summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-04-10Make IPsec tunnel intf work with IPv4 output featuresMatthew Smith2-0/+13
With no IPv4 output features on an IPsec tunnel inferface, when packets are forwarded to that interface, they reach the ipsec-if-output node via the output_node_index on the hw interface and they are handled correctly. When an IPv4 output feature (e.g. output ACL, outbound NAT) is enabled on an IPsec tunnel interface, outbound IPsec stops working for that interface. The last node in the ip4-output feature arc is interface-output. From there a packet is sent to ipsec<N>-output, and then ipsec<N>-tx. The tx function for an IPsec tunnel interface that is called by ipsec<N>-tx is a dummy that doesn't do anything except write a warning message. Enable a feature on the interface-output feature arc for an IPsec tunnel interface so the ipsec-if-output node is reached from the interface-output node. Change-Id: Ia9c73d3932f5930ec7ce0791a0375b1d37148b01 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-09features: don't break linked list, create separate one for arcDamjan Marion4-14/+16
We need to keep original linked list so destructire can remove entries. Change-Id: I5ff5ca0e1a417d88707255207725bba46433c943 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-09L2: no-flood interface type in the Bridge-DomainNeale Ranns5-11/+42
Change-Id: I50ff0cacf88182f8e0be19840c50f4954de586e2 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-09plugins: unload plugin if early init failsDamjan Marion11-2/+211
Change-Id: I32f68e2ee8f5d32962acdefb0193583f71d342b3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-09NAT44: don't add static mapping to resolution vector if failed (VPP-1225)Matus Fabian1-3/+27
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-09Autodetect plugin pathDamjan Marion3-12/+59
dpdk plugin self-disables if there are no hugepages available Change-Id: Ib286e1a370deeb21248e6e961573ef9c68759b4c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2018-04-09DVR: save the rewrite length in packet meta-data for featuresNeale Ranns1-3/+9
Change-Id: I0efd03bdb84bc9ff2334d398bfdb82486228114a Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-07BIER coveroty fix for unintialised return value on errorNeale Ranns1-1/+1
Change-Id: I2b1d1035f810cb58356626cf081d46eb289265b4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-06Change l2-fwd node to allow possible feature before UU-FLOODJohn Lo1-6/+14
If l2-fwd node does not find an L2FIB entry for DMAC of packet, use input feature bitmap to find next node instead of always sending packet to l2-flood node to perform unknow unicast flood. It provides possibilty of using other feature to forward unknow unicast packet instead of flooding the BD. Change-Id: I56b277050537678c92bd548d96d87cadc8d2e287 Signed-off-by: John Lo <loj@cisco.com>
2018-04-05VOM: Get vhost-user type from nameMohsin Kazmi1-1/+2
Adopt nova naming convention for vhost-user interfaces. Change-Id: If70f0828106bf594eb11d4f0ed2898a35ec0af15 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-05IPIP: version.h is not neededNeale Ranns1-1/+0
Change-Id: I78a4176f98c2b4630a57ac5ddb7faf58ba0c4ee1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-05memif: bug fixesDamjan Marion2-22/+74
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-05VOM: Add sub_interface in specific routing tableMohsin Kazmi2-0/+19
Change-Id: I3700fc1d140e30da783e41762670618f0298c7db Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-05DSLite: Implement new API call DSLITE_ADDRESS_DUMP.Jon Loeliger2-0/+67
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-04-04Bump package versionChris Luke1-1/+1
Change-Id: I81d870ab9fc0b1f0e1b777d56ca7870ff99c7c2c Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-04Doc updates prior to branchChris Luke3-11/+23
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-04memif: zero copy slaveDamjan Marion7-145/+677
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-04Detailed stats collection featureNeale Ranns12-41/+434
Use device-input and interface-output feautre arcs to collect unicast, multicast and broadcast states for RX and TX resp. Since these feature arcs are present only for 'physical' interfaces (i.e. not su-interfaces) counter collection is supported only on parent interface types. Change-Id: I915c235e336b0fc3a3c3de918f95dd674e4e0e4e Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-04NAT added FIB entries have a preference lower than API/CLINeale Ranns3-6/+12
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-04NAT44: prohibit multiple static mappings for a single local address (VPP-1224)Matus Fabian1-0/+11
