-02dpdk: fix build error when mlx support enabledMatthew Smith1-1/+1
When building with environment variables set to enable mlx PMD support in DPDK, an error occurs: CMake Error at plugins/dpdk/CMakeLists.txt:104 (vpp_plugin_find_library): vpp_plugin_find_library Macro invoked with incorrect arguments for macro named: vpp_plugin_find_library Update a call to vpp_plugin_find_library() to include the right number of parameters. Change-Id: Ia0d66f93c6f94fdf822e2c3c4fe3f0ad01a90d57 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-04-02vppinfra: fix sparse_vec_index() returning non-zero index for some ↵Andrew Yourtchenko2-0/+74
nonexistent elements If we are testing for an index whose membership bitmask happens to sit in LSB of uword, and there is nothing else set in that uword in the member bitmask, the shortcut path returning the valid index is taken even if the element with a given index doesn't exist in the sparse vector. This happens because the count of leading zeroes on the value of 0 is zero, which is equal to the value taken modulo bitsize uword. Take care of that case. Also add unittests showing the problem and verifying that sparse_vec_index2 does not have the same issue. Change-Id: I19117e13817c3e5de579b9250bb741de42491985 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-03-29Integrate first QUIC protocol implementationNathan Skrzypczak3-0/+1753
Currently supports on single stream exposed through standard internal APIs Based on libquicly & picotls by h2o Change-Id: I7bc1ec0e399d1fb02bfd1da91aa7410076d08d14 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-29ipsec: esp-decrypt reworkDamjan Marion1-4/+11
Change-Id: Icf83c876d0880d1872b84e0a3d34be654b76149f Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-29rdma: add option to specify inteface nameDamjan Marion4-2/+12
Change-Id: Ic6244511b88bdd42756f74e3163a70b8014e8547 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28crypto: add vnet_crypto_op_init (...)Damjan Marion1-1/+1
Change-Id: I2018d8367bb010e1ab30d9c7c23d9501fc38a2e5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28ipsec: USE_EXTENDED_SEQ_NUM -> USE_ESNDamjan Marion3-5/+5
Change-Id: Ib828ea5106f3ae280e4ce233f2462dee363580b7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28cmake: add vpp_plugin_find_library macroDamjan Marion3-48/+40
Change-Id: I0b996460e05c40e74766563fb2a94c62a65063ce Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28Punt InfraNeale Ranns3-19/+422
A punt/exception path that provides: 1) clients that use the infra 2) clients can create punt reasons 3) clients can register to recieve packets that are punted for a given reason to be sent to the desired node. 4) nodes which punt packets fill in the {reason,protocol} of the buffere (in the meta-data) and send to the new node "punt-dispatch" 5) punt-dispatch sends packets to the registered nodes or drops Change-Id: Ia4f144337f1387cbe585b4f375d0842aefffcde5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-28ipsec: anti-replay code cleanupDamjan Marion1-35/+15
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-28Add RDMA ibverb driver pluginBenoît Ganne8-0/+1401
RDMA ibverb is a userspace API to efficiently rx/tx packets. This is an initial, unoptimized driver targeting Mellanox cards. Next steps should include batching, multiqueue and additional cards. Change-Id: I0309c7a543f75f2f9317eaf63ca502ac7a093ef9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-28Typos. A bunch of typos I've been collecting.Paul Vinciguerra7-12/+13
Change-Id: I53ab8d17914e6563110354e4052109ac02bf8f3b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-03-27GBP: fixes for l3-out routingNeale Ranns2-8/+16
Change-Id: I4d73b712da911588d511a8401b73cdc3c66346fe Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-27ipsec: compress ipsec_sa_t so data used by dataplane code fits in cachelineDamjan Marion3-22/+24
Change-Id: I81ecdf9fdcfcb017117b47dc031f93208e004d7c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-03-26perfmon: fix pmc hw indices out-dated when multiple pmcSu Wang1-3/+15
When adding two or more events using a single "set pmc", the pmc hardware indices might be out-dated due to kernel reschdeduling the perf_event hardware counters. E.g. set pmc cpu-cycles cache-misses Solution: Open and enable all the events first, then aquire the indices from the kernel. Change-Id: I6913a871ab169e3b2855ac6159f527a1fca343e9 Signed-off-by: Su Wang <su.z.wang@ericsson.com>
2019-03-22acl-plugin: get rid of doubly-linked list fields in hash applied ACEsAndrew Yourtchenko2-99/+35
With collision match vector, the doubly-linked list is not needed anymore. Change-Id: Iaf667ebe6ce0bdd78306bec31d3949e6acb8d401 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-03-22acl-plugin: tuplemerge: fix a crash during soak test with split partitionAndrew Yourtchenko1-7/+11
Reload the hash-ready ACE vector pointer during the partition split with each iteration, since the ACL# may change. Change-Id: I1b001e06b52ff02ef59ca1d890f8462ca99e6634 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2019-03-22acl-plugin: get rid of a separate "count" field in the linear acl structAndrew Yourtchenko4-18/+18
Long time ago, the linear array of rules in the ACL structure was not a vector. Now it is, so get rid of the extraneous "count" member. Do so in a manner that would ease potential the MP-safe manipulation of ACL rules in the future. Change-Id: Ib9c0731e4f21723c9ec4d7f00c3e5ead8e1e97bd Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>