Jan Gelety [Thu, 2 Mar 2017 08:51:27 +0000 (09:51 +0100)]
 
Update CSIT tests 170220 -> 170302
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: Ia8078ae23e0e6fb701e141fd0701fb82987743d7
Signed-off-by: Jan Gelety <[email protected]>
Florin Coras [Tue, 28 Feb 2017 12:13:21 +0000 (04:13 -0800)]
 
Fix LISP Coverity warning
Change-Id: Id1c3832609859ed004bacba0ced0d07dafd6c409
Signed-off-by: Florin Coras <[email protected]>
Billy McFall [Wed, 1 Mar 2017 22:01:06 +0000 (17:01 -0500)]
 
VPP-648: CLI Memory leak with invalid parameter
After VPP-635 was merged, did one more pass. While the code was waiting
to be merged, a few changes were merged to master with the same issue.
This is a few additional changes addressing the same issue. See VPP-635.
Change-Id: I7abeac5c260c1e2e9d9d318fd1aae24cd6932efc
Signed-off-by: Billy McFall <[email protected]>
Klement Sekera [Thu, 23 Feb 2017 08:26:30 +0000 (09:26 +0100)]
 
BFD: command line interface
Implement command line interface to the BFD binary APIs. Add
corresponding unit tests.
Change-Id: Ia0542d0bc4c8d78e6f7b777a08fd94ebfe4d524f
Signed-off-by: Klement Sekera <[email protected]>
Damjan Marion [Tue, 28 Feb 2017 18:22:22 +0000 (19:22 +0100)]
 
dpdk: be a plugin
Change-Id: I238258cdeb77035adc5e88903d824593d0a1da90
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Wed, 1 Mar 2017 19:53:59 +0000 (20:53 +0100)]
 
vppinfra: fix issue when copying 16 bytes with clib_memcpy
Current code wos copying same data twice when length is 16.
Change-Id: I8d935b32f61672aaea9789c097a5083ae8f78cdd
Signed-off-by: Damjan Marion <[email protected]>
Ole Troan [Wed, 1 Mar 2017 18:27:24 +0000 (19:27 +0100)]
 
Initial Release notes for 17.04.
Change-Id: I91a38fe02646438a0cdad92cbb66342a437e8ff9
Signed-off-by: Ole Troan <[email protected]>
Damjan Marion [Fri, 17 Feb 2017 16:11:35 +0000 (17:11 +0100)]
 
Add MAINTAINERS file
Change-Id: I67819c72a5b3de7bcc7d55ab34f0c95f947578e9
Signed-off-by: Damjan Marion <[email protected]>
Dave Barach [Tue, 28 Feb 2017 20:15:56 +0000 (15:15 -0500)]
 
VPP-598: tcp stack initial commit
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351
Signed-off-by: Dave Barach <[email protected]>
Signed-off-by: Florin Coras <[email protected]>
Dave Barach [Wed, 1 Mar 2017 16:38:02 +0000 (11:38 -0500)]
 
Fix buffer template copy
Change-Id: If451c9cb68719fc816999b0330b9be3a0169176a
Signed-off-by: Dave Barach <[email protected]>
Damjan Marion [Tue, 28 Feb 2017 20:55:28 +0000 (21:55 +0100)]
 
devices: vnet_get_aggregate_rx_packets should not be dpdk specific
Change-Id: I1152db4b7d1602653d7d8b2c6cb28cf5c526c4ca
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Tue, 28 Feb 2017 22:26:30 +0000 (23:26 +0100)]
 
dpdk: retire support for dpdk 16.07
Change-Id: I8585552c026415340fe9fd0458cb8450da3c4ae2
Signed-off-by: Damjan Marion <[email protected]>
John Lo [Tue, 28 Feb 2017 18:10:52 +0000 (13:10 -0500)]
 
Clear L2 output config on interface mode change to L3 (VPP-651)
With VPP-651, the L2 output config with L2-tag rewrite was not
cleared when a sub-interface is deleted. Subsequently, when the
same sw_if_index was reused for another interface, the L2 output
config with L2-tag rewrite remained on the new interface.
On deleting a (sub-)interface which is in L2 mode, it will be
changed to L3 mode first to clear any L2 config. The L2 to L3 mode
change path did address L2 input config cleanup. It is now fixed
to also clear L2 output config.
Change-Id: I3352a89d92e1b27340a5adcf75bbaa01a5050c29
Signed-off-by: John Lo <[email protected]>
Damjan Marion [Wed, 25 Jan 2017 13:18:03 +0000 (14:18 +0100)]
 
vlib: add buffer cloning support
Change-Id: I50070611af15b2b4cc29664a8bee4f821ac3c835
Signed-off-by: Damjan Marion <[email protected]>
Dave Barach [Mon, 27 Feb 2017 14:25:39 +0000 (09:25 -0500)]
 
