summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2021-03-09pnat: coverity fixesOle Troan2-3/+5
Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia1cfdbd39ed458cb3fffd29a8b6d6eff64644de8
2021-03-08cnat: Coverity fixNathan Skrzypczak1-1/+1
Type: fix Change-Id: I004a49e59d8643599fc99ad6fa5848d3cf289b7a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-07nat: replace main vlib with per-thread vlibKlement Sekera6-67/+53
Fix incorrect vlib main usage. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ic5304ca844f1b27756818eb6995b1d9c08412674
2021-03-07nat: fix worker selectionKlement Sekera7-89/+73
Use correct ports from SVR. Perform lookup of existing session for all cases to pick any created bypasses and derive correct thread indexes. Type: fix Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-07nat: test - add show traceKlement Sekera1-0/+1
Add missing show trace. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2f216bfc1bc70ebcbf5593214d46601f44f0b6e2
2021-03-07dispatch-trace: move dispatch trace pcap code to pluginDamjan Marion2-0/+523
Type: refactor Change-Id: I02a527f57853ebff797f0d85761b71127916d6ce Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-06nat: use correct node indexes for queuesKlement Sekera1-2/+2
Type: fix Change-Id: I30b847acc4653fea9d609fc0d5875c3fda0824ef Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-03-05avf: don't memcpy if adminq output buffer size is 0Damjan Marion1-1/+1
Type: fix Change-Id: I0df14ff87d0bf51eeb392f72434febf6c4a2957a Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-05mss_clamp: TCP MSS clamping pluginNeale Ranns7-0/+1331
Type: feature Configure TCP MSS clamping on an interface as follows: set interface tcp-mss-clamp [rx|tx] <interface-name> ip4 [enable|disable|rx|tx] ip4-mss <size> ip6 [enable|disable|rx|tx] ip6-mss <size> Change-Id: I45b04e50a0b70a33e14a9066f981c651292ebffb Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com> Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-03-05dpdk: fix rte mempool for rx_queuesVladimir Ratnikov1-1/+9
Change dpdk_ops_vpp_get_count() return value from 0 to actual available pool size; For some drivers/envs(azure,vmbus) rx_queue size will be zero and the only 1 element will be created (0 + 1) When more than one packet will arrive, it will cause SEGFAULT Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: Ibe7da6acc91200bec33d99f580044456d8984110
2021-03-05marvell: check return value of vlib_trace_bufferRobert Shearman1-8/+10
Check the value of vlib_trace_buffer in mrvl_pp2_input_trace to fix a compiler error for an unused result of the function. Type: fix Fixes: 9a3973e3a36bfd4dd8dbffe130a92649fc1b73d3 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: Ib005ae662885ed8ef902607037b843a524789a19
2021-03-05marvell: spelling fixesRobert Shearman2-3/+3
Fix places where "Marvel" is used incorrectly instead of "Marvell". Type: style Change-Id: I9247676ab08faed31e7b813f6f496ba008210c00 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-05marvell: fix implicit declaration of functionRobert Shearman1-0/+1
Fix compile error due to implicit declaration of vnet_hw_if_get_rxq_poll_vector by including the header file that declares this. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Signed-off-by: Robert Shearman <robertshearman@gmail.com> Change-Id: I4a21743df93ffaa637641838d30b3b5c70dd79ef
2021-03-05crypto: revert "fix ops flags in crypto sw scheduler"Damjan Marion1-2/+7
This reverts commit 30ad571cc35e4dc6d4d7e50b81b97f83f8770eea. Type: fix Change-Id: If8c6e388e732d2a1b5efd0677d9528a646365f94 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-03-04ikev2: fix incorrect api messageFilip Tehlar1-1/+1
Type: fix Change-Id: I9b3f4531070786f583e18609dfae1d95487ce93c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-04cnat: Add calico/k8s src policyNathan Skrzypczak3-2/+59
This patch implements k8s-specific extensions to the cnat plugin. This could be done by exposing a richer semantic on srcNAT policies, but this might be too complex work at this point. Also k8s fits quite well as a 'cloud NAT' usecase. Type: feature Change-Id: I2266daf7b10a92e65f5ed430838a12ae826bd333 Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Prepare extended snat policiesNathan Skrzypczak14-549/+770
Type: refactor Change-Id: I9ca3333274d6f32b6aff57f0fb3d2049c066337a Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04cnat: Fix snat with dhcpNathan Skrzypczak4-11/+17
Type: fix We didn't check that the srcEndpoint was resolved when creating the session, we could end up sNATing with 0.0.0.0 as src_addr Change-Id: If8dfa577e659cfe90b148657a44c0390a7d383e9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-03-04crypto: fix ops flags in crypto sw schedulerBenoît Ganne1-7/+2
