summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2018-12-12fix spurious error setting SA on ipsec intfMatthew Smith1-1/+1
Reverse the polarity on test to determine if old SA session deletion succeeded. 0 == success, not failure. Change-Id: I499cb04c7f13165e6c92367d4385057b77fe3836 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2018-12-12Change ipsec feature node namesPierre Pfister6-32/+32
ipsec4-output and ipsec6-output were conflicting with ipsec interface names ("ipsec<id>") and vnet/interface.c autogenerated output node ("<ifname>-output"). Changing feature names seems to be the less invasive option. This patch also changes "input" feature names for consistency. Change-Id: I4ba10d07e9ba09df20aa2500104252b06b55f8f7 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-11New api in order to get max entries of connection table is added.Khers3-5/+83
Change-Id: I2f81ec95de55ad2355f82550451ad825c228e5cd Signed-off-by: Khers <s3m2e1.6star@gmail.com>
2018-12-11Fix vat dependenciesjuraj.linkes1-0/+2
Needed for arm machines in CI. Change-Id: Ib16a8b63e145116c7cb22376243e9026d9545c8a Signed-off-by: juraj.linkes <juraj.linkes@pantheon.tech>
2018-12-11Add IPSec interface FIB index for TX packetPierre Pfister6-6/+36
This patch adds a configuration parameter to IPSec tunnels, enabling custom FIB selection for encapsulated packets. Although this option could also be used for policy-based IPSec, this change only enables it for virtual-tunnel-interface mode. Note that this patch does change the API default behavior regarding TX fib selection for encapsulated packets. Previous behavior was to use the same FIB after and before encap. The new default behavior consists in using the FIB 0 as default. Change-Id: I5c212af909940a8cf6c7e3971bdc7623a2296452 Signed-off-by: Pierre Pfister <ppfister@cisco.com>
2018-12-11Fix [csit-dev] CSIT IPv6 IPSec transport mode tests are failingjackiechen19851-1/+9
Change-Id: I7893a8fd5b3e15063675597c0e9bd1cd0b49ef0e Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-11MAP: Add API support for setting parameters.Jon Loeliger4-212/+648
Change-Id: Ic67073e1f2ebe54bee5cb96a951eb92a28b1de06 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2018-12-10IP-local: any IP can appear as the source (VPP-1522)Neale Ranns1-3/+15
Change-Id: Ib0d9b533d72c899b77c9a7bd1daa9b4a55b7221c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-10Python API: Use services to determine stream RPCOle Troan1-4/+11
The services {} definitions contain which APIs are streaming. In addition only create function definition for the client side (not for reply messages). Change-Id: I8e83d35386cdd9ebee83d4571eaebdc6dff19e82 Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-10Test framework: StringIO fixes for Python3Ole Troan1-2/+7
Add 2/3 support to binarytomac and mactobinary and move to vpp_mac.py Change-Id: I3dc7e4a24486aee22140c781aae7e44e58935877 Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-07FIB recusrion loop checks traverse midchain adjacenciesNeale Ranns10-149/+338
if a tunnel's destination address is reachable through the tunnel (see example config belwo) then search for and detect a recursion loop and don't stack the adjacency. Otherwise this results in a nasty surprise. DBGvpp# loop cre DBGvpp# set int state loop0 up DBGvpp# set int ip addr loop0 10.0.0.1/24 DBGvpp# create gre tunnel src 10.0.0.1 dst 1.1.1.1 DBGvpp# set int state gre0 up DBGvpp# set int unnum gre0 use loop0 DBGvpp# ip route 1.1.1.1/32 via gre0 DBGvpp# sh ip fib 1.1.1.1 ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ] 1.1.1.1/32 fib:0 index:11 locks:4 <<< this is entry #11 src:CLI refs:1 entry-flags:attached, src-flags:added,contributing,active, path-list:[14] locks:2 flags:shared,looped, uPRF-list:12 len:1 itfs:[2, ] path:[14] pl-index:14 ip4 weight=1 pref=0 attached-nexthop: oper-flags:recursive-loop,resolved, cfg-flags:attached, 1.1.1.1 gre0 (p2p) [@0]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: <<<< and the midchain forwards via entry #11 [@2]: dpo-drop ip4 src:recursive-resolution refs:1 src-flags:added, cover:-1 forwarding: unicast-ip4-chain [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]] [0] [@6]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 DBGvpp# sh adj 1 [@1] ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800 stacked-on entry:11: [@2]: dpo-drop ip4 flags:midchain-ip-stack midchain-looped <<<<< this is a loop counts:[0:0] locks:4 delegates: children: {path:14} Change-Id: I39b82bd1ea439be4611c88b130d40289fa0c1b59 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-07tcp: improve check for invalid sack blocksFlorin Coras1-1/+3
Change-Id: Ic6a6202a2d5aca33eee7fc6ff8eeaa1db9b58525 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: measure us rtt with syn-ackFlorin Coras1-0/+1
Change-Id: I20820145377060e12aeeb23b433206c79fd88332 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: fix timestamp check and pawsFlorin Coras1-5/+2
Change-Id: I5a5ee48755befc370a1f89ddbb0d91f164ed564f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: better handling of options only allowed in synsFlorin Coras1-9/+18
