summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2019-05-20reassembly: prevent long chain attackKlement Sekera8-13/+86
limit max # of fragments to 3 per packet by default add API option to configure the limit at runtime Change-Id: Ie4b9507bf5c6095b9a5925972b37fe0032f4f9e8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-05-20bonding: clean up redundant codeZhiyong Yang1-55/+44
1. remove unnecessary cast for void * pointer. 2. remove the unused input parameter. Change-Id: Ic0324364fc0c772200d30fb18a0ba959ed4f7ea4 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-18api: export ip_types.api for out-of-tree pluginsBenoît Ganne1-1/+5
Out-of-tree plugins can refer to IP types in their API. The .api and associated headers must be exported. Change-Id: I75004343b040defd9eebac6a8a95c2ecf3c8079a Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-05-17Add a debug-CLI leak-checkerDave Barach5-116/+60
leak-check { <any-debug-cli-command-and-args> } Hint: "set term history off" or you'll have to sort through a bunch of bogus leaks related to the debug cli history mechanism. Cleaned up a set of reported leaks in the "show interface" command. At some point, we thought about making a per-thread vlib_mains vector, but we never did that. Several interface-related CLI's maintained local static cache vectors. Not a bad idea, but not useful as things shook out. Removed the static vectors. Change-Id: I756bf2721a0d91993ecfded34c79da406f30a548 Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-17Tests: Raise exception if API cli_inband command fails.Paul Vinciguerra1-1/+2
* Configure tests to raise exception if cli_inband fails. * Fix failing tests. * Add filename detail to pcap.stat clib_error_return for debugging. Note: this change identifies spurious issues with packet-generator such as: CliFailedCommandError: packet-generator capture: pcap file '/tmp/vpp-unittest-Test6RD-v09RPA/pg0_out.pcap' does not exist. These issues resolve themselves on remaining test passes. Change-Id: Iecbd09daee954d892306d11baff3864a43c5b603 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-17UDP-Local: fix unregistered portsNeale Ranns1-64/+51
- if the port is unregistered then write ~0 into the sparse vec, this allows the DP to send packets to ICMP - remove the v6 arcs from the v4 node and vice-versa (since they're never taken) - i have tests for this in a pending change for the punt socket Change-Id: Icbd97de2c2fc38490c16afc2e0b414d8436593c4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-16Add transport_opts to connect_sock bapiNathan Skrzypczak5-6/+26
Needed by QUIC to distinguish Q/Ssessions Change-Id: Idcc9e46f86f54a7d06ce6d870edec1766e95c82d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-16init / exit function orderingDave Barach19-200/+166
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-15IPSEC: remove CLI check for unsupported IPv6-AH - it is supportedNeale Ranns1-22/+0
Change-Id: I72ec95d4a3009a55b0f1fa7e45f9c53f31ef5fc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-15Remove unused function nat44_ha_resync() and error IN_PROGRESS.Jon Loeliger1-1/+0
The unused function nat44_ha_resync() was the only function that used the error message VNET_API_ERROR_IN_PROGRESS. The error was the only error code that was positive, and didn't really play well with the other error codes. Change-Id: I7d03c2ee915094b635f6efdca7427f71e4d19f2b Signed-off-by: Jon Loeliger <jdl@netgate.com>
2019-05-14QUIC multi thread updateAloys Augustin1-1/+1
* Add support for multiple threads * Replace quicly buffers with fifos * Fix cleanup of sessions * Update quicly release version Change-Id: I551f936bbec05a15703f043ee85c8e1ba0ab9723 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-14svm: improve fifo segment prealloc supportFlorin Coras1-3/+8
- track fifo segment free and chunk freelist memory - improve fifo alloc. If there are enough chunks to satisfy a fifo allocation request but not enough free memory, allocate a multi-chunk fifo - add apis to preallocate chunks and fifo headers - more tests Change-Id: If18dba7ab856272c9f565d36ac36365139793e0b Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-14IPSEC coverity fixesNeale Ranns2-2/+4
Change-Id: I753fbce091c0ba1004690be5ddeb04f463cf95a3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-14IPSEC: remove unecessary pass by reference of sequence numberNeale Ranns3-4/+4
