summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-02-03SNAT: Port allocation per protocolMatus Fabian7-131/+219
Ports are allocated per protocol (UDP, TCP, ICMP) 1:1 NAT with port is configured for specific protocol Change-Id: I37ae5eed3715b223d0620d4fdaed7a482bb7a834 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02Remove unnecessary block structure around CONTROL_PING messages.Jon Loeliger2-204/+168
Now that the M() and S() macros accept a message parameter, there is no longer a need to introduce a new block structure around the CONTROL_PING messages just to have a new unbound "mp" variable. Instead, just use one named "mp_ping" directly. Change-Id: I6b283562bb6eec25806e3d35c35b977680ecd1dd Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Refactor fragile msg macro W and W2 to not burry return control flow.Jon Loeliger12-576/+696
Instead, have them accept and assign a return paramter leaving the return control flow up to the caller. Clean up otherwise misleading returns present even after "NOT REACHED" comments. Change-Id: I0861921f73ab65d55b95eabd27514f0129152723 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Localize the timeout variable within the W message macro.Jon Loeliger11-229/+5
Rather than rely on an unbound variable, explicitly introduce the timeout variable within the 'do { ... } while (0)' construct as a block-local variable. Change-Id: I6e78635290f9b5ab3f56b7f116c5fa762c88c9e9 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Convert message macro S to accept a message pointer parameter;Jon Loeliger12-282/+293
Rather than blindly assume an unbound, fixed message parameter explicilty pass it as a paramter to the S() macro. Change-Id: Ieea1f1815cadd2eec7d9240408d69acdc3caa49a Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Convert M() and M2() macros to honor their second, mp, parameter.Jon Loeliger1-2/+2
Now that all the M() and M2() uses properly supply a message pointer as second parameter, fix the macros to use it. Change-Id: I0b8f4848416c3fa2e06755ad6ea7171b7c546124 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Ensure all M() and M2() second parameters are the message pointer.Jon Loeliger11-283/+284
Rather than maintain (?) an unused second parameter, t, and pull an unbound message pointer, mp, out of context, explicitly list the message pointer as the second parameter. Change-Id: I92143efda6211cdf6b935470f8c71579742a6b64 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2017-02-02Fix SR multicast post mfib commitNeale Ranns13-650/+508
1 - use the SR policy to construct the replicate DPO. Each bucket therein is a SR tunnel. 2 - install a special mfib entry that links via this replicate 3 - forwarding is now mfib-lookup -> replicate -> sr_rewrite (per-tunnel) no need for a separate sr_replicate node. 4 - Stack the sr tunnel on the forwarding DPO of the first-hop FIB entry. no need for a second lookup post SR encap. 5 - fix some path-list lock leaks in the MFIB entry. Change-Id: I20de96ea4c4be4fae252625bde159d9c435c8315 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-02-02Update default Vagrant box to Ubuntu 16.04, VPP-616Dave Wallace1-8/+5
- Make puppetlabs/ubuntu-16.04-64-nocm the default box - Enable x11 forwarding - Install x11-utils required for emacs to work over X11 - Refactor run.sh - Add VPP_VAGRANT_POST_BUILD environment variable to allow selection of installing VPP or run "make test". - Fix dependencies in src/vppapigen.am Change-Id: I0ec054fdc83feb71ca8396df53ed02bf82ecd7e7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-02-02BFD: SHA1 authenticationKlement Sekera9-258/+1459
Add authentication support to BFD feature. Out of three existing authentication types, implement SHA1 (sole RFC requirement). Simple password is insecure and MD5 is discouraged by the RFC, so ignore those. Add/change APIs to allow configuring BFD authentication keys and their usage with BFD sessions. Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-02BFD: improve finding of ipv4/ipv6 headersKlement Sekera1-48/+62
Avoid coverity warning and improve safety by declaring a helper structure and working with it when searching for ip headers. Make sure the content following IPv6 header is actually UDP before parsing it. Bail out if unexpcted IPv6 header found ... Change-Id: I1c6b9fd42d6fdae226f12c91c53c07a932b29522 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-02-02dpdk: fix crypto coverity warningSergio Gonzalez Monroy1-1/+2
Change-Id: I165b64fdc12dd2936df1958348e93b709ce0e784 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-02-02SNAT: changed source for outbound address FIB entry (VPP-613)Matus Fabian2-26/+13
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for flags and resolving interface get. Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-02-02LISP: enhance binary part of some APIsFilip Tehlar5-117/+41