Fix warning in generated code
Change-Id: Ie56fca84a8a0ed77ee480e8078e6e9b3f4cef105
Signed-off-by: Dave Barach <[email protected]>
Dave Barach [Mon, 27 Feb 2017 18:10:27 +0000 (13:10 -0500)]
 
Trace plugin binary API message range allocation
Change-Id: I544a5d2906548607b69f999567b92f802fddddbb
Signed-off-by: Dave Barach <[email protected]>
Klement Sekera [Mon, 27 Feb 2017 11:49:27 +0000 (12:49 +0100)]
 
BFD: disable debug prints
Change-Id: I356581f4bdf47b9610b9e50f4f8db9a1510872a7
Signed-off-by: Klement Sekera <[email protected]>
Damjan Marion [Mon, 27 Feb 2017 10:29:20 +0000 (11:29 +0100)]
 
vlib: add VLIB_BUFFER_EXT_HDR_VALID flag
Change-Id: If56c66dd12eded1cc997087de5fd1b975766c4e2
Signed-off-by: Damjan Marion <[email protected]>
Neale Ranns [Fri, 17 Feb 2017 05:57:05 +0000 (21:57 -0800)]
 
[Proxy] ARP tests
Change-Id: I40d6d763b55a26cdee0afef85d1acdd19dd10dd6
Signed-off-by: Neale Ranns <[email protected]>
Filip Tehlar [Tue, 21 Feb 2017 17:28:34 +0000 (18:28 +0100)]
 
Add GPE CLI/API for setting encap mode
Change-Id: Id89e23fb5d275572b2356c073dfa0f55719e1a76
Signed-off-by: Filip Tehlar <[email protected]>
Eyal Bari [Sun, 26 Feb 2017 13:27:27 +0000 (15:27 +0200)]
 
fix:vxlan mcast adj - added as ucast dpo adj
Change-Id: Ic2447313075cd46f265202dffaaac894f48ddf6d
Signed-off-by: Eyal Bari <[email protected]>
Dave Barach [Sat, 25 Feb 2017 21:38:12 +0000 (16:38 -0500)]
 
Load plugins in alphabetical order
API traces contain absolute message numbers.  Loading plugins in
directory (vs. alphabetical) order makes trace replay fragile.
Change-Id: I46b3a3b6a9843a383d42269fca0cf5a789486eaf
Signed-off-by: Dave Barach <[email protected]>
Klement Sekera [Thu, 16 Feb 2017 09:53:53 +0000 (10:53 +0100)]
 
BFD: echo function
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0
Signed-off-by: Klement Sekera <[email protected]>
Florin Coras [Thu, 23 Feb 2017 07:38:08 +0000 (23:38 -0800)]
 
Add NSH to GPE decap path
Change-Id: I97681322fa9ca81736100b4d32eab84868886c7b
Signed-off-by: Florin Coras <[email protected]>
Neale Ranns [Fri, 24 Feb 2017 16:29:22 +0000 (08:29 -0800)]
 
MFIB: changes to improve route add/delete performance
Change-Id: I063d85200d12b09545ae1c373c7fc69112ae3b34
Signed-off-by: Neale Ranns <[email protected]>
Jan Gelety [Thu, 23 Feb 2017 14:01:29 +0000 (15:01 +0100)]
 
Enable tests with VRF reset
- needed to filter out ICMPv6 Neighbor Discovery - Neighbor
  Advertisement packets
- needed to reset routes of reset VRFs learned from ICMPv6
  Neighbor Discovery - Neighbor Advertisement packets after
  run_verify_test()
Change-Id: I8238d8f73428d511ab68ab7765d99ce7dc3a6633
Signed-off-by: Jan Gelety <[email protected]>
Neale Ranns [Fri, 24 Feb 2017 14:16:01 +0000 (06:16 -0800)]
 
FIB: 1) fix pool realloc during prefix export. 2) don't walk off the end of the path-extension vector
Change-Id: I8bd8f6917ace089edb1f65bd017b478ee198c03f
Signed-off-by: Neale Ranns <[email protected]>
Dave Barach [Thu, 23 Feb 2017 22:11:26 +0000 (17:11 -0500)]
 
VPP-650: handle buffer failure in vlib_buffer_copy(...)
Change-Id: I6aac48d780fcd935818221044eae50067f225175
Signed-off-by: Dave Barach <[email protected]>
Radu Nicolau [Thu, 23 Feb 2017 14:28:49 +0000 (14:28 +0000)]
 
Fixed QAT device binding and device unbinding when vpp package is removed
Change-Id: I35ad6a42093cad0945df1df09a39c63c4560dce6
Signed-off-by: Radu Nicolau <[email protected]>
Neale Ranns [Fri, 24 Feb 2017 09:34:14 +0000 (01:34 -0800)]
 
MFIB memory leak. free the per-source interface hash
Change-Id: I0ccb337eb0ed50ccc64193533cd816f6e36e6db5
Signed-off-by: Neale Ranns <[email protected]>
Billy McFall [Wed, 22 Feb 2017 19:13:42 +0000 (14:13 -0500)]
 
