summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2021-02-09crypto: fix bad-hmac in sw scheduler if async modeAlexander Chernavin1-0/+1
When IPsec async mode is enabled, packets don't pass through the tunnel if ciphers other than AES GCM are used for child SAs. An error that arises is "bad-hmac" in the "crypto-dispatch" node. On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set for the integrity crypto operation when it's not supposed to. It seems that the flag remains from the previous operation. With this change, zero flags of crypto operations in the SW scheduler during operation filling. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
2021-02-09gbp: fix typo in macroPaul Vinciguerra2-7/+7
Type: fix Change-Id: I1f8245e8cccacb5bbb511aef39e31d0a76bba95f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2021-02-09nat: bump default max translations to 63KKlement Sekera1-1/+1
Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ibea7ec844d1d910e8a3235e11154b1ecea8302ac
2021-02-09nat: deny adding intf addr if static-mapping-onlyAlexander Chernavin1-0/+8
If static-mapping-only is enabled, NAT pool cannot be configured, only static mappings. There're two ways to add addresses to the NAT pool: by address range, or by first found address from an interface. NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If static-mapping-only is enabled, adding addresses by range is rejected but by interface not. With this change, if static-mapping-only is enabled, do not allow to add addresses to the NAT pool both ways. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29
2021-02-09nat: fix coverity errorsOle Troan3-7/+6
Including a general missing free in fromjson autogenerated code. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: I9ab2b0193135e2fb3d62d51b3c114df56969e341 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-09nat: improve type safety and remove unused paramKlement Sekera3-96/+76
Type: improvement Change-Id: I456f9b14e6a4eb46c9c49f6e09acccae530e4ebc Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-02-09Revert "ipsec: Use the new tunnel API types to add flow label and TTL copy"Matthew Smith2-43/+29
This reverts commit c7eaa711f3e25580687df0618e9ca80d3dc85e5f. Reason for revert: The jenkins job named 'vpp-merge-master-ubuntu1804-x86_64' had 2 IPv6 AH tests fail after the change was merged. Those 2 tests also failed the next time that job ran after an unrelated change was merged. Change-Id: I0e2c3ee895114029066c82624e79807af575b6c0 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-02-08ipsec: Use the new tunnel API types to add flow label and TTL copyNeale Ranns2-29/+43
support Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I6d4a9b187daa725d4b2cbb66e11616802d44d2d3
2021-02-08tests: allow for externally supplied VPP workers config for testsAndrew Yourtchenko1-0/+2
Allow to supply the external VPP worker config for tests which do not specify the workers config explicitly, and use the tags infra to flag those that need attention in this configuration. This commit shows one example use of such a tag, there will be a separate commit with the rest of the places needing it, since that change is rather mechanical. Thus, the assumption is that the test should by default be agnostic of the VPP configuration, unless it explicitly specifies so. Type: test Change-Id: I3c0077e4e22a75cb9561fb98d3b783b93486b2be Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-08ping: fix aborting on keypressIvan Shvedunov1-2/+3
Type: fix Currently ping stops on events like SOCKET_READ_EVENT, which makes it hard to use over e.g. govpp as it aborts immediately most of the time. With this patch, ping only stops upon real CLI read / quit events. Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: Id7a8d0b0fdeb7bbc7b85240e398d27bd5199345b
2021-02-08misc: support api generated dependency for multiarch sourceOle Troan2-0/+5
Fix dependency issues where multi-arch file is using API generated file. Type: improvement Change-Id: I5d4af7a630529bc138c35841723e38938f36d963 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-07flowprobe: set collector port for data from settingjan_cavojsky1-2/+2
Type: fix Ticket: VPP-1859 Signed-off-by: jan_cavojsky <Jan.Cavojsky@pantheon.tech> Change-Id: Iaa5045001621ec99dc8579e8e989adf81dc60525
2021-02-05session svm: non blocking mqFlorin Coras2-16/+5
Avoid synchronizing producers and the consumer. Instead, only use mutex or spinlock (if eventfds are configured) to synchronize producers. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie2aafbdc2e07fced5d5e46ee2df6b30a186faa2f
2021-02-05nat: 1:1 policy NATOle Troan14-0/+2437
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-05ikev2: fix bad ip in logsFilip Tehlar1-5/+9
Type: fix Change-Id: Icd01491043e9fd1bb8f51f4f55e1252fd78512de Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-05nat: configurable handoff frame queue sizeElias Rudberg7-6/+171
Make number of worker handoff frame queue elements configurable as a set nat frame-queue-nelts command. The default value is 64 which is the same value that was previously hard-coded. The idea is that allowing larger values can be useful in some cases, to avoid congestion drops. Also add nat_set_fq_options API support and a corresponding test case. Type: improvement Change-Id: I5c321eb2d7997f76fac2703d9c4a5b2516375db3 Signed-off-by: Elias Rudberg <elias.rudberg@bahnhof.net>
