summaryrefslogtreecommitdiffstats
path: root/src/vnet
AgeCommit message (Collapse)AuthorFilesLines
2021-01-18nat: deal with flows instead of sessionsKlement Sekera1-3/+5
This change introduces flow concept to endpoint-dependent NAT. Instead of having a session and a plethora of special cases in code for e.g. hairpinning, twice-nat and others, figure all this out and store it in flow logic. Every flow has a match and a rewrite part. This unifies all the NAT packet processing cases into one - match a flow and rewrite the packet based on that flow. It also provides a cure for hairpinning dilemma where one part of the flow is on one worker and another on a different one. These cases are also sped up by not requiring destination adress lookup every single time to be able to rewrite source nat as this is now part of flow rewrite logic. Type: improvement Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-01-18ipsec: Support MPLS over IPSec[46] interfaceNeale Ranns10-135/+274
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I89dc3815eabfee135cd5b3c910dea5e2e2ef1333
2021-01-16tcp: remove bad assertIvan Shvedunov1-5/+2
Don't assume that half-open connections pending removal are always successful. Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I955077a4ed2389b9ee38d97e27a7c7761c860a4a
2021-01-14docs: Update FIB documentationNeale Ranns1-6/+17
Type: docs Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I3dfde4520a48c945ca9707accabbe1735c1a8799
2021-01-14vxlan: Protect against tunnel config where source is not localNeale Ranns1-2/+11
Type: fix If a tunnel's source is not local then post encap VPP will attempt to receive (via ip4-local) that packet, things go wrong from there. The fix is when stacking the encap forwarding don't accept a receive DPO. This approach is taken, rather than rejecting bad tunnels, because the 'local-ness' of the tunnel's source can change and we can't reject tunnels that were once correctly configured but are no longer. the user will quickly discover their mistake as traffic won't pass. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I46198422e321606e8baba003112e978a526b4c2f
2021-01-12ip: vtep fixes for alignment and cache update.Ray Kinsella1-2/+2
Minor fixes for Intel AVX-512 alignment, and cache update. Type: fix Signed-off-by: Ray Kinsella <mdr@ashroe.eu> Change-Id: I9f9bebb4ecb3265ffc765affd1ed94d0ba979066
2021-01-09session svm: fix fifo migrationFlorin Coras3-24/+25
Allocate and attach a new pair of private fifos in the right private slice when a session is cloned. This ensures that private fifos are not shared between workers. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib700d18104d2ca79aa8a07434cdcdcab0bef13a5
2021-01-08l2: Separating scan-delay and learn-limit into a separate API from ↵Jerome Tollet3-20/+136
want_l2_macs_events Type: feature Signed-off-by: Jerome Tollet <jtollet@cisco.com> Change-Id: I6de6dae7da4ec1001e2811975a9b67acfc1a148c
2021-01-08tests: move bond tests to src/vnet/bonding/testDave Wallace2-0/+373
- Refactor make test code to be co-located with the vpp feature source code. Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I056717261553f6449f5fcd3611b6ae3895a00ba6
2021-01-08vhost: Add event index for interrupt notification to driverSteven Luong8-192/+506
VPP only supports a poor man's approach for interrupt notification to the driver. It uses a simple binary flag for "interrupt needed" or "interrupt not needed". Most drivers support more sophisticated event index already. This feature is to add the long due missing feature and make it configurable, off by default. Type: feature Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I68dab7dd07045cafb49af97b7f70db9b8131ae03
2021-01-07vcl session: switch to generic cert key apisFlorin Coras4-101/+14
Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
2021-01-07ipip: Support MPLS over IPNeale Ranns3-5/+102
Type: feature Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: Ief1755131297afcaa14fe74fd8dd28c71a92fbe6
2021-01-07ipsec: Deprecated the old IPsec Tunnel interfaceNeale Ranns5-594/+4
Type: fix it's been 2 releases since it was marked deprecated. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eba7ed607826ed0d00e7d2d8f9b27d09e8e9a6e
2021-01-06ipsec: Mark the interface create reply deprecatedNeale Ranns1-0/+1
Type: fix I should have done this wehn i marked the request as deprecated. The reply also needs to be marked deprecated so the API compliance script can remove it along with the request. Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I8391257944b6cff7b32a01a479dd1dcab30cd33b
2021-01-06l2: add per bridge domain learn limitJerome Tollet7-60/+290
Type: feature Signed-off-by: Jerome Tollet <jtollet@cisco.com> Change-Id: I57ed6699050445d9c9aec98eff3aab56735aca54 Signed-off-by: Jerome Tollet <jtollet@cisco.com>
2021-01-05tap: fix the buffering index for groMohsin Kazmi1-6/+8
