summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-03-28NAT44: fix nat44_user_session_dump and nat44_del_session crash with one ↵Matus Fabian2-2/+2
worker (VPP-1213) Change-Id: I8e0c7ed2ff462b9ab59c233f56be262ec03c29ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-26NAT44: interface output feature and dst NAT (VPP-1200)Matus Fabian2-7/+78
Do not translate packet which go out via nat44-in2out-output and was tranlated in nat44-out2in before. On way back forward packet to nat44-in2out node. Change-Id: I934d69856f0178c86ff879bc691c9e074b8485c8 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit 4d023c8c930b2a4220998d4c211d751e33324faa)
2018-03-26NAT44: interface output feature and service host direct access (VPP-1176)Matus Fabian2-6/+117
forwarding mode: session initiaded from service host - translate session initiaded from remote host - do not translate Change-Id: I0e3733361de4b85068b9be02f953154a478ce8cc Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-26Correct address calculation for VPP-1168Lee Roberts2-3/+4
Use (u64) cast to ensure proper address calculations. Change-Id: Ifbbe66072eb94bfe33ac04eaa4416abceeb7245e Signed-off-by: Lee Roberts <lee.roberts@hpe.com>
2018-03-26User session counters stay <= per-user limitMatthew Smith3-22/+28
When a user session is allocated/reused, only increase one of the session counters for that user if the counters are below the per-user limit. THis addresses a SEGV that arises after the following sequence of events: - an outside interface IP address is put in a pool - a user exceeds the number of per-user translations by an amount greater than the number of per-user translations (nsessions + nstaticsessions > 100 + 100) - the outside interface IP address is deleted and then added again (observed when using DHCP client, likely happens if address changed via CLI, API also) - the user sends more packets that should be translated When nsessions is > the per-user limit, nat_session_alloc_or_recycle() reclaims the oldest existing user session. When an outside address is deleted, the corresponding user sessions are deleted. If the counters were far above the per-user limit, the deletions wouldn't result in the counters dropping back below the limit. So no session could be reclaimed -> SEGV. Change-Id: I940bafba0fd5385a563e2ce87534688eb9469f12 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-03-26IPSEC_AH: broken initialization (VPP-1208)Marco Varlese1-1/+1
The init-path for IPSEC_AH where the CTX gets initialized is broken since the for-loop never executes due to the wrong usage of tm->n_vlib_mains which being subtracted by 1. Change-Id: I4d967f52cd3ca061aa60d824d65f446e06162403 Signed-off-by: Marco Varlese <marco.varlese@suse.com> (cherry picked from commit 4631610a20e6ae3181cb517db27a93b2a3e07eff)
2018-03-23NAT44: fix ICMP checksum update crash (VPP-1205)Matus Fabian2-0/+6
Change-Id: I3e4bbfe205c86cb0839dd5c542f083dbe6bea881 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit 3f2dd30b0bf7cf3d82c720d5065178c1fa628c6b)
2018-03-23NAT44: fix nat_not_translate_output_feature in dual loop (VPP-1194)Matus Fabian1-2/+2
Change-Id: Icb858414145db0e5fef495e155903b3b935e50ba Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit 3c2a416c42a0481698735a0b1e355bfb7a702882)
2018-03-23NAT44: fix removal of LB static mappings with same local address and port ↵Matus Fabian1-5/+35
pair (VPP-1199) Change-Id: Iad8c626e83bbc58d5c85b6736f5a3dd5bc9ceafb Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit e877d68407d316adb64baa855985b746dcb2e102)
2018-03-21VPP-1123: cherrypick to 18.01.02Dave Barach5-17/+259
Change-Id: Iaf959d7636907cec54d83b3f14244153fbf19fa2 Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-03-21Revert "NAT44: interface output feature and service host direct access ↵Matus Fabian2-117/+6
(VPP-1176)" This reverts commit d30c94afe4e67298b3da6fd839e0210844cf45a5. Change-Id: Ic076f6c116e1d816c492eb8e03e50cf95cedae77 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-14NAT44 - unknown protocols work with forwardingMatthew Smith1-6/+9
