summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-02-05nat: 1:1 policy NATOle Troan1-2/+2
A NAT sub-plugin doing statically configured match/rewrite on IP4 input or output. It's stateless (no connection tracking). Currently it supports rewriting of SA, DA and TCP/UDP ports. It should be simple to add new rewrites if required. API: pnat_binding_add, pnat_binding_del, pnat_bindings_get, pnat_interfaces_get CLI: set pnat translation interface <name> match <5-tuple> rewrite <5-tuple> {in|out} [del] show pnat translations show pnat interfaces Trying a new C based unit testing scheme. Where the graph node is tested in isolation. See pnat/pnat_test.c. Also added new cmake targets to generate coverage directly. E.g.: make test_pnat-ccov-report File '/vpp/sdnat/src/plugins/nat/pnat/pnat.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_interface_by_sw_if_index 39 8 79.49% 13 0 100.00% pnat_instructions_from_mask 9 0 100.00% 13 0 100.00% pnat_binding_add 64 8 87.50% 31 2 93.55% pnat_flow_lookup 4 4 0.00% 10 10 0.00% pnat_binding_attach 104 75 27.88% 33 6 81.82% pnat_binding_detach 30 5 83.33% 23 2 91.30% pnat_binding_del 97 33 65.98% 17 3 82.35% pnat.c:pnat_calc_key_from_5tuple 9 1 88.89% 14 1 92.86% pnat.c:pnat_interface_check_mask 10 2 80.00% 11 2 81.82% pnat.c:pnat_enable 5 0 100.00% 11 0 100.00% pnat.c:pnat_enable_interface 107 26 75.70% 60 15 75.00% pnat.c:pnat_disable_interface 91 30 67.03% 32 7 78.12% pnat.c:pnat_disable 7 2 71.43% 13 7 46.15% ------------------------------------------------------------------------------------ TOTAL 576 194 66.32% 281 55 80.43% File '/vpp/sdnat/src/plugins/nat/pnat/pnat_node.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------ pnat_test.c:pnat_node_inline 67 11 83.58% 115 1 99.13% pnat_test.c:pnat_calc_key 9 2 77.78% 14 2 85.71% pnat_test.c:pnat_rewrite_ip4 55 11 80.00% 60 12 80.00% pnat_test.c:format_pnat_trace 1 1 0.00% 12 12 0.00% pnat_node.c:pnat_node_inline 63 63 0.00% 115 115 0.00% pnat_node.c:pnat_calc_key 9 9 0.00% 14 14 0.00% pnat_node.c:pnat_rewrite_ip4 55 55 0.00% 60 60 0.00% pnat_node.c:format_pnat_trace 5 5 0.00% 12 12 0.00% ------------------------------------------------------------------------------------ TOTAL 264 157 40.53% 402 228 43.28% Type: feature Change-Id: I9c897f833603054a8303e7369ebff6512517c9e0 Signed-off-by: Ole Troan <ot@cisco.com>
2021-02-05ipsec: add support for AES CTRBenoît Ganne6-139/+182
Type: feature Change-Id: I9f7742cb12ce30592b0b022c314b71c81fa7223a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-02-05interface: RX/TX direction type in APINeale Ranns4-70/+87
Type: feature Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I982205b48615395f19cbb36c73854fb5c3db45e8
2021-02-05vxlan: add udp-port configuration supportArtem Glazychev5-60/+320
Type: improvement Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: Ie30d51ab4df5599b52f7335f863b930cd69dbdc1
2021-02-05sr: Fix the issue that L3VPN SRv6 encapsulated packets could not be forwarded.Tetsuya Murakami3-2/+20
Type: fix Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com> Change-Id: Ia12feee9e46d4951519d5c6f9d1a21d89701dc0f Signed-off-by: Tetsuya Murakami <tetsuya.mrk@gmail.com>
2021-02-04mpls: MPLS Hash fixesNeale Ranns2-8/+9
Type: fix MPLS hash includes the IP hash at the bottom of the stack. Default this to the IP default and use the value passed in to the compute function. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I3f8cb0f7c4fe98ea903a752c2b5fd3d7e26d449a
2021-02-04vlib: "revert startup multi-arch variant configuration fix for interfaces"Damjan Marion3-31/+4
Type: fix This reverts commit 5a48b3b9d88fa2793793e2bf3db8bf156fe2951f. Change-Id: Ifa91b18bdbbc32bb729abc09d95637d9cdf42c3b Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2021-02-04linux-cp: Linux Interface Mirroring for Control Plane IntegrationNeale Ranns2-2/+12
Type: feature please see FEATURE.yaml for details. Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Matthew Smith <mgsmith@netgate.com> Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I04a45c15c0838906aa787e06660fa29f39f755fa
