aboutsummaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2019-02-13IPSEC: restack SAs on backend changeNeale Ranns3-13/+42
Change-Id: I5852ca02d684fa9d59e1690efcaca06371c5faff Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-12fix assert failureDave Barach1-0/+6
Change-Id: I9a2e8ea2bf334dd8dabf3d25abbcc91087a43882 Signed-off-by: Dave Barach <dbarach@cisco.com>
2019-02-12ipsec: cli bug fixKingwel Xie1-6/+23
1. unformat_ip46_address must have ip-type specified 2. cannot unformat ip46_address_t with unformat_ip4_address Change-Id: I5f1eecfe71a808302428afb39f910ebf0c7cef71 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-11IPSEC-tun: The tunnel DB uses the network order SPI to save the byte swap in ↵Neale Ranns2-8/+11
the DP Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-11session: add config for evt qs segment sizeFlorin Coras2-3/+6
Change-Id: I286d0d53a9ef2d6e28cd301eae25fc119d491f22 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras16-689/+582
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11ipsec: multi-arch, next-node-index cleanupKingwel Xie5-27/+55
1. specify ipsec_xxx_node.c in MULTIARCH_SOURCES 2. cleanup foreach_ipsec_output_next & foreach_ipsec_input_next, as next-nodes are actually added by ipsec_register_xx_backend dynamically thus, ipsec4-input-feature will point to ah4/esp4-encrypt, instead of pointing to ah6/esp6-encrypt 3. remove an unused count and add counter IPSEC_INPUT_ERROR_RX_MATCH_PKTS in ipsec-input Change-Id: Ifcf167812d2cc18187c2cea84b657a52b67e17d4 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-09buffers: fix typoDamjan Marion25-44/+45
Change-Id: I4e836244409c98739a13092ee252542a2c5fe259 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-09tls: move test certificates to separate header fileFlorin Coras9-132/+102
Change-Id: I543cb78e268d7a4a7fba590d305351ec79f4e4da Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-09session: refactor listen logicFlorin Coras19-667/+622
Make app-listener the handle for app listens. Consequently transport and local listen sessions are now associated to the app-listener. Change-Id: I9397a26d42cccb100970b6b4794c15bac2e11465 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-07tcp: fix fib_index for v6 ll packetsFlorin Coras1-0/+7
Change-Id: Ie69bdb9860d61f2c599c0c80b0ea80dfdfe178bd Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-07IPSEC: remove unused members of main structNeale Ranns1-4/+0
Change-Id: Ib55deb620f4f58cac07da7cb69418a3a30ff3136 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-07IPSEC: no second lookup after tunnel encapNeale Ranns17-503/+780
in the same maaner as with other tunnel tyeps we use the FIB to cache and track the destination used to reach the tunnel endpoint. Post encap we can then ship the packet straight to this adjacency and thus elide the costly second lookup. - SA add and del function so they can be used both directly from the API and for tunnels. - API change for the SA dump to use the SA type - ipsec_key_t type for convenience (copying, [un]formating) - no matching tunnel counters in ipsec-if-input Change-Id: I9d144a59667f7bf96442f4ca66bef5c1d3c7f1ea Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-07Fix parsing overflow in unformat_mac_address_t()Benoît Ganne1-3/+3
'%x' unformat specifier expects a pointer to a 4-byte object and will overflow when using a pointer to a 1-byte object. Use '%X' instead which allows to pass the size of the object alongside its pointer. The bug was exposed with the following commands: ~# make run DBGvpp# loop create loop0 DBGvpp# set ip6 neigh loop0 3001::2 a:a:a:a:a:a DBGvpp# show ip6 neigh Time Address Flags Link layer Interface 35.7743 ::2 D 0a:0a:0a:0a:0a:0a loop0 ^^^ wrong address: should be 3001::2 Note that the bug impact depends from the parsing order and memory layout. Change-Id: I29ba2eb53ba5a2daf4517215602d027508e2cb9f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-02-07tcp: fix reset sending in syn-sentFlorin Coras3-6/+7
Change-Id: I468b1015bca5f95b162fb49e904aa4e4d38db75e Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-06buffers: make buffer data size configurable from startup configDamjan Marion27-58/+80