2021-02-05tests: ikev2: non-default table id testFilip Tehlar1-0/+33
Test whether responder sends info requests using correct ip table Type: test Change-Id: I9e97576f9d80686961f92de3cbc3e6f8d6341587 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04ikev2: add hint to the log when IDs do not matchFilip Tehlar1-1/+10
Type: improvement Ticket: VPP-1908 Change-Id: I1d86ea18fcb6174b86c449d5d9403fd0e5715318 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04ikev2: fix msgidFilip Tehlar1-0/+1
Type: fix In responder initialize msgid in requests to 1 as the previous value (0) was causing retransmision on the initiator. Change-Id: I8f5b84331ecac5943129f4c9a377076768fec455 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-02-04crypto-ipsecmb: add support for AES CTRBenoît Ganne1-36/+40
Type: feature Change-Id: Ide2901f5d2111a518b2c8212aa84468cef1d72ca Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-04nat: reduce number of hash tables for EI NATKlement Sekera9-141/+141
Making code more simple and storing thread index along with session index as a preparation step for fixing thread safety patches. Type: improvement Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Ib0c531e9f1f64b1f1ee912d4a83279200638e931
2021-02-04api: Fold the empty pool check into the main macroNeale Ranns1-6/+0
Type: improvement the empty pool chekc is always required, so make it alwayd happen. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3879e752036a7dd49fff7e16dc6d9ea02563aa7a
2021-02-04linux-cp: Linux Interface Mirroring for Control Plane IntegrationNeale Ranns15-0/+3555
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa
2021-02-04vlib: increase the stats epoch only when necessaryMiklos Tirpak2-0/+263
When the counter vectors are validated and they are already long enough to fit the given index in memory, there is no need to increase the stats segment epoch. In this case, the counter vectors do not change as a result of the validation. This optimization is necessary for the case when the configuration is changed at multiple thousands per second rate. The counter vectors grow at the beginning and their size stabilizes after a while. Without this improvement, it can still take several seconds for a stats reader to succeed. Type: improvement Signed-off-by: Miklos Tirpak <miklos.tirpak@gmail.com> Change-Id: I5a6c30255832716a1460018d0bd0f63031de102b
2021-02-03vppapigen: Support an 'autoendian' keyword for message definitions inNeale Ranns2-3/+1
.api files Type: feature Make the auto-endian nature explicit, rather than hidden in the x_api.c file. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ibe647117ceeaf6f99a38a96576a5a41a3cbb1615
2021-02-01quic: clean setup_cipher functionMathias Raoul1-10/+11
Type: fix Change-Id: I02e473440a8732ddfb1a13ad6552779adaa67f60 Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2021-02-01docs: fix up the markdownAndrew Yourtchenko1-1/+1
Type: docs Change-Id: Ia541839e1f1ceddfae4579dece43b9cc820702e2 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit de569048a504cf211d80b86882e6781684301790)
2021-02-01fib: Changes to interpose sourceNeale Ranns1-3/+149
Type: improvement 1) stack the interpose on any path-extensions (e.g. labels) from the next best source 2) allow more than 1 source to contribute a DPO for a given prefix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Idc2fbb36cfbd2387081765d8af0f1fbe61612160
2021-01-28cnat: Fix session with deleted trNathan Skrzypczak3-9/+3
Type: fix When a translation gets deleted, hiting a session pointing to it sefaults. We're better off directly storing the next node index. Change-Id: I4f0716d775202b4ecf54d6cdb827bbeebd23056c Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28cnat: Fix throttle hash & cleanupNathan Skrzypczak5-106/+67
Type: fix This fixes two issues : - We used a hash to throttle RPC for adding fib entries, but as we rely on a refcount, we cannot accept loosing an entry, which could happen in case of a collision. - On client cleanup we weren't freeing the fib entry correctly which resulted in crashes when recreating an entry. Added a test that ensures proper cleanup Change-Id: Ie6660b0b02241f75092737410ae2299f8710d6b9 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-28ip: Router ID included in flow hashNeale Ranns1-4/+4
Type: feature A device/router needs to have a unique ID which is included in the flow has so that flows are not polarised through the network, i.e. each deice in the network chooses the same nth link for the same flow. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I963e03674adbb085902b4084fdc4886b88f5734c
2021-01-28crypto-openssl: fix iv size for AES CTRBenoît Ganne1-68/+69
Type: fix Change-Id: I79258a95cfb75587685dffae671255063f57cbef Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-27ikev2: add per SA statsFilip Tehlar7-15/+68
Type: feature Change-Id: Ic502d806410ea3c8f3f1eac70b694114ccb053bf Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-01-26interface: remove vnet_device_input_runtime_tMohammed Hawari2-13/+13
