summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2020-02-07svm: use default SVM address in fifo unit testsBenoît Ganne1-1/+2
Using random addresses can confuse AddressSanitizer Type: fix Change-Id: I44368093f899672ac4d511cc5a01ed87c988e63a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-02-07quic: fix coverity warningMathiasRaoul1-2/+1
Type: fix Change-Id: I24aac10a2943151d5b2fe96a0dff1c5beb7340b9 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-02-07nat: api & cli command for forcing session cleanupFilip Varga4-0/+98
Ticket: VPP-1836 Type: feature Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: I8f7fc011bac435445a8916a4948d130ca9162f67
2020-02-06hsa: proxy wnd update only if enough space is availableFlorin Coras1-0/+16
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2874d3afbf4cc89209b605c35ca4a5bc5b6868b3
2020-02-06quic: fix coverity warningMathiasRaoul1-2/+2
Type: fix Change-Id: I7299b3b0a6d32c1cbe213dc1aadb8260cdec8062 Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-02-05vppinfra: numa vector placement supportDave Barach1-2/+4
Type: feature Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I7e7d95a089dd849c1f01ecea84529d8dbf239f21
2020-02-05nat: move dslite to separate sub-pluginOle Troan19-763/+775
Type: refactor Change-Id: If3d9f16f3a06c10b354f1eef674e8db5f3c44de7 Signed-off-by: Ole Troan <ot@cisco.com>
2020-02-05dpdk: use port_id as interface name suffix for representorsHaggai Eran1-1/+7
Type: feature Representor devices include a port ID as part of their switch_info struct, and it is helpful to use that in the interface name. Signed-off-by: Haggai Eran <haggai.eran@gmail.com> Change-Id: Id24627e7daf857f8b0e8ace2f592c098678081c7
2020-02-05dpdk: output switch informationHaggai Eran1-0/+21
Type: feature Output DPDK switch information to allow finding out which DPDK ports are associated with which DPDK representor ports. Signed-off-by: Haggai Eran <haggai.eran@gmail.com> Change-Id: I612cbd5a97e04787eca13423f53c7283d5945e37
2020-02-04nat: pool allocation function fixFilip Varga1-1/+1
Type: fix Change-Id: I75b20db66fb58e1724a212253c51315836079f4b Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-02-04ip: translate fragmented icmp to fragmented icmp6Alexander Chernavin1-7/+32
The first translated ICMPv6 packet of a fragmented ICMP message does not have a IPv6 fragment header. All subsequent have. With this commit, add a IPv6 fragment header to the first translated ICMPv6 packet. Type: fix Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-02-03tls: refactor for tls async event handlingYu Ping4-196/+162
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-31quic: quicly crypto offloadingMathiasRaoul4-57/+579
- Implement our own quic packet allocator to allocate more memory at the end of the packet to store crypto offloading related data - 1RTT packets offloading encryption/decryption using vnet crypto - Add cli to change max packet per key Type: feature Change-Id: I7557fd457d7ba492329d5d8ed192509cbd727f9c Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>
2020-01-31crypto-native: add ARMv8 AES-CBC implementationDamjan Marion7-367/+756
Type: feature Change-Id: I32256061b9509880eec843db2f918879cdafbe47 Signed-off-by: Damjan Marion <dmarion@me.com>
2020-01-31quic: update quicly to v0.0.10-vppMathiasRaoul1-1/+1
Type: feature Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com> Change-Id: I5452f8bbd0ff9e2a57f7bd7d134a8824efa5f30a
2020-01-30crypto-native: refactor AES codeDamjan Marion4-166/+169
- use neutral types in preparation for ARMv8 support - simplify x86 key extraction support Type: refactor Change-Id: I947eb37b8c9d9ee6909bb32ef14c4de192d40a46 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30misc: deprecate dpdk hqosDamjan Marion11-3355/+0
Not in functional state for a long time ... Type: refactor Change-Id: I2cc1525a6d49518cbc94faf6afbf0d2d0d515f56 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30misc: deprecate netmap and ixge driversDamjan Marion3-4250/+0
Both are out of sync for long time... Type: refactor Change-Id: I7de3170d35330fc172501d87655dfef91998b8fe Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-30map: Add several more MAP-T BR testsJon Loeliger1-8/+294
Add several more MAP-T BR tests for normal packet flow. Type: test Change-Id: Ica880dd23c923795279e9d08dca2796f2925069a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30vcl session: propagate cleanup notifications to appsFlorin Coras1-0/+9
Type: feature Change-Id: I7f8e3763d7f8364563a25d0fcc782976b906b325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger2-2/+279
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-30map: handle ip4 ttl=1 packets in map-tAlexander Chernavin3-10/+20
