summaryrefslogtreecommitdiffstats
path: root/src/scripts/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-06-18ipsec: ipsec-tun protectNeale Ranns1-0/+71
please consult the new tunnel proposal at: https://wiki.fd.io/view/VPP/IPSec Type: feature Change-Id: I52857fc92ae068b85f59be08bdbea1bd5932e291 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne1-2/+2
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26Convert GRE nodes to new buffer APIs and multiarchBenoît Ganne2-0/+124
Change-Id: I3b3c8333287bb704ac7b0bbc81b3dbb059e8d2ac Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-26Simplify adjacency rewrite codeBenoît Ganne1-0/+67
Using memcpy instead of complex specific copy logic. This simplify the implementation and also improve perf slightly. Also move adjacency data from tail to head of buffer, which improves cache locality (header and data share the same cacheline) Finally, fix VxLAN which used to workaround vnet_rewrite logic. Change-Id: I770ddad9846f7ee505aa99ad417e6a61d5cbbefa Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-03-04IPSEC: script to bounce IPSEC traffic through a pipe to test encrypt and decrpytNeale Ranns1-0/+66
Change-Id: I262a9412951b5df616920a8fad16c61eae96d0cc Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-20pg: remove no-recycle optionDamjan Marion39-77/+0
Change-Id: Ic47bde2d08b2719b5c6c87cb2e9a8af0d2160e6e Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-15NAT44: endpoint dependent mode (VPP-1273)Matus Fabian2-1/+49
To enable NAT plugin endpoint dependent mode add following to statrup config: nat { endpoint-dependent } Enable endpoint dependent filtering and mapping for all sessions. Move some existing functionality such as service load balancing, twice nat, out2in-only static mappings and unknown protocol dynamic translations, which use endpoint dependent lookup hash tables before. Basically split to vanilla NAT44 and extra features NAT44. Change-Id: I3925eb5ddcc8f1ec4cf6af4e2a618a7ec7aa9735 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-12-13NAT64: multi-thread support (VPP-891)Matus Fabian2-0/+86
Change-Id: Iebf859b6d86482e4465423bad598eecf87e53ec4 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-10-16udp: refactor udp codeFlorin Coras2-25/+72
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-08-23NAT: Rename snat plugin to nat (VPP-955)Matus Fabian4-10/+10
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-08-04SNAT: fix address and port allocation for multiple worker threads (VPP-925)Matus Fabian1-5/+12
There is a chance to allocate the same outside address and port. Assign a block of port numbers to each worker. Change-Id: I6ef7dc0aab4834705f4e6097c362940d18d747e8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-05-09Add support for tcp/session buffer chainsFlorin Coras1-2/+17
Change-Id: I01c6e3dc3a1b2785df37bb66b19c4b5cbb8f3211 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-05-05First commit SR MPLSPablo Camarillo7-118/+11
Change-Id: I961685a2a0e4c314049444c64eb6ccf877c278dd Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2017-04-13Session layer refactoringFlorin Coras1-1/+2
Major refactoring of the session layer api - Add attatch api for application binding to the the session layer - Simplify listen/connect calls - Update application CLI - Add transport endpoint to accept callback - Associate segment manager to application and allow for multiple binds/connects per app Additional: - svm fifo cleanup - add fifo free, format fns - add fifo offset enqueue unit test Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-13VPP-659 Improve tcp/session debugging and testingFlorin Coras1-0/+4
- event-logging support for tcp and session layer - improvements to uri test code - builtin_server on port 1234 - use the CLOSEWAIT timer when we rx FIN in FIN_WAIT_2 state Change-Id: Ibc445f164b2086b20323bf89c77cffd3059f570f Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dbarach@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-10VPP-659 TCP improvementsFlorin Coras3-3/+28
- builtin test echo server - fix SYN-ACK retransmit canceling - avoid sending spurious ACK if in LAST_ACK - improved client dummy test app - renamed tx fifo dequeuing and sending functions to avoid confusion - improved RST handling Change-Id: Ia14aad3df319540dcf6e6a4e18a9f8d423a4b83b Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-07DHCP Multiple Servers (VPP-602, VPP-605)Neale Ranns1-1/+2
Multiple DHCP (4 and/or 6) servers can be added and removed through multiple calls to the 'set dhcp server' API. All 4/6/ discover/solicit messages will then be replicated to all servers in the list. The expectation is that the servers/system is configured in such a way that this is viable. If VSS information is providied for the clinet VRF which also has multiple servers configured, then the same VSS information is sent to each server. Likewise the source address of packets sent to from VPP to each server is the same. Change-Id: I3287cb084c84b3f612b78bc69cfcb5b9c1f8934d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-03-07CGN: Deterministic NAT (VPP-623)Matus Fabian1-0/+108
Inside user is statically mapped to a set of outside ports. Support endpoint dependent mapping to deal with overloading of the outside ports. Change-Id: I8014438744597a976f8ae459283e8b91f63b7f72 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-03-04Cleanup URI code and TCP bugfixingFlorin Coras2-0/+66
- Add CLI/API to enable session layer, by default it's disabled - Improve rcv wnd computation - Improvements to tx path - URI code cleanup - Builtin test tcp server - Improve src port allocation Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach5-8/+91
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-02-28vlib: add buffer cloning supportDamjan Marion1-8/+11
Change-Id: I50070611af15b2b4cc29664a8bee4f821ac3c835 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-02-21dhcp: multiple additionsNeale Ranns1-0/+21
DHCP additions: 1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default. 2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default 3) Remove the version 2 API since it's now the same as version 1. 4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API) 5) DHCP proxy dump via API Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-02Fix SR multicast post mfib commitNeale Ranns1-0/+58
1 - use the SR policy to construct the replicate DPO. Each bucket therein is a SR tunnel. 2 - install a special mfib entry that links via this replicate 3 - forwarding is now mfib-lookup -> replicate -> sr_rewrite (per-tunnel) no need for a separate sr_replicate node. 4 - Stack the sr tunnel on the forwarding DPO of the first-hop FIB entry. no need for a second lookup post SR encap. 5 - fix some path-list lock leaks in the MFIB entry. Change-Id: I20de96ea4c4be4fae252625bde159d9c435c8315 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns1-0/+22
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-25[re]Enable per-Adjacency/neighbour countersNeale Ranns1-2/+16
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323 Signed-off-by: Neale Ranns <nranns@cisco.com>
2016-12-28Reorganize source tree to use single autotools instanceDamjan Marion77-0/+3645
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23 Signed-off-by: Damjan Marion <damarion@cisco.com>