2021-02-04ipsec: one thread index per-SANeale Ranns8-57/+36
Type: improvement AN SA is uni-drectional therefore it can be used only for encrypt or decrypt, not both. So it only needs one thread ID. free up some space on the 1st cacheline. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I21cb7cff70a763cbe2bffead860b574bc80b3136
2021-02-03vxlan: fix interface namingRay Kinsella1-6/+8
Previous commit broke naming of vxlan interfaces. Type:fix Fixes:a4b0541f6 Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I5e304821be73547b4e47c35ad9632283f153830f
2021-02-02policer: add countersBrian Russell4-8/+58
Add counters to the policer against each of the 3 possible results: conform, exceed and violate. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ia98a2f5655df6873259197d6bbf0ff2709b7d60e
2021-02-01fib: Changes to interpose sourceNeale Ranns5-19/+78
Type: improvement 1) stack the interpose on any path-extensions (e.g. labels) from the next best source 2) allow more than 1 source to contribute a DPO for a given prefix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Idc2fbb36cfbd2387081765d8af0f1fbe61612160
2021-02-01tap: fix the interrupt handlingMohsin Kazmi1-3/+4
Type: fix Interrupt are suppressed from kernel on tx path. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I9f39f343b7e16bad09910766adf0b09654721f67
2021-01-29interface: fix interface name overflow in logsBenoît Ganne1-9/+9
hi->name is a non-NULL-terminated vector. Type: fix Change-Id: I1a9f128f24f137b43cb47169677cc4288043fbd7 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-28ip: do policer thread handoff from punt policersBrian Russell3-51/+130
Pass packets arriving at the ip[46] punt policer nodes to punt policer handoff nodes if the worker thread they arrive on is not the same one configured in the policer. Initially, the policer will be tied to the worker thread that it first received a packet on. This will be expanded in future to be a configuration API option. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Ic39d936084c354af1859ad3d946da6cd0f6e34d9
2021-01-28policer: add policer handoffBrian Russell2-0/+81
Add thread handoff for packets being policed. Note that the handoff currently requires the policer index to be passed in. This is suitable for use in the ip[46] punt paths where each policer node will only ever use a single policer. For the more general case, this will be expanded in future to use a policer index stored in packet metadata. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I85a0ecbcfb025f8844e763224cd3de1561249aca
2021-01-28ip: add frame queues to punt policer nodesBrian Russell2-0/+10
The policer is not thread safe. In order that handoff could be performed, add a frame queue to each of the punt policer nodes. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: Iee50267ee7e36f0e6c95b9b43bf651648198b834
2021-01-28policer: add thread index to policerBrian Russell2-3/+8
Add a thread index field to the policer structure. The policer is not thread safe. The thread index will be used to tie it to one worker thread and other workers can use thread handoff. Type: improvement Signed-off-by: Brian Russell <brian@graphiant.com> Change-Id: I650e983a9ed800bf660d6f06368717484c4a83bf
2021-01-28ip: Router ID included in flow hashNeale Ranns9-7/+61
Type: feature A device/router needs to have a unique ID which is included in the flow has so that flows are not polarised through the network, i.e. each deice in the network chooses the same nth link for the same flow. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I963e03674adbb085902b4084fdc4886b88f5734c
2021-01-27vhost: vhost interface hardware address not setSteven Luong3-6/+9
The check args->hwaddr is always true and it always copies the mac address from args->hwaddr even though none was set. Check args->use_custom_mac instead. Type: fix Fixes: gerrit 29970 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I0c51bf1ea79b02c4fbdc3c52e694f186bdd96600
2021-01-26session: clear ct fifo flag prior to notificationFlorin Coras1-6/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6db15780d87426eee852aa020c50cbdf45dc1f95
