aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-03-24User session counters stay <= per-user limitMatthew Smith3-17/+22
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-03-23acl-plugin: improvements in 'show acl-plugin macip acl' CLIAndrew Yourtchenko2-11/+47
- allow to optionally specify the specific MACIP ACL index: 'show acl-plugin macip acl [index N]' - after showing the MACIP ACL, show the sw_if_index of interface(s) where it is applied. Also, add some executions of this debug commands to the MACIP test case for easy verification. Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23Drop dhcp pkts w/ hardware address mismatchesDave Barach2-11/+40
Add a few dhcp client rx packet/state counters Temporarily disable the dhcp client unit test, since it trips over the newly-added hardware address check. Change-Id: I7f68607e6ed3d738cba357c3fe76664a99b71cd8 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-23IPSEC_AH: broken initialization (VPP-1208)Marco Varlese1-1/+1
The init-path for IPSEC_AH where the CTX gets initialized is broken since the for-loop never executes due to the wrong usage of tm->n_vlib_mains which being subtracted by 1. Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-23tcp/session: sprinkle prefetchesFlorin Coras4-16/+37
Change-Id: Idef3c665580c13d72e99f43d16b8b13cc6ab746f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-23session: allow builtin apps to register namesFlorin Coras6-20/+73
Change-Id: I4b428e170436671b329657283cf7653befc85c9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-23acl-plugin: set ACL heap within the exported functions that might alloc memoryAndrew Yourtchenko3-0/+23
The functions which get called by other plugins need to set the acl plugin heap, such that the other plugins do not have to think about it. Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23NAT44: fix ICMP checksum update crash (VPP-1205)Matus Fabian2-0/+6
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-23IGMP: coverity fixes and remove checks for scapy IGMPv3Neale Ranns2-9/+5
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-22bond: performance enhancementSteven3-155/+220
We were only puting one packet per frame to the output node. Change to buffer multiple packets per frame. Performance is now on top of dpdk-based bonding. Put a spinlock in the tx thread in case the rug is pulled under us. Change-Id: Ifda5af086a984a7301972cd6c8e428217f676a95 Signed-off-by: Steven <sluong@cisco.com>
2018-03-22vom: itf: make vhost_user as socket slaveMohsin Kazmi1-1/+2
Change-Id: I57b2ec35d9629fb5336c1ccfa4c6c849df118f7b Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-22VPP-1204: Fix coverity warningDave Barach1-2/+5
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22Add circular loggingDave Barach3-21/+85
Change-Id: Ide8bf41e24a427643a3a17b1c9089993790c12a6 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22Revert "acl-plugin: improvement on 'show acl-plugin' CLI"Damjan Marion2-37/+9
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f. Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-22acl-plugin: implement ACL lookup contexts for "ACL as a service" use by ↵Andrew Yourtchenko15-1149/+2120
other plugins This code implements the functionality required for other plugins wishing to perform ACL lookups in the contexts of their choice, rather than only in the context of the interface in/out. The lookups are the stateless ACLs - there is no concept of "direction" within the context, hence no concept of "connection" either. The plugins need to include the The file acl_lookup_context.md has more info. Change-Id: I91ba97428cc92b24d1517e808dc2fd8e56ea2f8d Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-22gbp: Add the next node lookupMohsin Kazmi1-0/+5
Change-Id: Ia0f659b810f2c79b1a6c98ce566a86ce413c7448 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-22NAT44: interface output feature and dst NAT (VPP-1200)Matus Fabian2-7/+78
Do not translate packet which go out via nat44-in2out-output and was tranlated in nat44-out2in before. On way back forward packet to nat44-in2out node. Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-22memif: version 2Damjan Marion6-486/+558
