summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-04-12Handle DHCP replies with NAT44 forwarding enabledMatthew Smith1-48/+57
When NAT44 forwarding is disabled, if a DHCP server-to- client packet arrives on an outside interface, it is handled correctly by setting the next node to the next feature on the ip4-unicast feature arc, where it can be processed. When NAT44 forwarding is enabled, if a DHCP server-to- client packet arrives, it is not handled any differently than other packets and ends up going to ip4-lookup which results in the packet being dropped. Move the check for DHCP server-to-client packets outside of the block that is executed if forwarding is disabled so DHCP replies will be processed in either case. Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-11VPPAPIGEN: Consistent CRC32 on complete file.Ole Troan1-17/+25
Prior to this fix vppapigen would just do a crc32 on the Python representation of the file as a set of dictionaries. That of course was not a good idea. Change-Id: Ie454736ffec02fa4679ab27e684b1d6c6406a0f1 Signed-off-by: Ole Troan <ot@cisco.com>
2018-04-11Clean up temp dir in failure casesDave Barach1-0/+3
Change-Id: Icfb99a09726c01e96ff14967afbafa4116e02eff Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-04-11fix: sample vpp-api C client hangs vpp daemon because of NULL callbackAndrey "Zed" Zaikin1-4/+3
Change-Id: I686254b332a4527cb0cad3c5c0a17ea4c9f40e1d Signed-off-by: Andrey "Zed" Zaikin <zed.0xff@gmail.com>
2018-04-11NAT44: fix setting of flag SNAT_SESSION_FLAG_LOAD_BALANCING (VPP-1235)Matus Fabian4-24/+36
Change-Id: Ieeafb41d10959700bfd434cd455800af31944150 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-11acl-plugin: VPP-1231: add error checking to acl_plugin_set_acl_vec_for_contextAndrew Yourtchenko1-1/+26
The users of ACL lookup contexts might not check the data they supply, so do it on their behalf in this function, and return an error if an ACL does not exist or if they attempt to apply the same ACL twice. Change-Id: I89d871e60f267ce643f88574c83baf9cd0a2d7b3 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit e5cbccf35f4d230afafa633abbc88e64ef33d758)
2018-04-11acl-plugin: VPP-1230: fix the "undefined symbol" error for acl_main when ↵Andrew Yourtchenko3-9/+31
using the inline functions The acl_main struct, which is defined in the acl_plugin, is not visible when the ACL plugin inline code is being compiled within the context of other plugins. Fix that by using the global pointer variable, which exists in both the ACL plugin context and is set in the context of the external plugins using ACL plugin. Change-Id: Iaa74dd8cf36ff5442a06a25c5c968722116bddf8 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 1286a15a6e60f80b0e1b349f876de8fa38c71368)
2018-04-11dpdk: fail in early init if we cannot alloc hugepagesDamjan Marion1-4/+19
Change-Id: If536ae142dc0109b587d92981d337bc6f15e070a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-10when deleting l3 static mapping with addr_only,ahdj0071-1/+4
lb session with the same user maybe deleted. Change-Id: Ie58579cf4f8babb594f3c44aa185720134c58c3d Signed-off-by: ahdj007 <dong.juan1@zte.com.cn>
2018-04-10CSIT-895 dpdk/ipsec: add locks on session data hash updatesRadu Nicolau2-33/+40
Change-Id: I6400b77de388c01e85209e5dc5f11ccafb79a459 Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-04-10srv6-ad: fixing cache size issueFrancois Clad3-11/+18
Change-Id: Iaadfbc75832e37ae52511b25448da14116214fc1 Signed-off-by: Francois Clad <fclad@cisco.com>
2018-04-10Make IPsec tunnel intf work with IPv4 output featuresMatthew Smith2-0/+13
With no IPv4 output features on an IPsec tunnel inferface, when packets are forwarded to that interface, they reach the ipsec-if-output node via the output_node_index on the hw interface and they are handled correctly. When an IPv4 output feature (e.g. output ACL, outbound NAT) is enabled on an IPsec tunnel interface, outbound IPsec stops working for that interface. The last node in the ip4-output feature arc is interface-output. From there a packet is sent to ipsec<N>-output, and then ipsec<N>-tx. The tx function for an IPsec tunnel interface that is called by ipsec<N>-tx is a dummy that doesn't do anything except write a warning message. Enable a feature on the interface-output feature arc for an IPsec tunnel interface so the ipsec-if-output node is reached from the interface-output node. Change-Id: Ia9c73d3932f5930ec7ce0791a0375b1d37148b01 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-04-09features: don't break linked list, create separate one for arcDamjan Marion4-14/+16
We need to keep original linked list so destructire can remove entries. Change-Id: I5ff5ca0e1a417d88707255207725bba46433c943 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-09L2: no-flood interface type in the Bridge-DomainNeale Ranns5-11/+42
Change-Id: I50ff0cacf88182f8e0be19840c50f4954de586e2 Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-09plugins: unload plugin if early init failsDamjan Marion11-2/+211