Change-Id: Id406eb8c69a89c57305d8f138e8e6730037aa799 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-14Coverity: Fix CID-198494 & CID-198388Dave Wallace1-1/+1
Change-Id: I5fa4a3fa512b732fc444e908729582a109db538c Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-05-14Unregister UDPC port only when ownedNathan Skrzypczak3-2/+9
Needed in QUIC, when cleaning up accepted UDP sessions Change-Id: Ifcb32687175562bed4ca69bdc519cedd4dc3c2bc Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-13Trivial Typo's in bier comments/docs.Paul Vinciguerra14-27/+27
Change-Id: I3b3e868277d5caf6b1341814003a3bc5726c2df9 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-13vnet: remove macro definitionsZhiyong Yang1-3/+0
These two macro definitions should be removed as enum vnet_interface_helper_flags_t has defined them. Change-Id: I31bd0ea75639d2f9a53f396ac3cf42f9fc5fbdbe Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-13Fix VPP-1528 get the same IP address from DHCP server for two VPP DHCP clientsjackiechen19852-4/+2
Change-Id: I18dfe51000758f44b991d2dd065c9aa2bc5863d5 Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-13remove dead code in rewrite.cNeale Ranns1-26/+0
Change-Id: Ib34ca76fcc5e85cb3cc646ffc7be208b8e757cba Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-05-10Update ping cli .short_help.Paul Vinciguerra1-2/+2
Change-Id: I5c414a158a8a6b243128127c608ab0fbb5a9405b Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-09session: segment manager fixesFlorin Coras2-2/+4
- fix segment size rounding for 4GB segments - fix initialization of first segment size - cleanup fifo segment info retrieval Change-Id: I5ebf20f71ea797087653e7e76fa2e37b2686ec40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-09add mactime plugin unit / code coverage testsDave Barach3-20/+30
The unit and code coverage tests are boring. The rest of the patch involves test and packet-generator infra cleanups. Teach the "make test-xxx" family of targets to set the api test plugin path correctly, to make "binary-api <api-message-name> <args>" debug CLI commands work correctly in the "make test" environment. Unfortunately involves both the top-level and test Makefiles. Add a minor pg cli feature, a CLI to manually set s->sw_if_index[VLIB_TX]. Consider the case where one configures an interface with both a device-input and an output feature. To test the output feature using the pg, it's necessary to inject packets into the interface output node with both b->sw_if_index[VLIB_TX] and b->sw_if_index[VLIB_RX] set correctly. For example: packet-generator new { name tx limit 15 size 128-128 interface local0 # rx: device input feature not configured on local0 tx-interface loop0 # tx: output node requires b->sw_if_index[VLIB_TX] node loop0-output data { hex 0x01005e7ffffa000dead0000008000102030405060708090a0b0c0d0e0f0102030405 } } Fix a longstanding bug in the packet generator stream setup. Remove kludges which set b->sw_if_index[VLIB_TX] to ~0 [in multiple places] instead of using the stream value s->sw_if_index[VLIB_TX], and setting THAT datum correctly. Change-Id: I1097a18e8db73661ded6b822c1d718f7e5cf36ed Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-09Update API descriptionIgor Mikhailov (imichail)1-3/+2
Change-Id: I2d616a30e745045789287cb13b26fb12d51d2884 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com>
2019-05-09make test: add quic multistream test caseDave Wallace2-12/+25
- Also refactor test_quic.py to prepare for external echo tests & ipv6 tests Change-Id: I7dff60b375ed67d920e73294e0bf491cd3206d56 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-05-08session: send tx events when data is dequeuedFlorin Coras4-11/+23
Change-Id: Ib8cb19361c42e38e3f68d7147358378fff161eb1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-07Fix af_packet issues:jackiechen19852-33/+60
1. Fix af_packet memory leak; 2. Fix close socket twice; 3. Adjust debug log for syscall; 4. Adjust dhcp client output log; Change-Id: I96bfaef16c4fad80c5da0d9ac602f911fee1670d Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-07add TLS endpoint functionYu Ping2-5/+32
a bit like QUIC, and the added function can get the endpoint info in TLS, so that the VCL layer can get those info correctly Change-Id: Ied7aa3077087c1814499364dfa7654a088ad9910 Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-05-06ip4_load_balance: leverage vlib_get_buffersZhiyong Yang1-13/+11
