summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-02-02Add L3DSR feature in LB pluginHongjun Ni8-88/+246
L3DSR is used to overcome Layer 2 limitations of Direct Server Return Load Balancing. It maps VIP to DSCP bits, and reuse TOS bits to transfer it to server, and then server will get VIP from DSCP-to-VIP mapping. Please refer to https://www.nanog.org/meetings/nanog51/presentations/Monday/NANOG51.Talk45.nanog51-Schaumann.pdf Change-Id: I403ffeadfb04ed0265086eb2dc41f2e17f8f34cb Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-02-01Out-of-order data chunks handling and moreMarco Varlese4-69/+235
This patch addresses the need to handle out-of-order data chunks received by a peer. To do that effectively, we had to add the handling of data chunks flags (E/B/U bit) to understand whether the stream is fragmenting user-message data and in that case if a fragment is the FIRST/MIDDLE/LAST one of a transmission. The same patch also addresses the security requirement to have a HMAC calculated and incorporated in the INIT_ACK and COOKIE_ECHO chunks. The algorithm used is the HMAC-SHA1. Change-Id: Ib6a9a80492e2aafe5c8480d6e02da895efe9f90b Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-02-01IPv4/6 reassemblyKlement Sekera22-8/+2930
Change-Id: Ic5dcadd13c88b8a5e7896dab82404509c081614a Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-02-01vxlan: Lookup FIB in either IPv4 or IPv6 families.Jon Loeliger1-4/+5
Prior to this commit, the VXLAN "create" API assumed the vrf_id belonged to only the IPv4 FIB tables space. With this commit, the FIB table is found in either the IPv4 or IPv6 table as determined by the is_ipv6 flag. This follows the same pattern that was already being done in the CLI code for the VXLAN "create" command. Change-Id: I35d5e37db24efa858e4696dc2c004fa64bb4a4a8 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01FIB: Consolidate several copies of fib_ip_proto() into one.Jon Loeliger5-24/+11
Rather than having multiple copies of the same function scattered around, promote the function into the FIB PROTOCOL definitions in fib_types.h. Change-Id: I11c4d85931167d3a5f3dc1278afecc8845b23cd7 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-02-01tcp: tcp_output.c failed to compile when VLIB_BUFFER_TRACE_TRAJECTORY is enabledSteven1-1/+1
Fixed a typo in tcp_push_header(). The typo only kicks in when the macro VLIB_BUFFER_TRACE_TRAJECTORY is enabled. Change-Id: I62832a4932ec5b14e3063d5eac113780851aae59 Signed-off-by: Steven <sluong@cisco.com>
2018-02-01dpdk:fix typo in prefetch sequenceEyal Bari1-2/+2
Change-Id: I7110436626352d45ffe0ca71fb88dea2c77ab639 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-02-01Add flowhash hash table to vppinfraPierre Pfister5-0/+1009
This hash table intends to provide an alternative to the widely used bihash table in places where either: - Hash entry timeout is required - The hash table data does not fit in CPU cache Although the bihash table is very fast, each lookup requires accessing two cache lines in a serialized fashion. It works fine when the hash table is in cache, but hits a wall when it does not. The 'flowhash' table uses a simplified design (at the cost of a less good bucket auto-scaling) where each access only requires a single memory lookup (in the absence of collision). The hash table also uses a reduced number of registers. In practice, a VPP node implementing a stateful feature would typically: - prefetch buffer metadata (in-cache) - prefetch packet header (in-cache) - compute hash & prefetch hash bucket (possibly in RAM) - read/write key and value from bucket Using this hash table, it is possible to pipeline accesses in a way that does not exhaust CPU's line field buffers, even when the requested value is located in RAM (i.e. not in cache). Measurements showed it was possible to scale to tens of millions of flows (with a full 5-tuple matching and 32B value, i.e. 1 cache line per flow) with no performance degradation when the hash table grows to the point it doesn't fit in cache anymore. I have used this table in a couple of non-open-sourced projects, but think it might be useful to lb, nat, and possibly other VPP subsystems. More information in the .h file. Change-Id: I2b13dde0eabd868b75da1cedbfca0bf74d705102 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-02-01srv6-ad: fixing coverity issuesFrancois Clad1-8/+32
