summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-09-10NAT: fixed hairpinning for in2out translation as an output feature (VPP-976)Matus Fabian1-7/+19
Test whether the hairpinning flag is set only for packets from NAT inside interface. Change-Id: I4a4fdd2084a76a70ce9dfe3e2b8332c02fa2eccd Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-09-09move unix_file_* code to vppinfraDamjan Marion3-64/+66
This will allow us to use this code in client libraries without vlib. Change-Id: I8557b752496841ba588aa36b6082cbe2cd1867fe Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-09-08vlib: move linux-specific code to vlib/linuxDamjan Marion3-30/+2
Change-Id: Id79d2c2be7a98e15416a537c890a8f2dd6d4464d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-09-08memif: fix coverity warnings as of 9/7Steven4-12/+29
1. coverity complains about "buffer not null terminated" for strncpy because we pass the size of the destination to the call which is equal to the true size of the destination. We subtract 1 for the size to accommodate the null like all other places are already doing it. 2. Add a check to tx_queues in memif_interface_tx_inline to avoid "divide by zero". 3. To avoid null pointer dereference in memif_create_if, change the goto done rather than goto error and spit a more meaningful error rather than silent about it. 4. Shuffle a line to avoid "check after use" in vl_api_memif_delete_t_handler. Change-Id: Icba7ecd5362c012a48ac35795d31aab356617420 Signed-off-by: Steven <sluong@cisco.com>
2017-09-08ACL-plugin MACIP ACLs testsPavel Kotucek1-2/+16
Change-Id: Ie40c837358454cfe9475cb2c14fdf20b24fa6602 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-09-08acl-plugin: add hitcount to applied hash-acl entriesAndrew Yourtchenko3-4/+10
Add a counter incremented upon the ACL check, so it is easier to see which kind of traffic is being checked by the policy, add the corresponding output to the debug CLI "show acl-plugin tables" command. Change-Id: Id811dddf204e63eeceabfcc509e3e9c5aae1dbc8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-07vlib physmem reworkDamjan Marion5-18/+35
This patch adds supprot support for multiple numa-aware physmem regions. Change-Id: I5c69a6f4da33c8ee21bdb8604d52fd2886f2327e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-09-07NAT: fixed bug in snat_get_worker_out2in_cb (VPP-832)Matus Fabian1-0/+2
Change-Id: Id9c977634a1259865e3403ba0d90aecaca85207d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-09-07acl-plugin: match index set to first portrange element if non-first ↵Andrew Yourtchenko1-5/+1
portrange matches on the same hash key (VPP-937) Multiple portranges that land on the same hash key will always report the match on the first portrange - even when the subsequent portranges have matched. Test escape, so make a corresponding test case and fix the code so it passes. (the commit on stable/1707 has erroneously mentioned VPP-938 jira ticket) Change-Id: Idbeb8a122252ead2468f5f9dbaf72cf0e8bb78f1 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit fb088f0a201270e949469c915c529d75ad13353e) Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-09-06Fixes for issues raised by Coverity (VPP-972)Chris Luke1-2/+2
Change-Id: I4b1f27b95d67d48b7a13750ff8754c344ed7afa7 Signed-off-by: Chris Luke <chrisy@flirble.org>
2017-09-06NAT: Destination NAT44 with load-balancing (VPP-954)Matus Fabian6-70/+1011
added load-balancing static mappings with unequal load support Change-Id: Ie505e41f24d46f812b94dd28bdafe3dc170a6060 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-09-06dpdk/ipsec: fix setup when using master core onlySergio Gonzalez Monroy1-2/+3
Change-Id: I62b7aa896dfe218358f11a5197b1228a3dd67152 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-31dpdk/ipsec: update doc regarding startup.confSergio Gonzalez Monroy1-10/+7
Change-Id: Ie449072ab1efec081235b508f1def60a1287ff5f Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-30Offload prep calls needed for IP and UDP checksum offload pktsDave Barach1-1/+4
Change-Id: I9b29bcff348bddfb49b1c38b1d409249e37bb075 Signed-off-by: Dave Barach <dave@barachs.net>
2017-08-29Fix static mapping lookup issue for NAT pluginHongjun Ni1-0/+1
Change-Id: Ic99d1db5360f69126b23bb2b78f29d6404cbbae9 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-29Fix some issue of comment and help for nat featureHongjun Ni1-3/+3
