aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-11-17acl-plugin: use ip.save_rewrite_length to calculate IP header offset on L3 ↵Andrew Yourtchenko1-3/+11
egress path L3 egress path does not set the ethernet flags reflecting the count of VLANs, but rather has the offset explicitly, so use that. Change-Id: Id3f6562dcd52ca24137c305f1a1c88c1f125da78 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-11-16acl-plugin: also print human-friendly format of 5tuple in packet traceAndrew Yourtchenko1-0/+22
The original version printed just a few u64s, which is useful for directly working on the code, but not when figuring out what is possibly a config or environment-related issue. So, add printing the 5-tuple struct in a way that is usable by an operator. Change-Id: I84cc3a239cdaff05ed31c3458cea198e38b58e03 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-11-16dpdk: add additional data to TX traceDamjan Marion3-2/+9
Change-Id: I02b2b69db1e2afe62e3d3413034feb3bdcb3123e Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-16dpdk/ipsec: use physmem when creating poolsSergio Gonzalez Monroy3-84/+116
Change-Id: Ic4f797cea6fa21fb29d646256210357cf5267b38 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-11-15memif: fix uninitialized pointer read coverity errorSteven1-0/+2
Set the content of tmp.sock prior to calling memif_msg_send_disconnect. Also fix the problem socket was not close in the same spot due to error encountered. Change-Id: I8f54ebad2250d1944afcc52e71d2a59da05362af Signed-off-by: Steven <sluong@cisco.com>
2017-11-14Fix typos in configure.ac and dpdk/buffer.cDamjan Marion1-8/+8
Change-Id: I74ff693315a3ffc7aa2640f25d906ca0d6da6bc5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-13dpdk: introduce AVX512 variants of node functionsDamjan Marion5-60/+131
Change-Id: If581feca0d51d0420c971801aecdf9250c671b36 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-13NAT: Buufer overflow for memcpy()Ole Troan1-3/+2
Change-Id: I11d1f9507d429ad8b25e9873272ede231623e622 Signed-off-by: Ole Troan <ot@cisco.com>
2017-11-11ACL: Add coding-style-patch-verification and indent.Jon Loeliger1-965/+1260
Change-Id: I2397ada9760d546423e031ad45535ef8801b05e7 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-11ACLs: Use better error return codes than "-1" everywhere.Jon Loeliger1-14/+14
Added two new errors: ACL_IN_USE_INBOUND ACL_IN_USE_OUTBOUND Update ACL tests to expect new, precise return values. Change-Id: I644861a18aa5b70cce5f451dd6655641160c7697 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-11-11dpdk: optimize buffer alloc/freeDamjan Marion1-49/+118
This reverts commit 45a588fa3efaaf52360986360ab1f6827bae3164. Change-Id: I7e541545791f7743ee827bdec8b6fc46cbb0938f Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-11Handle CPU flags from autotools projectDamjan Marion1-1/+1
Change-Id: Id085c1e3cbc7bf03df02755f9e35896cdb57e9e3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-09memif: use clib_socket_t for socket connectionsDamjan Marion4-210/+122
This reverts commit 590acf8fa7af6a8604edd72a32f9f087be52c767. new version includes minor fix for the crash when the interface is deleted. Change-Id: I8fc56eb9145e4d8e1d410206f84e705045898608 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-11-09Port restricted NAT44 (VPP-1048)Matus Fabian2-8/+149
For the MAP-E CE limit port choice based on PSID CLI: nat44 addr-port-assignment-alg map-e psid <n> psid-offset <n> psid-len <n> Change-Id: Iecceee61fca372cb5790c16993a82fbdc9930f0f Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-08memif: do not mask head and tail pointersDamjan Marion3-68/+40
Change-Id: Ie849ab713ff086187c18a91ab32e58207fe94033 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jakub Grajciar <Jakub.Grajciar@pantheon.tech>
2017-11-08ACL plugin support tagged subinterfacesPavel Kotucek2-40/+311