Change-Id: I6debfe85d9d55f6f9a8ef0ce1dcc008393847a37 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: validate connection state in retransmitFlorin Coras1-2/+2
Change-Id: Ia9048bb4e074f7ebc36eb77e542a916924103332 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07tcp: fix length checkFlorin Coras1-3/+14
Change-Id: Iff75be238a231df88a37b61610c134e4a4770708 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-07VPP-1506: dump local punts and registered punt socketsPavel Kotucek10-82/+505
Change-Id: If7835e9b80ec9402404bfc8d271eb11a10ef992b Signed-off-by: Pavel Kotucek <pavel.kotucek@pantheon.tech>
2018-12-07Fix VPP-1515 IPSec receive packet error in transport mode with udp encapjackiechen19852-4/+14
Change-Id: Ife66395b89e1e9f9206666e5f0fd441b3c241bb2 Signed-off-by: jackiechen1985 <xiaobo.chen@tieto.com>
2018-12-06stat_client: Fix the type castingMohsin Kazmi2-7/+10
Change-Id: I9726ac5cc7292a492928b213bc85ccfa8a26c1cb Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com>
2018-12-06nsim: add packet loss simulation, docsDave Barach6-8/+79
Change-Id: Ic9747541aad8148ebf7d520b525b99c4cc3961f3 Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-06API: Change ip4_address and ip6_address to use type alias.Ole Troan10-38/+52
Change-Id: Id8669bbadd1d6b2054865a310a654e9b38d1667d Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-06MFIB; CLI improvementsNeale Ranns2-7/+37
Change-Id: I7cf3ae8c10dd584e8bc234a3253bea3c5a2d105a Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-05Fix gcc-8 compile issues in string_test.cDave Barach1-1/+35
gcc-8 flunks a certain number of tests at compile time, so conditionally disable (negative) tests which won't even compile. Change-Id: Id7e85f38bc371623972efa6e2c8f9ee4717f5ff5 Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-05Improve strncpy_s src/dst overlap checkDave Barach1-2/+12
Let m = user estimate of the (max) src string length, low = smaller address of (src, dst), hi = larger address (src, dst). if (low + (m - 1) >= hi), we have a *potential* overlapping copy which is not allowed. Before we declare overlap - and return an error - retry the check with m = actual src string length. The resulting "test string" failure affected aarch64 (only) because of differences in test code stack variable placement / alignment. Change-Id: I2931d1ce2c61af3d3880075b033d2a4c4e421f09 Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-05bapi: add options to have vpp cleanup client registrationFlorin Coras5-25/+36
A client can send a memclnt delete message and ask vpp to cleanup the shared memory queue. Obviously, in this case no delete reply is sent back to the client. Change-Id: I9c8375093f8607680ad498a6bed0690ba02a7c3b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-05ldp: avoid calling write in destructorsFlorin Coras2-5/+8
Change-Id: Ia9c3d7a68a23dc4ab3be06f88fdfb053db422372 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-05session/tcp: postpone cleanup on resetFlorin Coras8-13/+39
Change-Id: I45fd7538853f84c6c8bf804cc20acbc9601db3ba Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-05stat-client: pass names as const stringsNeale Ranns2-4/+4
Change-Id: I8debcd078b733ed19c4b46ea41a2a150d816724c Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-04ipsec: simplify bumping counters - cosmetic changeKlement Sekera4-116/+35
Change-Id: Ibb55427ed49d0277854a352922c6c4bb007bf072 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-04vcl: cleanup children that use _exit()Florin Coras5-32/+154
Change-Id: Ia56c2698adb0ea7811203844dc4db10e121fbc42 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-04Add VNET_BUFFER_F_AVAIL definitionsDave Barach2-1/+26
Add a check to make sure that the vlib and vnet buffer flag bit definitions do not overlap. The VNET_BUFFER_F_AVAIL1...8 definitions allow out-of-tree codes to: #define VNET_BUFFER_F_MY_USECASE VNET_BUFFER_F_AVAIL1 and so on. This avoids introducing irrelevant and/or proprietary bit definitions into vnet/buffer.h, and hopefully minimizes merge pain for everyone involved. Change-Id: I5be4f61dceb81b5bfca005f6d609ade074af205b Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-04vcl: test refactor and improvementsFlorin Coras6-13/+25
Change-Id: I92f415bf253d6e051ec9d94ebeb98f081b2a0293 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-04MPLS: buffer over-run with incorrectly init'd vector. fix VAT dumpNeale Ranns2-3/+3
Change-Id: Ifdbb4c4cffd90c4ec8b39513d284ebf7be39eca5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-03Format vnet_buffer_t l2 feature bitmapDave Barach1-0/+8
Change-Id: Iad3120ab6466b77875efc89ccb49f6d22e36e62a Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-03API: C generator improve symbol protection.Ole Troan1-2/+2
Change-Id: I9ef042c06c12892a2bbc23cc3bac6891c77e3feb Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-03vcl: handle worker process exitFlorin Coras6-22/+56
Change-Id: Ife05d25fd736ae3064f01e974e5aecc5b48de924 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-03svm: use explicit svm fifo segment main for slavesFlorin Coras8-62/+76