Change-Id: I85a463b4ca15baf11e3eb70189f5190ba2585170 Type: refactor Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-25svm: add custom q implementation for mqFlorin Coras2-4/+3
Add separate queue implementation for the message queue as it's custom tailored for fifo segments as opposed to binary api. Also move eventfds to the private data structures. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
2021-01-25crypto-ipsecmb: more explicit errors reportingBenoît Ganne1-4/+24
Use error counters related to ipsec-mb return codes instead of 'bad-hmac' only. Type: improvement Change-Id: I9329da300a70d76b4d4ab30fa45f0a2a85d6519b Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-22quic: quicly v0.1.2 updateMathias Raoul7-616/+388
- update quic plugin with new quicly/picotls API - remove packet allocator - remove crypto batching - update picotls plugin - add cli for quicly congestion control configuration Type: feature Change-Id: If76ef31c43b430eea2f7674539b2112aee0f351e Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2021-01-22tests: add generalized tags for tests, use them for run-solo testsAndrew Yourtchenko4-16/+8
We have accumulated several scenarios in prod or wishlists where it would be useful to have a general infra to say yes/no about a certain test, and potentially make decisions based on that, for example: - runs solo (aka 'time-dependent') - (wishlist) part of quick smoke-test set - (wishlist) intermittent failure unrelated to timing - (wishlist) test broken with a multi-worker config in vpp Refactor the current "run-solo" code to allow for this extension. Type: test Change-Id: Ia5b3810e57c0543753c8e0dc4dc0cfb4a30b36ac Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-21dpdk: do not use TSO for small packetsSomnath Kotur1-2/+5
Asking for TSO (TCP Segmentation Offload) on packets that are already smaller than (headers + MSS) does not make sense and may not work on some HW. Fix to only set the TSO flag when a segmentation offload is really required, i.e when packet is large enough. Type: improvement Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com> Change-Id: I7830ae8474581c8e518fb4910f7863e10346bb62 Signed-off-by: Somnath Kotur <somnath.kotur@broadcom.com>
2021-01-21avf: use write combining store for queues tail updateRadu Nicolau3-2/+13
Performance improvement: on supported platforms, currently only Intel Tremont, use a write combining store to update the tail pointers. Also, Tremont node variant is added for all. Type: improvement Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: Ie9606e403b7d9655184f778e3ffee3027c8c9edd
2021-01-21rdma: adapt to new vnet rxq frameworkMohammed Hawari3-27/+30
Change-Id: Id539d36635f0ab9625dc2fc73630be39bead09af Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2021-01-21memif: adapt to new rxq frameworkMohammed Hawari3-61/+59
Change-Id: Ifa8bccd8a34ec1b14e772ee53757e9083373e3de Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: feature
2021-01-21af_xdp: update interrupt mode to new infraBenoît Ganne3-36/+86
Type: improvement Change-Id: Icb23af5f5e458a555f416cb0a829e84646b25dd9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-21marvell: adapt pp2 to new rxq framework.Mohammed Hawari2-9/+11
Change-Id: I8759a07a24692b8b418ef8eb2025b61a62d2dda1 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-21interface: rx queue infra rework, part oneDamjan Marion10-63/+87
Type: improvement Change-Id: I4008cadfd5141f921afbdc09a3ebcd1dcf88eb29 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-01-21perfmon: added cache hits and missesRay Kinsella2-0/+70
Added basic support for counting cache hits and misses per node. Type: improvement Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: Ic566611fd3d4246ccaa2117d8f74a569a6862e80
2021-01-21dpdk: terminate device devargs stringMatthew Smith1-1/+2
Type: fix When a device is whitelisted with devargs arguments specified, the string that is generated and added to conf->eal_init_args is not explicitly terminated with 0. If the formatted string takes up all of the memory allocated to the vector which stores it and it is used later as a string in a format() or printf() call, any nonzero characters stored in memory at the address immediately following the memory allocated for the vector will be erroneously appended to the string. Terminate the string with 0 to ensure that this does not happen. Change-Id: I20a78d994daad93bf5aecab5c03d705022e882ec Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2021-01-21dpdk: add support for system libdpdkNathan Moos1-85/+96
Type: improvement This patch enables dynamically linking the dpdk plugin against a system-wide packaged version of dpdk. Change-Id: I2276d125f39986b0e1788c7b52b94485cdbcd855 Signed-off-by: Nathan Moos <nmoos@cisco.com>
2021-01-21ip: Use correct enum type in ip_address_setNeale Ranns3-6/+7
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ice2bc42838e6d5ba579f449c3f8b0feffebeb719
2021-01-21ip: use IPv6 flowlabel in flow hash computationAhmed Abdelsalam1-4/+4
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation Type: improvement Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e