Example: buffers { default data-size 1536 } Change-Id: I5b4436850ca18025c9fdcfc7ed648c2c2732d660 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-06buffers: improve buffer init performanceDamjan Marion1-17/+14
Change-Id: Ib59a3c32af754a898ade17c42e60a88f48b797ff Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-06virtio: enable msix interrupt modeMohsin Kazmi4-44/+114
Change-Id: Idd560f3afde1dd03bc3d6fbb2070096146865f50 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-02-06virtio: Use new buffer optimizationMohsin Kazmi5-2/+24
Change-Id: Ifc98373371b967c49a75989eac415ddda1dcf15f Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2019-02-06dpdp-crypto: fix cryptodev segfault with dpdk 19.02Sergio Gonzalez Monroy1-11/+16
DPDK 19.02 adds two new fields to struct rte_cryptodev_qp_conf, which the current code was not initializing properly. Also session mempools are now required to have specific private data. For that just use the new API to create symmetric session pools. Change-Id: Ie732d4e10b908aeaea322717d6011113e3e7172c Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
2019-02-06transport: cleanupFlorin Coras19-544/+571
- move transport specific types to transport_types - add transport wrapper functions for interaction with transport protocol vfts Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-05sock api: allow to start client with no rx_threadTomasz Kulasek7-7/+36
Change-Id: Ia30ff1e62304e65f27497ce05f8e40631c06d69e Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
2019-02-05session: cleanup part 3Florin Coras7-234/+245
Aggregate session specific types, getters and setters under session_types.h Change-Id: Ib205337502654969d60c72d1800c90247e1a9068 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-05crypto-input: fix broken buffer trace issueKingwel Xie1-37/+16
dpdk_crypto_input_trace was called before vlib_buffer_enqueue_to_next then VLIB_FRAME_TRACE of next_frame->flag will be overwritten by vlib_next_frame_change_ownership(), leading to a broken trace. now it is working: Packet 1 00:00:15:654983: dpdk-crypto-input dev_id 0 next-index 1 00:00:15:654999: ip4-lookup fib 0 dpo-idx 0 flow hash: 0x00000000 IPSEC_ESP: 18.1.0.71 -> 18.1.0.241 tos 0x00, ttl 254, length 168, checksum 0x96ea ...... Change-Id: I73d77c06c11db8911866adb6240b2565b690f469 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-05session: cleanup part 2Florin Coras8-1191/+1228
Move app worker logic to app_worker.c Change-Id: Ic5e5735b2884f006c064d023f491aa6888114810 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-05IPSEC: SPD counters in the stats sgementNeale Ranns13-506/+411
- return the stats_index of each SPD in the create API call - no ip_any in the API as this creates 2 SPD entries. client must add both v4 and v6 explicitly - only one pool of SPD entries (rhter than one per-SPD) to support this - no packets/bytes in the dump API. Polling the stats segment is much more efficient (if the SA lifetime is based on packet/bytes) - emit the policy index in the packet trace and CLI commands. Change-Id: I7eaf52c9d0495fa24450facf55229941279b8569 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-04g2-only: add (min,max) stats to the anomaly detectorDave Barach1-5/+25
Shows up on the status line. Change-Id: I14635f7406069a4a868bdb7c8b85da941c49dbba Signed-off-by: Dave Barach <dave@barachs.net>
2019-02-04session: cleanup part 1Florin Coras46-555/+536
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04ipsec: cli 'create ipsec tunnel' more optionsKingwel Xie1-3/+7
use-esp use-anti-replay Change-Id: I977b65eee926adaded0cb923e14feb0ee90fc32c Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2019-02-03Automated anomaly detectionDave Barach2-220/+540
Compute per-track mean, variance, and n*stddev stats for the first u32 datum in each instance of the supplied event. Search for the next instance of the indicated event which has a datum larger than mean + n*stddev. This turns out to be a very effective "Nixon Gap" finder when the selected event datum is the instantaneous vector size. Such traces can be easily captured from production vpp images. Change-Id: I876843cb2ece22f902720704ce4568d4e1173e01 Signed-off-by: Dave Barach <dave@barachs.net>
2019-02-02Disable hqos part deuxDave Barach2-0/+4