Change-Id: Id39d64bf1b49345a3dc31c63360569212aba6865 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-12-03Add UDP encap flagFilip Tehlar2-0/+3
Change-Id: Ic6a8b9aaec7e5dee4fb1971168988dbe4f931f86 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2018-12-03move [m]fib and BIER tests to unittest pluginNeale Ranns5-3/+3
Change-Id: I9d2f52e756363df011026773bfffa838a557313f Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-03Copying QoS Bits when fragmented, so that marking can happen properly also ↵Vijayabhaskar Katamreddy1-0/+7
cleaning up some unused code Change-Id: I1558eec79af173e5cdcc769d7c3909039403eed8 Signed-off-by: Vijayabhaskar Katamreddy <vkatamre@cisco.com>
2018-12-02IPSEC-AH: anti-replay testingNeale Ranns2-6/+9
Change-Id: Ia5d45db73e4bdb32214ed4f365d5eec8e28115f3 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-12-02vppinfra: c11 safe string functionsSteven3-25/+2641
Add memcmp_s, strcmp_s, strncmp_s, strcpy_s, strncpy_s, strcat_s, strncat_s, strtok_s, strnlen_s, and strstr_s C11 safe string API. For migrating extant unsafe API, add also the corresponding macro version of each safe API, clib_memcmp, clib_strcmp, etc. In general, the benefits of the safe string APIs are to provide null pointer checks, add additional argument to specify the string length of the passed string rather than relying on the null terminated character, and src/dest overlap checking for the the string copy operations. The macro version of the API takes the same number of arguments as the unsafe API to provide easy migration. However, it does not usually provide the full aformentioned benefits. In some cases, it is necessary to move to the safe API rather than using the macro in order to avoid some unpredictable problems such as accessing memory beyond what it is intended due to the lack of the passed string length. dbarach: add a "make test" vector, and a doxygen file header cookie. Change-Id: I5cd79b8928dcf76a79bf3f0b8cbc1a8f24942f4c Signed-off-by: Steven <sluong@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2018-12-01ip_reassembly_enable_disable reply handler name is changed.Chore1-1/+1
Change-Id: I89be597376690bb75c4347bcfc1c6c3d27c4034c Signed-off-by: Chore <s3m2e1.6star@gmail.com>
2018-12-01dpdk-ipsec-mempool: allocate from dpdk mem specified by socket-mem in ↵Kingwel Xie1-22/+17
startup.conf otherwise, these pools will occupy an entire huge page for each even they are very small. Change-Id: I08919714de9b6cd4b8dddb546ca54364b56ec99f Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2018-12-01Delete shared memory segment files when vpp startsDave Barach1-0/+22
Should have been done this way years ago. My bad. Change-Id: Ic7bf937fb6c4dc5c1b6ae64f2ecf8608b62e7039 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-30Metadata / opaque formatting belongs in vppDave Barach9-81/+348
VPP graph dispatch trace record description: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Major Version | Minor Version | NStrings | ProtoHint | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer index (big endian) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + VPP graph node name ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Metadata ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Opaque ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Buffer Opaque 2 ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VPP ASCII packet trace (if NStrings > 4) | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet data (up to 16K) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Graph dispatch records comprise a version stamp, an indication of how many NULL-terminated strings will follow the record header, and a protocol hint. The buffer index allows downstream consumers of these data to easily filter/track single packets as they traverse the forwarding graph. FWIW, the 32-bit buffer index is stored in big endian format. As of this writing, major version = 1, minor version = 0. Nstrings will be either 4 or 5. Here is the current set of protocol hints: typedef enum { VLIB_NODE_PROTO_HINT_NONE = 0, VLIB_NODE_PROTO_HINT_ETHERNET, VLIB_NODE_PROTO_HINT_IP4, VLIB_NODE_PROTO_HINT_IP6, VLIB_NODE_PROTO_HINT_TCP, VLIB_NODE_PROTO_HINT_UDP, VLIB_NODE_N_PROTO_HINTS, } vlib_node_proto_hint_t; Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet data SHOULD be 0x60, and should begin an ipv6 packet header. Change-Id: Idf310bad80cc0e4207394c80f18db5f77c378741 Signed-off-by: Dave Barach <dave@barachs.net>
2018-11-30coding-style: missing coding-style-patchKingwel Xie1-168/+200
fix coding style Change-Id: I458d81fa80c509b71edb2021468a89715cb32ae3 Signed-off-by: Kingwel Xie <kingwel.xie@ericsson.com>
2018-11-30IPSEC-AH: fix packet dropNeale Ranns2-7/+0
Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00 Signed-off-by: Neale Ranns <nranns@cisco.com>
2018-11-30vcl: wait for segments with segment handleFlorin Coras9-69/+152
Instead of waiting for notification from binary api. Change-Id: I5ecab857d6bcdbed62d6bb06709570c4cf6b19ea Signed-off-by: Florin Coras <fcoras@cisco.com>