summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-03-30tapv2: Sporadic SIGABRT in ethernet_input [VPP-1183]Steven2-5/+6
virtio_free_rx_buffers uses the wrong slot in the vring to get the buffer index. It uses desc_next. It should be last_used_idx which is the slot number for the first valid descriptor. Change-Id: I6b62b794f06869fbffffce45430b8b2e37b1266c Signed-off-by: Steven <sluong@cisco.com>
2018-03-30acl-plugin: implement an optional session reclassification when ACL is ↵Andrew Yourtchenko4-10/+128
(re-)applied There were several discussions in which users would expect the sessions to be deleted if the new policy after the change does not permit them. There is no right or wrong answer to this question - it is a policy decision. This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to an interface, this counter increments. The newly created connections inherit the current policy epoch in a given direction. Likewise, this counter increments if anyone updates an ACL applied to an interface. There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]" (with default being 0) which allows to enable the checking of the existing sessions against the current policy epoch in a given direction. The session is not verified unless there is traffic hitting that session *in the direction of the policy creation* - if the epoch has changed, the session is deleted and within the same processing cycle is evaluated against the ACL rule base and recreated - thus, it should allow traffic-driven session state refresh without affecting the connectivity for the existing sessions. If the packet is coming in the direction opposite to which the session was initially created, the state adjustment is never done, because doing so generically is not really possible without diving too deep into the special cases, which may or may not work. Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-30Updated sample startup.conf with supported plugin config options.Maciek Konstantynowicz1-10/+19
Change-Id: Id2884a4c2208b4382fce56019b11e4b7fdc4275b Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
2018-03-30Add missing stdint.hChris Luke1-0/+1
Coverity has started whining about uint32_t missing in this .h Change-Id: I57992121c0593d6a0ada35917802d0300cf91259 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-30lacp: faster convergence for slow-rate config optionSteven6-18/+29
Do fast-rate if we are not yet synchronized with the partner. Stop sending LACP updates as a flash in the worker thread. Just expire the timer and let the lacp_process handle sending LACP PDU. Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1 Signed-off-by: Steven <sluong@cisco.com>
2018-03-30bond: show trace causes a crash if the interface is deletedSteven3-13/+32
For the debug image, if the interface is removed and the trace was collected prior to the interface delete, show trace may cause a crash. This is because vnet_get_sw_interface_name and vnet_get_sup_hw_interface are not safe if the interface is deleted. The fix is to use format_vnet_sw_if_index_name if all we need is to get the interface name in the trace to display. It would show "DELETED" which is better than a crash. Change-Id: I912402d3e71592ece9f49d36c8a6b7af97f3b69e Signed-off-by: Steven <sluong@cisco.com>
2018-03-30dpdk: fix crash due to incorrect xd->flags value with slave's link togglingSteve Shin1-2/+5
xd->flags is set incorrectly when a slave link is down in bonded interface mode. This can result in VPP crash when data traffic flows to the interface. Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-29Coverity fixes (VPP-1204)Chris Luke6-13/+17
Minor bug fixes CID 183000: double close CID 180996: dead code CID 180995: NULL deref CID 181957: NULL deref CID 182676: NULL deref CID 182675: NULL deref Change-Id: Id35e391c95fafb8cd771984ee8a1a6e597056d37 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-29ip6: fix ip6-local urpf checkingFlorin Coras1-4/+7
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check. Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29l2_input:optimize counter accessEyal Bari1-31/+16
only one counter update per frame (was updated per iteration) only access ethertype for casts (was always accessing ethertype) Change-Id: I3a3c3219ec63e975cf5bd8cf2d93103932a4aaa3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-29tcp: fix fib index buffer taggingFlorin Coras3-14/+19
Change-Id: I373cc252df3621d44879b8eca70aed17d7752a2a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29No need for this routine to be globalDave Barach1-1/+1