VPP-279: Document changes for vnet/vnet/devices
Add doxygen documentation for dpdk CLI commands.
Outside of adding documentation to the CLI Commands, modified the CLI
code as follows:
* The "set dpdk interface placement" command allows the user to move
  interface/queues to a different thread. But there is only a subset of
  threads that are valid. Updated the "show dpdk interface placement"
  command to display all valid threads, even if all interface/queues
  have been moved off. Updated the "show dpdk interface hqos placement"
  the same way.
* There is a command to modify the Subport attributes, but no way to
  display the changes. Added a "Subport" section to the "show dpdk
  interface hqos" command.
* Reworked the "set dpdk interface hqos subport" command.
  - The current implementation had a local rte_sched_subport_params
    structure and initialized it to default values, then overwrote with
    what was input. The side effect of this is that if all the current
    data is non-default, and a new command is entered with just one
    attribute, all the remaining attrbutes are getting set back to
    default under the cover. Very confusing for the user. Updated the
    code to read the current value and overwrite what has changed.
  - DPDK does not have a read subport data, so no way query the current
    applied values. The set command was not updating the local copy that
    is created at init. Modified the code to store the updated values if
    the DPDK apply function was successful.
  - Several functions repeated the same code to get a pointer to the
    local HQoS data. Added a utility function.get_hqos(..), to perform
    this action. Did not port other code to use new function.
* The "set dpdk interface hqos pktfield" allows the user to set the
  packet fields required for classifiying the incoming packet. The
  classification is across three fields (subport, pipe, tc). The command
  was using 0,1,2 to represent these three fields, but had no
  explanation regarding these magic numbers. Updated the command to take
  the three tokens (subport, pipe, tc) for more clarity. For legacy
  sake, still allow 0,1,2 to be entered. Also updated the "show dpdk
  interface hqos" command to show these tokens.
* The "set dpdk interface hqos tctbl" maps an interface and value 0-63
  to a traffic class and queue. The "show dpdk interface hqos" command
  showed the internal DPDK magic number for traffic class and queue.
  Updated the show command to display what was input instead of the
  magic number.
* The "show dpdk hqos queue" command always returns zeros by default
  because RTE_SCHED_COLLECT_STATS is not defined in DPDK. Took me a
  while to figure out why I wasn't getting values returned. So returned
  an error message if RTE_SCHED_COLLECT_STATS is not defined instead of
  zeros.
Change-Id: I22b640d668245839ee977ef3602175c61d91d24c
Signed-off-by: Billy McFall <[email protected]>
Dave Barach [Wed, 22 Feb 2017 17:44:56 +0000 (12:44 -0500)]
 
Fix vpp built-in version of api_unformat_sw_if_index(...)
Change-Id: I103fe19a1ecbaf3746ec6b957fa1010458cc9fae
Signed-off-by: Dave Barach <[email protected]>
Filip Tehlar [Thu, 23 Feb 2017 08:11:35 +0000 (09:11 +0100)]
 
Remove prints from LISP test
Change-Id: I2776e0a0661794b1c0076519b08807080a1282fb
Signed-off-by: Filip Tehlar <[email protected]>
Dave Barach [Wed, 22 Feb 2017 22:29:20 +0000 (17:29 -0500)]
 
Clean up "binary-api" help string, arg parse bugs
Change-Id: I12311be8ebd376b8aeac25364d010d70a85c7874
Signed-off-by: Dave Barach <[email protected]>
Filip Tehlar [Wed, 22 Feb 2017 17:09:49 +0000 (18:09 +0100)]
 
Fix LISP and ONE crc marcos
Change-Id: Icd0dba04d8929456228136d1f25c459bffcc6a7a
Signed-off-by: Filip Tehlar <[email protected]>
Anlu Yan [Wed, 22 Feb 2017 17:18:11 +0000 (09:18 -0800)]
 
Support multiple plugin build in the sample-plugin
This follows the setup in the src/plugins directory, and allows
multiple plugin build independent of the main vpp source tree.
Change-Id: I9e20f4087d72ad89c6dc3f505bace4628385a40e
Signed-off-by: Anlu Yan <[email protected]>
Billy McFall [Wed, 15 Feb 2017 16:39:12 +0000 (11:39 -0500)]
 