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04NAT44: fix static mapping for DHCP addressed interface deleting (VPP-1223)Matus Fabian1-4/+92
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04dpdk:fix checksum handling of l2 interfacesEyal Bari1-17/+19
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-04-03reassembly: bug fixesKlement Sekera3-17/+22
This change fixes a bug which would corrupt features infra by making feature infra resistant to double-removal. It also fixes 'out of memory' issue by properly initializing the bihash tables. Change-Id: I78ac03139234a9a0e0b48e7bdfac1c38a0069e82 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-04-03session: use fib index in ip local testFlorin Coras1-1/+1
Change-Id: I148cb40c8bea55dabe54fa6a662d46862e571640 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-30tapv2: Sporadic SIGABRT in ethernet_input [VPP-1183]Steven2-5/+6
virtio_free_rx_buffers uses the wrong slot in the vring to get the buffer index. It uses desc_next. It should be last_used_idx which is the slot number for the first valid descriptor. Change-Id: I6b62b794f06869fbffffce45430b8b2e37b1266c Signed-off-by: Steven <sluong@cisco.com>
2018-03-30acl-plugin: implement an optional session reclassification when ACL is ↵Andrew Yourtchenko4-10/+128
(re-)applied There were several discussions in which users would expect the sessions to be deleted if the new policy after the change does not permit them. There is no right or wrong answer to this question - it is a policy decision. This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to an interface, this counter increments. The newly created connections inherit the current policy epoch in a given direction. Likewise, this counter increments if anyone updates an ACL applied to an interface. There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]" (with default being 0) which allows to enable the checking of the existing sessions against the current policy epoch in a given direction. The session is not verified unless there is traffic hitting that session *in the direction of the policy creation* - if the epoch has changed, the session is deleted and within the same processing cycle is evaluated against the ACL rule base and recreated - thus, it should allow traffic-driven session state refresh without affecting the connectivity for the existing sessions. If the packet is coming in the direction opposite to which the session was initially created, the state adjustment is never done, because doing so generically is not really possible without diving too deep into the special cases, which may or may not work. Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-30Updated sample startup.conf with supported plugin config options.Maciek Konstantynowicz1-10/+19
Change-Id: Id2884a4c2208b4382fce56019b11e4b7fdc4275b Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
2018-03-30Add missing stdint.hChris Luke1-0/+1
Coverity has started whining about uint32_t missing in this .h Change-Id: I57992121c0593d6a0ada35917802d0300cf91259 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-30lacp: faster convergence for slow-rate config optionSteven6-18/+29
Do fast-rate if we are not yet synchronized with the partner. Stop sending LACP updates as a flash in the worker thread. Just expire the timer and let the lacp_process handle sending LACP PDU. Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1 Signed-off-by: Steven <sluong@cisco.com>
2018-03-30bond: show trace causes a crash if the interface is deletedSteven3-13/+32
For the debug image, if the interface is removed and the trace was collected prior to the interface delete, show trace may cause a crash. This is because vnet_get_sw_interface_name and vnet_get_sup_hw_interface are not safe if the interface is deleted. The fix is to use format_vnet_sw_if_index_name if all we need is to get the interface name in the trace to display. It would show "DELETED" which is better than a crash. Change-Id: I912402d3e71592ece9f49d36c8a6b7af97f3b69e Signed-off-by: Steven <sluong@cisco.com>
2018-03-30dpdk: fix crash due to incorrect xd->flags value with slave's link togglingSteve Shin1-2/+5
xd->flags is set incorrectly when a slave link is down in bonded interface mode. This can result in VPP crash when data traffic flows to the interface. Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-29Coverity fixes (VPP-1204)Chris Luke6-13/+17