The sw crypto scheduler converts crypto frames to individual crypto operations. This is done by reusing per-thread vectors for crypto, integrity and chained operations. The crypto op flags must be reset to frame flags minus invalid values depending of the operation. The previous tentative also cleared the chained buffer flag, breaking jumbo support. Type: fix Change-Id: Icce6887a9e0dae8c300c56e97b977e203e784713 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-04hsa: fix builtin echo apps with multiple workersFlorin Coras2-25/+88
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9507b5a9755e938b4d1da657bed3a8681a056427
2021-03-04dpdk: fix include directories with system dpdkRobert Shearman1-0/+1
Add the DPDK_INCLUDE_DIRS variable which is set by pkg_check_modules to the include directories to allow use of system DPDK where the headers aren't under standard include directories. Type: fix Fixes: f15a5791ba870a98a2ab7dec101bbbb9b6e266c1 Change-Id: Ifd4b4170572911b6e0580cdf114ad87cfa771931 Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04marvell: remove unused variableRobert Shearman1-1/+0
Fix compile error in mrvl_pp2_delete_if caused by unused variable by removing that variable. Type: fix Fixes: b85b0df2a039b694fb2f3c09a01decfb89d7bce2 Change-Id: I819bcfbfdbd0f85cc42be953be63ef124520852c Signed-off-by: Robert Shearman <robertshearman@gmail.com>
2021-03-04memif: Validate descriptors within process boudarySteven Luong1-20/+27
We hit a crash when the client sends us a bogus deescriptor which causes us to access memory beyong the mapping. While the client clearly should not do that, it is rather cheap for VPP to validate the descriptor instead of crash and burn. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Id09035810939f5f98530f212f0b23e606132251d
2021-03-04dpdk: enable AVX-512 on ICLRay Kinsella1-0/+5
Enable DPDK AVX-512 Vector PMDs on Intel Icelake Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie5d5bf54ccaa65c1d053d56a2f2973fe8625193b
2021-03-04dpdk: deprecate ipsec backendFan Zhang11-4533/+578
Type: refactor DPDK crypto devices are now accessible via the async infra, so there is no need for the DPDK ipsec plugin. In addition this patch fixes the problem that cryptodev backend not working when master core and worker cores lies in different numa nodes. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ie8516bea706248c7bc25abac53a9c656bb8247d9
2021-03-03nsh: Resolve SA errors in NSH plugin.Vengada Prasad Govindan1-15/+0
Type: fix Change-Id: Ia923cd9302688496d28d2fd5658718b40b17cc1a Signed-off-by: Vengada Govindan <venggovi@cisco.com>
2021-03-03dhcp: calls to vnet_feature_enable_disable needs to be protectedSteven Luong1-1/+7
dhcp is makeing calls to vnet_feature_enable_disable without barrier sync protection. This can cause data contention with the worker threads. Wrap all calls to vnet_feature_enable_disable with barrier sync and barrier release. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I74545b074599273429f47e3e726551156bc11bbc
2021-03-02ikev2: fix authFilip Tehlar1-1/+1
Old auth data is needed when generating new one. Type: fix Change-Id: I15c62346dbb7ece8facdc7a05f30afd1a15a5648 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-03-01nat: avoid crash if plugin not enabledKlement Sekera1-18/+21
Avoid crash if nat pool not allocated when issuing "show nat44 summary". Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I55661cf699bab04f4673e9d471fe12486e972067
2021-03-01nat: pick outside addr based on local addrKlement Sekera6-107/+215
Use outside addresses more evenly by using local address to pick from pool of addresses. This ensures stability from POV of remote host - an internal host always gets translated using the same outside address, so it doesn't appear to be "hopping". Also, this avoids all hosts being translated using the first address, which helps avoid needless recaptchas and the like. Exact assignment depends on internal ordering of addresses - local address is used to pick an offset into internal vector. If that address cannot be used, a linear search is performed as a fallback mechanism to find a possible translation. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I7ccb1da1dda5537f5d30d2f4cb48024f4b51c1a4
2021-02-26cnat: coverity fixNathan Skrzypczak1-2/+4
Type: fix Change-Id: I9d562abc8d8f59cfe73ddd4c03a25085f6ad1f84 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26nat: optimize flow matching in ED NATKlement Sekera5-81/+87
