summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-02-26api: improve api string safetyJakub Grajciar4-14/+8
- Remove vl_api_from_api_string to prevent use of not nul-terminated strings. - Rename vl_api_from_api_to_vec -> vl_api_from_api_to_new_vec to imply a new vector is created. NOT nul terminated. - Add vl_api_from_api_to_new_c_string. Returns nul terminated string in a new vector. - Add vl_api_c_string_to_api_string. Convert nul terminated string to vl_api_string_t - Add vl_api_vec_to_api_string. Convert NON nul terminated vector to vl_api_string_t Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Iadd59b612c0d960a34ad0dd07a9d17f56435c6ea Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-26svm: support multi-chunk fifo chunk allocFlorin Coras1-4/+4
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id601cd241a2d124d3189057edab4299ffde7ee32
2020-02-25avf: Handle chain buffer in TX properlySteven Luong2-7/+140
For chain buffer, need to traverse b->next_buffer to transmit all buffers in the chain. Only set EOP at the last descriptor in the chain to signal this is a chain descriptor. Introduce slow path to handle ring wrap. This is needed because chain buffer may consist of multiple pieces and it may span from near the end of the ring to the beginning of the ring. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id7c872f3e39e09f3566aa63f3cdba8f40736d508
2020-02-25unittest: Skip string test case for sizeof (src) > sizeof (dst)Steven Luong1-4/+13
coverity complains that the subject test may cause dst buffer overrun problem and it is right. The problem is when __builtin_constant_p (n) returns true, memcpy_s_inline skips all the errors checking and does the copy blindly. Please see the code in memcpy_s_inline. The fix is to skip the subject test when the aformentioned builtin function returns true. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I50de91cc0c853a134b3bcf3b0cd8d45d7668b092
2020-02-25svm: minimal initial fifoFlorin Coras3-1/+5
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4ee46a6c3c53c58199c275e20702f7fd11b60d9a
2020-02-25session: basic fifo-tuning-logicRyujiro Shibuya2-14/+81
- Allowing application to register custom fifo-tuning-logic. - Adding an example custom fifo-tuning-logic in hs_app/proxy. Type: feature Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2aca14d1f23d5c3c9debb7f4c46aca3a15a8d1b9
2020-02-25session svm: tracking segment memory usageRyujiro Shibuya2-0/+758
1. segment manager would attempt to balance the usages across the segments, when it allocate fifos 2. the memory presure level is determined per fifo-segment 3. updated unit test 4. updated cli output for segments Type: feature Signed-off-by: Ryujiro Shibuya <ryujiro.shibuya@owmobility.com> Change-Id: I2923f3e0a43dd919196a0cb2cd55e098fde6cf66
2020-02-25svm: refactor fifoFlorin Coras4-925/+900
Type: refactor Switch from a wrapped byte space to a "continuous" one wherein fifo chunks are appended to the fifo as more data is enqueued and chunks are removed as data is dequeued. The fifo is still subject to a maximum size, i.e., maximum number of bytes that can be enqueued, so the max number of chunks associated to the fifo is also constrained. When enqueueing data, which must fit within the available free space, if not enough "supporting" chunk memory is available, the fifo asks the fifo segment for enough chunk memory to ensure that the write can succeed. To avoid allocating large amounts of small chunks due to small writes, if possible, the size of the chunks requested is lower capped by min_alloc. When dequeuing data, all the chunks that have been completely drained, i.e., head moved beyond the chunks’ end bytes, are unlinked from the fifo and returned to the fifo segment. The one exception to this is the last chunk which is never unlinked. Change-Id: I98c1dbd9135fb79650365c7e40c29238b96cd4ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-02-25svm: refactor fifo chunk trackingFlorin Coras1-2/+12
Avoid tracking with rbtrees all of the chunks associated to a fifo. Instead, only track chunks when doing out-of-order operations (peek or ooo enqueue). Type: refactor Change-Id: I9f8bd266211746637d98e6a12ffc4b2d6346950a Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-02-25feature: provide a u16 version of vnet_feature_nextNeale Ranns1-3/+2
Type: improvement when using vlib_buffer_enqueue_to_next the 'nexts' parameter is an array of u16, but vnet_feautre_next takes a u32. this is a simple wrapper to address the impedence mismatch. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0fa86629e979e313344eb68442dc35a7b9537a8f
2020-02-25crypto-native: GCM implementation with vector AESNI instructionsDamjan Marion1-4/+479
Introduced on intel IceLake uarch. Type: feature Change-Id: I1514c76c34e53ce0577666caf32a50f95eb6548f Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-25vlib: Punt reason allocation listener enable/disable callbackNeale Ranns1-2/+4