Change-Id: I32f68e2ee8f5d32962acdefb0193583f71d342b3 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-09NAT44: don't add static mapping to resolution vector if failed (VPP-1225)Matus Fabian1-3/+27
Change-Id: I71660eb327124179ff200763c4743cc81dc6e1c6 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-09Autodetect plugin pathDamjan Marion3-12/+59
dpdk plugin self-disables if there are no hugepages available Change-Id: Ib286e1a370deeb21248e6e961573ef9c68759b4c Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2018-04-09DVR: save the rewrite length in packet meta-data for featuresNeale Ranns1-3/+9
Change-Id: I0efd03bdb84bc9ff2334d398bfdb82486228114a Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
2018-04-07BIER coveroty fix for unintialised return value on errorNeale Ranns1-1/+1
Change-Id: I2b1d1035f810cb58356626cf081d46eb289265b4 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-06Change l2-fwd node to allow possible feature before UU-FLOODJohn Lo1-6/+14
If l2-fwd node does not find an L2FIB entry for DMAC of packet, use input feature bitmap to find next node instead of always sending packet to l2-flood node to perform unknow unicast flood. It provides possibilty of using other feature to forward unknow unicast packet instead of flooding the BD. Change-Id: I56b277050537678c92bd548d96d87cadc8d2e287 Signed-off-by: John Lo <loj@cisco.com>
2018-04-05VOM: Get vhost-user type from nameMohsin Kazmi1-1/+2
Adopt nova naming convention for vhost-user interfaces. Change-Id: If70f0828106bf594eb11d4f0ed2898a35ec0af15 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-05IPIP: version.h is not neededNeale Ranns1-1/+0
Change-Id: I78a4176f98c2b4630a57ac5ddb7faf58ba0c4ee1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-05memif: bug fixesDamjan Marion2-22/+74
Change-Id: Id775efb2e85d850e510d00f1b48bb711a3342397 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-05VOM: Add sub_interface in specific routing tableMohsin Kazmi2-0/+19
Change-Id: I3700fc1d140e30da783e41762670618f0298c7db Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-05DSLite: Implement new API call DSLITE_ADDRESS_DUMP.Jon Loeliger2-0/+67
Change-Id: I92ca28d3007f7ea43cd3e8b20659e400dfa6c75c Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-04-04Bump package versionChris Luke1-1/+1
Change-Id: I81d870ab9fc0b1f0e1b777d56ca7870ff99c7c2c Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-04Doc updates prior to branchChris Luke3-11/+23
Change-Id: Ibcffee7d20dbb79720199bcd82d2353f39d5544f Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-04-04memif: zero copy slaveDamjan Marion7-145/+677
Change-Id: I65306fb1f8e39221dd1d8c00737a7fb1c0129ba8 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-04-04Detailed stats collection featureNeale Ranns12-41/+434
Use device-input and interface-output feautre arcs to collect unicast, multicast and broadcast states for RX and TX resp. Since these feature arcs are present only for 'physical' interfaces (i.e. not su-interfaces) counter collection is supported only on parent interface types. Change-Id: I915c235e336b0fc3a3c3de918f95dd674e4e0e4e Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-04-04NAT added FIB entries have a preference lower than API/CLINeale Ranns3-6/+12
Change-Id: Ia99490180683e8649784f7d9d18c509c3ca78438 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-04-04NAT44: prohibit multiple static mappings for a single local address (VPP-1224)Matus Fabian1-0/+11
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04NAT44: fix static mapping for DHCP addressed interface deleting (VPP-1223)Matus Fabian1-4/+92
Change-Id: Ifb4d23059b7989c32a52eaf0c25c275b35e83010 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-04-04dpdk:fix checksum handling of l2 interfacesEyal Bari1-17/+19
dpdk-input was dropping packets with bad ip-checksum on l2 interfaces Change-Id: Ife5b52766bb71e878b1da6e94ae7b8a1e59fc478 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-04-03reassembly: bug fixesKlement Sekera3-17/+22
This change fixes a bug which would corrupt features infra by making feature infra resistant to double-removal. It also fixes 'out of memory' issue by properly initializing the bihash tables. Change-Id: I78ac03139234a9a0e0b48e7bdfac1c38a0069e82 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-04-03session: use fib index in ip local testFlorin Coras1-1/+1
Change-Id: I148cb40c8bea55dabe54fa6a662d46862e571640 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-30tapv2: Sporadic SIGABRT in ethernet_input [VPP-1183]Steven2-5/+6
virtio_free_rx_buffers uses the wrong slot in the vring to get the buffer index. It uses desc_next. It should be last_used_idx which is the slot number for the first valid descriptor. Change-Id: I6b62b794f06869fbffffce45430b8b2e37b1266c Signed-off-by: Steven <sluong@cisco.com>
2018-03-30acl-plugin: implement an optional session reclassification when ACL is ↵Andrew Yourtchenko4-10/+128