In version 1 of the protocol sender was always ring producer and receiver was consumer. In version 2 slave is always producer, and in case of master-to-slave rings, slave is responsible for populating ring with empty buffers. As this is major change, we need to bump version number. In addition, descriptor size is reduced to 16 bytes. This change allows zero-copy-slave operation (to be privided in the separate patch). Change-Id: I02115d232f455ffc05c0bd247f7d03f47252cfaf Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-03-22Avoid atomic ops when polling queuesDave Barach1-4/+5
Change-Id: I31c6a0a1d11b5b12d8a5c32c29fea9618b1a53d4 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22vom: l2-emulation: Fix sweep functionMohsin Kazmi2-2/+2
Change-Id: I6fdb9e7b718c696f7352541f90026cf60f11338f Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-21udp: make udp encap pool cacheline alignedDamjan Marion1-1/+1
This fixes issue with unaligned vector access on gcc-7. As udp_encap_t is declared as cacheline aligned, alloc also need to be. Change-Id: Ic30876911baf2c22c135097490075fa7bcf0ca18 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-21acl-plugin: improvement on 'show acl-plugin' CLISteve Shin2-9/+37
- Show interface on which given MACIP ACL is applied - index is added for show acl-plugin macip acl: ex) show acl-plugin macip acl [index N] Change-Id: I3e888c8e3267060fe157dfc1bbe3e65371bd858a Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-21bond: Add bonding driver and LACP protocolSteven35-1/+7338
Add bonding driver to support creation of bond interface which composes of multiple slave interfaces. The slave interfaces could be physical interfaces, or just any virtual interfaces. For example, memif interfaces. The syntax to create a bond interface is create bond mode <lacp | xor | acitve-backup | broadcast | round-robin> To enslave an interface to the bond interface, enslave interface TenGigabitEthernet6/0/0 to BondEthernet0 Please see src/plugins/lacp/lacp_doc.md for more examples and additional options. LACP is a control plane protocol which manages and monitors the status of the slave interfaces. The protocol is part of 802.3ad standard. This patch implements LACPv1. LACPv2 is not supported. To enable LACP on the bond interface, specify "mode lacp" when the bond interface is created. The syntax to enslave a slave interface is the same as other bonding modes. Change-Id: I06581d3b87635972f9f0e1ec50b67560fc13e26c Signed-off-by: Steven <sluong@cisco.com>
2018-03-21VPP_1202: handle DHCP NAK packetsDave Barach2-1/+28
Change-Id: I469a734747099cef2d135d77e4db0244e24bf0bc Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-03-21UDP Encap countersNeale Ranns6-2/+248
Change-Id: Ib5639981dca0b11b2d62acf2c0963cc95c380f70 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-21Detailed Interface stats API takes sw_if_indexNeale Ranns1-1/+4
Change-Id: Id09d777c1706c1d613b14b719bcac596194465cd Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-21IGMP plugin initialises the FIB/MFIB via ip4 moduleNeale Ranns1-1/+4
Change-Id: If9d7b266c4b49d4e7810ebc7d18fa154532d0322 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-21NAT44: fix removal of LB static mappings with same local address and port ↵Matus Fabian1-5/+35
pair (VPP-1199) Change-Id: Iad8c626e83bbc58d5c85b6736f5a3dd5bc9ceafb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-21reassembly: feature/concurrencyKlement Sekera12-353/+795
This change makes ip reassembly an interface feature, while adding concurrency support. Due to this, punt is no longer needed to test reassembly. Change-Id: I467669514ec33283ce935be0f1dd08f07684f0c7 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-20FIB Interpose SourceNeale Ranns32-4343/+5453
The interpose source allows the source/provider to insert/interpose a DPO in the forwarding chain of the FIB entry ahead of the forwarding provided by the next best source. For example if the API source (i.e the 'control plane') has provided an adjacency for forwarding, then an interpose source (e.g. a monitoring service) couold interpose a replicatte DPO to copy the traffic to another location AND forward using the API's adjacency. To use the interose feature an existing source (i.e FIB_SOURCE_PLUGIN_HI) cn specifiy as a flag FIB_ENTRY_FLAG_INTERPOSE and provide a DPO to interpose. One might also consider using interpose in conjunction with FIB_ENTRY_FLAG_COVER_INHERIT to ensure the interpose object affects all prefixes in the sub-tree. Change-Id: I8b2737b985f8f7c08123406d0491881def347b52 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-20Fix Allow ARP packets for dot1q interface with MACIP enabledSteve Shin1-50/+169
