summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2018-01-05Unify and cleanup usage of hash_set/unset_mem by various tunnelsJohn Lo1-26/+7
Move the functions hash_set_key_copy() and hash_unset_key_free() which are dupilicated in various tunnel support code modules to hash.h as hash_set_mem_alloc() and hash_unset_mem_free() to be used by all. Change-Id: I40723cabe29072ab7feb1804c221f28606d8e4fe Signed-off-by: John Lo <loj@cisco.com>
2018-01-05Add support for 464XLAT NAT44 mode (VPP-1045)Juraj Sloboda7-7/+166
Change-Id: I24e7a26972bbbfcea100292b212b29ae7a349335 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-01-03NAT64: free port when dynamic BIB deleted (VPP-1107)v18.04-rc0Matus Fabian6-39/+46
Change-Id: Id897ed61a26a4069678ed4ddac1ba28bf32809c3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-21VPP-1109 Fix loop for some CLI (code review)Swarup Nayak2-0/+4
Change-Id: I518387ab479bee4778d45a33c95f7b0f72aa1b72 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-20L2 emulation: remove usued ip-table-id from APINeale Ranns1-1/+0
IP table mapping is set using 'set int ip table X Y" Change-Id: I2adec40015f9281c9b00c55506000b322f42d91a Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2017-12-20acl-plugin: add a debug CLI to print 5-tuple structure in human readable ↵Andrew Yourtchenko3-0/+33
format from hex representation Even though the trace now prints the hex as well as human readable format for acl plugin, it can be handy to have a separate function which allows to decode the hex. So add this debug CLI. Change-Id: I1db133a043374817ea9e94ae3736b8a98630669d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-12-20L2 EmulationNeale Ranns8-0/+803
L2 Emulation is a feautre that is applied to L2 ports to 'extract' IP packets from the L2 path and inject them into the L3 path (i.e. into the appropriate ip[4|6]_input node). L3 routes in the table_id for that interface should then be configured as DVR routes, therefore the forwarded packet has the L2 header preserved and togehter the L3 routed system behaves like an L2 bridge. Change-Id: I8effd7e2f4c67ee277b73c7bc79aa3e5a3e34d03 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-12-20fix kubeproxy some testsGabriel Ganne2-2/+41
* NAT46: fix test cleanup, missing del keyword * NAT66: fix kube-proxy vip, is ipv6 * add some missing kp_put_writer_lock * wipe flowtable after each unit test * Add new cli api: "test kube-proxy flowtable flush" to flushes everything * Call this new cli function after the end of each kube-proxy unit test. * same as commit b3d1b203579226ca5136b9d6a2744577d07cfcc6 for the lb plugin Change-Id: I4146f44841328ec96eb66729e3bae3d40f33e4aa Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-12-20Translate matching packets using NAT (VPP-1069)Juraj Sloboda6-48/+238
Add API function which enables forwarding of packets not matching existing translation or static mapping instead of dropping them. When forwarding is enabled matching packets will be translated while non-matching packets will be forwarded without translation. Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-12-19NAT: Twice NAT44 (VPP-969)Matus Fabian6-783/+821
Translation of both source and destination addresses and ports for 1:1 NAT session initiated from outside network (ExternalIP K8 use case). Change-Id: Ic0000497cf71619aac996d6d580844f0ea0edc14 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-18NAT: Add performance testing TRex scripts and config (VPP-832)Matus Fabian13-0/+426
Change-Id: I149a20f183b836db4c32fb4e4a8438b3a14c1c26 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-18Fix nat44 identity mappingDave Barach1-0/+5
Set l_addr to the interface address if the interface address is known when the identity mapping is created. Change-Id: I61af0f5248c9d86d23a24457b342b2e1fb4ac726 Signed-off-by: Dave Barach <dave@barachs.net>
2017-12-18Support kube-proxy data planeHongjun Ni11-0/+3594
This plugin provides kube-proxy data plane on user space, which is used to replace linux kernal's kube-proxy based on iptables. The idea is largely inspired from VPP LB plugin. Currently, kube-proxy plugin supports three service types: 1) Cluster IP plus Port: support any protocols, including TCP, UDP. 2) Node IP plus Node Port: currently only support UDP. 3) External Load Balancer. Please refer to kp_plugin_doc.md for details. Change-Id: I36690e417dd26ad5ec1bd77c7ea4b8100416cac6 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-12-16Use crc32 wrapper (VPP-1086)Gabriel Ganne1-6/+6