2021-01-26interface: remove vnet_device_input_runtime_tMohammed Hawari5-419/+1
Change-Id: I85a463b4ca15baf11e3eb70189f5190ba2585170 Type: refactor Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-25svm: add custom q implementation for mqFlorin Coras4-16/+17
Add separate queue implementation for the message queue as it's custom tailored for fifo segments as opposed to binary api. Also move eventfds to the private data structures. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
2021-01-25vlib: startup multi-arch variant configuration fix for interfacesRadu Nicolau3-4/+31
Propagate the multi-arch variant selection to interfaces. Type: fix Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Change-Id: I99c4a7896f172f0d14d2ded22a27383825529a7d
2021-01-22tests: add generalized tags for tests, use them for run-solo testsAndrew Yourtchenko1-24/+7
We have accumulated several scenarios in prod or wishlists where it would be useful to have a general infra to say yes/no about a certain test, and potentially make decisions based on that, for example: - runs solo (aka 'time-dependent') - (wishlist) part of quick smoke-test set - (wishlist) intermittent failure unrelated to timing - (wishlist) test broken with a multi-worker config in vpp Refactor the current "run-solo" code to allow for this extension. Type: test Change-Id: Ia5b3810e57c0543753c8e0dc4dc0cfb4a30b36ac Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-22interface: fix rx-placement api/cli for new infraMohammed Hawari3-72/+90
Change-Id: Ic977ffe761efc2129c61aec581da5479fe4838da Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2021-01-22interface: let drivers control polling when downMohammed Hawari1-8/+0
Change-Id: I03e164d8d5a329497f422e99f8b0058135241b4e Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: fix
2021-01-22devices: adapt af_packet to new rxq frameworkMohammed Hawari3-32/+32
Change-Id: If8077280cef501599f810ad9255efa2a5a451ced Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement
2021-01-21interface: fix vnet_hw_if_update_runtime_dataMohammed Hawari1-0/+1
Take into account pending interrupts when resizing rxq_interrupts Type: fix Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Change-Id: I64f6f4404738c90ed5a2c10d72c7ce59cf96a644
2021-01-21sr: SRv6 FlowLabel AddedJakub Horn1-12/+39
Type: improvement Signed-off-by: Jakub Horn <jhorn@cisco.com> Change-Id: I06401a8645615d139893dca27d07bb3b3214bea7
2021-01-21ip: do not return uninitialized IPv6 ll attributesBenoît Ganne1-3/+7
Type: fix Change-Id: If35cf7da0c3d1b92532cc2e45c164d6b5a08592c Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-21interface: rx queue infra rework, part oneDamjan Marion18-196/+853
Type: improvement Change-Id: I4008cadfd5141f921afbdc09a3ebcd1dcf88eb29 Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-01-21ip: Use correct enum type in ip_address_setNeale Ranns2-5/+5
Type: refactor Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ice2bc42838e6d5ba579f449c3f8b0feffebeb719
2021-01-21ip: use IPv6 flowlabel in flow hash computationAhmed Abdelsalam12-96/+111
extends ip6_compute_flow_hash() to include IPv6 flowlabel in flowhash computation Type: improvement Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Id1aaa20c9dac729c22b714eea1cdd6e9e4d1f75e
2021-01-21ipsec: Honour IPSec SA table-ID over APINeale Ranns2-11/+9
Type: fix Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ib08fe356e4dc710dd60a96736c48b27129f06786
2021-01-21ipsec: Tunnelled packets are locally generatedNeale Ranns1-0/+1
Type: fix this means we 1) don't decrement TTL and (for v6) can fragment. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: I0f718da7dcaba834ad495ae9242a9a58c9e7c184
2021-01-21ip: set correct error in ip6-localBenoît Ganne1-3/+3
Type: fix Change-Id: Ib23f823e46494f80d9d857ddde88f4939bf2b3d1 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-21fib: fix includes for muslNathan Moos1-1/+1
Type: fix When building with musl, the type `uint` is not available unless you include <sys/types.h>. Signed-off-by: Nathan Moos <nmoos@cisco.com> Change-Id: I0003b0c373d9fd532b4135c43d78f36d6cd7afa4