Causes subtle misbehavior elsewhere Change-Id: I3a0ade26e8e03b8c5dc8e722f6a01fb99ec7a1e0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-28vom: Fix the error handling for already existing itfMohsin Kazmi1-1/+5
Change-Id: I5695d51dd4f6daff472877fe1cce3ddcb924b187 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-28bond: cli renameSteven1-11/+10
rename "enslave interface <slave> to <BondEthernetx>" to "bond add <BondEthernetx> <slave> "detach interface <slave>" to "bond del <slave>" Change-Id: I1bf8f017517b1f8a823127c7efedd3766e45cd5b Signed-off-by: Steven <sluong@cisco.com>
2018-03-28SCTP: use custom fibMarco Varlese2-7/+12
Following TCP fixes from Florin (11430), this patch follows the same approach to indicate a fib (not just using the default one). Change-Id: Ib883aa0e9a1c6157acfea69c44426ba07d6c932a Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-28NAT44: make 1:1NAT for DHCP addressed interface persistentMatus Fabian1-22/+53
Static mapping is not deleted from resolution vector after address is set on interface. Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-28avf: keep input node in disabled state unless neededDamjan Marion1-1/+1
Change-Id: I9a0105aa2373bd4db218851b1bbee50c6b6dfc7d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-28NAT44: fix nat44_user_session_dump and nat44_del_session crash with one ↵Matus Fabian2-2/+2
worker (VPP-1213) Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-27vxlan:refactor add del command functionEyal Bari1-102/+43
Change-Id: I33ba5a011100baf1c786f9a63a0cf3d2e1020493 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-27vlib: gcc-7 -O3 uninitialized valuesDamjan Marion1-5/+5
Change-Id: I59b4142daab439d60a1ebd48b2c1366df0160288 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27vlib: make cloned structures cacheline alignedDamjan Marion2-13/+24
This address crash with gcc-7 observed when -o3 is used. Change-Id: I10e87da8e5037ad480eba7fb0aaa9a657d3bf48d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27acl-plugin: autosize the ACL plugin heap and fix the heap size types and parsingAndrew Yourtchenko3-9/+43
- autosize the ACL plugin heap size based on the number of workers - for manual heap size setting, use the proper types (uword), and proper format/unformat functions (unformat_memory_size) Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-27VOM: Fix connection stateNeale Ranns3-8/+14
Change-Id: I4851b2245f81bcf3cf5f40909c4d158a51af7068 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-27memif: add private header size fieldDamjan Marion2-0/+5
private header size allows to reserve firs X bytes of payload to be considered as private metadata. For now we just support value 0 but adding this field to address future needs without changing protocol version. Change-Id: Id77336584c0194a303b20210aff584c7372cba01 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27bond: coverity woesSteven2-27/+32
coverity complains about statements in function A function A { x % vec_len (y) } because vec_len (y) is a macro and may return 0 if the pointer y is null. But coverity fails to realize the same statement vec_len (y) was already invoked and checked in the caller of function A and punt if vec_len (y) is 0. We can fix the coverity warning and shave off a few cpu cycles by caching the result of vec_len (y) and pass it around to avoid calling vec_len (y) again in multiple places. Change-Id: I095166373abd3af3859646f860ee97c52f12fb50 Signed-off-by: Steven <sluong@cisco.com>
2018-03-27VOM: bond: Add support for LACPMohsin Kazmi17-6/+1701
Change-Id: I0245263b212142858d3305b0f365d8342912dbb9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-26VCL: add IPv6 to socket_test.sh and make testDave Wallace5-43/+192
Change-Id: If3827828062a46f1cce43642535333f677f06e62 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-03-26plugins: dpdk: ipsec: fix l3 offsetSzymon Sliwa1-2/+1
Changes the source of the l3 offset to a more proper one, same as I5d9f41599ba8d8eb14ce2d9d523f82ea6e0fd10d. Change-Id: I5ff05d7d89507ecb378a2bd62f5b149189ca9e99 Signed-off-by: Szymon Sliwa <szs@semihalf.com>
2018-03-26Restore the brief FIB entry printingNeale Ranns1-7/+7
Change-Id: I007d48aeb934e5d2f087ca3b8ddc6f7a0e48d411 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-03-26vlib: add support for vfio no-iommu modeDamjan Marion4-33/+51
Change-Id: Ic83971d8d9d8d0bb90a35932e60761cd728457f3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-26afpacket: Fix the reply if itf already exitsMohsin Kazmi1-1/+3
Change-Id: I47768ea50140222fec54e97cbaff2049bd3cb599 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-26Disable -Waddress-of-packed-member warnings reported by clangDamjan Marion1-0/+8
