summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2021-02-05nat: 1:1 policy NATOle Troan14-0/+2437
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-05ikev2: fix bad ip in logsFilip Tehlar1-5/+9
Type: fix Change-Id: Icd01491043e9fd1bb8f51f4f55e1252fd78512de Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-05nat: configurable handoff frame queue sizeElias Rudberg7-6/+171
Make number of worker handoff frame queue elements configurable as a set nat frame-queue-nelts command. The default value is 64 which is the same value that was previously hard-coded. The idea is that allowing larger values can be useful in some cases, to avoid congestion drops. Also add nat_set_fq_options API support and a corresponding test case. Type: improvement Change-Id: I5c321eb2d7997f76fac2703d9c4a5b2516375db3 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2021-02-05tests: ikev2: non-default table id testFilip Tehlar1-0/+33
Test whether responder sends info requests using correct ip table Type: test Change-Id: I9e97576f9d80686961f92de3cbc3e6f8d6341587 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04ikev2: add hint to the log when IDs do not matchFilip Tehlar1-1/+10
Type: improvement Ticket: VPP-1908 Change-Id: I1d86ea18fcb6174b86c449d5d9403fd0e5715318 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04ikev2: fix msgidFilip Tehlar1-0/+1
Type: fix In responder initialize msgid in requests to 1 as the previous value (0) was causing retransmision on the initiator. Change-Id: I8f5b84331ecac5943129f4c9a377076768fec455 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04crypto-ipsecmb: add support for AES CTRBenoît Ganne1-36/+40
Type: feature Change-Id: Ide2901f5d2111a518b2c8212aa84468cef1d72ca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-04nat: reduce number of hash tables for EI NATKlement Sekera9-141/+141
Making code more simple and storing thread index along with session index as a preparation step for fixing thread safety patches. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib0c531e9f1f64b1f1ee912d4a83279200638e931
2021-02-04api: Fold the empty pool check into the main macroNeale Ranns1-6/+0
Type: improvement the empty pool chekc is always required, so make it alwayd happen. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3879e752036a7dd49fff7e16dc6d9ea02563aa7a
2021-02-04linux-cp: Linux Interface Mirroring for Control Plane IntegrationNeale Ranns15-0/+3555
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa
2021-02-04vlib: increase the stats epoch only when necessaryMiklos Tirpak2-0/+263
When the counter vectors are validated and they are already long enough to fit the given index in memory, there is no need to increase the stats segment epoch. In this case, the counter vectors do not change as a result of the validation. This optimization is necessary for the case when the configuration is changed at multiple thousands per second rate. The counter vectors grow at the beginning and their size stabilizes after a while. Without this improvement, it can still take several seconds for a stats reader to succeed. Type: improvement Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: I5a6c30255832716a1460018d0bd0f63031de102b
2021-02-03vppapigen: Support an 'autoendian' keyword for message definitions inNeale Ranns2-3/+1
.api files Type: feature Make the auto-endian nature explicit, rather than hidden in the x_api.c file. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibe647117ceeaf6f99a38a96576a5a41a3cbb1615
2021-02-01quic: clean setup_cipher functionMathias Raoul1-10/+11
Type: fix Change-Id: I02e473440a8732ddfb1a13ad6552779adaa67f60 Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2021-02-01docs: fix up the markdownAndrew Yourtchenko1-1/+1
Type: docs Change-Id: Ia541839e1f1ceddfae4579dece43b9cc820702e2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit de569048a504cf211d80b86882e6781684301790)
2021-02-01fib: Changes to interpose sourceNeale Ranns1-3/+149
Type: improvement 1) stack the interpose on any path-extensions (e.g. labels) from the next best source 2) allow more than 1 source to contribute a DPO for a given prefix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Idc2fbb36cfbd2387081765d8af0f1fbe61612160
2021-01-28cnat: Fix session with deleted trNathan Skrzypczak3-9/+3
Type: fix When a translation gets deleted, hiting a session pointing to it sefaults. We're better off directly storing the next node index. Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix throttle hash & cleanupNathan Skrzypczak5-106/+67
Type: fix This fixes two issues : - We used a hash to throttle RPC for adding fib entries, but as we rely on a refcount, we cannot accept loosing an entry, which could happen in case of a collision. - On client cleanup we weren't freeing the fib entry correctly which resulted in crashes when recreating an entry. Added a test that ensures proper cleanup Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28ip: Router ID included in flow hashNeale Ranns1-4/+4
Type: feature A device/router needs to have a unique ID which is included in the flow has so that flows are not polarised through the network, i.e. each deice in the network chooses the same nth link for the same flow. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I963e03674adbb085902b4084fdc4886b88f5734c