If forwarding is enabled, inbound packets on an outside interface should not be dropped and instead pass on to the FIB lookup. This works for TCP and UDP but not other IP protocols. Enable it for unknown protocols. Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819 Signed-off-by: Matthew Smith <mgsmith@netgate.com> (cherry picked from commit 03f942a1cc4de3963507fc7075d91aff0cae7d58)
2018-03-14NAT44: interface output feature and service host direct access (VPP-1176)Matus Fabian2-6/+117
forwarding mode: session initiaded from service host - translate session initiaded from remote host - do not translate Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit 204591d1bd754f6086edcf8b27a95beab929a78f)
2018-03-14NAT44: fix nat_not_translate_output_feature for ICMP (VPP-1191)Matus Fabian1-8/+7
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-03-14when lb tcp in2out flow,ahdj0071-0/+1
in2out and out2in protocol are not same Change-Id: I4ce680ad1f088cb079e1f2aeb15ca59225fca0d1 Signed-off-by: ahdj007 <dong.juan1@zte.com.cn> (cherry picked from commit 9691cf2d082727fb2f88e85050068dc6fd761bcd)
2018-03-14when exceed max reass,ahdj0071-6/+12
frag packet can't get reass. adding bihash,it can rewrite new hash value. so need to delete hash after compare hash value. Change-Id: I83b5c47890110e9a598b78cfbe8fcd27bbe291bb Signed-off-by: ahdj007 <dong.juan1@zte.com.cn> (cherry picked from commit 5e85c54d229e443d30dabe9bca39625587add8a5)
2018-03-14At AF_PACKET socket create, do intf bind before rx ring cfg to avoid ↵Chaoyu Jin1-12/+12
receiving pkts from other interfaces Change-Id: Ie40ee9129edaac717e716b469f4d10f3c29a4932 Signed-off-by: Chaoyu Jin <chjin@cisco.com>
2018-03-14NAT44: allow to configure one interface only as output or input feature ↵Matus Fabian1-0/+12
(VPP-1192) following is not possible: set interface nat44 out GigabitEthernet0/3/0 output-feature set interface nat44 out GigabitEthernet0/3/0 Change-Id: I1592cc18390881fda66f98316700886b8f5295f0 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit e4e34c23fe7050c26967997fdb8f555c51fd3961)
2018-03-09reass frag_n should to be inited to 0ahdj0071-0/+1
Change-Id: I8a4a7a85e86acbfe411e6dfa22e3976d7d4c903b Signed-off-by: ahdj007 <dong.juan1@zte.com.cn> (cherry picked from commit 9f06d0eccf06b82b42cc55f02c37cbed9e1aab83)
2018-03-08memif: fix crash caused by zero pkt len in memif and clear dirty cache while ↵Chun Li5-12/+102
interface reconnect. Change-Id: Ifc7eb2494a22c334d8899422545fca1a4bba4d05 Signed-off-by: Chun Li <chunl2@cisco.com>
2018-03-08at af_packet input, drop partial packets to prevent l4 checksum deadloop at ↵Chaoyu Jin1-4/+17
ouptut Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4 Signed-off-by: Chaoyu Jin <chjin@cisco.com>
2018-03-08ip4_forward: set pkt error in case potential memory corruptChun Li1-0/+2
Change-Id: Ib9eb65d2ba166f5883a8ce8d37298c696113f2be Signed-off-by: Chun Li <chunl2@cisco.com>
2018-02-28tapv2: abort in tap_create_if (VPP-1179)Steven1-0/+1
The following command sequences cause the crash: create tap id 0 rx-ring-size 1024 tx-ring-size 1024 create tap id 1 rx-ring-size 1024 tx-ring-size 1024 set interface state tap0 up set interface state tap1 up delete tap tap0 delete tap tap1 create tap id 0 rx-ring-size 1024 tx-ring-size 1024 0: /home/sluong/vpp2/vpp/build-data/../src/vnet/interface_funcs.h:46 (vnet_get_hw_interface) assertion `! pool_is_free (vnm->interface_main.hw_interfaces, _e)' fails The reason for the crash is because when the tap interface is deleted, the code does not remove the entry from the device queue. But the interface is deleted anyway from vnet_main.interface_main.hw_interfaces. When an interface is created again, it may encounter the deleted entry in the device queue and crash. Notice create and delete a single entry does not cause a crash. Need to create and delete 2 interfaces to create a "hole" in the device queue. Change-Id: I42ce0b7943d73b3eab32a16751a0a3183de62d9f Signed-off-by: Steven <sluong@cisco.com> (cherry picked from commit 0b8567331c3edf8b6aee51c849b8391a2922d9ab)
2018-02-27NAT: replace format_vnet_sw_interface_name with format_vnet_sw_if_index_name ↵Matus Fabian2-39/+32
(VPP-1149) Change-Id: I860468bdc21c6ee07f63c8854592c46ca631ebc2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-02-27NAT44: in2out output feature skip translation for already translated packets ↵Matus Fabian2-15/+74