Change-Id: I9233e427b5f8874492fefb2bfe7c1ab329e366b2 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-29Flowprobe: Fix flow start time and hash computationPierre Pfister2-25/+21
Upon hash collision, the flow start time was not reset. The hash computation techniques (crc32 or xxhash) also both had bugs which are now fixed. Change-Id: I94d72997f34018d1699324264f7dded2a5cbd776 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-08-25dpdk: bump to dpdk 17.08, remove support for dpdk 17.02Damjan Marion5-35/+4
Change-Id: I674fb1212e48693939045523df085326a4dd1809 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-25acl-plugin: warning printed when acl_add_replace already applied ACLs ↵Andrew Yourtchenko4-17/+49
(complete the fix for VPP-935) The fix for VPP-935 missed the case that hash_acl_add() and hash_acl_delete() may be called during the replacement of the existing applied ACL, as a result the "applied" logic needs to be replicated for the hash acls separately, since it is a lower layer. Change-Id: I7dcb2b120fcbdceb5e59acb5029f9eb77bd0f240 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit ce9714032d36d18abe72981552219dff871ff392)
2017-08-25Use Quad-loop to improve gtpu-encap performanceHongjun Ni1-49/+194
Change-Id: I440fae09e77502392af5cde45dd9c532afa5d976 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-25dpdk: required changes for 17.08Sergio Gonzalez Monroy9-216/+471
DPDK 17.08 breaks ethdev and cryptodev APIs. Address those changes while keeping backwards compatibility for DPDK 17.02 and 17.05. Change-Id: Idd6ac264d0d047fe586c41d4c4ca74e8fc778a54 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-24Make VPP runtime directory configurableDamjan Marion3-22/+22
New startup config command: unix { runtime-dir /run/vpp } Also, adds recursive mkdir funtion for use in deifferent places like cli-config socket path and dpdk hugepage directory path. Change-Id: I1446ceab9c220c25804e73a743a3ebb383450124 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-24NAT64: Fix error message typo (VPP-961)Matus Fabian1-5/+6
Change-Id: Ieb81c5e157e342cbb532bd65f3b64059e5838691 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-23NAT64: Fix CLI typo (VPP-961)Matus Fabian2-4/+4
Change-Id: I99e2766a118754387c9f238fc1b46057ee8a23e7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-23NAT: Rename snat plugin to nat (VPP-955)Matus Fabian24-378/+2279
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-22acl-plugin: Recreate the bihash_40_8.h in the proper placeAndrew Yourtchenko4-87/+4
Change-Id: I30a3df53bc5fe5ab991a657918eb502bd2913440 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-22dpdk: fix Cavium ThunderX supportDamjan Marion2-0/+5
Change-Id: Id5812448917ce52984d5a778d5b304c448a752e7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-08-21PPPoE usses a midchain adjacency stack on an interface-tx DPONeale Ranns4-435/+122
1) introduce an interface-tx DPO. This is a simple wrapper around a sw_if_index. enhance DPO stacking functions to allow per-instance next-nodes and hence allow children to stack onto the interface per-instance tx node and not on 'interface-output'. 2) update PPPoE code to use ta midchain stack on a interface-tx DPO of the encap-interface. This remove the need for pppoe_encap node (which is replaced by the adj-midchain-tx) and interface-output node is no longer used (see above). Since PPPoE encap node is no longer needed, the PPPoE seesion does not need to be retrieved in the data-path, hence the cahce misses are removed. Change-Id: Id8b40f53daa14889a9c51d802e14fed7fba4399a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-18Fix vpp crash when adding macip aclPavel Kotucek1-1/+1
When adding at least two different types of MACIP acl vpp crash. Change-Id: Ibbc76b94015311945be081fe0d8af71cf0672332 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-18Fix small issues in ACL apiPavel Kotucek1-3/+11
Enable IP address without prefix length, if not given use max (32/128) Parse correctly type of acl (ipv4). Change-Id: I3d5d6b45037c9e0f95d2d112ae584f006c6cb4d1 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-08-18acl-plugin: time out the sessions created by main thread too (VPP-948)Andrew Yourtchenko4-13/+28