Change-Id: Ica6d8dd773bb3b478f1c7e40d59dfbdd4b588b85 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-02-01srv6-as: fixing coverity issuesFrancois Clad1-8/+32
Change-Id: I911e09aadd3df1123634fd97098920f107f9a2fc Signed-off-by: Francois Clad <fclad@cisco.com>
2018-01-31Fix VNET_BUFFER_F_SPAN_CLONE flagDamjan Marion1-1/+1
Change-Id: I670e41bcfc61a45555431603c937f8dad4d165e9 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-31vlib: allocating buffers on thread-x and freeing them on thread-y causesSteven4-25/+17
a crash on debug image (VPP-1151) In debug image, there is extra code to validate the buffer when it is freed. It uses the hash table to lookup the buffer index with spinlock to prevent contention. However, there is one spinlock for each worker thread. So allocating the buffer on thread-x and freeing the same buffer on thread-y causes the validation to fail on thread-y. The fix is to have only one spinlock, stored in vlib_global_main. Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit a7effa1b072463f12305a474f082aeaffb7ada4b)
2018-01-31Improved tracing for the IP[46] not-enabled case.Neale Ranns6-24/+77
now we get 00:00:03:665501: pg-input ... 00:00:03:665681: ethernet-input ... 00:00:03:665691: ip6-input UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665695: ip6-not-enabled UDP: 2001::1 -> ffef::1 tos 0x00, flow label 0x0, hop limit 64, payload length 108 UDP: 1234 -> 1234 length 108, checksum 0x7b25 00:00:03:665706: error-drop ethernet-input: no error Same goes for IPv4 Change-Id: Ia360df39b43281d3a0aa1b686f04b73cfa37c546 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-31NAT66 1:1 mapping (VPP-1108)Matus Fabian9-2/+1378
Support the 1:1 translation of source address for IPv6 Change-Id: I934d18e5ec508bf7422d796ee5f172b79c048011 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: in2out output feature skip translation for already translated packets ↵Matus Fabian2-15/+74
(VPP-1156) Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: Delete dynamic sessions matching new 1:1NAT (VPP-1158)Matus Fabian1-8/+52
Change-Id: Ib99b597502b8335e57ecfa122b12e2e5aa45ee1a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31NAT44: nat44_static_mapping_details protocol=0 if addr_only=0 (VPP-1158)Matus Fabian2-13/+19
Change-Id: I1e3cfc751e7657464fc850dc56ddf763df45f62e Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-31Prep-work patch for congestion-controlMarco Varlese6-450/+670
This patch addresses the missing field in various data-structures to track valuable information to implement the congestion-control algorithms and manage sub-connections states. It adds the possibility to queue up to 2 SACKs chunks when the connection is not gapping. At the same time, it pushes some variable/field renaming for better readibility. Change-Id: Idcc53512983456779600a75e78e21af078e46602 Signed-off-by: Marco Varlese <marco.varlese@suse.de>
2018-01-30Compile valloc.c, install header file, etc.Dave Barach2-1/+8
Change-Id: Ibc252d9ed595be955790ec1c97d8730e43ad89b2 Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-30VPP-899: Run VPP under SELinuxBilly McFall3-18/+38
Add an SELinux profile such that VPP can run under SELinux on RPM based platforms. The SELinux Policy is currently only implemented for RPM packages, specifically, Fedora, CentOS and RHEL. Doxygen User Documentation has been included (selinux_doc.md). Once some discussion on file locations has completed (see vpp-devlist), updates to the Debug CLI documentation will also need to be updated. Additional changes: Patch Set 2: - Rework selinux_doc.md such that each line is only 80 characters instead of each sentence on a line. Made additonal minor chnages to the text. - Update vHost Debug CLI documentation to reflex new socket location. Cleaned up some text from when I originally wrote it, to better reflex proper use. - Update exec Debug CLI documentation to be more inline with suggested helptext, added text regarding recommended script file location. - For Debian builds, create the /var/log/vpp/ directory. I don't use Debian very much, so please pay extra attention to build-data/platforms.mk and build-root/deb/debian/.gitignore. - Per discussion on VPP call, changed the default log location to /var/log/vpp/vpp.log. - Changed the socket location for vHost in AutoConfig to /var/run/vpp/. Patch Set 3: - Update selinux_doc.md based on comments. Change-Id: I400520dc33f1ca51012d09ef8fe5a7b7b96c631e Signed-off-by: Billy McFall <bmcfall@redhat.com>