Change-Id: Ic07ea5b0a7addec7b0ccfbe0570f341056e6d55b Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-26acl-plugin: defer the ACL plugin user module registration with ACL lookup ↵Andrew Yourtchenko1-3/+5
until it is needed Registering ACL plugin user module within the "ACL as a service" infra during the plugin init causes an unnecesary ACL heap allocation and prevents the changing of the ACL heap size from the startup config. Defer this registration until just before it is needed - i.e. when applying an ACL to an interface. Change-Id: Ied79967596b3b76d6630f136c998e59f8cdad962 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-26plugin: Add plugin 'default' disable/enableMohsin Kazmi2-0/+11
How to use: plugins { plugin default {disable} plugin dpdk_plugin.so {enable} plugin acl_plugin.so {enable} } It also preserves the old behavior. Change-Id: I9901c56d82ec4410e69c917992b78052aa6a99e0 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-26Intel Adaptive Virtual Function native device driver pluginDamjan Marion12-0/+3008
Change-Id: If168a9c54baaa516ecbe78de2141f11c17aa2f53 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-25session: fix local session disconnectsFlorin Coras3-22/+58
Select the right segment manager for local sessions established via global table. Change-Id: I88ad4bf70d0cae160a0c744950098a954dfbc911 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-24User session counters stay <= per-user limitMatthew Smith3-17/+22
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-03-23acl-plugin: improvements in 'show acl-plugin macip acl' CLIAndrew Yourtchenko2-11/+47
- allow to optionally specify the specific MACIP ACL index: 'show acl-plugin macip acl [index N]' - after showing the MACIP ACL, show the sw_if_index of interface(s) where it is applied. Also, add some executions of this debug commands to the MACIP test case for easy verification. Change-Id: I56cf8272abc20b1b2581b60d528d27a70d186b18 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23Drop dhcp pkts w/ hardware address mismatchesDave Barach2-11/+40
Add a few dhcp client rx packet/state counters Temporarily disable the dhcp client unit test, since it trips over the newly-added hardware address check. Change-Id: I7f68607e6ed3d738cba357c3fe76664a99b71cd8 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-23IPSEC_AH: broken initialization (VPP-1208)Marco Varlese1-1/+1
The init-path for IPSEC_AH where the CTX gets initialized is broken since the for-loop never executes due to the wrong usage of tm->n_vlib_mains which being subtracted by 1. Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-23tcp/session: sprinkle prefetchesFlorin Coras4-16/+37
Change-Id: Idef3c665580c13d72e99f43d16b8b13cc6ab746f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-23session: allow builtin apps to register namesFlorin Coras6-20/+73
Change-Id: I4b428e170436671b329657283cf7653befc85c9f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-23acl-plugin: set ACL heap within the exported functions that might alloc memoryAndrew Yourtchenko3-0/+23
The functions which get called by other plugins need to set the acl plugin heap, such that the other plugins do not have to think about it. Change-Id: I673073f17116ffe444c163bf3dff40821d0c2686 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-23NAT44: fix ICMP checksum update crash (VPP-1205)Matus Fabian2-0/+6
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-23IGMP: coverity fixes and remove checks for scapy IGMPv3Neale Ranns2-9/+5
Change-Id: Ic2eddc803f9ba8215e37388a686004830211cf6f Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-22bond: performance enhancementSteven3-155/+220
We were only puting one packet per frame to the output node. Change to buffer multiple packets per frame. Performance is now on top of dpdk-based bonding. Put a spinlock in the tx thread in case the rug is pulled under us. Change-Id: Ifda5af086a984a7301972cd6c8e428217f676a95 Signed-off-by: Steven <sluong@cisco.com>
2018-03-22vom: itf: make vhost_user as socket slaveMohsin Kazmi1-1/+2
Change-Id: I57b2ec35d9629fb5336c1ccfa4c6c849df118f7b Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-22VPP-1204: Fix coverity warningDave Barach1-2/+5
Change-Id: Iacb32e6e855f7b77108154d956ef27ee141bbde0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22Add circular loggingDave Barach3-21/+85
Change-Id: Ide8bf41e24a427643a3a17b1c9089993790c12a6 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-22Revert "acl-plugin: improvement on 'show acl-plugin' CLI"Damjan Marion2-37/+9
This reverts commit 378ac0533e5ac8c3121d8f66ba61a8548e55282f. Change-Id: If34b1c964453adb0e4c44e3eab4f6e306bd9c9e9 Signed-off-by: Damjan Marion <damarion@cisco.com>