Type: improvement allow clients that allocate punt reasons to pass a callback function that is invoked when the first/last client registers to use/listen on that punt reason. This allows the client to perform some necessary configs that might not otherwise be enabled. IPSec uses this callback to register the ESP proto and UDP handling nodes, that would not otherwise be enabled unless a tunnel was present. Change-Id: I9759349903f21ffeeb253d4271e619e6bf46054b Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-25crypto: fix coverity warningsFilip Tehlar1-2/+3
Type: fix Change-Id: I89c0923ad6ac1daf65b2d24ad4b6f00b7703e58e Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25crypto-openssl: fix coverity warningsFilip Tehlar1-5/+5
Type: fix Change-Id: Ia42ff39a0a33f89901b8333a9e6ca82ca9805cc6 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-25ikev2: add retry logic for session initiationFilip Tehlar1-0/+27
Type: improvement Change-Id: Ib474dabb745bc2034d8d60261c095e35a8fff277 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-24crypto-native: introduce aes_gcm_flags_tDamjan Marion1-84/+107
Type: refactor Change-Id: I53b4a9c0b63e6e6c6a13c33c5baa4c3de562584b Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24crypto-native: introduce counter structDamjan Marion1-44/+51
Type: refactor Change-Id: I9ecc18ba3ec5f11622ea225690fb1dc262ea6fc1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24ikev2: proper cleanup of SAs during rekeyFilip Tehlar2-11/+115
Type: fix Change-Id: Ifb675c7783f03de4db8147858dd93d9687176f40 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-24crypto-native: inverse Hi so it naturally fits into 512-bit registerDamjan Marion2-30/+34
Type: refactor Change-Id: I0c6ca9356af179abd0a414b356dea7e3a3eb0dd6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24crypto-native: replace aesni with aesDamjan Marion1-137/+134
This code also works on ARM so let's not use intel term.... Type: refactor Change-Id: Ie51d4359a83f2bf7a61c4861d486b7d009fc8057 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-24crypto-native: do not overwrite data after partial tagDamjan Marion1-1/+1
Type: fix Change-Id: I01de5f8813faff5406ccf67c21c42393c8648af6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-02-21ikev2: cleanup tunnels after subsequent sa-initFilip Tehlar1-0/+5
Type: fix Change-Id: I44e51bc37ff43999290d97fceb5f94b7c64041ec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-21gbp: Coverity warnings for unitialized variablesNeale Ranns2-0/+3
Type: fix Change-Id: If74ad528e68f45b00719295388e0e1399452ef93 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-21ipsec: IPSec protection for multi-point tunnel interfacesNeale Ranns1-2/+2
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Iaba2ab11bfaa1c8db4023434e3043ac39500f938
2020-02-21dhcp: update secondary radv_info structuresDave Barach1-22/+47
For details, see the Jira ticket below. Fix gerrit 23350. Type: fix Fixes: 28a6eb7 Ticket: VPP-1840 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ic9248734bb330eadb302f8410e8db9c64723f075
2020-02-21vrrp: fix coverity errorsMatthew Smith2-1/+12
Type: fix Fixes: 39e9428b90 Fix warnings about potential problems with an implicit type cast and a null pointer dereference. Change-Id: I8c8d220e79ba45b62ba783cfe53cb49eef175fc8 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-02-20hsa: cleanup vpp_echo JSON outputDave Wallace1-4/+8
- Fix invalid json syntax - Add bits_per_second rx/tx fields Type: fix Change-Id: I4100245b01093e99a6c7def16cd83572ab033e24 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-02-20dpdk: rx checksum offloadFlorin Coras1-0/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5a3e3a41dcc60c0d9b291e51bb112e7701f73050
2020-02-20nat: user deletion function & extra metricsFilip Varga4-0/+272
Type: improvement Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Ia5dbfe864c18e953ff49147a9a4684d2ca14b96e
2020-02-20map: honor pre-resolve param in map-tAlexander Chernavin6-30/+154
With this commit, forward the translated packet directly to the specified next-hop if pre-resolve param is enabled in MAP-T. Type: fix Change-Id: Ie26080c7820318c7982599577a4af6e4d01a0574 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20map: honor icmp6-unreachables param in map-tAlexander Chernavin2-2/+47
With this commit, send ICMPv6 unreachable messages back if security check fails and icmp6-unreachables param enabled in MAP-T. Type: fix Change-Id: I9a8869df7763c764a1672e3faa1fde8dc13ec85a Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-20nat: avoid running pointless session cleanupsKlement Sekera3-11/+33
Save the next session timeout when sweeping sessions for cleanup so that we can avoid unnecessary runs of the sweeping algorithm. Type: fix Change-Id: I736d00f2dfe242af10f963fbe34b11128f8b0613 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-02-20nat: nat44 split slow and fast pathFilip Varga2-1080/+339