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-30crypto-native: don't expand aes-cbc keys twiceDamjan Marion2-11/+7
Type: refactor Change-Id: If0d9ec70f9e8c228c39505864a4a73bf94b67479 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-29tests: add map-t fragmentation verificationsAlexander Chernavin1-10/+36
Type: test Change-Id: I5522e88ee178d0563c246895393e835d125f1b81 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-28dhcp: disable extraneous vlib_log spewDave Barach1-9/+12
When there are no dhcp client interfaces configured, it's not useful to make periodic / timeout log entries. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Change-Id: I16b68fe15ad9de789e49ad1b782b3b0e536bad60
2020-01-28hsa: proxy rcv wnd update acks after full fifosFlorin Coras1-6/+87
Avoid rcv wnd probing after zero window advertisments by registering for tx dequeue notifications and forcing acks that open the rcv wnd. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8f33e3cf917f8c83d412f370ca66013aa4cd6e67
2020-01-28crypto-native: rename crypto_ia32 to crypto_nativeDamjan Marion8-93/+93
Type: refactor Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-28map: ip4-map-t more RFC compliantVladimir Ratnikov1-8/+20
When MTU is not set, ignore_df and mtu check always returns true and packets are dropped. This patch puts MTU checks after it was compared with 0 and set to maximum if not set. Added trace node. If MTU is less than the total length value of the IPv4 packet plus 20, the translator MUST send an ICMPv4 "Fragmentation Needed" error message to the IPv4 source address Type: fix Fixes: 87663cdf644fb7c94c0fec9460829b7e4e7c35ca Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I35b99bc2648984cdbf5b6a57ddec91c586b15bef
2020-01-27crypto-ia32: add VAES support for AES-CBCDamjan Marion5-50/+249
Type: feature Change-Id: Ic8aa6c48913677537301971469f9627b70c1cec8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-01-27sr: fix possible null-pointer dereferenceIgnas Bacius1-9/+26
Steps to reproduce VPP crash: 1. configure localsid End behavior 2. ping the localsid address Type: fix Signed-off-by: Ignas Bacius <ignas@noia.network> Change-Id: Id780e0875ec9cdb25252217990919fb3dddbf06a
2020-01-27ipip: Multi-point interfaceNeale Ranns1-1/+1
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
2020-01-27tunnel: Common types for IP tunnelsNeale Ranns1-1/+2
Type: refactor Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I18dcdb7af3e327f6cacdbcb1e52b89f13d6ba6e2
2020-01-27map: api: fix tag overflow and leakBenoît Ganne2-4/+6
The 'tag' parameter is expected to be a NULL-terminated C-string in callees: - make sure it is null-terminated in both API and CLI cases - do not allocate & copy the string into a non-NULL-terminated vector in API case - fix leak in CLI case Type: fix Change-Id: I221a489a226240548cdeb5e3663bbfb94eee4600 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-01-27docs nat: fix nat-ha ascii artPaul Vinciguerra1-0/+2
See: https://docs.fd.io/vpp/19.08/nat_ha_doc.html Type: docs Change-Id: I43ecf1dfb6976ebafee04d820f0e1b07393a0b93 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-01-24nat: in2out-output nodes work with acl reflectMatthew Smith2-2/+107
Type: feature The current feature ordering of NAT44 nodes with respect to the ACL plugin's IPv4 input/output features is: ip4-output: acl-plugin-out-ip4-fa runs before any NAT44 nodes ip4-unicast: acl-plugin-in-ip4-fa runs before any NAT44 nodes ACL rules with action permit+reflect can keep track of outbound flows and allow the replies inbound without an explicit inbound rule. If ACL permit+reflect rules are configured on an interface that also has NAT44 configured with output-feature/postrouting translation of outbound packets, the ACL rules cannot allow inbound packets. The ACL state that was stored on the outbound flow contains the IP addresses of the original packet, prior to translation. The inbound packets are being evaluated by the ACL node using the translated addresses. The order of processing inbound needs to be the opposite of what it was outbound for this to work. Change the NAT44 features on ip4-output so that they run before outbound ACL nodes. This matches the existing behavior of the NAT44 nodes which rewrite source addresses as an input feature instead of an output feature. This was only done for endpoint dependent mode because the regular endpoint independent in2out-output node currently selects an explicit next node rather than using the next node on the feature arc. Unit test added to configure both NAT and an ACL and ensure that out2in packets matching an in2out flow are permitted by the ACL and translated by NAT. Change-Id: Ibd679c28b64c3fc3cc8c0606ea93123e384e839f Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2020-01-23srv6-mobile: fix the converity issueTetsuya Murakami1-26/+21