2021-01-28crypto-openssl: fix iv size for AES CTRBenoît Ganne1-68/+69
Type: fix Change-Id: I79258a95cfb75587685dffae671255063f57cbef Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-27ikev2: add per SA statsFilip Tehlar7-15/+68
Type: feature Change-Id: Ic502d806410ea3c8f3f1eac70b694114ccb053bf Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-26interface: remove vnet_device_input_runtime_tMohammed Hawari2-13/+13
Change-Id: I85a463b4ca15baf11e3eb70189f5190ba2585170 Type: refactor Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-25svm: add custom q implementation for mqFlorin Coras2-4/+3
Add separate queue implementation for the message queue as it's custom tailored for fifo segments as opposed to binary api. Also move eventfds to the private data structures. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
2021-01-25crypto-ipsecmb: more explicit errors reportingBenoît Ganne1-4/+24
Use error counters related to ipsec-mb return codes instead of 'bad-hmac' only. Type: improvement Change-Id: I9329da300a70d76b4d4ab30fa45f0a2a85d6519b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-22quic: quicly v0.1.2 updateMathias Raoul7-616/+388
- update quic plugin with new quicly/picotls API - remove packet allocator - remove crypto batching - update picotls plugin - add cli for quicly congestion control configuration Type: feature Change-Id: If76ef31c43b430eea2f7674539b2112aee0f351e Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2021-01-22tests: add generalized tags for tests, use them for run-solo testsAndrew Yourtchenko4-16/+8
We have accumulated several scenarios in prod or wishlists where it would be useful to have a general infra to say yes/no about a certain test, and potentially make decisions based on that, for example: - runs solo (aka 'time-dependent') - (wishlist) part of quick smoke-test set - (wishlist) intermittent failure unrelated to timing - (wishlist) test broken with a multi-worker config in vpp Refactor the current "run-solo" code to allow for this extension. Type: test Change-Id: Ia5b3810e57c0543753c8e0dc4dc0cfb4a30b36ac Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-21dpdk: do not use TSO for small packetsSomnath Kotur1-2/+5
Asking for TSO (TCP Segmentation Offload) on packets that are already smaller than (headers + MSS) does not make sense and may not work on some HW. Fix to only set the TSO flag when a segmentation offload is really required, i.e when packet is large enough. Type: improvement Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com> Change-Id: I7830ae8474581c8e518fb4910f7863e10346bb62 Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
2021-01-21avf: use write combining store for queues tail updateRadu Nicolau3-2/+13
Performance improvement: on supported platforms, currently only Intel Tremont, use a write combining store to update the tail pointers. Also, Tremont node variant is added for all. Type: improvement Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie9606e403b7d9655184f778e3ffee3027c8c9edd
2021-01-21rdma: adapt to new vnet rxq frameworkMohammed Hawari3-27/+30
Change-Id: Id539d36635f0ab9625dc2fc73630be39bead09af Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2021-01-21memif: adapt to new rxq frameworkMohammed Hawari3-61/+59
Change-Id: Ifa8bccd8a34ec1b14e772ee53757e9083373e3de Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-01-21af_xdp: update interrupt mode to new infraBenoît Ganne3-36/+86
Type: improvement Change-Id: Icb23af5f5e458a555f416cb0a829e84646b25dd9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-21marvell: adapt pp2 to new rxq framework.Mohammed Hawari2-9/+11
Change-Id: I8759a07a24692b8b418ef8eb2025b61a62d2dda1 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-21interface: rx queue infra rework, part oneDamjan Marion10-63/+87
Type: improvement Change-Id: I4008cadfd5141f921afbdc09a3ebcd1dcf88eb29 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-01-21perfmon: added cache hits and missesRay Kinsella2-0/+70
Added basic support for counting cache hits and misses per node. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Ic566611fd3d4246ccaa2117d8f74a569a6862e80
2021-01-21dpdk: terminate device devargs stringMatthew Smith1-1/+2
Type: fix When a device is whitelisted with devargs arguments specified, the string that is generated and added to conf->eal_init_args is not explicitly terminated with 0. If the formatted string takes up all of the memory allocated to the vector which stores it and it is used later as a string in a format() or printf() call, any nonzero characters stored in memory at the address immediately following the memory allocated for the vector will be erroneously appended to the string. Terminate the string with 0 to ensure that this does not happen. Change-Id: I20a78d994daad93bf5aecab5c03d705022e882ec Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-01-21dpdk: add support for system libdpdkNathan Moos1-85/+96
Type: improvement This patch enables dynamically linking the dpdk plugin against a system-wide packaged version of dpdk. Change-Id: I2276d125f39986b0e1788c7b52b94485cdbcd855 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-21ip: Use correct enum type in ip_address_setNeale Ranns3-6/+7