(VPP-1156) Change-Id: I5395245c9e49f741a949ada1f725c34f9379c249 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit f7ad5cbe819533523169e8a88876b94b9f38789c)
2018-02-27NAT44: fix ICMP error translation for endpoint dependent sessions (VPP-1150)Matus Fabian2-4/+150
Change-Id: Iae15d15b470bdde759d08201de9d6dc5afef0ee9 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2018-02-26NAT44: run NAT nodes after ACL (VPP-1160)Matus Fabian1-15/+15
NAT input features run after acl-plugin-in-ip4-fa NAT output features run after acl-plugin-out-ip4-fa Change-Id: I1e4487a0d6fdb99a90b8db640d9ad0e0eb7347a5 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit 16f0546cadb1248f9dce99788ecc50cc2668c7e4)
2018-02-25virtio: add missing tx lock when running multithreadedDamjan Marion3-0/+10
Change-Id: I373f429c53c6f66ad38322addcfaccddb7761392 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-24virtio: reset vnet header on txDamjan Marion1-0/+3
Change-Id: Ib04a8787038fb536470a04d99fdc165102edfb5a Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-02-22Fix DHCP client crash with worker threadsMatthew Smith3-38/+54
Crash occurring With a worker thread configured and dhcp client active on an interface. When a DHCP reply packet is received, call to ethernet_get_main() from dhcp_proxy_to_client_input() was causing a crash. Replaced with a call to vnet_get_ethernet_main(). Once that was resolved, calling dhcp_client_acquire_address() from a worker thread also caused a crash. Changed so the main thread will do the address/route configuration. Change-Id: Ib23984787102dea8cf6cfcde86188a751f15c1e1 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-02-15VPP-1169: reenable dhcp client detect when lease expiresDave Barach1-1/+50
We disable the client detect feature when we bind a DHCP address. Turn it back on again when the lease expires. Otherwise, if the DHCP server replies after an outage, we'll never see the reply. Add dhcp packet tx counters, by packet type Change-Id: Id54b05647d5d7bd8d3ab99e6584ee86d9e4ff7f9 Signed-off-by: Dave Barach <dave@barachs.net> (cherry picked from commit 4941fcc23ab01f5ca918e56489d404b92d8bde90)
2018-02-08Provide page-aligned length to ftruncate.Igor Mikhailov (imichail)1-1/+1
For some files such as hugepages files, ftruncate() fails with the error "Invalid argument" if the 'length' parameter is not on a page boundary. Change-Id: I42a9cde98707da15e3c5d1653046e2277fc7a424 Signed-off-by: Igor Mikhailov (imichail) <imichail@cisco.com> (cherry picked from commit 7d25415a9384d4c3d786d0c1ae5c0fcff3112acd)
2018-02-06Release 18.01.1 jvpp version update.Dave Wallace1-1/+1
Change-Id: I000d842e969b838ad5fbcd18186ac7e1b39b4c46 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-02-05NAT64: Run nat64-expire-worker-walk only when NAT64 is configured (VPP-1162)Matus Fabian2-4/+48
Change-Id: Ic5e8d74bf5ac84cce5661de44778c89541c67636 Signed-off-by: Matus Fabian <matfabia@cisco.com> (cherry picked from commit e71eb5922a293eca36dbd323970741daaca3c5c7)
2018-02-02Improve tunnel interface creation performanceJohn Lo8-90/+86
Modify interface creation to allow creation of tunnel interfaces without dedicated per tunnel output and tx nodes which are not used for most tunnel types. Also changed interface-output node function vnet_per_buffer_interface_output() so it does not rely on hw_if_index as the next node index which is not flexible nor efficient for large scale tunnel interfaces. The improvenemts are done for VXLAN, VXLAN-GPE, GENEVE and GTPU tunnels. GRE tunnel is still using per tunnel output nodes which will be changed in a separate patch with other GRE enhencements. Change-Id: I4123c01c0d2ead814417a867adb8c8a407e4df55 Signed-off-by: John Lo <loj@cisco.com> (cherry picked from commit e5453d0fa29f39a7f78a7e22815566a7f4c9e5ef)
2018-01-30lisp-cp: fix handling of ndp without source link addr VPP-1159Florin Coras1-4/+21
Change-Id: Idddb60bbc7fcc701d39212f6422a6b2f6dc75221 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-29vlib: allocating buffers on thread-x and freeing them on thread-y causesSteven4-25/+17