2018-01-30Arm system counter cleanupBrian Brooks2-18/+19
Add some description and cleanup code that uses Arm system counter. Change-Id: Ie1fe00e3e4b5d98867617b7b0184ac526e333c53 Signed-off-by: Brian Brooks <brian.brooks@arm.com>
2018-01-30NAT: add missing CLI and API documentation (VPP-1142)Matus Fabian2-0/+105
Change-Id: I4e93595665b8d0e373c4df27311c27a51222961c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-30NAT: replace format_vnet_sw_interface_name with format_vnet_sw_if_index_name ↵Matus Fabian3-39/+33
(VPP-1149) Avoid crash when interface was deleted. Change-Id: I2ac3031c13ca5ad3360495e1c4cb90b0002be5ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-30Allow the provider of a midchain adjacency to pass context data that is ↵Neale Ranns15-30/+88
returned in the fixup function Change-Id: I458e6e03b03e27775df33a2fd302743126d6ac44 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-29vcl: fix VPPCOM_ATTR_GET_LIBC_EPFD elogFlorin Coras1-10/+4
Change-Id: Idc3e8f4ee69d8871534a94d4f485e695fac81756 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-29DRAFT ip4/6_frag to support DPO Style based Next NodeVijayabhaskar Katamreddy2-0/+15
Change-Id: I1df3d23c1c5668b83d52b41f51c0e3f24183af9e Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-01-29memif: Add new API calls to manage memif socket names.Jon Loeliger7-102/+647
New API calls and corresponding CLI commands allow the user to manage the socket filenames for memif connections using: vppctl# create memif id <u32> filename <socket-filename> vppctl# delete memif id <u32> and then referencing it later in a memif interface: vppctl# create memif <u32> socket-id <id> mode <mode> <master|slave> ... Corresponding VAT cli entries have also been added. The default memif socket file at id 0 are still always present. The existing memif create/delete CLI commands have been slightly altered into the new syntax: vppctl# create interface memif ... vppctl# delete interface memif ... Change-Id: If2bdc7eac3d81e1d9011a5869747e52fc5e11639 Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-01-29SRv6 dynamic proxy pluginFrancois Clad7-0/+1006
Change-Id: Ie460005510b8a70d00de31b6651e762cc3a63229 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-01-29Remove last vestigies of auto-ip-table createNeale Ranns1-34/+4
Change-Id: If0f8472c0de5e324b24c9c672c0f8b57cc9f49a8 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-01-27session: use clib rwlocks instead of custom implementationFlorin Coras3-28/+10
Change-Id: I68933d709ce9cc686ba06466e136434b663920ef Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27First-fit virtual space allocatorDave Barach3-0/+700
Change-Id: I75e6c7d1a6ff1fcebc81ec10bd86b79f2bf3dc22 Signed-off-by: Dave Barach <dave@barachs.net>
2018-01-27Fix session/tcp coverity warningsFlorin Coras3-10/+22
Change-Id: I5c404eacb4a6c1e16485a6656168d9171ff49a8b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-27jvpp: map VPP API enums to primitive typesMarek Gradzki2-3/+76
Adding enum support (VPP-1153) requires JVPP generator refactoring (see: VPP-1154, VPP-1155, VPP-480) As a workaround we just update all the mappings used for VPP API definitions to JAVA and C/JNI translation. Change-Id: I9dff83e5199039a1a46a3d4685ce57cdeeeb2014 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2018-01-27jvpp: use Python's logging APIMarek Gradzki10-34/+61
Change-Id: Iec437e4672af1f0d1a24458afb977ba6fbeba4ed Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2018-01-27session: disconnect and echo client improvementsFlorin Coras7-23/+38
Change-Id: If421bad17b6cfe8e321257c93bb38931e37d7b64 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-26session: move builtin apps to their own folderFlorin Coras14-2278/+576
This consolidates builtin apps under session-apps folder. It also removes duplicate builtin echo server/client implementations. Change-Id: I75ed879399c5aa9b75b1eb38b33aedf69dd8df3f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-26NAT44: fix ICMP error translation for endpoint dependent sessions (VPP-1150)Matus Fabian2-4/+150
Change-Id: I85c799f28c4246884107e569a36482af10d9be9d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-25NAT44: add opaque string tag to static mapping APIs (VPP-1147)Matus Fabian5-16/+62