VPP-635: CLI Memory leak with invalid parameter
In the CLI parsing, below is a common pattern:
  /* Get a line of input. */
  if (!unformat_user (input, unformat_line_input, line_input))
    return 0;
  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
    {
      if (unformat (line_input, "x"))
	x = 1;
      :
      else
	return clib_error_return (0, "unknown input `%U'",
				  format_unformat_error, line_input);
    }
  unformat_free (line_input);
The 'else' returns if an unknown string is encountered. There a memory
leak because the 'unformat_free(line_input)' is not called. There is a
large number of instances of this pattern.
Replaced the previous pattern with:
  /* Get a line of input. */
  if (!unformat_user (input, unformat_line_input, line_input))
    return 0;
  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
    {
      if (unformat (line_input, "x"))
	x = 1;
      :
      else
        {
	  error = clib_error_return (0, "unknown input `%U'",
				     format_unformat_error, line_input);
	  goto done:
        }
    }
  /* ...Remaining code... */
done:
  unformat_free (line_input);
  return error;
}
In multiple files, 'unformat_free (line_input);' was never called, so
there was a memory leak whether an invalid string was entered or not.
Also, there were multiple instance where:
	  error = clib_error_return (0, "unknown input `%U'",
				     format_unformat_error, line_input);
used 'input' as the last parameter instead of 'line_input'. The result
is that output did not contain the substring in error, instead just an
empty string. Fixed all of those as well.
There are a lot of file, and very mind numbing work, so tried to keep
it to a pattern to avoid mistakes.
Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2
Signed-off-by: Billy McFall <[email protected]>
Signed-off-by: Dave Barach <[email protected]>
Marek Gradzki [Mon, 20 Feb 2017 08:14:13 +0000 (09:14 +0100)]
 
jvpp: remove unnecessary msg_id_base caching
Jvpp code uses CRCs to obtain msg IDs.
Checking api_main_t.msg_index_by_name_and_crc is
enough to detect API mismatch.
Calling vl_client_get_first_plugin_msg_id is not needed.
Also fixes VPP-627.
Change-Id: Ie3085dfa458795fa11f17615ac94e76197a1c8cd
Signed-off-by: Marek Gradzki <[email protected]>
Neale Ranns [Thu, 16 Feb 2017 11:38:59 +0000 (03:38 -0800)]
 
Consolidate DHCP v4 and V6 implementation. No functional change intended
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code.
Packet handling is cleary different, so this is kept separate.
Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69
Signed-off-by: Neale Ranns <[email protected]>
Dave Wallace [Fri, 17 Feb 2017 05:10:53 +0000 (00:10 -0500)]
 
Add ref to test framework docs in doxygen output.
Change-Id: If3081c4a9dde00cd522d1fc5a7daa9b1849684bf
Signed-off-by: Dave Wallace <[email protected]>
Matus Fabian [Wed, 22 Feb 2017 06:27:13 +0000 (22:27 -0800)]
 
fix trace frame-queue unformat of index
Change-Id: Id891af5ef3c4afe877282b34cd03fc43886940a3
Signed-off-by: Matus Fabian <[email protected]>
Florin Coras [Wed, 22 Feb 2017 03:26:51 +0000 (19:26 -0800)]
 
Fix last run time update for timer wheel
Change-Id: I9ac04b15440297c154ed1e3fba888915044cb245
Signed-off-by: Florin Coras <[email protected]>
Jon Loeliger [Tue, 21 Feb 2017 19:49:37 +0000 (13:49 -0600)]
 
Repair SNAT's IPFIX and IF-add-del test functions.
Inspection shows that the names of two functions:
    api_snat_ipfix_enable_disable()
    api_snat_add_del_interface_addr()
don't match their bodies and have been swapped.
Make the world right again by swapping them to match.
Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a
Signed-off-by: Jon Loeliger <[email protected]>
Filip Tehlar [Fri, 17 Feb 2017 13:29:11 +0000 (14:29 +0100)]
 
Add Overlay Network Engine API
Change-Id: I6b5984df176688f0722a2888e73f05d8ed8b9310
Signed-off-by: Filip Tehlar <[email protected]>
Neale Ranns [Tue, 14 Feb 2017 15:28:41 +0000 (07:28 -0800)]
 
dhcp: multiple additions
DHCP additions:
1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default.
2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default
3) Remove the version 2 API since it's now the same as version 1.
4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API)
5) DHCP proxy dump via API
Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17
Signed-off-by: Neale Ranns <[email protected]>
Radu Nicolau [Mon, 20 Feb 2017 12:27:02 +0000 (12:27 +0000)]
 
cryptodev:  Automatically download and build ISA-L Crypto library
Change-Id: I5454053461e6fb98e7f58f9562efde3590bb7cb5
Signed-off-by: Radu Nicolau <[email protected]>
Filip Tehlar [Tue, 31 Jan 2017 09:39:16 +0000 (10:39 +0100)]
 
Add basic 4o4 LISP unit test
Change-Id: I2d812153d7afe7980346382b525af89b3c47e796
Signed-off-by: Filip Tehlar <[email protected]>
Jan Gelety [Tue, 20 Dec 2016 16:32:45 +0000 (17:32 +0100)]
 
test: ip6 vrf instances multi-context test (CSIT-497)
- add/delete IPv6 VRF instances and verify results by parsing output
  of ip6_fib_dump API command and by traffic
- small changes in assert_nothing_captured and get_capture to get logged
  unexpected packets
Change-Id: I32207447be2df942e335aa9890ff52fb88e46597
Signed-off-by: Jan Gelety <[email protected]>
Filip Tehlar [Mon, 20 Feb 2017 14:20:37 +0000 (15:20 +0100)]
 