Change-Id: Ieab56e0a20696b8cc97f783f08f10a94a83644eb Signed-off-by: Dave Barach <dave@barachs.net>
2019-02-02dpdk: bump to dpdk 19.02Damjan Marion5-22/+33
HQoS requires fixes to work with dpdk 19.02 so code is disabled and pending deprecation unless active maintainer is found. Change-Id: I3569c4287b6dfdd2c29e02375eb53bf01fa6ae84 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-02vmxnet3: multiple TX queues supportSteven Luong9-182/+296
Add num-tx-queues to the vmxnet3 create CLI/API. Default is 1. Max is min (8, the number of cores assigned to VPP). Change-Id: I7e0a659a82d01c719665c228dd8a71e3288a2895 Signed-off-by: Steven Luong <sluong@cisco.com>
2019-02-02CLI control of graph dispatch elogsDave Barach3-126/+214
Change-Id: I195c8eabc0ee67880f1e85fc7594b00be6b563e3 Signed-off-by: Dave Barach <dave@barachs.net>
2019-02-02session: improve show session cliFlorin Coras3-43/+64
Change-Id: If30cea80058752cedcc6ecc38e90bef8732c83d3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-02Python3: Move vppapigen to python3.Paul Vinciguerra2-9/+15
Change-Id: I26846d0c12211a29ccfca7c269b9094f6fdbd95c Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2019-02-02Deprecate old mutliarch code, phase 1Damjan Marion9-89/+14
It is causing compilation sloness with gcc-7 so removing it before it was originally planned. So far macros are left in the tree so we can know which nodes to convert to new multiarch code. Change-Id: Idb14622ca61fdce1eba59723b20d98715b7971e6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-02-02VPP-1543: show map stats crash when not configured.Ole Troan1-1/+1
Change-Id: I4c8bc3fb057d57339ce282a31b0bb70ad16dd03e Signed-off-by: Ole Troan <ot@cisco.com>
2019-02-02tcp: remove internal buffer cacheFlorin Coras2-81/+32
Change-Id: I3051d49aa9b9c38dcd8069ea1748f74ab20ac0f6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-02session: remove local buffer cacheFlorin Coras1-33/+14
Change-Id: I71ccb39c56962fe0160d3f4c83453e72d2dd3030 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-01IPSEC: minor refactorNeale Ranns11-754/+1002
No function change. Only breaking the monster ipsec.[hc] into smaller constituent parts Change-Id: I3fd4d2d041673db5865d46a4002f6bd383f378af Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-02-01memif: fix buffer prefetchDamjan Marion1-4/+5
Change-Id: If514366be7385c64cafc03329f66b44380556daa Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-31buffers: vallidate that buffer is allocated during buffer pool putDamjan Marion2-9/+6
Change-Id: I8044b34a37fe1994a8dfa1ca89929f3642c72e8d Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-31Add 'show vlib graphviz' commandBenoît Ganne4-16/+108
Add a new command to dump vlib graph as graphviz/dot file Change-Id: I43fc072cff8153ac500e5fbc6641a3705c2e995e Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-01-31dpdk-ipsec: use single queue pair per crypto resourceSergio Gonzalez Monroy6-32/+30
Change-Id: I2c796583087c70fbc5cf09e8afd0f2a1f389d346 Signed-off-by: Sergio Gonzalez Monroy <sgmonroy@gmail.com>
2019-01-31dpdk: populate mempool mem_listDamjan Marion1-2/+16
Mellanox driver needs it Change-Id: I28423805f977089d18d32e85cf08e9e7e1fcf5b2 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-31dpdk: store buffer poool index in mempool pool_idDamjan Marion1-22/+10
Change-Id: I2c225a4932dcf326e10fe93de3ee4fdaef4dd3d0 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-01-31IPSEC: API modernisationNeale Ranns4-482/+540
- use enums to enumerate the algoritms and protocols that are supported - use address_t types to simplify encode/deocde - use typedefs of entry objects to get consistency between add/del API and dump Change-Id: I7e7c58c06a150e2439633ba9dca58bc1049677ee Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-01-31vcl: improve handling of close on rwFlorin Coras2-48/+55
Change-Id: Ie01a37612d7e3e0d0bad0f0aa9583b3ed411f46f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-31assert on double-free in debug buildKlement Sekera1-4/+2
The assert allows easier debugging in gdb by aborting instead of exiting cleanly. Also a core is generated so a stack trace can be obtained. Change-Id: I2d05488c4522f4d4570fdfe0283130eb4c853d2a Signed-off-by: Klement Sekera <ksekera@cisco.com>