Remote mapping and locator set binary APIs uses zero length arrays defined as 'u8 array[0]' in .api file. This path will change such cases to form 'type_t array[count];' in order to enhance maintainability. Change-Id: I98d0252b441020609c550d48186ed0d8338a3f2d Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-02-02VXLAN: further unify ip4/ip6 ctl plane handlingEyal Bari2-83/+55
fix wrong udp error codes in decap ip6 handling Change-Id: Ibf791a995128d38b31725c1ee67ec9d1c9dffca2 Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31BFD: reformat code to match vpp code styleKlement Sekera1-158/+186
Change-Id: I40deb8b40f5d3a96d2c0dcb400f489cd05a64348 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2017-01-31Prep work for Coverity upload processing via JenkinsDave Barach1-0/+10
Change-Id: I2575d780d19e12ddf8a77e5596e5d7cc3dbf4233 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-31SNAT: Add outbound addresses to FIB (VPP-613)Matus Fabian1-1/+110
Add the external NAT address to the FIB as receive entries. This ensures that VPP will reply to ARP for these addresses and we don't need to enable proxy ARP on the outside interface. Change-Id: I1db153373c43fec4808845449a17085509ca588c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-01-31jvpp: fix coverity warn: reliance on default encodingMarek Gradzki5-18/+35
Change-Id: I8333b7d19ebdacac5445b4505750dd0a46764b36 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-31VXLAN: small changes for brevityEyal Bari1-49/+16
Change-Id: I9cfff0196845c6f1161848aa49442aa4df81b20e Signed-off-by: Eyal Bari <ebari@cisco.com>
2017-01-31MFIB Coverity warnings. The lock macro is functionally equivalent but more ↵Neale Ranns3-29/+44
expressive (and might appease coverity) Change-Id: Ie3c9b2896a487a0302903bfbdd6348f6f091c67d Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-31Add vxlan-bypass feature to IP6 forwarding pathJohn Lo7-184/+470
Add vxlan-bypass feature which can be enabled on the IP6 underlay interface which receive VXLAN packets to accelerate VXLAN decap processing. The CLI to enable/disable it is: set interface ip6 vxlan-bypass <interface> [del] The vxlan-bypass feature is already supported on the IP4 underlay interface. The CLI to enable/disable it is: set interface ip vxlan-bypass <interface> [del] Move vxlan-bypass API/CLI support code from decap.c to vxlan.c. Also fixed two issues in the VXLAN decap path in the vxlan-input node: 1. Add verification of VXLAN packet FIB index with the encap-vrf-id of the VXLAN tunnel. 2. Fix checking of VXLANoIPv6 packet mcast DIP against that of the IP6 mcast VXLAN tunnel. Change-Id: I2bad4074a468c48fbb8bb5ac64f6437190756ed2 Signed-off-by: John Lo <loj@cisco.com>
2017-01-30VPP-621: ping: ICMP echo data size must be bounded by VLIB_BUFFER_DATA_SIZE ↵Andrew Yourtchenko2-29/+46
minus headers. Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build. Avoid the hardcoded value and make the upper bound for ICMP echo data size dependent on the buffer size. Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-01-30Fixed set int state up for ipsec interfacesRadu Nicolau1-2/+2
Change-Id: I2330cb7c2ba0f5eaeb4e7a4c3de4f22283d3923d Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2017-01-30Fix LISP Coverity warningsFlorin Coras2-6/+16
Change-Id: Iaca2ff453872e638ee83b11fc16472e44deb9a7e Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-30add vnet/util/radix.h to nobase_include_HEADERS listGabriel Ganne1-1/+2
header is included by ip6.h and should therefore be made public Change-Id: Ieb7d14bb082d821c2f77e9204ec09d884fb2cb09 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
2017-01-30LISP: add dump calls for GPE entries APIFilip Tehlar6-2/+505
Change-Id: Ie7f51643fd3522a0fa8df8d0309305481c211f5f Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2017-01-28Add files to CLEANFILES for robust make clean.Burt Silverman6-1/+11
At the least, $(BUILT_SOURCES) should be added to CLEANFILES. Also beneficial is $(api_DATA), and in the case of Java, *.files and *.h. Also there is a vpp/app/version.h, and some grammar and lex files in vppapigen. Change-Id: Ic6d3f2d40ce65e1d9a8b88217fa1f36de393ebb4 Signed-off-by: Burt Silverman <burtms@gmail.com>
2017-01-28sh not show in the mfib flags commandsNeale Ranns1-2/+2
Change-Id: If10b878cb05d695eaed9416202fd19bed2e0b793 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-27API refactoring : policerPavel Kotucek6-267/+387
Change-Id: Ia7d8b557bcdf45eb8e33bb3d297bc6f7ad321c72 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27dpdk: rework cryptodev ipsec build and setupSergio Gonzalez Monroy25-412/+441
Build Cryptodev IPsec support by default when DPDK is enabled but only build hardware Cryptodev PMDs. To enable Cryptodev support, a new startup.conf option for dpdk has been introduced 'enable-cryptodev'. During VPP init, if Cryptodev support is not enabled or not enough cryptodev resources are available then default to OpenSSL ipsec implementation. Change-Id: I5aa7e0d5c2676bdb41d775ef40364536a081956d Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-01-27API refactoring : copPavel Kotucek6-114/+237