Rename LISP GPE API to GPE
Change-Id: I133c55bce46d40ffddabbbf8626cbd3d072522d4
Signed-off-by: Filip Tehlar <[email protected]>
Pavel Kotucek [Mon, 16 Jan 2017 16:01:56 +0000 (17:01 +0100)]
 
VPP-540 : pbb tag rewrite details
Extended sw_interface_dump to provide 802.1ah (pbb) tag rewrite info if
present.
Extended log "l2-output" to provide raw data to display result of
prospetive pbb tag rewrite. Tracing is moved after l2output_vtr to show
these changes.
Change-Id: I8b7cb865dc67ce21afab402cc086dac35f7c0f07
Signed-off-by: Pavel Kotucek <[email protected]>
Jan Gelety [Mon, 20 Feb 2017 11:15:39 +0000 (12:15 +0100)]
 
Update CSIT tests 170213 -> 170220
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I815b3ef67f1664f72f68984087413f4c4985f694
Signed-off-by: Jan Gelety <[email protected]>
Neale Ranns [Mon, 20 Feb 2017 17:17:02 +0000 (09:17 -0800)]
 
FIB reset leaves residual routes. Wrong API used to remove the routes meant the lock count on the entry did not drop to zero
Change-Id: I6e2dff8c3c7976fd1c2e4c5258f5dc73123aa9b7
Signed-off-by: Neale Ranns <[email protected]>
Filip Tehlar [Mon, 20 Feb 2017 16:31:57 +0000 (17:31 +0100)]
 
LISP: don't show PITR generated mapping in dump call
Change-Id: Iecba818ccf74a4d34e35d498e6f6a1d3c62419f4
Signed-off-by: Filip Tehlar <[email protected]>
Radu Nicolau [Thu, 16 Feb 2017 13:54:42 +0000 (13:54 +0000)]
 
dpdk: updated build to automatically download Intel(R) Multi-Buffer Crypto for IPsec Library
Change-Id: I58182edb7b0d314bb6dfa1daf7b00012196fd3e1
Signed-off-by: Radu Nicolau <[email protected]>
Neale Ranns [Wed, 15 Feb 2017 08:38:27 +0000 (00:38 -0800)]
 
CLI extension to add multiple (S,G)s at once and time it
Change-Id: Id17060fd0e8ac80c8cf1999b0b82d0241b3b969a
Signed-off-by: Neale Ranns <[email protected]>
Neale Ranns [Thu, 26 Jan 2017 09:18:23 +0000 (01:18 -0800)]
 
Python test IP and MPLS objects conform to infra.
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <[email protected]>
Dave Wallace [Thu, 16 Feb 2017 16:25:26 +0000 (11:25 -0500)]
 
make test: save + dump VPP api trace log; VPP-640
Change-Id: I20aacc927f2b04f42b0a7220c4283560b4d2a359
Signed-off-by: Dave Wallace <[email protected]>
Neale Ranns [Tue, 14 Feb 2017 09:44:25 +0000 (01:44 -0800)]
 
Remove duplicate ip6 get interface address code
Change-Id: I5e0057b36bc4221e688a27fc1c0f602f78132991
Signed-off-by: Neale Ranns <[email protected]>
Klement Sekera [Tue, 14 Feb 2017 06:55:57 +0000 (07:55 +0100)]
 
BFD: put session admin-up/admin-down
Change-Id: I7d8889dce8495607106593ad83320c9af0f2fa07
Signed-off-by: Klement Sekera <[email protected]>
Radu Nicolau [Thu, 16 Feb 2017 16:49:46 +0000 (16:49 +0000)]
 
Implemented IKEv2 initiator features:
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local  fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local  fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192  ike-integ-alg sha1-96  ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192  esp-integ-alg sha1-96  esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <[email protected]>
Juraj Sloboda [Fri, 17 Feb 2017 01:17:19 +0000 (17:17 -0800)]
 
Fix handling of ping to SNAT out interface
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d
Signed-off-by: Juraj Sloboda <[email protected]>
Radu Nicolau [Thu, 16 Feb 2017 13:43:41 +0000 (13:43 +0000)]
 
ipsec: changed ipsec-input-ip6 node to be a sibling of ipsec-input-ip4, fixes a problem that occurs with cryptodev ipv6 input.
Change-Id: I1f0c0db45b2aabc243dd785c8d5d5ef990cac903
Signed-off-by: Radu Nicolau <[email protected]>
Dave Barach [Wed, 15 Feb 2017 14:01:01 +0000 (09:01 -0500)]
 
l2 input: avoid per-packet trace checks in the fast path
Change-Id: Ib0c8572773499d8dd4d81b3a565c24412ccc3510
Signed-off-by: Dave Barach <[email protected]>
Dave Wallace [Thu, 16 Feb 2017 16:10:09 +0000 (11:10 -0500)]
 