Change-Id: I92b351895c7efb26533c05512b91ead8ddbfb9c8 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-11-08NAT64 to use IPv4 address from interface (VPP-1051)Matus Fabian5-0/+217
Change-Id: I326429c31dea6958a342ee152ef86cb975f4b12c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-07SNAT: IP fragmentation (VPP-890)Matus Fabian13-33/+2999
Translation of fragmented packets. Change-Id: I9b1f2e9433ce273638080f32c2d3bff39c49899d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-07NAT: DS-Lite (VPP-1040)Matus Fabian13-24/+1636
Dual-Stack Lite enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IPv4-in-IPv6 and NAT. Change-Id: I039740f8548c623cd1ac89b8ecda1a6cc4aafb9c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-11-03NAT64: Input feature arc on virtual interface via interface RX DPO.Ole Troan1-2/+44
Change-Id: If2048c7d72048679bc5d0412f3fae109926f759e Signed-off-by: Ole Troan <ot@cisco.com>
2017-11-03Set up P2P flag to gtpu interfaceHongjun Ni1-0/+1
Change-Id: Id01a363bf2b574376651de7bc8f3f7b2bb58c615 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-11-01nat plugin - fix test logicGabriel Ganne1-1/+1
warning found by clang: warning: logical not is only applied to the left hand side of this bitwise operator [-Wlogical-not-parentheses] Change-Id: I964651a4444b11da145edc329da83675cd830f78 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-11-01dpdk/ipsec: align memorySergio Gonzalez Monroy2-5/+7
Change-Id: I2feb3e07c3070e8a525c539dd2feffa0dd1bca21 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-11-01dpdk/ipsec: fix digest physical addressSergio Gonzalez Monroy3-7/+7
VPP-1034 Change-Id: I02b4db9e52446ab8578df1f011dd27f39de64c70 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-31lb plugin tests - wipe flowtable after each unit testGabriel Ganne1-0/+38
Add new cli api: "test lb flowtable flush" which flushes everything. Call this new cli function after the end of each lb unit test. Change-Id: I71d04a7bfba398f7d4dd9cc3ed24bba786943663 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-30Minor copyedit fixes to ACL Hash doc.Jon Loeliger1-7/+6
Change-Id: I7fe34e99f566dd2e0a36a9ba38f894973989ca8a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-10-27acl-plugin: increase the amount of memory for classifier tables used by ↵Andrew Yourtchenko1-1/+1
MACIP ACLs The classifier tables upper bound of memory was just big enough to cause the unittests pass most of the time but not always. Increase the amount of space and run several hundred iterations of unittests to ensure they always pass. Change-Id: Ieb7876c6ebdde1f8c5273dbb9b090f12f2c38915 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-26NAT: delete session API/CLI (VPP-1041)Matus Fabian4-0/+172
Administratively delete NAT44 session for specific inside/outside addresses and port pair. Change-Id: If5ab500ac3592c7153d6d8f2cc0297df7309fbc3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-26acl-plugin: refactor the "show acl-plugin" CLI, use vlib_cli_output() vs. ↵Andrew Yourtchenko1-181/+194
format() The vppctl was getting upset with large chunks of info generated by repeated format() functions, so convert to use vlib_cli_output instead. Also, refactor the show functionality into smaller functions, separate from the input handling. Change-Id: I5d0db5ac45ce4c1b59cd41526b837412e06b1ce0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-25vlib: add support for multiple buffer poolsDamjan Marion6-15/+37
Change-Id: Icaf7d7ad47284aea7a56e8006b69f45874d64202 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-25One armed NAT (VPP-1035)Matus Fabian8-33/+289
Use a single physical interface in order to accomplish NAT44/NAT64. Change-Id: I0c8138953a7a4075df306172e125abad771315e4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-24Add extern to *_main global variable declarations in header files.Dave Wallace10-7/+14