This allows arm platforms to also take advantage of crc32 hardware acceleration. * add a wrapper for crc32_u64. It's the only one really used. Using it instead of a call to clib_crc32c() eases building symmetrical hash functions. * replace #ifdef on SSE4 by a test on clib_crc32c_uses_intrinsics. Note: keep the test on i386 * fix typo in lb test log Change-Id: I03a0897b70f6c1717e6901d93cf0fe024d5facb5 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-12-16dpdk: unset ETH_TXQ_FLAGS_NOXSUMS only for selected PMDsDamjan Marion1-5/+8
Change-Id: I1699e440052faa317b06d46692e8656a41d21bfe Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-12-14pci: auto-detect right vfio/uio driverDamjan Marion1-1/+1
Change-Id: Ib4012ff598698924484525932d041988cc4c63f6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-12-14Enable AWS ENA PMDMatthew Smith3-1/+13
Elastic Network Adapter PMD for newer AWS instance types Change-Id: Ic7f6ac4a261ccc7af3ffb2ed8950274532e3feae Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2017-12-14NAT64: fix coverity (VPP-1032)Matus Fabian2-0/+4
CIDs 180713 and 180714 Change-Id: Ia4856d1a62f176e99983f8c82eaa09d5df9d4ca5 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-13NAT64: multi-thread support (VPP-891)Matus Fabian15-505/+1263
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-13NAT: DS-Lite AFTR tunnel endpoint address respond to ICMPv6 echo request ↵Matus Fabian1-3/+8
(VPP-1090) Change-Id: I361c043979274eac1aefcd95abdf1624a3ef2756 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-11acl-plugin: unapply/reapply the classifier-based inacls when performing ↵Andrew Yourtchenko1-1/+29
macip_acl_add_replace on an existing MACIP ACL The classifier tables layout might (and most always will) change during the MACIP ACL modification. Furthermore, vnet_set_input_acl_intfc() is quite a picky creature - it quietly does nothing if there is an existing inacl applied, even if the number is different, so a simple "reapply" does not work. So, cleanly remove inacl, then reapply when the new tables are ready. Also, fix the testcase which was supposed to test this exact behavior. Thanks to Jon Loeliger for spotting this issue. Change-Id: I7e4bd8023d9de7e914448bb4466c1b0ef6940f58 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-12-11call unformat_free in some flow, remove unnecessary callsSwarup Nayak1-8/+0
Change-Id: I565277eafbce3d4f59a7f0d497fca1c4fed3cfc8 Signed-off-by: Swarup Nayak <swarupnpvt@gmail.com>
2017-12-09vlib: PCI rework to support VFIODamjan Marion3-60/+74
Also fixes old ixge driver, so it works with recent physmem changes and vfio. Change-Id: Id4be74b34daed47cd281a77eec43d6692340d882 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-12-06Restructure some files in LB to src/vnet to reuseHongjun Ni4-111/+1
Change-Id: Ic8b193e93ce18ca82b294816aa7ee0ef31d64bc2 Signed-off-by: Pierre Pfister <ppfister@cisco.com> Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-12-05dpdk/ipsec: multiple fixesSergio Gonzalez Monroy5-105/+126
- fix ESP transport mode - safely free crypto sessions - use rte_mempool_virt2phy/rte_mempool_virt2iova - align DPDK QAT capabilities for IPsec usage (DPDK 17.08) - reserve 16B for aad (reference cryptodev doc) Change-Id: I3822a7456fb5a255c767f5a44a429f91a140fe64 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-12-05dpdk:remove duplicate codeEyal Bari1-11/+8
unify code from both branches Change-Id: Iae7325cff8c799c7827727ad7465bec089e39f50 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-12-04dpdk: remove unused "use_rss" flagEyal Bari2-7/+0
Change-Id: I31d2cbb02a0f59603ef1adc0d185e3d775dfda2f Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-12-04dpdk: remove duplicate functionEyal Bari1-32/+1
dpdk_rx_next_from_packet_start is equivalent to dpdk_rx_next_from_etype and seems to have no side effects Change-Id: I629dadfbfb35ad1f5c7198e7824883ae4bd6abaa Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-12-04dpdk: remove unused cached eth input nodeEyal Bari2-10/+0
Change-Id: Ic43c70bfe3e93cb3e6cfab7cda1986e44e371c06 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-12-01acl-plugin: fix coverity 177970-177973,178891, and incorrect reset of ↵Andrew Yourtchenko1-13/+33
dot1q/dot1ad classifier mask 17797[1-3] have been a false positive in the optional debug CLI argument handling, 178891 was triggered by an unnecessary use of memcpy. Also fix the issue reported by khers (thanks!) - since 178891 was in the same place. Change-Id: I3a804e2b1d25d74c11fcc389020d2c1fd69902b2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-11-30NAT44: identity NAT (VPP-1073)Matus Fabian3-7/+301
Identity mapping translate an IP address to itself. Change-Id: Icc0ca5102d32547a4b0c75720b5f5bf41ed69c71 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-30Fix variable mismatchJuraj Sloboda1-1/+1