Fix comment for num-mbufs default in startup.conf
Change-Id: I8bb175cc9673895d4a8856786ecabfd66dd906e9
Signed-off-by: Dave Wallace <[email protected]>
Damjan Marion [Thu, 16 Feb 2017 19:16:06 +0000 (20:16 +0100)]
 
dpdk: quad loop and prefetch in fill_free_list
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Feb 2017 19:28:35 +0000 (20:28 +0100)]
 
dpdk: bump to DPDK 17.02
Change-Id: I4563208d97c43a200fcee948db491706a8d3e211
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Feb 2017 19:24:09 +0000 (20:24 +0100)]
 
ioam: declare export_node instead of defining it in header file
Change-Id: Ib1760312df759c29a2c2220e7b783af311d91d1a
Signed-off-by: Damjan Marion <[email protected]>
Damjan Marion [Thu, 16 Feb 2017 19:18:27 +0000 (20:18 +0100)]
 
api: remove debug print in api_main_init
Change-Id: I8f5cf447c131a790e4bbd46ef75063329fec7451
Signed-off-by: Damjan Marion <[email protected]>
Gabriel Ganne [Wed, 15 Feb 2017 15:55:30 +0000 (16:55 +0100)]
 
tw_timer_expire_timers() - add a maximum to the number of expiration per call
The idea is to prevent a huge processing burst if, say, the network goes
down 10' for some reason, and so that we don't need to expire 1M timer
sessions on the first call.
The maximum is not an exact value, but a value after which the
expiration process is postponed until the next call.
That way, we don't have to process the same tick twice, nor to unlink
timers once at a time when processing a tick.
The fact that a timer slot could contain many entries should be dealt
with by changing the number of ticks per second.
Change-Id: I892d07f965094102a3d53e7dbf4e6f5ad22d4967
Signed-off-by: Gabriel Ganne <[email protected]>
Florin Coras [Tue, 14 Feb 2017 07:55:27 +0000 (23:55 -0800)]
 
Add NSH load-balance and drop DPO
Also adds missing gpe nsh address type functions.
Change-Id: I3353a23c0518da9ce3b221ddf8c5bd0364930154
Signed-off-by: Florin Coras <[email protected]>
Florin Coras [Wed, 15 Feb 2017 22:16:26 +0000 (14:16 -0800)]
 
Fix NSH-LISP interface addition
Change-Id: I3925d2ebb2d26c676fc61f118d25bdf7fd522f26
Signed-off-by: Florin Coras <[email protected]>
Wojciech Dec [Tue, 14 Feb 2017 15:24:28 +0000 (16:24 +0100)]
 
Fix crash on deleting previously activated IPv6 interface - VPP-636
RADV Pool index was not getting updated
Change-Id: I2d2f14c56f51034d39049d1c7e13c248180a865f
Signed-off-by: Wojciech Dec <[email protected]>
Anlu Yan [Wed, 15 Feb 2017 02:07:40 +0000 (18:07 -0800)]
 
Fix sample plugin breakage.
Add vat_helper_macros.h to be installed in /usr/include/vlibapi
Define a version for the sample plugin (separate from the VPP versioning).
Hook up vnet_main in plugin init.
Change-Id: I293b9dc824d0813ea2bb8747d535e4210a88b385
Signed-off-by: Anlu Yan <[email protected]>
Juraj Sloboda [Thu, 9 Feb 2017 07:54:21 +0000 (23:54 -0800)]
 
Add handling of ICMP error packets in SNAT (VPP-629)
Change-Id: I8d2022b7cb3ef3da736c085bccbb5b9c057a8d76
Signed-off-by: Juraj Sloboda <[email protected]>
Billy McFall [Wed, 15 Feb 2017 14:03:06 +0000 (09:03 -0500)]
 
VPP-638: 'set interface ipsec key garbage' causes infinite loop
In the CLI parsing of 'set interface ipsec key garbage', the token
'garbage' enters the processing code for the <key>. This enters
unformat_hex_string(..) which looks through the input for 0-9,a-f and
drops out if a non-hex digit is encountered. The problem is that it
returns 1, indicating that input has been processed, but in this case,
no characters have been removed from the input string. This causes the
calling function to go to the top of the loop and process the next
token, which is now the same token and gets stuck in an infinite loop.
Updated unformat_hex_string(..) to return 0 if no characters were
processed.
This funcitons is used in multiple CLI Commands, but most have token
that preceeds the hex string. Since the token is stripped, the CLI
command is able to avoid an infinte loop.
Change-Id: Ib54f04f23c4d3563ec57a2450982d3648cedec0e
Signed-off-by: Billy McFall <[email protected]>
Gabriel Ganne [Wed, 15 Feb 2017 10:37:53 +0000 (11:37 +0100)]
 