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: I358a290f4ac121f075f7ee52941beabe478bfba0
2020-01-22ipsec: re-enable DPDK IPSec for tunnel decap/encap (VPP-1823)Neale Ranns4-5/+27
Type: fix Change-Id: Iff9b1960b122f7d326efc37770b4ae3e81eb3122 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-01-22hsa: proxy app fixesFlorin Coras1-33/+15
Type: fix Change-Id: Icb4b331c9346d3781f4ddd6f62891c78d4059c1f Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-01-22nsim: enable output scheduling on main threadDave Wallace2-2/+29
Type: fix Change-Id: I5d47cb9bc7eb7f3c8485e3b42f0701e81d87ba2a Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2020-01-21nat: fix dhcp client on outside interface with output featureAlexander Chernavin2-18/+18
There was an attempt to fix this problem in the commit: d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd But checking the LOCALLY_ORIGINATED flag didn't work because this flag gets reset before it can reach the NAT nodes. With this commit, replace the check for the LOCALLY_ORIGINATED flag with a check to see if the packet is a DHCP broadcast. Type: fix Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-21nat: removed obsolete fragmentation codeFilip Varga1-84/+16
Type: fix Ticket: VPP-1817 Signed-off-by: Filip Varga <fivarga@cisco.com> Change-Id: Id4d694ce636b0a213e65ce27c32a8150df9af0f8
2020-01-17lb: fix that lb_add_del_vip and lb_add_del_as api doesn't work correctlyYulong Pei3-12/+9
Currently if user want to set ip4 address to the api, it must convert to ip6 format, e.g. user want to ip4 "90.1.2.1" but must convert to "::5A01:0201", it is not acceptable, this fix solved the issue. Ticket: FDIO-753 Type: fix Change-Id: I2ffa5a3d38400ee176cf601421074f71fc395f03 Signed-off-by: Yulong Pei <yulong.pei@intel.com>
2020-01-17nat: refactor of port/address allocation functionsFilip Varga8-15/+429
Change-Id: Ie2a3c0f44322dd8415603b7ce51bb72d72769c95 Ticket: VPP-1815 Type: refactor Signed-off-by: Filip Varga <fivarga@cisco.com>
2020-01-15build: install vpp_echo for CSIT QUIC perf testsDave Wallace1-1/+0
Type: make Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: Iddfcce1f662efe63c5a6788a0a604917b1c9d81e
2020-01-15tls: enable async node on demandYu Ping1-3/+1
Type: fix Change-Id: Iab7c65614c94497e8ec5a96624be72c1a139e486 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-15quic: add FEATURE.yamlAloys Augustin1-0/+10
Type: docs Change-Id: Ica60b42e64703879c5c229209e4a4fac278bda31 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2020-01-15srv6-mobile: Revert "srv6-mobile:"Andrew Yourtchenko15-2110/+329
This reverts commit 57584d99dd8a8524db90c67c88525d58879d9b8e. The reasons for reverting: - the documentation seems "work in progress". Also, 500K of pngs should probably go on wiki, rather than in the repo. Please make sure that newly added documentation renders correctly and sensibly as part of the review/commit process. - runner.py seems to contain unit tests, so it should be rewritten in a manner that allows the testing from within CI (including an unprivileged docker container) - the above items, especially the testing one, warrant more work, and at a RC1 milestone time it is probably not a good idea to include a significant patch without proper care. I suggest to prepare it so it is ready for the next release, or cherrypick it for a 20.01.1 release, if having it in stable/2001 is absolute necessity. - when submitting it, ensure that the commit message makes sense, especially having "srv6-mobile:" with no further text should be absolutely avoided. Change-Id: If81441f7ebf11a6ad5638b1327faf18e8ebe6a35 Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2020-01-15tls: add picotls session close processSimon Zhang1-1/+10
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
2020-01-14tcp: handle ack advancement with no holes and renegingFlorin Coras1-1/+35
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9afba8dc9e087b8c436fe568531c02614a577a7c
2020-01-14tests: fix worker thread initializationPaul Vinciguerra1-4/+7
from threading.thread __init__: This constructor should always be called with keyword arguments. If a subclass overrides the constructor, it must make sure to invoke the base class constructor (Thread.__init__()) before doing anything else to the thread. Type: test Change-Id: Ifa89202e97053a4baf19e9a0ca0913430d5087a3 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>