Type: fix Fixes: 587f9130424fd451e4ba823240d02f655fb197d1 Change-Id: Ia1739fad6a36fa658aece157d7adea8bbaa751d2 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2021-01-05teib: fix typo in cliPaul Vinciguerra1-4/+2
Type: fix Change-Id: I84388bd8b68e8c48a4f44d7ecf7aadec2408b717 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2021-01-05ipsec: ipsec cli nexthop erroryedg1-1/+1
Type: fix Signed-off-by: yedonggang <yedg@wangsu.com> Change-Id: Icc3681b591e6deb93c3ff1fda5f9471fa3c96cc6
2020-12-29session: remove fifo segment va allocatorFlorin Coras3-46/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7b2fd896dfa6df46916f46327975b95561809f00
2020-12-29svm vcl: allow random offsets for fifo segments in appsFlorin Coras2-12/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1658a9c19d8eae4c9a42c0a111d4ad343b8eb8a4
2020-12-29svm: allow mq attachments at random offsetsFlorin Coras6-45/+56
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic373cd2c11272da539eb4b0db27227f36f2f9688
2020-12-28session: convert evt q segment to fifo segmentFlorin Coras3-19/+21
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I63a44e11322f6fe27255820524e022f6d710b083
2020-12-28vlib: add missing file template descriptionsPaul Vinciguerra3-1/+6
Add descriptions to clib_file_t template structures so that sockets can be identified via the 'show unix file' cli command. Type: fix Change-Id: Ibf82d55aa6c7b1126bd252b76d0dc8b7076f5046 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-27ip: Use full reassembly for fragments in ip6-localNeale Ranns2-3/+1
Type: fix shallow was the default, but probably by accident as it depended on module load order. full assembly is the v4 behaviour. using proper types allows gdb to print enum names. Signed-off-by: Neale Ranns <neale@graphiant.com> Change-Id: If157c5b83614c7adbd7a15a8227a68f8caf4e92c Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-12-25virtio: Extend vhost multi-queues support beyond 8 queue pairsSteven Luong3-60/+122
Current vhost multi-queues support has a hard limit of 8 queue pairs due to static vring array. This limit was raised in qemu. VPP should support more than 8 queue pairs also. Change static vring allocation to dynamic. When the interface is created, we allocate 8 queue pairs to begin with. We also keep track of how many queue pairs that the interface actually uses. We reply VHOST_USER_GET_QUEUE_NUM with 128 as our maximum number of support queue pair. When qemu starts initializing queue pair greater than 8, we expand the vrings as needed on demand. Type: improvement Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: I4a02d987d52d1bbe601b00e71f650fe6ebfcc0d7
2020-12-24svm: split fifo into private and shared structsFlorin Coras8-56/+59
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id8e77e8b2623be719fd43a95e181eaa5b7df2b6e
2020-12-23tests: move bier tests to src/vnet/bier/testDave Wallace2-0/+1155
- Refactor make test code to be co-located with the vpp feature source code Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I17003925be06d1051f18f1c24ff081790a610c23
2020-12-23svm: remove fifo segment heapFlorin Coras1-5/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I518e096fe13847759806ff62009e73fd8f7451b7
2020-12-22tests: move bfd tests to src/vnet/bfd/testDave Wallace2-0/+3201
- Refactor make test code to be co-located with the vpp feature source code. Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I3ef69bc915d2217357a9e2b1afa1cfd6c363faa0
2020-12-21tcp: terminate options with nopsFlorin Coras1-8/+4
On the one hand, make sure options are terminated with NOPs to avoid issues with clients that can't parse options that don't end on an u32 boundary. On the other, make sure the padding is rfc compliant. If options end with EOL the padding should be zeros. The current change does not use EOL so the padding is NOPs. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I608056707ef9658ca90b9c095e84a0689d8000d7
2020-12-18tls: add custom openssl bioFlorin Coras1-0/+1
The bio interacts directly with the session so it avoids using an intermediary mem bio and, implicitly, higher memory consumption and an extra memcpy. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifb675cfd12df86396a7a738a6cd4d0882c69ad2f
2020-12-18ipsec: fixed esp_decrypt pkt len after icv movedPiotrX Kleski1-6/+11
Type: fix This change makes esp_move_icv() update pd->current_length if the first buffer's length is updated. In case that ICV is split over two buffers, esp_move_icv() copies ICV to last buffer, it also updates the before_last buffer's current_length. However, in esp_decrypt_post_crypto(), pd->current_lenght is used to update first buffer lenght, but pd is not updated in esp_move_icv() and the total pkt lenght ends up incorrect. This only happens in tunnel mode when ICV is split between 1st and 2nd buffers. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ic39d87454ec0d022c050775acb64c5c25ccf7f13
2020-12-18fib: Remove unused FIB path-list DB variableNeale Ranns2-7/+0
