summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-05-06nat: enable force session cleanupFilip Varga6-142/+236
Force session cleanup drops NAT db. Also fixing user specific cli/api calls. Type: improvement Change-Id: Ia3e25fcf07fe5fb9a83d55c03fe90aca727b41ac Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-06nat: fix coverity warningKlement Sekera1-19/+5
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I609fef6f96c6a3fc85a4dc07e75244b0e1ba9239
2020-05-05tests: add test description to quic testsDave Wallace1-0/+24
Type: style Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Ief894e940a913a4ccf5368a2fdcf5479917f56cb
2020-05-05ipsec: User can choose the UDP source portNeale Ranns1-2/+2
Type: feature thus allowing NAT traversal, Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-05-05ikev2: remove sa from main threadFilip Tehlar1-17/+29
Type: fix Change-Id: Ib73ce48552cfa9e825a6833f5594650783d82f3b Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-05gtpu: RX offload for IPv6 payload supportingChenmin Sun3-8/+38
this patch adds the offloading capability for the IPv4 GTPU tunnel which the next-node is assigned as IPv6 Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ie39cd43058d36514656351dc6e906a19d5de89c0
2020-05-05flow: explicitly convert RSS function types in dpdk_pluginChenmin Sun1-1/+34
explicitly convert RSS function types from vnet_rss_function_t to rte_eth_hash_function to avoid these two types go out of sync in the future... Type: fix Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Ic09f6bb7f2cfbcf7cc4d380e51554b7f2b7a3b90
2020-05-05nat: remove unused codeKlement Sekera1-27/+0
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I33b2b38961b200dc3297b82124a7107b9ecbd0de
2020-05-04session: add option to preallocate fifo headersFlorin Coras2-2/+58
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie47546ef36590b90ed481b14cf812afbecf7981c
2020-05-04ikev2: fix string in apiFilip Tehlar1-1/+1
Type: fix key file name should be a string and not array of u8. Change-Id: I7d280d2397030e73732b374ad9d3146fad0bb19f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-05-04fib: midchain adjacency optimisationsNeale Ranns2-15/+0
Type: improvement - inline some common encap fixup functions into the midchain rewrite node so we don't incur the cost of the virtual function call - change the copy 'guess' from ethernet_header (which will never happen) to an ip4 header - add adj-midchain-tx to multiarch sources - don't run adj-midchain-tx as a feature, instead put this node as the adj's next and at the end of the feature arc. - cache the feature arc config index (to save the cache miss going to fetch it) - don't check if features are enabled when taking the arc (since we know they are) the last two changes will also benefit normal adjacencies taking the arc (i.e. for NAT, ACLs, etc) for IPSec: - don't run esp_encrypt as a feature, instead when required insert this node into the adj's next and into the end of the feature arc. this implies that encrypt is always 'the last feature' run, which is symmetric with decrypt always being the first. - esp_encrpyt for tunnels has adj-midchain-tx as next node Change-Id: Ida0af56a704302cf2d7797ded5f118a781e8acb7 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-05-04misc: binary api fuzz test fixesDave Barach4-5/+207
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API messages, e.g. by xoring random data into them before processing. We specifically exempt client connection messages, and inband debug CLI messages. We step over msg_id, client index, client context, and sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn anything. The goal is to reduce the number of crashes caused to zero. We're fairly close with this patch. Add vl_msg_api_max_length(void *mp), which returns the maximum plausible length for a binary API message. Use it to hardern vl_api_from_api_to_new_vec(...) which takes an additional argument - message pointer - so it can verify that astr->length is sane. If it's not sane, return a u8 *vector of the form "insane astr->length nnnn\0". Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...) and vl_api_dhcp6_pd_send_client_message_t_handler(...). Add a fairly effective binary API fuzz hook to the unittest plugin, and modify the "make test" framework.py to pass "api-fuzz { on|off }" to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
2020-05-04nat: per vrf session limitsFilip Varga9-29/+310
Type: improvement Change-Id: I170256ab47978db34fb0ff6808d9cd54ab872410 Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-05-03tests: vpp_interface remove deprecated packed propertiesPaul Vinciguerra2-18/+19
The api no longer requires packed ip addresses. Type: test Change-Id: If67365d86b7c3189f871a58234e99f9c8f875371 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-30hsa: bind af-unix socket only for echo testsFlorin Coras1-60/+77