This saves 6 clocks in nat44-ed-in2out node. (112->106 per packet) Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I48e757e7f4b6b0d250a432a4659fe6955fc52a07
2021-02-26nat: NAT44ED fail if using old plugin optionFilip Varga4-450/+498
Fail if obsolete flag is used. Type: fix Change-Id: Id7000de9c82fa2c22692104b2fc1d463e5961f39 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-26ipsec: move the IPSec SA pool out of ipsec_mainNeale Ranns5-14/+9
Type: refactor this allows the ipsec_sa_get funtion to be moved from ipsec.h to ipsec_sa.h where it belongs. Also use ipsec_sa_get throughout the code base. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I2dce726c4f7052b5507dd8dcfead0ed5604357df
2021-02-26cnat: add input feature nodeNathan Skrzypczak6-0/+507
This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: Add maglev supportNathan Skrzypczak9-25/+253
* Backend choice in translations is controlled by lb_type switch allowing to enable Maglev. * Size of pool is set with cnat { maglev-len 1009 } Type: feature Change-Id: I956e19d70bc9f3b997b4f8042831164e4b559d17 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-26cnat: fixes & prepare maglevNathan Skrzypczak16-366/+390
Notable changes: - ip[46]-cnat-snat is renamed to cnat-snat-ip[46] - indent fixes - common trace primitives - bihash is now 40_56 with alias Type: refactor Change-Id: I0a82cfe3b40efd96473e51061d7135ffe412ddfc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-25sr: Fix the coverity issue on srv6-mobile pluginTetsuya Murakami1-2/+2
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I55e6d7dd193f83f70d27e27fe2e383939d677ef1
2021-02-25ikev2: Use the IPSec functions for UDP port managementNeale Ranns2-46/+2
Type: refactor IKEv2 registers the IPSec node as the port handler, so it can use the IPSec functions to do that. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If398dde0a8eb0407eba3ede62a3d5a8c12fe68a7
2021-02-25linux-cp: fix vector-used-a-C-string overflowBenoît Ganne2-4/+3
lip_host_name is a non-NULL terminated vector, not a NULL-terminated C-string. Type: fix Change-Id: Ie5da59bc5680be72251904467d77b18263c882f8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-24nat: Final NAT44 EI/ED split patchFilip Varga44-5781/+10760
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
2021-02-24wireguard: coverity fixArtem Glazychev1-11/+12
explicit null dereferenced Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Id1e4b0e048dbd0a68063c63374172ab6d3653aff
2021-02-24docs: move pnat doc link into dev doc sectionDave Wallace1-1/+1
- "PNAT: 1:1 match and rewrite programmable NAT" link was hanging out on the top level of the doc tree. Move it to VPP->Developer Documentation. Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iadb7d3463567a2414eece68db0a3743237ab26f9
2021-02-23hsa: fifo detach cleanupFlorin Coras2-0/+27
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I907b2e560d6ecd748aa7c6d775c4f7122a39b4cb
2021-02-19dpdk: fix cryptodev offset updateFan Zhang1-11/+8
Type: fix This patch fixes the missed crypto and integ offset update for every packet. Previously the offset is updated only when the key is changed. This is ok for encryption but not always true for decryption. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Iccd0011f4ae488746ce487a14b94ddd24fb0c07c
2021-02-19ikev2: start counting msgid from 0Filip Tehlar1-2/+2
This fixes an issue when initiator is expecting request with intitial msgid being 0 but 1 is received instead which results in retransmission (instead of normally processing the new request). Type: fix Change-Id: I60062276bd93de78128847c5b15f5d6cecf1df65 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-18tests: re-enable NAT44ED tests for multiworkerAndrew Yourtchenko1-1/+0
Re-enable the test for 2-worker config test Change-Id: Ie108c5d244c6704ffa152177ca77f6b6055fe38e Type: test Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-18tests: policer test check unformat return valuesBrian Russell1-4/+6
Keep coverity happy by checking the return value of unformat calls. Type: test Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iccd0296da527d079f79cc7bd8b57af1b524299bd
2021-02-17linux-cp: fix coverity defectMatthew Smith1-0/+6
Type: fix If no host interface name is passed to the CLI command which creates an interface pair, NULL gets passed to lcp_itf_pair_create() and a seg fault occurs. Check whether a host interface name was provided and fail gracefully if none was given. Change-Id: I82886f4c2ee710e206c751c34a74399112e9062c Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-16hsa: coverity fixFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I30fde452fdeeb9877f3e3fecb0dd723f10f61019