- Global variables declared in header files without the use of the 'extern' keword will result in multiple instances of the variable to be created by the compiler -- one for each different source file in which the the header file is included. This results in wasted memory allocated in the BSS segments as well as potentially introducing bugs in the application. Change-Id: I6ef1790b60a0bd9dd3994f8510723decf258b0cc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-18Plugin for IP-Address to Interface PuntingPierre Pfister6-0/+871
This plugin provides per-ip address to interface punting. When at least one rule is defined, the plugin receives all packets which destination is one of VPP's address but which was not processed by VPP (e.g., a TCP packet on a port that is not open, or a packet for a protocol which is not attached). Based on the set of configured rules, the destination address of each packet is used to send the packet on the associated interface. This plugin allows multiple containers to use VPP's TCP stack (or other features provided by VPP) while still being able to receive additional packets. Change-Id: I3e69bb7d98183bf5163cb9ecb564cb482de252ce Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2017-10-18ipsec: use boolean or vs. bitwise or to avoid compiler errorAndrew Yourtchenko2-6/+6
Ubuntu 17.04, gcc version 6.3.0 20170406 (Ubuntu 6.3.0-12ubuntu2), "make build" fails with the few of the errors below: error: suggest parentheses around comparison in operand of ‘|’ [-Werror=parentheses] is_aead = (sa0->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128 | Solution: use the logical rather than the bitwise or. Change-Id: Iffcc1ed2e68b14b248159cb117593d32c623c553 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-16lb plugin - fix format() type mismatchesGabriel Ganne1-2/+3
* (vip - lbm->vips) is u64; change format from [%u] to [%lu] * vip->plen is u8, but format looks for u32; add exlicit cast (this cast was done implicitely) On ARM platforms, these prevent a loop in the second call to format_white_space() which would get an invalid (huge) indent value; the result *looked like* an infinite loop. Change-Id: I675ef2f98e4ba3d9e8aef12022d38b1d22981da8 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-14NAT: fix delete of sessions for 1:1 NAT if 1 worker (VPP-1023)Matus Fabian1-1/+1
Change-Id: I2446c646de7f227f9438dd7ef93a455ba5af0102 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-14change format_get_indent() to use u32 instead of uwordGabriel Ganne3-4/+4
This follows commit d3c008d108aa2187d1a2afe2833b4de25ca2c2ab by Christophe Fontaine. Change-Id: I0c4df40df44be2ac0ab25817fa050a1f619eca4d Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-10-14plugins/dpdk: align memory to avoid potential segfault and false sharingGeorgina Sheehan1-1/+1
Made Update to src/plugins/dpdk/buffer.c Change-Id: I87bb8f38974a7be274c1b1d205f5513e7d068e48 Signed-off-by: Georgina <georgina.sheehan@intel.com>
2017-10-13acl-plugin: display "::" for INADDR6_ANY on ACL outputSteve Shin2-5/+10
INADDR6_ANY should be displayed as "::" instead of "0.0.0.0"(ipv4 format). Change-Id: I24ec7b6febbfeca5db7ff894f455ecb73d954334 Signed-off-by: Steve Shin <jonshin@cisco.com>
2017-10-13acl-plugin: split the "show" commands and add an option to show ACLs by ↵Andrew Yourtchenko1-317/+407
interface From the troubleshooting perspective, it is nice to immediately know the ACEs for the ACLs applied to an interface, so implement that. To make the CLI more friendly, split each of the "show" variants into an independent _cmd function with the distinct CLI path. Change-Id: I519e4799083c04e8f0fcdf3e262a73493be4b690 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-10-12dpdk/ipsec: coverity fixesSergio Gonzalez Monroy3-8/+8
Change-Id: Ica3bc74ffbb1c0df4e198b0abff8df10cdeb2182 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-10dpdk: fix mempool size calculationDamjan Marion1-2/+3