add tw_timer_template.c to vpp devel packages
Change-Id: Ia25a8827ed94877e8fe6c0b2ff6d05c1568eb0e1
Signed-off-by: Gabriel Ganne <[email protected]>
Gabriel Ganne [Mon, 13 Feb 2017 09:27:15 +0000 (10:27 +0100)]
 
tw_timer_expire_timers() return the number of expirations
to be used for node statistics
Also fix tw_timer_stop() description
Change-Id: I84b529e330c4534fd55487e7e2b8b089ee68ca11
Signed-off-by: Gabriel Ganne <[email protected]>
Filip Tehlar [Wed, 15 Feb 2017 15:40:35 +0000 (16:40 +0100)]
 
LISP: minor enhacements
* use RLOC for IP version detection
* don't check whether RLOC is local when deleting
Change-Id: Icdb84025dd5511eb5348b654bf7b373def15406c
Signed-off-by: Filip Tehlar <[email protected]>
Filip Tehlar [Wed, 15 Feb 2017 12:27:08 +0000 (13:27 +0100)]
 
LISP: fix deleting src/dst entry from GID dictionary
Change-Id: Ic674cc953b45ddd4811e07821e1a0af28b5f6214
Signed-off-by: Filip Tehlar <[email protected]>
Matus Fabian [Wed, 15 Feb 2017 07:33:43 +0000 (23:33 -0800)]
 
SNAT: add static mappings with unresolved external interface address to snat_static_mapping_dump
Change-Id: Ib560b397700fe058ad1e2970989d98e3debf54aa
Signed-off-by: Matus Fabian <[email protected]>
Klement Sekera [Tue, 14 Feb 2017 06:11:52 +0000 (07:11 +0100)]
 
BFD: loop back echo packets
Change-Id: I772b63ac25ebfccaff9ab9d8d0b1445e85f21df7
Signed-off-by: Klement Sekera <[email protected]>
Juraj Sloboda [Wed, 15 Feb 2017 09:22:30 +0000 (10:22 +0100)]
 
Fix bug in definition of tcp_header_t
Change-Id: Ic814b805ef77913ffe86f82c009602c75258acfb
Signed-off-by: Juraj Sloboda <[email protected]>
Billy McFall [Fri, 10 Feb 2017 19:57:24 +0000 (14:57 -0500)]
 
VPP-279: Document changes for vnet/vnet/devices
Add doxygen documentation for pcap tx trace CLI command.
In the process of adding the documentation, made the following changes
to the way the command worked:
* If there is an error with any of the attributes, the whole command
  fails. The existing behavior was to apply attribute by attribute,
  then bail if there was an issue, with partial apply.
* Move the 'on' processing to the end. The existing behavior was to
  process the 'on' as it was encountered on the commandline. That meant
  that any attributes after the 'on' in the commandline were saved and
  displayed, but not really being used in the packet trace.
* Enhanced the 'status' to show all the configured attributes.
NOTE: The packet capture has some weird behavior with regards to how
many packets are written to file and if the file is appended or
overwritten. VPP-634 written to document the issue.
Change-Id: Iab241228b125385052de242865afd9515fa2524f
Signed-off-by: Billy McFall <[email protected]>
Klement Sekera [Tue, 14 Feb 2017 02:09:17 +0000 (03:09 +0100)]
 
BFD: respect remote demand mode
Change-Id: I5063d31f5305c848043afb32fcacff6e61aed79f
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Tue, 14 Feb 2017 01:55:31 +0000 (02:55 +0100)]
 
make test: improve stability
Disable automatic garbage collection and run it manually before
running each test case to minimize stalls. Improve vpp subprocess
cleanup. Reduce helper thread count to one and properly clean that
thread once it's not needed.
Change-Id: I3ea78ed9628552b5ef3ff29cc7bcf2d3fc42f2c3
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Thu, 9 Feb 2017 05:03:46 +0000 (06:03 +0100)]
 
BFD: set per session UDP source port per RFC
Change-Id: Id294dbbd6499ae8221cc8143e1027adc08866ae6
Signed-off-by: Klement Sekera <[email protected]>
Shwetha Bhandari [Tue, 14 Feb 2017 05:09:06 +0000 (10:39 +0530)]
 
Fix coverity issues: ioam
Change-Id: I0963760a7da95612d5cab19596919b369a4d0f8e
Signed-off-by: Shwetha Bhandari <[email protected]>
Marek Gradzki [Mon, 13 Feb 2017 13:19:51 +0000 (14:19 +0100)]
 
Fix is_server flag in vhost dump (VPP-562)
Change-Id: I5b308eb39ae770d58d1498d7fafa49b236b3f534
Signed-off-by: Marek Gradzki <[email protected]>
Jon Loeliger [Mon, 13 Feb 2017 21:21:12 +0000 (15:21 -0600)]
 