Minor bug fixes CID 183000: double close CID 180996: dead code CID 180995: NULL deref CID 181957: NULL deref CID 182676: NULL deref CID 182675: NULL deref Change-Id: Id35e391c95fafb8cd771984ee8a1a6e597056d37 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-29ip6: fix ip6-local urpf checkingFlorin Coras1-4/+7
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check. Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29l2_input:optimize counter accessEyal Bari1-31/+16
only one counter update per frame (was updated per iteration) only access ethertype for casts (was always accessing ethertype) Change-Id: I3a3c3219ec63e975cf5bd8cf2d93103932a4aaa3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-29tcp: fix fib index buffer taggingFlorin Coras3-14/+19
Change-Id: I373cc252df3621d44879b8eca70aed17d7752a2a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29No need for this routine to be globalDave Barach1-1/+1
Causes subtle misbehavior elsewhere Change-Id: I3a0ade26e8e03b8c5dc8e722f6a01fb99ec7a1e0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-28vom: Fix the error handling for already existing itfMohsin Kazmi1-1/+5
Change-Id: I5695d51dd4f6daff472877fe1cce3ddcb924b187 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-28bond: cli renameSteven1-11/+10
rename "enslave interface <slave> to <BondEthernetx>" to "bond add <BondEthernetx> <slave> "detach interface <slave>" to "bond del <slave>" Change-Id: I1bf8f017517b1f8a823127c7efedd3766e45cd5b Signed-off-by: Steven <sluong@cisco.com>
2018-03-28SCTP: use custom fibMarco Varlese2-7/+12
Following TCP fixes from Florin (11430), this patch follows the same approach to indicate a fib (not just using the default one). Change-Id: Ib883aa0e9a1c6157acfea69c44426ba07d6c932a Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2018-03-28NAT44: make 1:1NAT for DHCP addressed interface persistentMatus Fabian1-22/+53
Static mapping is not deleted from resolution vector after address is set on interface. Change-Id: Ib7c45ca2e307123d101248c5a1b17d130ac32cd0 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-28avf: keep input node in disabled state unless neededDamjan Marion1-1/+1
Change-Id: I9a0105aa2373bd4db218851b1bbee50c6b6dfc7d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-28NAT44: fix nat44_user_session_dump and nat44_del_session crash with one ↵Matus Fabian2-2/+2
worker (VPP-1213) Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-27vxlan:refactor add del command functionEyal Bari1-102/+43
Change-Id: I33ba5a011100baf1c786f9a63a0cf3d2e1020493 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-27vlib: gcc-7 -O3 uninitialized valuesDamjan Marion1-5/+5
Change-Id: I59b4142daab439d60a1ebd48b2c1366df0160288 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27vlib: make cloned structures cacheline alignedDamjan Marion2-13/+24
This address crash with gcc-7 observed when -o3 is used. Change-Id: I10e87da8e5037ad480eba7fb0aaa9a657d3bf48d Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27acl-plugin: autosize the ACL plugin heap and fix the heap size types and parsingAndrew Yourtchenko3-9/+43
- autosize the ACL plugin heap size based on the number of workers - for manual heap size setting, use the proper types (uword), and proper format/unformat functions (unformat_memory_size) Change-Id: I7c46134e949862a0abc9087d7232402fc5a95ad8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-27VOM: Fix connection stateNeale Ranns3-8/+14
Change-Id: I4851b2245f81bcf3cf5f40909c4d158a51af7068 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-03-27memif: add private header size fieldDamjan Marion2-0/+5
private header size allows to reserve firs X bytes of payload to be considered as private metadata. For now we just support value 0 but adding this field to address future needs without changing protocol version. Change-Id: Id77336584c0194a303b20210aff584c7372cba01 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-03-27bond: coverity woesSteven2-27/+32
coverity complains about statements in function A function A { x % vec_len (y) } because vec_len (y) is a macro and may return 0 if the pointer y is null. But coverity fails to realize the same statement vec_len (y) was already invoked and checked in the caller of function A and punt if vec_len (y) is 0. We can fix the coverity warning and shave off a few cpu cycles by caching the result of vec_len (y) and pass it around to avoid calling vec_len (y) again in multiple places. Change-Id: I095166373abd3af3859646f860ee97c52f12fb50 Signed-off-by: Steven <sluong@cisco.com>
2018-03-27VOM: bond: Add support for LACPMohsin Kazmi17-6/+1701
Change-Id: I0245263b212142858d3305b0f365d8342912dbb9 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>