vlib_get_buffers can save 1.2 clocks/pkt from 16.1 to 14.9 clocks/pkt on Skylake. Change-Id: I79d8b58b192280af5e5a5f73562b6301e1821cec Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-06virtio: refactor ctrl queue supportMohsin Kazmi1-22/+32
Change-Id: Ifb16351f39e5eb2cd154e70a1c96243e4842e80d Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-05-06ppp: simplify code using existing functionsZhiyong Yang1-10/+6
Change-Id: Ib5289b4d08ca7a8d7f786cc606e6c760735b2a35 Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-06Add missing init fn dependency to ipsec_initDave Barach1-0/+5
ipsec_init fails if vnet_feature_init hasn't occurred. Can happen if a particular set of plugins are loaded. Change-Id: I67b289d640c28d04e248b9a09ebcc8f205834fd2 Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-06Fix VPP-1487 DHCP client does not support option 6-domain serverjackiechen19854-7/+45
Change-Id: I36ad1ef2a53af3d3f3a6348bc189b17e9e4e21bd Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2019-05-03session/svm: apis for fifo shrinkingFlorin Coras2-0/+65
Change-Id: Ie519683bb90aae6fb95f2a09e251cded1890ed41 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-03mp_safe SW_INTERFACE_DUMP, SW_INTERFACE_DETAILS, SW_INTERFACE_TAG_ADD_DEL,Steven Luong3-0/+9
BRIDGE_DOMAIN_DUMP, CONTROL_PING, CONTROL_PING_REPLY, and show interface CLI Change-Id: I2927573b66bb5dd134b37ffb72af0e6676750917 Signed-off-by: Steven Luong <sluong@cisco.com> (cherry picked from commit 15c31921a628c5500cbed2ebc588d7ddbaa970a3)
2019-05-03Fix FIB initialization in UDP inputNathan Skrzypczak1-0/+1
Change-Id: I7c88ada2af039aa0861fe7c71361a293b999d0c7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-03Add packet headers in UDPC fifosAloys Augustin2-38/+23
This change adds packet headers for each packet in a UDPC connection. This changes the semantic of UDPC from an unreliable, unordered stream of bytes to an unreliable, unordered sequence of packets. Change-Id: I831e43903870a5720d26daa6e971299d03b208d7 Signed-off-by: Aloys Augustin <aloaugus@cisco.com>
2019-05-02vpp_papi_provider.py: update defautmapping.Paul Vinciguerra1-1/+1
Add missing create_bvi/delete_bvi to defaultmapping. Correct typo in interface.api documentation. Change-Id: I8aa187f3b33c21fb2fcd55311ef79777c81d94d4 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-05-01virtio: Fix virtio buffer allocationMohsin Kazmi1-1/+1
Change-Id: I0ffb468aef56f5fd223218a83425771595863666 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-05-01virtio: remove configurable queue size supportMohsin Kazmi5-41/+27
Native virtio device through legacy driver can't support configurable queue size. Change-Id: I76c446a071bef8a469873010325d830586aa84bd Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-05-01esp_encrypt: remove unnecessary codeZhiyong Yang1-1/+1
Change-Id: I2d7e873fca6ab266af75814fac5d4cb5cda93cef Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
2019-05-01ipsec: fix ipsec format overflowBenoît Ganne1-4/+3
hi->name is not NULL-terminated. Use specialized format function which does the right thing. Change-Id: Iadda51461af0c1ad4f38a6d24b76e816020f35c8 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-30svm: more fifo refactor/cleanupFlorin Coras5-18/+17
Change-Id: Ie76c69641c8598164d0d00fd498018037258fd86 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne3-16/+55
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-30reassembly: avoid race-conditionsKlement Sekera1-12/+26
Change-Id: Ibf5c283217a985e43a562f1969573eeb26ee6017 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-04-26IF: return VTR attributes for all ifs in dump APIAlexander Chernavin1-20/+20
With this commit, VTR attributes are shown not only for subinterfaces but for all interfaces. Change-Id: I498185d905c0bf48431cddb916165f8e9c841b1f Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2019-04-26crypto, ipsec: change GCM IV handlingDamjan Marion3-4/+22
- nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-26svm: fifo segment support for chunk allocationFlorin Coras2-2/+26
Change-Id: Ie96706b4d8bcb32d2d5f065bc765f95f4e9369e7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-25crypto: AES GCM IV length is always 12Damjan Marion2-2/+1
... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-25tap: Fix the indirect buffer allocationMohsin Kazmi1-1/+1
Change-Id: I73f76c25754f6fb14a49ae47b6404f3cbabbeeb5 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>