Change-Id: I620e2081285ca8ac5c2da8efc12fe6f540ea4fd1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-25vppinfra: add readers-writer lockFlorin Coras1-14/+98
Change-Id: I606fd89c410369cbd9ce9dcaaaa9dc58796e7c0e Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-25session: add support for memfd segmentsFlorin Coras41-725/+1106
- update segment manager and session api to work with both flavors of ssvm segments - added generic ssvm slave/master init and del functions - cleanup/refactor tcp_echo - fixed uses of svm fifo pool as vector Change-Id: Ieee8b163faa407da6e77e657a2322de213a9d2a0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-25Event log entries for VCLKeith Burns (alagalah)1-1/+258
Change-Id: I8303859ef65552f64c94525c9b1112ec9a1a88d0 Signed-off-by: Keith Burns (alagalah) <alagalah@gmail.com>
2018-01-25VPP-1144: PAPI Import leads to duplicate type definition.Ole Troan1-0/+15
Change-Id: I54c147004fd93681a6a9cf30fa5277c1dabce67c Signed-off-by: Ole Troan <ot@cisco.com>
2018-01-25srv6-as: fixing versionFrancois Clad1-1/+2
Change-Id: I0ce60729e82536d9a97823bc6701e62bf364ea6c Signed-off-by: Francois Clad <fclad@cisco.com>
2018-01-25NAT: nat.c refactor (split out CLI) (VPP-1140)Matus Fabian4-1547/+1824
Moved CLI from nat.c to nat44_cli.c Split "show nat44" to: show nat44 addresses show nat44 interfaces show nat44 static mappings show nat44 interface address show nat44 sessions detail show nat44 deterministic mappings show nat44 deterministic timeouts show nat44 deterministic sessions show nat workers Change-Id: I2d1be8941dd0e4a9e037f4a4d2cd192389beb8ed Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-25SRv6 masquerading proxy pluginFrancois Clad7-0/+789
Change-Id: Ia65cf2c7b7fdf84c64e60af4cc815251022c53a9 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-01-24SCTP stack (RFC4960)Marco Varlese21-12/+8189
== CONTENT == * SCTP chunks definition as per RFC4960; * Helper functions to set/get values to/from the corresponding chunks; * Hooks to the session/application layers; * Complete state-machine handling; * Implementation for unexpected chunk received in a certain state (state-machine error handling) * Support for 1-single connection; * Sample application to test receive/transmit data-path; * Test to validate SCTP stack; Change-Id: I1b55c455ab400be9513f4e094dadfc3181d2ebc9 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-01-24Improve the error reporting for a IP multicast RPF miss.Neale Ranns2-3/+16
now we get: 00:00:04:288925: pg-input ... 00:00:04:289345: ethernet-input ... 00:00:04:289524: ip6-input ... 00:00:04:289553: ip6-mfib-forward-lookup ... 00:00:04:289584: ip6-mfib-forward-rpf entry 14 itf 2 flags Forward, 00:00:04:289754: ip6-drop UDP: 2002::1 -> ff01:2::255 tos 0x00, flow label 0x0, hop limit 64, payload length 21 UDP: 1234 -> 1234 length 21, checksum 0x90d1 00:00:04:289802: error-drop ip4-input: Multicast RPF check failed 08:36:44,517 Count Node Reason 182 ip4-input Multicast RPF check failed 8 ip6-icmp-input neighbor advertisements sent 8 ip6-icmp-input router advertisements sent 8 arp-input ARP replies sent Change-Id: I1b29cda4ec77a88db45bfb25c7473cd64bbf501a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-01-24Improve tunnel interface creation performanceJohn Lo8-90/+86
Modify interface creation to allow creation of tunnel interfaces without dedicated per tunnel output and tx nodes which are not used for most tunnel types. Also changed interface-output node function vnet_per_buffer_interface_output() so it does not rely on hw_if_index as the next node index which is not flexible nor efficient for large scale tunnel interfaces. The improvenemts are done for VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels. GRE tunnel is still using per tunnel output nodes which will be changed in a separate patch with other GRE enhencements. Change-Id: I4123c01c0d2ead814417a867adb8c8a407e4df55 Signed-off-by: John Lo <loj@cisco.com>
2018-01-24NAT44: asymmetrical static mapping and one-armed NAT (VPP-1138)Matus Fabian1-1/+10
One-armed NAT should work for asymmetrical static mappings without adding external address to the NAT44 pool. Change-Id: Ie886b75b55c3b552d1029a50bd967625fde80f09 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-01-24docs: Clean up TOCDave Wallace1-1/+1
Change-Id: I5415c002a431d84372f56d4a77dc2aabd6ef55f7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com> (cherry picked from commit 1eb970d16028e9a987c1dd2bfe217d1313262b81)