a crash on debug image (VPP-1151) In debug image, there is extra code to validate the buffer when it is freed. It uses the hash table to lookup the buffer index with spinlock to prevent contention. However, there is one spinlock for each worker thread. So allocating the buffer on thread-x and freeing the same buffer on thread-y causes the validation to fail on thread-y. The fix is to have only one spinlock, stored in vlib_global_main. Change-Id: Ic383846cefe84a3e262255afcf82276742f0f62e Signed-off-by: Steven <sluong@cisco.com>
2018-01-23docs: Clean up TOCDave Wallace1-1/+1
Change-Id: I5415c002a431d84372f56d4a77dc2aabd6ef55f7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2018-01-18Sub-Interface deletion not cleanup hash's properly (VPP-1136)John Lo3-18/+24
On deleting sub-interfaces, functions vnet_delete_sub_interface() and vnet_delete_hw_interface() are not cleaning up sub-interface related hash tables and memory properly. Change-Id: I17c7c4b2078c062c77bfe48889beb677610035ca Signed-off-by: John Lo <loj@cisco.com>
2018-01-17VPP-1122 dpdk/ipsec: fix transport mode pkt lenRadu Nicolau1-3/+7
Change-Id: I6eef2ca258ff5b4aa9b21b98543d814633e295af Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
2018-01-11tapv2: deleting tap interface may leak buffers (VPP-1124)Steven4-11/+34
Buffers may be allocated for indirect descriptors by tx thread and they are freed when tx thread is invoked in the next invocation. This is to allow the recipient (kernel) to have a chance to process them. But if the tap interface is deleted, the tx thread may not yet be called to clean up the indirect descriptors' buffers. In that case, we need to remove them without waiting for the tx thread to be called. Failure to do so may cause buffers leak when the tap interface is deleted. For the RX ring, leakage also exists for vring->buffers when the interface is removed. Change-Id: I3df313a0e60334776b19daf51a9f5bf20dfdc489 Signed-off-by: Steven <sluong@cisco.com>
2018-01-10VPP-1131: doxygen: Documentation for Debug CLI stops at src/plugin/l2ev18.01-rc2Billy McFall1-3/+3
Change-Id: I3ce014da7b514aa766a90cacddd76cd2247406a8 Signed-off-by: Billy McFall <bmcfall@redhat.com>
2018-01-10makefile set CXXFLAGS so they are propageted to sub-buildsNeale Ranns1-2/+1
Change-Id: I55d9953851062f7106c66701d46bcd9073cf1ee4 Signed-off-by: Neale Ranns <neale.ranns@cisco.com> (cherry picked from commit 5ee623e789261552eb9460be10f34793d40b6575)
2018-01-10VPP-1120 SRv6 bug with SID list containing only one SID and no srhPablo Camarillo1-26/+65
Packets with a SR policy of one SID list create a malformed packet. Outer IPv6 header points to a routing extension header that does not exist since the SID list contains only one SID. Change-Id: I1effee0457453bab95706a8a24fdabfbd843d5b7 Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2018-01-09VPP-1113 SR MPLS path.frp_label_stackPablo Camarillo1-17/+16
provide one label stack per fib_table_entry_path_add2 call. otherwise multiple mheap releases take place. Change-Id: I475ca1b801fc85dddda0b540c69ad628a274df7f Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
2018-01-09VPP-1119: PPPoE's destination MAC was overwrittenHongjun Ni1-1/+2
Change-Id: I6ae99c00e76058654f2c5e71377e9fd1bd13b47b Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2018-01-09BIER: missing endian swap for imposition object in API returnNeale Ranns1-1/+1
Change-Id: Iddd754d00ace3d042336e5c2c40431566275051a Signed-off-by: Neale Ranns <neale.ranns@cisco.com> (cherry picked from commit eea537a288721b867d65b736363ab3f71ba6116c)
2018-01-09BIER: crash in show command when no tables are presentNeale Ranns1-0/+1
Change-Id: Ie291468ea9d05c47cefe39c4ff7fea3e016bacf2 Signed-off-by: Neale Ranns <nranns@cisco.com> (cherry picked from commit 0e8cb6c475b616a3296b08d25bcaa1eed3ab0084)
2018-01-08GRE tunnel key should use fib_index instead of fib_id (VPP-1118)John Lo1-12/+1
Follow up fix - vl_api_gre_add_del_tunnel_t_handler should pass outer_fib_id from API message to vnet_gre_add_del_tunnel() and not convert it to fib_index, since vnet_gre_add_del_tunnel() already perform the lookup to get fib_index from fib_id. Change-Id: I24967a97f82ce018ddef596e556bd3eb1706cb63 Signed-off-by: John Lo <loj@cisco.com>
2018-01-08NAT: fixed get_worker_out2in bug (VPP-1116)Matus Fabian2-4/+12
Change-Id: I5e080d69f28661cc0b1846885d5001526b54fbd9 Signed-off-by: Matus Fabian <matfabia@cisco.com>