In multithread setup the main thread may send packets, which may pass through the node with permit+reflect action. This creates the connection in lists for thread0, however in multithread there are no interupt handlers there. Ensure we are not spending too much time spinning in a tight cycle by suspending the main cleaner thread until the current iteration of interrupts is processed. Change-Id: Idb7346737757ee9a67b5d3e549bc9ad9aab22e89 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit c1ff53f25d04ec1cc31844abd38014e91e398b5f)
2017-08-16SNAT: Make proto optional in nat64_bib_dump (VPP-942)Matus Fabian4-45/+115
make proto optional in nat64_bib_dump and nat64_st_dump Change-Id: Idd102ce2b1555d38783fd22c84e46b4c48570edc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-16NAT64: Fallback to 3-tuple key for non TCP/UDP sessions (VPP-884)Matus Fabian8-134/+647
Change-Id: I4cafc8291725feb499355092bd429433e649b5b2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-15acl-plugin: don't attempt to delete the ACLs on interface deletion if ACL ↵Andrew Yourtchenko1-0/+4
plugin heap is not initialized With the addition of the own heap, the delete routines called from interface deletion callback may attempt to initialize the ACL plugin heap. This is obviously not a desirable condition - so, return early from the callback if the ACL plugin heap has not been initialized yet - there is for sure nothing to clean up. Change-Id: I08a6ae725294016ff5824189ade91c288e2c473b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-08-14dpdk: cleanup unused build option *_uses_dpdk_cryptodev_swSergio Gonzalez Monroy1-11/+4
Change-Id: I62939592bd3cb151e02c55a3f1ee6e7d1ce469cb Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-08-11Fix IP fragment-id and offset issue in LB-GRE4Hongjun Ni1-0/+2
Change-Id: Ic1c440b2594c3ec4cdc75730069f16432cdb9587 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-11acl-plugin: add the debug CLI to show macip ACLs and where they are applied ↵Andrew Yourtchenko1-0/+76
(VPP-936) When looking at resource utilisation, it is useful to understand the interactions between the acl-plugin and the rest of VPP. MACIP ACLs till now could only be dumped via API, which is tricky when debugging. Add the CLIs to see the MACIP ACLs and where they are applied. Change-Id: I3211901589e3dcff751697831c1cd0e19dcab1da Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit f2cfcf676e67a7ea80ce20a69826210eb97acba5)
2017-08-10acl-plugin: hash lookup bitmask not cleared when ACL is unapplied from ↵Andrew Yourtchenko3-4/+31
interface (VPP-935) The logic in hash ACL bitmask update was using the vector of ACLs applied to the interface to rebuild the hash lookup mask. However, in transient cases (like doing group manipulation with hash ACLs), that will not hold true. Thus, make a local copy of for which ACL indices the hash_acl_apply was called previously, and maintain that one local to the hash_lookup.c file logic. Change-Id: I30187d68febce8bba2ab6ffbb1eee13b5c96a44b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 1de7d7044434196610190011ebb431f054701259)
2017-08-10acl-plugin: avoid crash in multithreaded setup adding/deleting ACLs with ↵Andrew Yourtchenko3-0/+83
traffic (VPP-910/VPP-929) The commit fixing the VPP-910 and separating the memory operations into separate heaps has missed setting the MHEAP_FLAG_THREAD_SAFE, which quite obviously caused the issues in the multithread setup. Fix that. Also, add the debug CLIs "set acl-plugin heap {main|hash} {validate|trace} {1|0}" to toggle the memory instrumentation, in case we ever need it in the future. Change-Id: I8bd4f7978613f5ea75a030cfb90674dac34ae7bf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e6423bef32ca2ffcfcd7a092eb4673badd53ea4c)
2017-08-10acl-plugin: all TCP sessions treated as transient (VPP-932)Andrew Yourtchenko1-3/+6
The packet that was creating the session was not tracked, consequently the TCP flags seen within the session record never got the value for the session to get treated as being in the established state. Test-escape, so add the TCP tests which test the three phases of the TCP session life and make them all pass. Change-Id: Ib048bc30c809a7f03be2de7e8361c2c281270348 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 754370f1b55d4102d21dd94676f2bda3170c7df0)
2017-08-09PPPoE: use DPO protos in FIB entry path add/removeNeale Ranns1-2/+3
Change-Id: I6ac10ec0adf179b86f97269bbce2a7fd8796e72a Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-09Add PPPoE PluginHongjun Ni14-0/+2902