ARP packets need to be allowed for dot1q interface when MACIP is enabled. Change-Id: I33dd3cb6c6100c49420d57360a277f65c55ac816 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-19VCL: Fix Coverity CID183003Dave Wallace1-1/+1
*** CID 183003: Program hangs (LOCK) /src/vcl/vppcom.c: 2988 in vppcom_session_accept() Change-Id: I123b73198d305fb0226516942caa410d3647a6bc Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-03-19Use x(void) not x() in new interface stats codeNeale Ranns2-5/+5
Change-Id: Iaceaba4dc22341c631c858516b960ce97c4aa564 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-19session: fix coverity warningsFlorin Coras2-1/+12
Change-Id: I022dc40476ea9c30957b12bf1bd0629c6eb41cda Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-19Coverity found bugs in recent MPLS changesNeale Ranns3-17/+8
Change-Id: I590945fdc1af53208c990a52bbecdc992fd27532 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-19QoS code coverity found errorsNeale Ranns1-2/+2
Change-Id: I6b125b79bdc560bfb81f307367c844b6a5af6368 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-19FIB code coverity found defectNeale Ranns1-1/+1
Change-Id: I7cdc29dd6481242aaace75138cc34e2f5ea76b81 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-19VCL: Fix Coverity CID183009Dave Wallace1-1/+1
Change-Id: I0233b20eb4c7dcb325e15b97a22ecd54200f6fde Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-03-19Interface Unicast, Multicast and Broadcast stats on the APINeale Ranns4-6/+162
Change-Id: I7c75da358aff1bd0216a602a49f2909cef5d920d Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-19IGMP pluginJakub Grajciar17-2/+2792
- host mode: igmp_listen - API to signal that the host has joined an (S,G) - route mode: igmp_enable - API to enable the reception of host IGMP messages igmp_event - API to report the host join/leave from an (S,G) Change-Id: Id180ec27dee617d33ab3088f5dcf6125d3aa9c8f Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2018-03-19QoS: publish qos.api.h fileMatus Fabian1-0/+3
Change-Id: Ice041610c23563ead13019216516aff23b7775b9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-19IPIP: Fix coverity error.Ole Troan1-0/+3
Change-Id: Ia2b3350bf8e2c72eee3f33936ba16dd817c75c72 Signed-off-by: Ole Troan <ot@cisco.com>
2018-03-19FIX: Fixed ip6_fib_dump api function response.Dmitry Vakhrushev3-1/+9
Change-Id: I26c5d61bc2f6188bcd4ecac4b5e9385821b0398b Signed-off-by: Dmitry Vakhrushev <dmitry@netgate.com>
2018-03-18Remove unnumbered configuration on interface deleteNeale Ranns6-80/+68
Change-Id: Iae5532c3d53e208831f3b2782242d9e59d367087 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-16cli: make q work againFlorin Coras1-0/+8
After the addition of "qos" cli, "quit" command is not the only match for "q". Therefore, add a separate "q" cli to avoid ambiguity. Change-Id: I84f6ddce14ef7d5fa7089537cb62adfecea0e501 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-16QoS recording and markingNeale Ranns22-18/+1644
Change-Id: Ie5a50def4ec1e4a3b3404a8b6ab9ec248bc16744 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-16Fix a long-latent bi=0 bug in vlib_buffer_add_dataDave Barach3-4/+4
Change vlib_buffer_add_data() so it interprets ~0 to mean please allocate a new buffer, instead of 0. Fixed a couple of calls to pass ~0 instead of 0. Zero has always been a valid buffer index, we never happened to actually use it until recent buffer allocator changes. The presenting symptom: ASSERT failure when running "make TEST=test_mpls test-debug" Change-Id: Ic909913c1d464b3434d6d47e0c58f978806854d5 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-16IPv6 ND Router discovery control plane (VPP-1095)Juraj Sloboda6-1/+1032
Change-Id: I4b5b60e7c6f618bb935eab1e96a2e79bbb14f58f Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
2018-03-16stats: allow configuring poller delayKlement Sekera4-19/+126
This introduces a startup config option for configuring stats poller delay. Use `stats { interval <seconds> }` to configure the delay at startup. The default value remains unchanged - 10 seconds. Change-Id: If12cb1f7f6f1f8ecfa461561bc77847cdf260388 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-03-16IPSec: fix IPv6 policy deletingMatus Fabian1-1/+1
Change-Id: I9f487d6033edde09557709f94f97fc8a70246b09 Signed-off-by: Matus Fabian <matfabia@cisco.com>