Fix typo in API warning message.
Change-Id: I51488620a7eeaf7a0edba71437d2b49ae3cf0bf5
Signed-off-by: Jon Loeliger <[email protected]>
Damjan Marion [Thu, 9 Feb 2017 20:49:06 +0000 (21:49 +0100)]
 
vhost-user: fix crash when descriptor points to unknown region
This happens only on when compiled for older microarchitectures,
where BSF insutruction is used instead of TZCNT. BSF provides
undefined result if operand is 0.
Change-Id: I7a13350786a533428168595097ef01a560fde53b
Signed-off-by: Damjan Marion <[email protected]>
Jan Gelety [Mon, 13 Feb 2017 09:34:24 +0000 (10:34 +0100)]
 
Update CSIT tests 170129 -> 170213
- update of CSIT operational branch to be used for VPP-patch test
Change-Id: I43cc99ea3ad6266b4792a7721968de89b7328306
Signed-off-by: Jan Gelety <[email protected]>
AkshayaNadahalli [Fri, 10 Feb 2017 05:24:16 +0000 (10:54 +0530)]
 
Out-of-tree Build Error fix
File vnet/fib/fib_urpf_list.h was included in vnet/fib/ip6_fib.h but was
exported to be installed in /usr/include/vnet. So out-of-tree builds
relying on an installed package was failing.
Fix is to inlcude fib_urpf_list.h in source file rather than including
it in header file.
Change-Id: Iae39c1d9417dbd31ee67fa1bd2d1915d5e813c73
Signed-off-by: AkshayaNadahalli <[email protected]>
Jon Loeliger [Thu, 9 Feb 2017 18:17:50 +0000 (12:17 -0600)]
 
Augment IP_DETAILS, IP_ADDRESS_DETAILS with a few context fields.
When handling the IP_DETAILS and IP_ADDRESS_DETAILS replies,
it is almost certainly going to require having both the is_ipv6
and sw_if_index context to handle them properly.  Placing these
values in an essentially global location as the current VAT does
isn't thread-safe.  Fruthermore, rather than forcing every
API user to hoop-jump to establish these context values, simply
provide them in their DETAILS reply messages.
Change-Id: I6a9e0cb16ecdbf87fca8fc5c7663e98d3a53c26c
Signed-off-by: Jon Loeliger <[email protected]>
Florin Coras [Thu, 26 Jan 2017 22:25:34 +0000 (14:25 -0800)]
 
Basic support for LISP-GPE encapsulated NSH packets
Change-Id: I97fedb0f70dd18ed9bbe985407cc5fe714e8a2e2
Signed-off-by: Florin Coras <[email protected]>
AkshayaNadahalli [Thu, 1 Dec 2016 11:03:51 +0000 (16:33 +0530)]
 
VPP-632 : InBand OAM Analyser
Refer to jira ticket for more details.
Change-Id: I6facb9ef8553a21464f9a2e612706f152badbb68
Signed-off-by: AkshayaNadahalli <[email protected]>
Dave Barach [Fri, 10 Feb 2017 16:57:46 +0000 (11:57 -0500)]
 
Update plugin templates
Disguise the string "fd.io coding-style blah blah blah" to avoid spurious
checkstyle failures on the emacs lisp code. DGMS.
Change-Id: I6b88d9588dff7d67c6e509052ae4f32529684de7
Signed-off-by: Dave Barach <[email protected]>
Klement Sekera [Thu, 9 Feb 2017 05:04:36 +0000 (06:04 +0100)]
 
make test: work around scapy truncated packets
Under stress, it's possible to hit a race condition, when the packet
header is fully written to pcap, but not all packet data - yet.
Scapy is stupid enough to:
1. not detect and report this error, truncating the packet instead
2. continue munching more data from wrong offset
The work around is to scan the file ahead, parse the packet header,
figure out how much data we need, wait for the file to be big
enough, then restore the file position back to where it was
and finally let scapy parse the packet.
Change-Id: I9fc71d3ebdc62ecab6c90b90f177d0eaeb09b8bb
Signed-off-by: Klement Sekera <[email protected]>
Neale Ranns [Wed, 8 Feb 2017 17:11:57 +0000 (09:11 -0800)]
 
Improve MFIB doxygen help
Change-Id: Ie490b7fd5238cbad23f0199161cc14324fd9c554
Signed-off-by: Neale Ranns <[email protected]>
Klement Sekera [Wed, 8 Feb 2017 06:42:08 +0000 (07:42 +0100)]
 
BFD: minor fixes
Change-Id: I1c93f96a752eb2ffd1117a656552131cde1fa489
Signed-off-by: Klement Sekera <[email protected]>
Klement Sekera [Tue, 7 Feb 2017 06:09:36 +0000 (07:09 +0100)]
 
make test: BFD tests speedup
Change-Id: I0b3064a311f28ebf7cd9db0a59cb04c7c25c9d58
Signed-off-by: Klement Sekera <[email protected]>