(re-)applied There were several discussions in which users would expect the sessions to be deleted if the new policy after the change does not permit them. There is no right or wrong answer to this question - it is a policy decision. This patch implements an idea to approach this. It uses a per-interface-per-direction counter to designate a "policy epoch" - a period of unchanging rulesets. The moment one removes or adds an ACL applied to an interface, this counter increments. The newly created connections inherit the current policy epoch in a given direction. Likewise, this counter increments if anyone updates an ACL applied to an interface. There is also a new (so far hidden) CLI "set acl-plugin reclassify-sessions [0|1]" (with default being 0) which allows to enable the checking of the existing sessions against the current policy epoch in a given direction. The session is not verified unless there is traffic hitting that session *in the direction of the policy creation* - if the epoch has changed, the session is deleted and within the same processing cycle is evaluated against the ACL rule base and recreated - thus, it should allow traffic-driven session state refresh without affecting the connectivity for the existing sessions. If the packet is coming in the direction opposite to which the session was initially created, the state adjustment is never done, because doing so generically is not really possible without diving too deep into the special cases, which may or may not work. Change-Id: I9e90426492d4bd474b5e89ea8dfb75a7c9de2646 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2018-03-30Updated sample startup.conf with supported plugin config options.Maciek Konstantynowicz1-10/+19
Change-Id: Id2884a4c2208b4382fce56019b11e4b7fdc4275b Signed-off-by: Maciek Konstantynowicz <mkonstan@cisco.com>
2018-03-30Add missing stdint.hChris Luke1-0/+1
Coverity has started whining about uint32_t missing in this .h Change-Id: I57992121c0593d6a0ada35917802d0300cf91259 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-30lacp: faster convergence for slow-rate config optionSteven6-18/+29
Do fast-rate if we are not yet synchronized with the partner. Stop sending LACP updates as a flash in the worker thread. Just expire the timer and let the lacp_process handle sending LACP PDU. Change-Id: I8b36fe74e752e7f45bd4a8d70512c0341cc197a1 Signed-off-by: Steven <sluong@cisco.com>
2018-03-30bond: show trace causes a crash if the interface is deletedSteven3-13/+32
For the debug image, if the interface is removed and the trace was collected prior to the interface delete, show trace may cause a crash. This is because vnet_get_sw_interface_name and vnet_get_sup_hw_interface are not safe if the interface is deleted. The fix is to use format_vnet_sw_if_index_name if all we need is to get the interface name in the trace to display. It would show "DELETED" which is better than a crash. Change-Id: I912402d3e71592ece9f49d36c8a6b7af97f3b69e Signed-off-by: Steven <sluong@cisco.com>
2018-03-30dpdk: fix crash due to incorrect xd->flags value with slave's link togglingSteve Shin1-2/+5
xd->flags is set incorrectly when a slave link is down in bonded interface mode. This can result in VPP crash when data traffic flows to the interface. Change-Id: Ideb9f5231db1211e8452c52fde646d681310c951 Signed-off-by: Steve Shin <jonshin@cisco.com>
2018-03-29Coverity fixes (VPP-1204)Chris Luke6-13/+17
Minor bug fixes CID 183000: double close CID 180996: dead code CID 180995: NULL deref CID 181957: NULL deref CID 182676: NULL deref CID 182675: NULL deref Change-Id: Id35e391c95fafb8cd771984ee8a1a6e597056d37 Signed-off-by: Chris Luke <chrisy@flirble.org>
2018-03-29ip6: fix ip6-local urpf checkingFlorin Coras1-4/+7
Use sw_if_index[VLIB_TX] if set as fib index when doing the urpf check. Change-Id: I5ec3e7f7a54c6782704d91e9a5614fd0f7f9e3de Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29l2_input:optimize counter accessEyal Bari1-31/+16
only one counter update per frame (was updated per iteration) only access ethertype for casts (was always accessing ethertype) Change-Id: I3a3c3219ec63e975cf5bd8cf2d93103932a4aaa3 Signed-off-by: Eyal Bari <ebari@cisco.com>
2018-03-29tcp: fix fib index buffer taggingFlorin Coras3-14/+19
Change-Id: I373cc252df3621d44879b8eca70aed17d7752a2a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-29No need for this routine to be globalDave Barach1-1/+1
Causes subtle misbehavior elsewhere Change-Id: I3a0ade26e8e03b8c5dc8e722f6a01fb99ec7a1e0 Signed-off-by: Dave Barach <dave@barachs.net>
2018-03-28vom: Fix the error handling for already existing itfMohsin Kazmi1-1/+5
Change-Id: I5695d51dd4f6daff472877fe1cce3ddcb924b187 Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-03-28bond: cli renameSteven1-11/+10
rename "enslave interface <slave> to <BondEthernetx>" to "bond add <BondEthernetx> <slave> "detach interface <slave>" to "bond del <slave>" Change-Id: I1bf8f017517b1f8a823127c7efedd3766e45cd5b Signed-off-by: Steven <sluong@cisco.com>
2018-03-28SCTP: use custom fibMarco Varlese2-7/+12
Following TCP fixes from Florin (11430), this patch follows the same approach to indicate a fib (not just using the default one). Change-Id: Ib883aa0e9a1c6157acfea69c44426ba07d6c932a Signed-off-by: Marco Varlese <marco.varlese@suse.com>