2021-01-20vxlan: fix SEGV reported in VPP-1962Ed Warnicke1-5/+29
Type: fix Replace vnet_register_interface with ethernet_register_interface Fixes https://jira.fd.io/browse/VPP-1962 Signed-off-by: Ed Warnicke <hagbard@gmail.com> Change-Id: I5f578fc416605429fe1e2b510ad49eb754451d40 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2021-01-20ip: add API to retrieve IPv6 link-layer addressBenoît Ganne2-35/+84
Type: feature Change-Id: I5739869490155b0b9674b4faf61882d97e66a4ed Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-01-20crypto: fixed vnet_crypto_is_set_handler()PiotrX Kleski1-1/+10
Type: fix vnet_crypto_is_set_handler() was checking if op handler is set by using alg instead of op id. This fix changes the check to use op ids from crypto_main's alg_data for provided alg. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: I5f0f00a889ddada44d9912af175ebad66677037a
2021-01-20classify: Layout classify entry to group data-plane accessed fields onNeale Ranns3-102/+124
one cache line Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I54128ba62f8dcc87c1845b33ed3637112d42a891
2021-01-19classify: crash on classify filter pcap del commandSteven Luong1-1/+2
If classify pcap filter was never configured, typing the delete command causes a crash. The reason is cm->classify_table_index_by_sw_if_index not yet allocated. The fix is to add a check before we access the vector. Type: fix Fixes: gerrit 28475 Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: Ia33bd91fa82d8ffc4490d4069155980a6e233268
2021-01-18nat: deal with flows instead of sessionsKlement Sekera1-3/+5
This change introduces flow concept to endpoint-dependent NAT. Instead of having a session and a plethora of special cases in code for e.g. hairpinning, twice-nat and others, figure all this out and store it in flow logic. Every flow has a match and a rewrite part. This unifies all the NAT packet processing cases into one - match a flow and rewrite the packet based on that flow. It also provides a cure for hairpinning dilemma where one part of the flow is on one worker and another on a different one. These cases are also sped up by not requiring destination adress lookup every single time to be able to rewrite source nat as this is now part of flow rewrite logic. Type: improvement Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns10-135/+274
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
2021-01-16tcp: remove bad assertIvan Shvedunov1-5/+2
Don't assume that half-open connections pending removal are always successful. Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I955077a4ed2389b9ee38d97e27a7c7761c860a4a
2021-01-14docs: Update FIB documentationNeale Ranns1-6/+17
Type: docs Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3dfde4520a48c945ca9707accabbe1735c1a8799
2021-01-14vxlan: Protect against tunnel config where source is not localNeale Ranns1-2/+11
Type: fix If a tunnel's source is not local then post encap VPP will attempt to receive (via ip4-local) that packet, things go wrong from there. The fix is when stacking the encap forwarding don't accept a receive DPO. This approach is taken, rather than rejecting bad tunnels, because the 'local-ness' of the tunnel's source can change and we can't reject tunnels that were once correctly configured but are no longer. the user will quickly discover their mistake as traffic won't pass. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I46198422e321606e8baba003112e978a526b4c2f
2021-01-12ip: vtep fixes for alignment and cache update.Ray Kinsella1-2/+2
Minor fixes for Intel AVX-512 alignment, and cache update. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I9f9bebb4ecb3265ffc765affd1ed94d0ba979066
2021-01-09session svm: fix fifo migrationFlorin Coras3-24/+25
Allocate and attach a new pair of private fifos in the right private slice when a session is cloned. This ensures that private fifos are not shared between workers. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib700d18104d2ca79aa8a07434cdcdcab0bef13a5