Change-Id: I5b48310c46ca8a2143b2132110240d7e9a52c25d Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-09vppapigen: support per-file (major,minor,patch) version stampsDave Barach15-0/+26
Add one of these statements to foo.api: vl_api_version 1.2.3 to generate a version tuple stanza in foo.api.h: /****** Version tuple *****/ vl_api_version_tuple(foo, 1, 2, 3) Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Ole Troan <ot@cisco.com>
2017-10-09NAT: hairpinning rework (VPP-1003)Matus Fabian2-14/+114
Change-Id: I7c6911cd6ac366fe62675fd0ff8b0246a25ea1db Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-09NAT: fixed ICMP broken translation for GRE tunnel interface (VPP-1008)Matus Fabian3-31/+27
Change-Id: Ie3245b96c511cc30915e70e8c881f445291a38c2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-06Separate CP and DP fib table for PPPoEHongjun Ni3-56/+66
CP table: link_table DP table: session_table Change-Id: I2adbfd8f6a63d51d00d6dd291f32aebf20d13e4d Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-10-05dpdk/ipsec: rework plus improved cli commandsSergio Gonzalez Monroy8-1658/+2421
This patch reworks the DPDK ipsec implementation including the cryptodev management as well as replacing new cli commands for better usability. For the data path: - The dpdk-esp-encrypt-post node is not necessary anymore. - IPv4 packets in the decrypt path are sent to ip4-input-no-checksum instead of ip4-input. The DPDK cryptodev cli commands are replaced by the following new commands: - show dpdk crypto devices - show dpdk crypto placement [verbose] - set dpdk crypto placement (<device> <thread> | auto) - clear dpdk crypto placement <device> [<thread>] - show dpdk crypto pools Change-Id: I47324517ede82d3e6e0e9f9c71c1a3433714b27b Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-10-04[aarch64] Fixes CLI crashes on dpaa2 platform.Christophe Fontaine7-21/+21
- always use 'va_args' as pointer in all format_* functions - u32 for all 'indent' params as it's declaration was inconsistent Change-Id: Ic5799309a6b104c9b50fec309cba789c8da99e79 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-10-04dpdk: use vpp physmem allocator for dpdk buffersDamjan Marion2-63/+144
This allows us to have single contignuous allocation for DPDK buffers with single mmap FD, so buffer memory can be easily shared with diffrent process. As a consequence dpdk socket-mem is no longer in charge for allocating buffer memory, but still we need some space allocated for dpdk structures so default socket-mem is reduced form 256 to 64 MB. For a default of 16K buffers per numa node, physmem allocation is now 40MB, so basically this change reduces footprint from 256MB per socket to 48 (64 + 40). Change-Id: Ic8cfe83930a18411545b37a12b14aac89affd04f Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-10-04memif: crash on slave modeSteven1-0/+1
Crash was seen on recent image with this BT on top of the stack (gdb) bt full (mif=0x7fffb6226568) at /vpp/build-data/../src/plugins/memif/memif.c:297 ring = 0x0 <<<<<<<<<< i = 0 j = 0 buffer_offset = 65792 r = 0x7fffb5e59f80 alloc = {flags = 1, name = 0x7fffb449f965 "memif region", size = 4260096, numa_node = 0, addr = 0x7fff41dac000, fd = 11, log2_page_size = 12, n_pages = 1041} err = 0x0 __FUNCTION__ = "memif_init_regions_and_queues" The crash happened at this line. ring = memif_get_ring (mif, MEMIF_RING_S2M, i); ring=>head = ring->tail = 0; <===== Please note that the crash is caused by dereferencing NULL rinng. Put breakpoint into the function. I notice that mif->regions[0].shm is not initialized. (gdb) p mif->regions[0].shm $8 = (void *) 0x0 It looks like we forgot to set shm after clib_mem_vm_ext_alloc(). Add the missing cide and the crash is fixed. Change-Id: Ib722a6c241c77acfa8e33962106b57faa50e1ea7 Signed-off-by: Steven <sluong@cisco.com>