Change-Id: Iae2f9f9652cecdf7e754700b2fe107ad61ff8ff9 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2017-11-29NAT: Remove old SNAT API (VPP-1070)Matus Fabian3-2114/+221
Change-Id: I3d936d456ee27b2e0857843295efb60a9f2d0be7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-28net/virtio: support modern device idGabriel Ganne1-1/+3
Add legacy and modern macros to pci_config header. This follows dpdk commit: 4c7903658f6b5a8f4901224ef405445541b91e4a And PCI Device Conformance doc : docs.oasis-open.org/virtio/virtio/v1.0/cs02/virtio-v1.0-cs02.html#x1-640001 Change-Id: Iacd40ea8c06f220736ca0bc7ce68bcf1e55b68f6 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-27dpdk: fix issue when tx offload stops working after MTU changeDamjan Marion2-19/+4
Change-Id: I3713b4c460a3cd414b560e16aac054aee2e1181b Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-27dpdk: fix trajectory compilationFlorin Coras1-1/+1
Change-Id: I53f917cd58101a14667641ee9cecd1eabf3f71d9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-27vlib: make vlib_buffer_alloc inline functionDamjan Marion1-73/+11
Currently, every alloc involves callback function call. With this change callback function is called only if there is no empty buffers on the free list. Change-Id: I2238c19ece7ce182c49ba0f2485add52f335f3b6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-24dpdk: enable tx checksum offloads as default, add disable knobDamjan Marion2-2/+11
New startup.conf knob: dpdk { ... no-tx-checksum-offload ... } Change-Id: I337fd57616dd77687300861b411b420a3cb75149 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-24dpdk: avoid false sharing of dpdk_buffer_per_thread_dataDamjan Marion1-0/+1
Change-Id: Iaae69a1219ccaedbfee5c3075c41c7b31c6e2b70 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-23memif: fix input node multiversion constructorDamjan Marion1-6/+6
Change-Id: I498ed1162eadf3eff2543f1ec02a9b1e5fdc05d8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-23memif: try harder to transmit packetsDamjan Marion1-13/+8
Change-Id: I1e57a86b8872798a888e7d6128d9c4537a8090e6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-23dpdk: prefetch both cachelines during buffer freeDamjan Marion1-1/+1
Change-Id: I4ae65494b8f9bc51521add5e66a51b594aad6716 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-23memif: multiversioningDamjan Marion3-19/+82
Change-Id: I881551e6c13503a71ae29a7a58bde4d193745d55 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-22dpdk: fix potential crash in buffer free functionDamjan Marion1-18/+49
Original code was not thread safe. Change-Id: I3d473b976d2b9ff62f42955c5c2a7fd6b4990cc2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-21stn-plugin: do not assume all punted packets start with L3 header.Andrew Yourtchenko1-0/+12
Some punt scenarios (notably, involving DNS traffic) do not have the current_data set to the L3 header - as a result, chaos ensues. To tackle this, approach the parsing from the other side, and look at the hopefully remaining ethernet header to see whether the packet is IPv4 or IPv6. Verified the STN'ed TCP traffic continues to work, and that the STN'ed DNS traffic starts to work as well. Change-Id: I0aa2ad1df2fb23dd4e54a564714103b19114d636 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-11-21dpdk: add l2_hdr_offset and l3_hdr_offset in vlib_buffer_tDamjan Marion4-62/+62
Change-Id: I0a6d1257e391c3b6f7da6498bd5f7d4c545d17e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-20dpdk: add support for DPDK 17.11Damjan Marion11-179/+46
Also remove DPDK 17.05 support. Change-Id: I4f96cb3f002cd90b12d800d6904f2364d7c4e270 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-17Replace tap interface using general interfaceHongjun Ni5-52/+50
Change-Id: Icd73f00162fb6aabe296c8bb6f2174ad4f6a17b7 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-11-17acl-plugin: use ip.save_rewrite_length to calculate IP header offset on L3 ↵Andrew Yourtchenko1-3/+11
egress path L3 egress path does not set the ethernet flags reflecting the count of VLANs, but rather has the offset explicitly, so use that. Change-Id: Id3f6562dcd52ca24137c305f1a1c88c1f125da78 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-11-16acl-plugin: also print human-friendly format of 5tuple in packet traceAndrew Yourtchenko1-0/+22
The original version printed just a few u64s, which is useful for directly working on the code, but not when figuring out what is possibly a config or environment-related issue. So, add printing the 5-tuple struct in a way that is usable by an operator. Change-Id: I84cc3a239cdaff05ed31c3458cea198e38b58e03 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>