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6da8cc7c4577d199e9dc0aa52c73b1230a380018
2020-04-30flow: add l2tpv3oip flowChenmin Sun1-9/+45
This patch adds the l2tpv3oip type flow support Have tested on E810 with Intel iAVF driver Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: Icb5114b5f70dd7a63f681e7c6ac802fade8b8cf1
2020-04-30crypto: introduce async crypto infraFan Zhang7-9/+1443
Type: feature Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com> Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
2020-04-30ikev2: use thread local vlib_main in vlib_time_nowFilip Tehlar1-13/+9
Type: fix Change-Id: I8e4a47bd16fa8475ef695c09e3487eabf08faabe Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-04-29misc: switch to clang-9Damjan Marion2-4/+4
Type: improvement Change-Id: Iebf77a63c0c19b130a3fbd26b5293304a9fed4c1 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-04-29hsa: cleanup ifdefs in sock testsFlorin Coras4-532/+168
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1f03d80c4ee2a555dc6baa262d6df4521c1ae818
2020-04-29flow: explicit rss function enum castFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8c0eb5b5b12ffac1ff5dc89cab10bdb8e4be4322
2020-04-28flow: add RSS supportChenmin Sun4-32/+80
This patch enables the RSS configuration through vnet/flow interface With this RSS feature, users can config the RSS functions for specific flows Currently, it supports: default, toeplitz and symmetric_toeplitz rss function, and ipv4-tcp/ipv4-udp/ipv6-tcp/ipv6-ucp flow types Users can use the following options to combine with above flow types for more specific hash input set selection: l3-src-only, l3-dst-only, l4-src-only, l4-dst-only Command line: test flow add dst-ip any proto udp rss function default rss types ipv4-tcp use l3-dst-only test flow add dst-ip any proto udp rss function toeplitz rss types ipv4-udp use l4-src-only test flow add dst-ip any proto udp rss function symmetric_toeplitz rss types ipv6-udp use l3-src-only and l3-dst-only Type: feature Signed-off-by: Chenmin Sun <chenmin.sun@intel.com> Change-Id: I213efc76dc8af37f2f63605884f353e05b0f5d2a
2020-04-28nat: remove unused codeKlement Sekera1-9/+0
Type: refactor Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I0f82d937b4829e5a7f074d4d566fa49319a11716
2020-04-28vppinfra: improve test coverageDave Barach2-0/+77
Bonus corner-case bugfix in bitmap.h, found during the exercise. Issue dates from 2001 or thereabouts. Please review this specific change carefully. lcov_post: filter system include directories and generated files in build-root Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Iaa0b63e9dc571dfe3d992197ac49ba4d93403c61
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra3-10/+10
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-28tls: fix wrong usage of session close function issueSimon Zhang1-1/+1
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I5a73e45e5b8a6a97c068e1ca108d8f8a2c1c0f90
2020-04-27vlib: deprecate i2c and cjDave Barach4-4/+0
i2c follows its only use case - the original 82599 driver - into extras/deprecated. cj is/was an emergency debug tool unused in several years. Move to extras/deprecated/vlib Type: refactor Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib55b65373f62630db295c562974bd8f2456c3107
2020-04-27ioam: do not reuse existing vnet symbolBenoît Ganne1-2/+2
vxlan_gpe_init() is already defined in libvnet. When loading ioam plugin we end up having 2 different objects using the same symbol. ASan in GCC-10 started to enforce the One-Definition-Rule and it seems like good hygiene anyway. Type: fix Change-Id: I2ea9af1821bca6482a290742e9a109fc25692f37 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-04-27rdma: tx: interleave prefetchesBenoît Ganne1-24/+13
Type: improvement Change-Id: Ic2d9b17cf5e524f3ad2a3c5343fe1230aa360e73 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-04-27nat: improve perf - long read after short writeKlement Sekera7-363/+424
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Idbbad246161d28f595c25e10d7282c8b33fa9876
2020-04-26dhcp: fix dhcp proxy behavior for qinq and dot1q subinterfacesStanislav Zaikin2-14/+57
Previous behavior worked only when subinterface ID matches with dot1q tag and doesn't work at all in QinQ case. In this patch I'm checking how subinterface is configured. Type: fix Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com> Change-Id: I7a662a0442fdc8e68aba5d6f469f3b1139a4bc2d
2020-04-24acl: ACL creation CLI parsing fixNeale Ranns1-2/+4
Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I026f0d8385b538e543bae0c1f7e56e49e4713ba1
2020-04-24nat: ignore user hash in ED NATKlement Sekera8-362/+273
With port overloading, port is no longer a scarce resource and there is no need to limit connections per internal IP. This saves one hash insert in slow path. Type: improvement Change-Id: I8a7a9713ac855fa99fa1617ec684f757cf6e09ae Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-24nat: make usage of vnet_buffer2 transparentKlement Sekera5-21/+13
Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I50df248afb3f6b46c49e6695b3f124cfd584f016
2020-04-24nat: ED: reduce number of hash tables usedKlement Sekera5-212/+210
Use out2in_ed hash table for port overloading tracking instead of global table. This reduces number of hash insertions in slowpath. Type: improvement Change-Id: Iad4e897d52033beb7f6d76a7ddb596eef586c6cb Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-04-24nat: fix extended unit testsKlement Sekera1-2/+2
Type: fix Fixes: b86437b79b82493c2e9728929df417f55b153824 Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: I2c833928dcdceb4d23dfc161bcc3358272076980
2020-04-24ip: Setting the Link-Local address from the API enables IPv6 on theNeale Ranns2-3/+3
interface Type: fix Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0b7c189006e30a357cd6be4f3c9c61fded4157cb
2020-04-23nat: add/del ed_ext_ports only if the table is instantiatedDave Barach1-4/+6
Add a suitable ASSERT in the bihash template in case this happens again. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: Ib370d4238f6bae2995bc30fd17fad5c41053c3d1
2020-04-23ip: Replace Sematics for Interface IP addressesNeale Ranns1-66/+85
Type: feature - replace functions for prefixes attached to interfaces - add ip_interface.[ch] to consoldate the functions Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9c0c39c09dbf80ea1aadefee02c9bd16f094b6ad
2020-04-22svm: asan: fix asan supportBenoît Ganne1-2/+2
- restrict the unittests SVM address space to what is supported by ASan - mark SVM mmap()ed address space accessible for ASan - SVM shared memory heap scheme means some allocation can happen outside the current process. Lazily mark those accessible for ASan Type: fix Change-Id: I7c196c80b2a5297651d0afa54f1a8e478fcf59b1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-04-22misc: fix coverity warningsDave Barach1-2/+3
Type: fix Ticket: VPP-1837 Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I9ec87d2293d8f92c3e488a0f61083cf815ac496c
2020-04-22misc: asan: do not poison memory after munmap()Benoît Ganne1-2/+0
It is a bad idea to poison memory after munmap because the address space can be reused (eg. for global data of dlopen()ed object) and ASan model allows access by default. Moreover, access to a stale address space will fault. Type: fix Change-Id: I356de422f255447d9d50a3a71fb0c2eaa790d731 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-04-22devices: Adding ConnectX-6 DX Device ID for validationAmir Zeidner1-2/+7
Type: fix Change-Id: I3c7ebbe91e7dffe9fd6851e5334fe920f2187cf0 Signed-off-by: Amir Zeidner <amirzei@mellanox.com>
2020-04-21nat: dslite ce mode in separate config entryVladimir Ratnikov2-4/+20
Previously dslite was moved to separate plugin folder and CE mode was removed. But it still needed. This patch adds CE option to separate config entry Type: feature Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: If153ae08fa385ba5a6605cb412e49bbb4d1db46c
2020-04-21vppinfra: bihash improvementsDave Barach1-6/+6
Template instances can allocate BIHASH_KVP_PER_PAGE data records tangent to the bucket, to remove a dependent read / prefetch. Template instances can ask for immediate memory allocation, to avoid several branches in the lookup path. Clean up l2 fib, gpb plugin codes: use clib_bihash_get_bucket(...) Use hugepages for bihash allocation arenas Type: improvement Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Damjan Marion <damarion@cisco.com> Change-Id: I92fc11bc58e48d84e2d61f44580916dd1c56361c
2020-04-20svm: check if fifo free list index is valid on allocFlorin Coras1-12/+29
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Benoît Ganne <bganne@cisco.com> Change-Id: Ib85c2f01dc7ec9858f2f88b89e209f989d78c5d9
2020-04-20nat: remove unused codeKlement Sekera5-484/+3
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: If5c00faa309cf3e1ea8bdf8b23250041f6a499c4
2020-04-20gbp: fix l3-out anonymous test cleanupBenoît Ganne1-3/+13
Type: fix Change-Id: Ib455b0a57f9b4f9cb82bb295c220270d0c6e5fe5 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-04-20tls: fix Picotls tx hang issueSimon Zhang1-2/+2
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Id84fbe412c99b39a0754b892ca971dd3e4434264
2020-04-17dpdk: fix udp-encap for esp in transport modeAlexander Chernavin2-10/+9
Now UDP encapsulation doesn't work in transport mode because: - the encrypt node misses filling of UDP header and it gets sent with all zeros; - the decrypt node misses filling of new IP header and it contains garbage data. With this commit, fill UDP header during encryption and fill IP header during decryption. Change-Id: I87a7bd594f0e312b16d3e5eb19e568b4e3164d36 Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com>