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I64527e9f5259e9984dc1e90023b367ee0fd8deeb
2020-12-16tests: move fib tests to src/vnet/fib/testDave Wallace2-0/+456
- Refactor make test code to be co-located with the vpp feature source code Type: test Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I0529eb51b5a6bc2a5f1a49ee9d3320908ad1dba9
2020-12-16ip: fix possible missing trace indexesKlement Sekera4-0/+28
Add safeguards when tracing packets to avoid cases where clear trace was issue while buffers were held in reassembly. Type: fix Change-Id: I1bdd1e629e8bc08ce63913fd3c4b2327e47dec04 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2020-12-15classify: add pcap/trace classfier mgmt API callsJon Loeliger5-193/+712
Add lookup/get/set API calls to manage both PCAP and Trace filtering Classifier tables. The "lookup" call may be used to identify a Classifier table within a chain of tables taht matches a particular mask vector. For efficiency, this call should be used to determine to which table a match vector should be added. The "get" calls return the first table within a chain (either a PCAP or the Trace) set of tables. The "set" call may be used to add a new table to one such chain. If the "sort_masks" flag is set, the tables within the chain are ordered such that the most-specific mask is first, and the least-specific mask is last. A call that "sets" a chain to ~0 will delete and free all the tables with a chain. The PCAP filters are per-interface, with "local0", (that is, sw_if_index == 0) holding the system-wide PCAP filter. The Classifier used a reference-counted "set" for each PCAP or trace filter that it stored. The ref counts were not used, and the vector of tables was only used temporarily to establish a sorted order for tables based on masks. None of that complexity was actually warranted, and where it was used, the same could be achieved more simply. Type: refactor Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: Icc56116cca91b91c631ca0628e814fb53f3677d2
2020-12-14session: free segment manager only from mainFlorin Coras1-4/+32
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idb62154191e85651263be9ae116dd87b93e3a140
2020-12-14misc: refactor clib_bitmap_foreach macroDamjan Marion12-34/+34
Type: refactor Change-Id: I077110e1a422722e20aa546a6f3224c06ab0cde5 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14misc: move to new pool_foreach macrosDamjan Marion96-501/+496
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14vppinfra: simpler and faster pool_foreachDamjan Marion1-0/+1
- reduces number of instructions generated 4 times compared to old code - adds pool_foreach2 which is more friendly to clang-format Type: improvement Change-Id: I51e9c7fb09655c60d883987dadf5b2666c12b3f7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-12-14api: add missing version infoPaul Vinciguerra6-1/+8
Type: fix Change-Id: I269214e3eae72e837f25ee61d714556d976d410f Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-11ip: ip4 rewrite prefetch optimizationPiotrX Kleski1-2/+5
Type: improvement ip4_rewrite_inline_with_gso() did vlib_prefetch_buffer_header() for all nodes. However it is not necessary for ip-rewrite, it is only needed by ip-midchain. This patch makes ip4-rewrite prefetches less buffers to save cycles. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: Ib82dcb0eda4a2d1d7b8d664f2224d49b72aef50f
2020-12-11virtio: fix vrings overflow in vhost_userBenoît Ganne1-1/+10
Type: fix Change-Id: I7ca955882c0e263a9ace4b14021e51488564e411 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2020-12-11misc: cop - clean up stray doxygen blockPaul Vinciguerra1-7/+0
Type: style Change-Id: Iee9463735c4d114a97e6167d717d1911c4477e70 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-12-11fib: remove unsued path flagNeale Ranns1-5/+0
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Ic4ef53f49102d7b5061f1b6d3a1d0c8427b9d1f7
2020-12-11fib: Remove unused BIER variablesNeale Ranns2-22/+10
Type: refactor Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: Idf17c3c02fb77fcadf69a9164abd4da35289aaed
2020-12-10misc: add a couple useful functions for gdbChristian Hopps1-0/+23
- vgb() (vlib_get_buffer) - ph() (pool_header) Type: feature Signed-off-by: Christian Hopps <chopps@labn.net> Change-Id: Ica954480a7809c918cf65b06a0333ebe246a6f3a
2020-12-09fib: supporting inner flow hash on tunnelsMohammed Hawari6-11/+32
Change-Id: I53011e089bfecb08483792029b534b09b9e33a10 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2020-12-08fib: Adjacency flag for midchain to perfom flow hash (on inner packet)Neale Ranns5-31/+78
Type: feature Signed-off-by: Neale Ranns <neale.ranns@cisco.com> Change-Id: I964afd9266645de5c87d49c58ce6b48c2c18f97f
2020-12-08tunnel: add cli support for encap_decap flagsMohammed Hawari4-4/+30
Change-Id: I2bf6ba325975309183dba1e14e9519c944710752 Signed-off-by: Mohammed Hawari <mohammed@hawari.fr> Type: improvement