Change-Id: I1596d7a130fb6d3b170b8e01f2116b323cc10c0d Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27dpdk : incorrect rx filter being installedPavel Kotucek3-1/+20
When mac address is set prior bringing interface up incorrect rx filter being installed into the e1000 mac. Change-Id: If59a2bf16f732e45221b3787d271307d369e54d3 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-27jvpp: utilize per-message CRCs (VPP-544)Marek Gradzki11-15/+143
Since messages ids are no longer statically referenced, fixes also VPP-611. Change-Id: Ic8e6ee2b7f1142c185595347984d69350be25ac3 Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
2017-01-27IP Multicast FIB (mfib)Neale Ranns83-1670/+10388
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match - Replication represented via a new replicate DPO. - RPF configuration and data-plane checking - data-plane signals sent to listening control planes. The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast. 'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests. Updated applications to use the new MIFB functions; - IPv6 NS/RA. - DHCPv6 unit tests for these are undated accordingly. Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-27Cleanup some obfuscated code in next node handling.Vengada3-8/+8
The values of next node can be simply assigned by dereferencing the pointer instead of obfuscating the dereference. Change-Id: I1f4a3d51b768960699010591410695473728d3a2 Signed-off-by: Vengada <venggovi@cisco.com>
2017-01-27drop-and-count snat out2in packets with no translationsDave Barach1-3/+41
Send dhcp server-to-client packets to the ip stack, so we can acquire snat outside interface addresses from a dhcp server Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-27Python API: event_callback not initialised.Ole Troan1-0/+1
Even when not requesting notification the VPP API sends event notifications on certain calls. E.g. creating interfaces. Traceback (most recent call last): File "/vpp/ipfix/src/vpp-api/python/vpp_papi/vpp_papi.py", line 447, in msg_handler_sync if self.event_callback: AttributeError: VPP instance has no attribute 'event_callback' Change-Id: I4ca30c49df298655dc8948c5ebd68de0b3d6a592 Signed-off-by: Ole Troan <ot@cisco.com>
2017-01-27Add multi-vpp support back into pythonic vppctlEd Warnicke1-7/+20
Back when vppctl was a shell script, you could use -p or --prefix to set the chroot prefix to drive multiple vpp instances. This patch adds that capability back. Change-Id: Iaa70a20eff13e8d7e206fcceadb7e5d06afa3fc5 Signed-off-by: Ed Warnicke <hagbard@gmail.com>
2017-01-27API refactoring : l2 (add)Pavel Kotucek4-148/+147
Change-Id: I693a73ba9a5e3b0cb5d2a6c5d363f671e19c1f24 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-26DHCPv[46] proxy testsNeale Ranns1-1/+29
Change-Id: I6aaf9c602cd515ed9d4416d286f9191d048c1a87 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-26Change automake python macro to get python pathTomofumi Hayashi2-1/+3
Previously install path for python binding is fixed, as lib/python2.7/site-packages and other version/enironement is not supported. This change introduces automake's python macro and gets the install path from environment dynamically. Change-Id: I6535107d4bde61976fbdf5392d460beb1049658e Signed-off-by: Tomofumi Hayashi <tohayash@redhat.com>
2017-01-26API refactoring : dhcpPavel Kotucek6-306/+427
Change-Id: I3829835ed2126e51e96690c907deac623dc77151 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-26Add option to use LISP Proxy-ETRFlorin Coras5-37/+349
When enabled, destinations with negative mappings or those not reachable via underlay have their traffic forwarded to the PETR. Change-Id: I1056b0959736144f27fcca7b79263f921e7a8bd9 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-25Repair plugin binary API message numberingDave Barach12-10/+29
Change-Id: I422a3f168bd483e011cfaf54af022cb79b78db02 Signed-off-by: Dave Barach <dave@barachs.net>
2017-01-25[re]Enable per-Adjacency/neighbour countersNeale Ranns11-62/+675
Change-Id: I953b3888bbc6d8a5f53f684a5edc8742b382f323 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-01-25Move LISP cp cli to separate fileFlorin Coras4-1415/+1461
Change-Id: I24355c71606c047e474b2541bb274e3d183fee85 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-01-25API refactoring : flowPavel Kotucek6-454/+578
Change-Id: I99e913b954f8b02f347bfeff093856a1c5e96781 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-25span: tx functionalityPavel Kotucek1-2/+2
span-output (tx) was enabled on wrong arc_name Change-Id: Ic21dfaec35c975de79abec66421b353637ac9394 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
2017-01-25API refactoring : classifyPavel Kotucek6-795/+921
Change-Id: Ib75197ef8e5057e7f0d9361a10705c3743d05333 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>