Supports 64K PPPoE sessions This plugin adds three graph nodes: 1) pppoe-input for PPPoE decapsulation 2) pppoe-encap for PPPoE encapsulation 3) pppoe-tap-dispatch for control plane process Below is the configuration to make PPPoE CP and DP work: vim /etc/vpp/startup.conf tuntap { enable ethernet name newtap } create pppoe tap tap-if-index 1 //Configure it after a subscriber's PPPoE discovery and PPP link establishment succeeds: create pppoe session client-ip 100.1.2.1 session-id 1 client-mac 00:11:01:00:00:01 show pppoe fib show pppoe session Change-Id: I73e724b6bf7c3e4181a9914c5752da1fa72d7e60 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-08-08L2 over MPLSNeale Ranns2-2/+2
[support for VPWS/VPLS] - switch to using dpo_proto_t rather than fib_protocol_t in fib_paths so that we can describe L2 paths - VLIB nodes to handle pop/push of MPLS labels to L2 Change-Id: Id050d06a11fd2c9c1c81ce5a0654e6c5ae6afa6e Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-08acl-plugin: fix a misplaced return (VPP-910)Andrew Yourtchenko1-1/+1
It was uncaught by make test because the corresponding tests are not there yet - part of 17.10 deliverables Change-Id: I55456f1874ce5665a06ee411c7abf37cd19ed814 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 58013b73509521789608f24a79a00177797ff9b1)
2017-08-08MAC IP ACL interface list dump (as an alternative to the get/reply)Neale Ranns2-1/+90
Change-Id: I2e71aef1aa745e85ad3234b0b708cdc50f335a75 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-08-08acl-plugin: rework the optimization 7383, fortify acl-plugin memory behavior ↵Andrew Yourtchenko5-150/+289
(VPP-910) The further prolonged testing from testbed that reported VPP-910 has uncovered a couple of deeper issues with optimization from 7384, and the usage of subscripts rather than vec_elt_at_index() allowed to hide a couple of further errors in the code. Also, the current acl-plugin behavior of using the global heap for its dynamic data is problematic - it makes the troubleshooting much harder by potentially spreading the problem around. Based on this experience, this commits makes a few changes to fix the issues seen, also improving the serviceability of the acl-plugin code for the future: - Use separate mheaps for any ACL-related control plane operations and separate for the hash lookup datastructures, to compartmentalize any memory-related issues for the ACL plugin. - Ensure vec_elt_at_index() usage throughout the hash_lookup.c file. - Use vectors rather than raw memory for storing the "ordinary" ACL rules. - Rework the optimization from 7384 to use a separate tail pointer rather than overloading the "prev" field. - Make get_session_ptr() more conservative and adjust is_valid_session_ptr accordingly Change-Id: Ifda85193f361de5ed3782a4acd39622bd33c5830 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit bd9c5ffe39e9ce61db95d74d150e07d738f24da1)
2017-08-04SNAT: fix address and port allocation for multiple worker threads (VPP-925)Matus Fabian3-16/+39
There is a chance to allocate the same outside address and port. Assign a block of port numbers to each worker. Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-03acl-plugin: multicore: CSIT c100k 2-core stateful ACL test does not pass ↵Andrew Yourtchenko4-41/+106
(VPP-912) Fix several threading-related issues uncovered by the CSIT scale/performance test: - make the per-interface add/del counters per-thread - preallocate the per-worker session pools rather than attempting to resize them within the datapath - move the bihash initialization to the moment of ACL being applied rather than later during the connection creation - adjust the connection cleaning logic to not require the signaling from workers to main thread - make the connection lists check in the main thread robust against workers updating the list heads at the same time - add more information to "show acl-plugin sessions" to aid in debugging Change-Id: If82ef715e4993614df11db5e9afa7fa6b522d9bc Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 8e4222fc7e23a478b021930ade3cb7d20938e398)
2017-08-03gtpu bypass function doesn't work (VPP-924)jerryian1-0/+14
Change-Id: I80183f7d984ed6ed2e3405d1bb65fe761a29bc81 Signed-off-by: jerryian <gu.jian1@zte.com.cn>
2017-08-02memif: construct interface name out of socket file idx and intf idDamjan Marion1-2/+4
Change-Id: Ib4de018a84e9c94df26a8870bf1b04e26204ace1 Signed-off-by: Damjan Marion <damarion@cisco.com>