Type: improvement Change-Id: I07c7e1c154583906ac9af958f22ed9a1be382f4a Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-02-20ikev2: fix logging initFilip Tehlar1-3/+2
Type: fix Change-Id: I76bed5ce2df897d0e8e822ee1244018b0e39494d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-20tls: need to use thread id to fetch the eventYu Ping1-2/+1
Type: fix Change-Id: I429351f04a2865be4a289a3021277f9b2ced902b Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-19tls: handle disconect and reset in async modeYu Ping3-11/+38
Type: fix When async is enabled and request is inflight, delay close oepration Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-18misc: deprecating the pluginFlorin Coras15-8618/+0
Type: refactor Not maintained Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5568ecf1161b63cd0f314e2b1503e350e214e51b
2020-02-18crypto: add support for testing quad loops in crypto algosFilip Tehlar5-97/+504
This patch adds support for test cases with arbitrary long plaintext. Type: feature Change-Id: I48cd3642e30cc49eabc196c45d7f73c484e93057 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-18crypto: add chained buffer support in ipsecmb (AES-GCM)Filip Tehlar1-0/+83
Type: feature Change-Id: Ia65caf38988c7e860e6d028f93659916825ef16b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-18vrrp: do not define _details as autoreplyVratko Polak1-4/+3
Without this, _details_reply messages also end up defined; which is not intended, as there are no _details_t_handler functions. Type: fix Fixes: 39e9428b90bc74d1bb15fc17759c8ef6ad712418 Change-Id: Id052b00b00623ca92e5ddce4cc5e1bdfbb1031db Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-02-18misc: fix coverity warningsDave Barach2-2/+2
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I402b1b06db736b2a7a242ce70ffd409c7c0a4fc2
2020-02-18tls: Add Feature yamlYu Ping1-0/+11
Type: docs Change-Id: Id1972fd1d0769f26ee73db326c22c6a57eb6ceab Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-18rdma: fix bug related to ring bufferElias Rudberg1-2/+2
Fix a bug that caused some input packets to be dropped due to errors of the type 'ip4 length > l2 length'. The change is related to the second call to the rdma_device_input_bufs() function that happens when the end of the ring buffer is reached. Type: fix Change-Id: I332d69ab22242b3443a0baca6e5dd86349a54765 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2020-02-18tls: Picotls engine symmetric crypto enhancement by vpp crypto frameworkSimon Zhang4-1/+373
Type: feature Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I1d4fe75e5faf3fa2086d11020828345b173ebd03
2020-02-17misc: fix coverity warningsDave Barach1-1/+1
Add an ALWAYS_ASSERT (...) macro, to (a) shut up coverity, and (b) check the indicated condition in production images. As in: p = hash_get(...); ALWAYS_ASSERT(p) /* was ASSERT(p) */ elt = pool_elt_at_index(pool, p[0]); This may not be the best way to handle a specific case, but failure to check return values at all followed by e.g. a pointer dereference isn't ok. Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ia97c641cefcfb7ea7d77ea5a55ed4afea0345acb
2020-02-17gtpu: offload RX flowChenmin Sun6-2/+785
ip4 gtpu cli/api (using flow infra) to create flows and enable them on different hardware (currently tested with ice) to offload a gtpu tunnel onto hw: set flow-offload gtpu hw TwentyFiveGigabitEthernet3/0/0 rx gtpu_tunnel0 to remove offload: set flow-offload gtpu hw TwentyFiveGigabitEthernet3/0/0 rx gtpu_tunnel0 del TODO:ipv6 handling Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I8e356feeb0b16cfeadc1bbbe92f773aa2916e715
2020-02-17ikev2: IKE plugin manages the state of the protected tunnel interfaceNeale Ranns1-2/+8
Type: improvement IKE will bring the tunnel up ince the negociation is complete and bring it down when the session ends. It is the clinets responsibility to manage the state of the tunnel before and after these events. So to prevent any unencrpyted traffic egressing the tunnel before the session is negpciated, the tunnel should be in the down state when it a associated with the IKE session. Change-Id: I8aee593c79ca006d6ab08f9fa560fbbf6f8dcc16 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-02-17crypto-native: calculate ghash using vpclmulqdq instructionsDamjan Marion1-0/+126
vpclmulqdq is introduced on intel icelake architecture and allows computing 4 carry-less multiplications in paralled by using 512-bit SIMD registers Type: feature Change-Id: Idb09d6f51ba6f116bba11649b2d99f649356d449 Signed-off-by: Damjan Marion <damjan.marion@gmail.com>
2020-02-15tls: Fix Picotls ctx_read rx_content issueSimon Zhang1-18/+21
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I19cdd2055ea494fc36628b4a94fc56742c1d1a8a Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-02-14vrrp dns: fix coverity warningsDave Barach3-2/+9
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0d164147173b452fee7e720e01e6a9991f43b64a