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ice2bc42838e6d5ba579f449c3f8b0feffebeb719
2021-01-21ip: use IPv6 flowlabel in flow hash computationAhmed Abdelsalam1-4/+4
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation Type: improvement Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
2021-01-20acl: replace glibc internal __bswap_64 with clibNathan Moos1-1/+2
Type: fix In order to build VPP as a package for an embedded Yocto-based distribution, this patch replaces the use of the glibc internal __bswap_64 function with the VPP function clib_net_to_host_u64, which is provided by vppinfra. Change-Id: I3ecc8525861dc3441bce2b51aa4c80f9a62d3051 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-20memif: fix vpp to go link up immediately on admin upEd Warnicke3-16/+23
Type: improvement Previously, memif would check every 3 seconds to see if an interface had gone admin up. Now it does as soon as admin up occurs. Signed-off-by: Ed Warnicke <hagbard@gmail.com> Change-Id: I808699cd5980fa162c34ac977f43d00ed6b67115 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2021-01-20ikev2: use new counters data model & add more countersFilip Tehlar3-50/+169
Type: feature Ticket: VPP-1916 Change-Id: Ibe612d21f748a532d88b73b286dc4a1dd15d7420 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-19avf: fix l2_len for csum offloadMohammed Hawari1-4/+3
Use vlib_buffer_t::current_data instead of vnet_buffer_opaque_t::l2_hdr_offset to compute l2_len for checksum offload (l2_hdr_offset might be invalid if packet originates from an L3 interface) Change-Id: I2031ea6fd6a7af4b6e186751e119ebd6161641b5 Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-18nat: deal with flows instead of sessionsKlement Sekera14-1960/+1860
This change introduces flow concept to endpoint-dependent NAT. Instead of having a session and a plethora of special cases in code for e.g. hairpinning, twice-nat and others, figure all this out and store it in flow logic. Every flow has a match and a rewrite part. This unifies all the NAT packet processing cases into one - match a flow and rewrite the packet based on that flow. It also provides a cure for hairpinning dilemma where one part of the flow is on one worker and another on a different one. These cases are also sped up by not requiring destination adress lookup every single time to be able to rewrite source nat as this is now part of flow rewrite logic. Type: improvement Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns1-13/+6
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
2021-01-18tls: make picotls engine able to initial connection as clientSimon Zhang2-16/+74
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Idd14dc11e92e0851c64f83e280b52f12e32ae48d
2021-01-13ikev2: remove assert conditionFilip Tehlar1-19/+36
Remove assert condition ensuring that a packet was punted with reason spi=0. We can't rely on data in punt_reason because it is defind in an union. This patch adds a new IKE node that handles punted IKE packets separately. Type: fix Change-Id: I2e1b44922e53e049bd8512fa5cb85cee6a2b8aa7 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-12crypto-openssl: chacha support in openssl versionRay Kinsella1-8/+8
Fix build errors related to chachapoly when the system openssl version is < 0x10100000. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I62283fcc44c952ddd4d6a9f621c18e8be1af8af1
2021-01-11dpdk: allow configure individual VMBUS devicesVladimir Ratnikov3-48/+220
now startup.conf supports confuguration for VMBUS devices as for PCI devices for whitelisting/blacklisting dpdk { dev fa5a6e7a-cf3a-4b98-9569-addb479b84bc } with sub-configuration as for PCI devices dpdk { blacklist fa5a6e7a-cf3a-4b98-9569-addb479b84bc } where fa5a6e7a-cf3a-4b98-9569-addb479b84bc - example of UUID struct vlib_vmbus_addr_t changed to union with UUID described fields Added device_config_index_by_vmbus_addr blacklist_by_vmbus_addr to enumerate available device configs hash_key is as_u32[0] field(last 4 bytes of UUID) Lost of precision against full UUID, but 2^32 is enough to handle all the devices available Added is_blacklisted check while creating vnet devices in order to supress creation of dev if it's blacklisted Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Id82611e54fed082190e488c7e5fbe14ecbe5b2ab
2021-01-11acl: fix tag C-string overflowBenoît Ganne1-5/+14
tag is expected to be a null-terminated C-string Type: fix Change-Id: I633719068c37eac395cc30a6a314c00848e9cdca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-11nat: refactor and split fo EI/ED features p.2Filip Varga8-351/+1216
Patch n. 2 aimed at moving EI features out of NAT44 plugin & split of EI/ED functions. Type: refactor Change-Id: Ida20c1c084449b146344b6c3d8442f49efb6f3fa Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-01-08ikev2: fix lookup in wrong ip tableFilip Tehlar1-4/+6
In responder mode we need to remember interface index from which IKE session was initiated. Otherwise when sending keep alive packets to the initiator, the default ip table is always used for lookup instead of the one associated with the interface. Type: fix Change-Id: Iade3fc3a490b7ae83c3f6e9014d1f4204e476ac1 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>